Nowadays, a major part of internet traffic is encrypted and attackers know that very well. Therefore botnet command & control communication and malware activities often hide within encrypted traffic. If your Windows 10 laptop suddenly starts communicating using a deprecated encryption algorithm in the SSL layer, you can be sure that such a device is compromised. What if your users communicate to servers with untrusted certificates? What is your current level of visibility into SSL/TLS traffic?
Let's explore how Flowmon deals with visibility into SSL/TLS protocols. Without the need to breach user privacy you can report on various characteristics of encrypted traffic, including protocol version, encryption algorithm, cipher suite or certificate details. Moreover, Flowmon supports JA3 fingerprint, designed to recognize malicious clients in the network based on their overall SSL/TLS characteristics.
Date & Time: December 5th, 10 AM (CET)