The adoption of the Transport Layer Security (TLS) 1.3 creates a watershed moment for cybersecurity, revolutionizing encryption and data protection standards. TLS has been widely used to secure data end-to-end for many decades. Though this latest version significantly enhances the security of the TLS protocol, it also severely limits the decryption of those data streams for cybersecurity and network monitoring purposes. This results in our current forms of network and security monitoring used with previous TLS versions to lose their effectiveness. The new TLS encrypted traffic actually can increase security risks by obscuring malware and traffic by threat actors as well, and therefore requires a fundamental rethinking of today’s monitoring approach.
These changes are considered enough of a cybersecurity challenge that the U.S. National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), has started a project to “provide system and application administrators with practical tools and approaches to help them gain visibility into the traffic flowing across their networks, and to fully adopt TLS 1.3.”