Webinar Q&A from Modern Network Threat Detection and Response

Gartner 11 Feb 2019 09:36

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity.

Q: I thought “vendor C” has a device that could analyze even encrypted traffic. Is that correct?
A: Correct, several vendors do claim analysis of encrypted traffic data without decryption. It is real and based on many types of interesting research in data analytics and even hard science. For example, some vendors can tell an interactive session (a shell) wrapped in HTTPS from regular HTTPS web traffic.

However, it is absolutely clear that what can be achieved by a sum total of such innovative methods is dramatically less compared to what can be done on plain text data. Any salesy claims that such methods “are almost as good as analyzing plan text data” are not really true. Or, they define the word ”almost” in some proprietary way :-)

Naturally, vendors who perform only flow-based vendors analysis are unaffected by encryption. They are no less effective on encrypted traffic, but the question whether they were effective without layer 7 visibility in the first place remains.

Continue reading original article...


You may also like