Transitioning to Post Quantum Cryptography (PQC) – The Importance of Advanced Network Visibility & Observability in the Discovery Phase
Quantum computers are set to fundamentally disrupt today’s cybersecurity landscape. While they carry both benefits and risks for cybersecurity, it is currently the gravity of the risks that are making it both essential and urgent to prepare for their arrival. With the capability to break – or at least significantly weaken – the cryptographic algorithms that currently safeguard critical infrastructure and sensitive data, encrypted information could become vulnerable to interception, exposure, or manipulation.
The Challenge of Discovery
The transition to quantum-safe, or post-quantum, cryptography (PQC) is a complex journey, and the first step is discovery: identifying and cataloging every instance of cryptography so that it can be replaced by PQC. This is probably the most difficult but also the most important step.
The challenge lies in the sheer scale and distribution of cryptographic elements. They are embedded deeply and widely across systems, applications and devices, requiring visibility across the entire network to find and map them. It’s a daunting task, made more difficult because many existing tools provide only partial views leading to a fragmented inventory.
Capabilities do exist, however, that can give PQC solutions a leading advantage in the discovery phase through extensive, detailed visibility and observability across the whole network.
Advanced DPI Technology – Empowering PQC Solutions with Visibility
Enea’s deep packet inspection (DPI) technology inspects traffic and extracts device-related metadata to deliver unique visibility into all aspects of the network, including applications, services, devices, users, and traffic behavior. The metadata provides detailed contextual information, including how unmanaged and managed devices interact with other network elements within a broad range of cryptographically-relevant contexts. This includes who or what is using a device and how they are using it; how, where and when data is being accessed; and how data is moving within and across networks. This kind of deep contextual information is ideal for revealing behavioral anomalies that need to be addressed to produce a complete PQC inventory.
Delivered as a software development kit (SDK) that can be embedded in solutions used for discovery, Enea’s Qosmos ixEngine produces the most exhaustive cryptographic-relevant data of any DPI tool. It identifies PQ-vulnerable encryption protocols and generates rich metadata that maps how users, flows, devices, applications, services, traffic categories and files interact with these protocols.
Identifying Vulnerable Protocols
Through the identification of PQ-vulnerable protocols such as IPSEC, ISAKMP, OCSP, SSH, SSL, and TOR and the extraction of extensive metadata, it provides detailed insights into cryptographic elements like public and private keys, cipher suites, handshakes, signatures, client and server fingerprints, certificate authorities, and processing anomalies.
Deep Dive into TLS/SSL Intelligence
Qosmos ixEngine can also be used to identify certain types of activity. For example, by extracting specific security metadata for TLS/SSL, it can indicate the probability that the domain name mentioned in the Client Hello message has been randomly generated, or deliver a score indicating the probability of a Man-In-The-Middle interception of SSL/TLS sessions on top of TCP streams.
Delivery of Cryptographic-related Metadata
Qosmos ixEngine also produces extensive cryptographic-related metadata. For example, for the Remote Desktop Protocol (Windows Terminal Server), it can produce more than 50+ types of metadata including specific cryptographic details such as the encryption level and method used, client cryptographic configurations, the algorithms used by certificate keys, and encryption methods supported by the client.
Powering Advanced Analytics
When combined with the thousands of other metrics generated by Qosmos ixEngine, solutions have access to extensive network intelligence that can be used in advanced analytics to detect subtle patterns and anomalies in cryptographic processes that traditional methods usually miss.
Conclusion
As quantum computing approaches reality, transitioning to PQC is becoming an urgent necessity. Advanced Deep Packet Inspection (DPI) software is emerging as a critical tool in the discovery phase, going beyond the capacity of traditional solutions to provide the observability necessary for PQC inventory.
👉 Contact a member of our team to find out more about Enea’s DPI technology and the Qosmos ixEngine SDK.
