Is Network Monitoring Dead in the Age of Encryption?

Presented at SAINTCON 2019, Oct. 23, 2019, 2:30 p.m. (60 minutes)

There's no question the prevalent adoption of SSL/TLS changes how organizations do network security monitoring (NSM). It raises some questions about how relevant NSM is such as: What value does NSM bring in an age where so much traffic is encrypted? Can organizations still find intrusions and breaches by monitoring encrypted traffic? What strategies are organizations employing to gain security insights into such traffic? In addition to answering these questions, we consider other purposes of network monitoring such as how it supports cybersecurity frameworks and strengthens an organization's security posture especially in environments with decentralized or shadow IT. Finally, we highlight the power of decryption. General principles are discussed supported by practical and technical examples found in Palo Alto firewalls and Zeek.


  • Dallin Warne - Brigham Young University
    Dallin graduated with a degree in Information Technology at Brigham Young University in 2017. Prior to graduation, he worked in a network operations center, then as a network engineer. He focused on network security tools such as firewalls and intrusion detection systems (IDS), which culminated in deploying an IDS for a capstone project his senior year. Dallin now works as a cybersecurity engineer at Brigham Young University supporting security infrastructure, especially network security monitoring, for multiple higher-education institutions.


Similar Presentations: