performing-ssl-tls-inspection-configuration
Performing SSL/TLS Inspection Configuration
Overview
SSL/TLS inspection (also called SSL decryption, HTTPS inspection, or TLS break-and-inspect) intercepts encrypted traffic between clients and servers to inspect the cleartext content for malware, data exfiltration, policy violations, and command-and-control communications. The inspection device acts as a trusted man-in-the-middle, terminating the TLS session from the client, inspecting the plaintext content, and establishing a new TLS session to the destination server. With over 95% of web traffic now encrypted, organizations without TLS inspection have a massive blind spot. This skill covers configuring TLS inspection on next-generation firewalls, deploying trusted CA certificates, managing exemptions for certificate-pinned applications, and ensuring compliance with privacy regulations.
When to Use
- When conducting security assessments that involve performing ssl tls inspection configuration
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing