HTTPS Content Inspection

Hiding in Plain Site

Uncovering Encrypted Malware in Customer Networks

Web traffic has changed dramatically over the last decade. Years ago, visiting a site normally meant accessing the content over HTTP. The problem is that in HTTP, the data is not encrypted and can be easily intercepted by attackers as it is passed between systems. To keep this data private, the majority of websites today require access by HTTPS, which encrypts communications between systems using SSL/TLS (Secure Socket Layer/Transport Layer Security). Unfortunately, hackers hide their attacks in this encrypted traffic.
2/3
of malware delivered via encrypted connections
WatchGuard Internet Security Report Q1 2020
72%
of encrypted malware is zero day
WatchGuard Internet Security Report Q1 2020
50%
of phishing attacks use HTTPS
krebsonsecurity 2018

Today, over 80% of your customers’ traffic occurs over HTTPS, creating a massive blind spot. HTTPS inspection makes it possible to decrypt HTTPS traffic, examine the content for signs of attack, then encrypt the traffic again with a new certificate for safe delivery. Without decryption, there is no visibility into data type, application, policy adherence, file type, or data exfiltration attempts made against your customers via HTTPS.

As bandwidth needs often take priority, only about 1% of deployed firewalls actively inspect HTTPS traffic, yet the most dangerous malware increasingly hides there. Security in the 2020s will require a high-performance platform that is able to inspect encrypted traffic, and apply a host of security services without bogging down your customers’ network.

Key features of an HTTPS inspection solution:

  1. Accelerated inspection. Delivering high performance and throughput for HTTPS inspection on a multi-function security appliance is a challenge. Many vendors will publish impressive inspection throughput figures, but these are for basic inspection only. Look for a firewall with high-performance HTTPS inspection with ALL security services active.
  2. Full support for the latest TLS standard. TLS 1.3 adoption has grown since initial release in August of 2018, and we expect this to accelerate in the short term. Simply put, if your firewall can’t inspect TLS 1.3, you will be left with a blind spot growing ever larger. WatchGuard Firebox fully supports TLS 1.3 inspection, and addresses the key challenges outlined above.
  3. Inspection by category. Not all web traffic is created equal, and let’s face it, some areas of the Internet are riskier than others. Look for a solution that allows you to easily determine which traffic to inspect, based on the category of the domain. This way you can avoid inspecting traffic generated as an employee checks their bank balance and be confident that any traffic to NSFW (not suitable for work) pages is well inspected.

HTTPS Content Inspection is a Standard Feature in every WatchGuard Firebox

At WatchGuard, we don’t view HTTPS content inspection as a “nice-to-have” feature – it’s a security essential. That’s why HTTPS Content Inspection is a standard feature in every WatchGuard Firebox.

Learn More