About Analysis of encrypted traffic
Encrypted tunnels (via SSL / TLS, SSH ...) are becoming more widespread and simpler to set up. They can be used by cyber attackers (e.g., for performing data exfiltration, botnet Command & Control). The usual methods of detection (e.g., DPI, payload analysis) become ineffective. Thus, Montimage has introduced new techniques it its tools to detect, analyse and eventually block surreptitious network tunnels. These techniques include: Artificial Intelligence, Machine Learning, Data Science or statistical analysis, behaviour analysis, and multi-source data correlation. In this way it is possible to differentiate good from bad network traffic even when it is encrypted. In some cases, other techniques can be used such as: acting as man-in-the-middle for intercepting the network exchanges, or using the endpoint’s certificates or keys, but these techniques are basically only useful for monitoring on the server or client sides.