The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products.
TLSI (aka TLS break and inspect) is the process through which enterprises can inspect encrypted traffic with the help of a dedicated product such as a proxy device, a firewall, intrusion detection or prevention systems (IDS/IPS) that can decrypt and re-encrypt traffic encrypted with TLS.
While some enterprises use this technique for monitoring potential threats such as data exfiltration, active command and control (C2) communication channels, or malware delivery via encrypted traffic, this will also introduce risks.
