As of 2021, about 90% of all web page visits use HTTPS, and an ever-increasing amount of non-web traffic is also using SSL/TLS encryption to provide secure communication. Since the traffic is encrypted, visibility into a very large portion of data going through security appliances is limited. Threat actors are leveraging this reduction in visibility to bypass protections and deliver malicious content. SSL inspection allows the firewall to decrypt and inspect the encrypted traffic. This ensures that not only full visibility of traffic, but also allows for threat inspection and blocking of file transfers. This talk will cover a brief introduction to SSL/TLS encryption, how the firewall performs SSL inspection, and the lessons learned from using SSL inspection.
