The movement to encrypt network communications has created a new set of challenges and critical choices for information security and risk operations personnel and executives. Network security monitoring (NSM) and network forensics is essential to secure a modern enterprise but many wonder if the changing landscape will shift the balance of power to attackers. While encryption renders many legacy network security monitoring tools useless, there are compelling cases for maintaining user privacy.
This talk will examine how the increasing adoption of encryption in common network protocols impacts security architectures and present new techniques to build threat intelligence and detection streams that operate on top of encrypted traffic. Further, the talk will present research and statistics based upon the techniques to show how real threat actors have been detected and shut down even when hiding behind the veil of encryption. The talk will close by presenting a maturity model helping organizations to understand their maturity level in terms of monitoring encrypted traffics. Attendees will leave no longer wondering how encrypting “all the things” prevents their team from analyzing those things.