TLS 1.3 was introduced to solve some of the issues seen in the previous version; it\u2019s designed to bring better performance, privacy and security<\/a> for internet users. However, there\u2019s a fear that the new protocol may have an impact on being able to effectively monitor your organization\u2019s networks.<\/p>\n Your company\u2019s network probably includes many different devices like laptops, servers and mobile devices. Each device needs its own endpoint protection. But to protect the entire infrastructure, you need to implement network security solutions at the perimeter. These can be next-generation firewalls or intrusion prevention systems, through to data-leak prevention and deep-packet inspection systems.<\/p>\n These solutions often rely on a man-in-the-middle (MITM) approach. Here\u2019s how it works: a network security device \u2013 known as a middlebox \u2013 acts as an intermediary. It intercepts a request sent from an endpoint, understands what a destination resource is and connects to it. By analyzing the server certificate, the middlebox understands if the resource is legitimate or not. After that, it creates another certificate to communicate back to the client. Once it has both certificates, it then decrypts the previously encrypted traffic to analyze it. To send data back to the server, it encrypts it again to maintain privacy. This process allows the solutions at the perimeter to control what\u2019s happening over the network and prevent malware<\/a> downloading or detect intrusions, and \u2013 crucially \u2013 avoid data leaks.<\/p>\n TLS 1.3 provides improved security by removing legacy features and delivering stronger standards\u00a0for encryption. But these new features create other risks. For example, it prevents MITM-type attacks when a malefactor intercepts a message, but this makes it impossible for organizations to look into the traffic flowing in and out of the middlebox.<\/p>\n TLS 1.3 encrypts certain values which were sent in unencrypted clear text previously, including messages to establish a connection between the server and client. Most importantly, encryption also touches the certificate message. As a result, middleboxes can\u2019t see the server certificate to understand where the endpoint is trying to connect to and can\u2019t decrypt all the data.<\/p>\n Another issue is eliminating the static key which allows the middlebox to decrypt data. Under TLS 1.3, it\u2019s replaced with a new mechanism of exchanging unique keys for each session established between the endpoint and server. This means that the network security tool can\u2019t decrypt and control the traffic.<\/p>\n So will all middlebox devices become bricks? Not just yet. They can still analyze metadata \u2013 such as packet size or ports that initiate the communication \u2013 which could be indirect indicators of malicious actions, but TLS 1.3 will significantly impact their visibility over the network.<\/p>\n TLS 1.3 is already gaining traction, so enterprises need to act now to adapt to the upcoming changes. There\u2019s no silver bullet to replace network monitoring. You need to rethink your enterprise\u2019s approach to protection and focus on areas you may not have paid much attention to before. Here\u2019s what you should do now to protect your business.<\/p>\n As it\u2019s harder to decrypt network traffic, focus more on endpoint-level security<\/a>. Endpoints are the most common entry points for intruders. In addition to indispensable Endpoint Protection Platforms, install an Endpoint Detection and Response (EDR) solution<\/a> to detect and quickly respond to complex incidents. For visibility over your entire IT infrastructure, it\u2019s essential to monitor logs from endpoints. To deal with this volume, use a solution that can automatically collect and analyze records. EDR allows endpoint data to be stored centrally and provides access to it, which is useful for the post-mortem after an incident has happened.<\/p>\n But you can\u2019t rely on technical security solutions alone, focus on your team too. Since network detection may become weaker with TLS 1.3, focus more on your response capabilities and provide training to your teams. Access to actionable and regularly updated threat intelligence<\/a> can help teams to analyze incidents more quickly and efficiently. If you lack these specialists internally, it is best to outsource this function.<\/p>\nNetwork-based protection before TLS 1.3<\/h2>\n
![\"TLS](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/08\/30104133\/tls-1-3-inline-1024x768.jpg\")
<\/a><\/p>\nHow TLS 1.3 \u2018breaks\u2019 network security<\/h2>\n
How to get ready for the shift to TLS 1.3<\/h2>\n
![\"Migrating](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/08\/30104101\/tls-1-3-header-1024x768.jpg\")
TLS 1.3 is a big step forward. Vulnerabilities in outdated ciphers, which could otherwise be leveraged by cybercriminals, will be removed. Latency will be reduced, making online communications faster and more secure.<\/p>\nInvest in your experts<\/h2>\n