Security News > 2020 > June > Why organizations should consider HTTPS inspection to find encrypted malware
HTTPS inspection is a process by which you can analyze the encrypted web traffic and content, though some organizations shy away from this technique as it can do more harm than good if not implemented properly.
In its Internet Security Report for Q1 2020, WatchGuard reported that 67% of all malware last quarter was delivered via HTTPS. Since more websites now use HTTPS for encrypted connections, many WatchGuard customers have enabled HTTPS inspection, which looks for malicious content by decrypting traffic at the gateway.
"Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option," Corey Nachreiner, chief technology officer at WatchGuard, said in a press release.
"A partial list of products that may be affected is available at The Risks of SSL Inspection. Organizations may use badssl.com as a method of determining if their preferred HTTPS inspection product properly validates certificates and prevents connections to sites using weak cryptography. At a minimum, if any of the tests in the Certificate section of badssl.com prevent a client with direct Internet access from connecting, those same clients should also refuse the connection when connected to the Internet by way of an HTTPS inspection product."
"In general, organizations considering the use of HTTPS inspection should carefully consider the pros and cons of such products before implementing," CISA added.