Question

A company's existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

A. Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

B. Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

C. Use an EDR solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.

D. Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Answer 1

A. Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

Purchasing the SSL decryption license for the firewalls (Option A) is the best solution as it leverages the underutilized firewall capacity and sustains security without requiring immediate hardware upgrades.

Step-by-step explanation:

The best way to address the issues and mitigate risks to the organization, considering the given constraints, would be to purchase the SSL decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis (Option A).

This utilizes existing infrastructure efficiently by activating the decryption modules on the firewalls, which are underutilized at 30% load.

This approach allows the company to maintain security measures without the need for immediate large-scale hardware upgrades. It will also ensure that encrypted traffic is inspected without overburdening the existing proxies that are already operating at high capacity levels.

Option B is less ideal as application whitelisting on end-user desktops might not provide comprehensive security coverage. Option C underutilizes the current proxy infrastructure and might leave gaps in URL categorization.

Option D would leave the organization exposed to risks for a significant amount of time while awaiting further funding.