White Papers

Encrypted packet metadata vs. flow/IPFIX metadata

There is some debate among security professionals as to the relative value of flow metadata as compared to packet metadata for detecting threats using network traffic. Consistently, all parties agree that the network layer is perhaps the most effective layer for threat detection. It is often said that the ultimate source of truth is the packet.

While this is still true today, encryption makes getting to the source difficult. In today’s world where over 90% of internet traffic and 80% of enterprise traffic is encrypted, the most meaningful packet evidence is obscured from the security teams unless they can decrypt the packet to examine the payload before re-encryption occurs. However, decryption is not without its challenges as well as implications on security posture, privacy, and compliance.

View Whitepaper