Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Company
Platform
Modern NDR
Resources
Company
DETECTION OVERVIEW
Risk Factors
To enhance performance for resumed TLS connections, TLS 1.3 enables clients to send requests with early data, also known as zero round trip time (0-RTT). Early data includes a pre-shared key (PSK) from a previous TLS 1.3 connection. An attacker that intercepts HTTPS traffic can replay a request with early data if anti-replay attack techniques are not enabled on the web server. A successful replay attack can resume an unauthorized TLS session with the web server.
Category
Implement anti-replay techniques, such as delaying early data processing until after the TLS handshake completes or responding with the 425 (Too Early) status code, which forces a client to resubmit individual requests
If unable to implement anti-replay techniques, disable support for TLS early data, which blocks all requests with early data
Network analysis and visibility solutions remain underrepresented in enterprises. Find out why in this preview of a new Wave report.
ExtraHop® Named a Leader in First-Ever Gartner® Magic Quadrant™ for Network Detection and Response
Visit this resource for more information.
This analysis exposes the critical link between an organization's lack of internal visibility and the escalating cost of compromise, demanding an urgent re-evaluation of how core business assets are protected.
Learn why you need to be wary of the claims certain network detection and response providers make about their coverage against the MITRE ATT&CK framework.
Learn how NDR from RevealX helps security teams detect and investigate more adversary TTPs in the MITRE ATT&CK framework than rule-based tools.
