Transport Layer Security (TLS), formerly known as SSL, has become the de facto way of encrypting data in motion on networks. Unfortunately, several serious attacks have affected TLS over the past few years, and malware increasingly uses SSL/TLS sessions to hide, confident that security tools will neither inspect nor block its traffic. The very technology that makes the internet secure can become a significant threat vector.
As the volume of encrypted traffic continues to grow, organizations become even more vulnerable to encrypted attacks, hidden command and control channels, and unauthorized data exfiltration exploits that go undetected. For this reason, the Internet Engineering Task Force (IETF) has voted to approve an updated version — TLS 1.3 — of the standard.
Some cryptographers believe the new standard will be faster and more secure. Enterprises, on the other hand, are right to be concerned about the implementation and availability issues TLS 1.3 might cause.