Now this release of a NSA Advisory on TLS encrypted channels, with inspection enabled, has some interesting information.
[TLSI (aka TLS break and inspect) is the process through which enterprises can inspect encrypted traffic with the help of a dedicated product such as a proxy device, a firewall, intrusion detection or prevention systems (IDS/IPS) 𝙩𝙝𝙖𝙩 𝙘𝙖𝙣 𝙙𝙚𝙘𝙧𝙮𝙥𝙩 𝙖𝙣𝙙 𝙧𝙚-𝙚𝙣𝙘𝙧𝙮𝙥𝙩 𝙩𝙧𝙖𝙛𝙛𝙞𝙘 𝙚𝙣𝙘𝙧𝙮𝙥𝙩𝙚𝙙 𝙬𝙞𝙩𝙝 𝙏𝙇𝙎.]
DOH! They can already monitor traffic, with compromised certificates.
[While some enterprises use this technique for monitoring potential threats such as data exfiltration, active command and control (C2) communication channels, or malware delivery via encrypted traffic, this will also introduce risks.]
C2 malware delivered over encrypted channels? YIKES!