* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [Products and Services](https://www2.paloaltonetworks.com/blog/category/products-and-services/) * To Decrypt or Not to Decr... # To Decrypt or Not to Decrypt -- Is That Even a Question? [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F04%2Fdecrypt-not-decrypt-even-question%2F) [](https://twitter.com/share?text=To+Decrypt+or+Not+to+Decrypt+%E2%80%93+Is+That+Even+a+Question%3F&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F04%2Fdecrypt-not-decrypt-even-question%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F04%2Fdecrypt-not-decrypt-even-question%2F&title=To+Decrypt+or+Not+to+Decrypt+%E2%80%93+Is+That+Even+a+Question%3F&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2018/04/decrypt-not-decrypt-even-question/&ts=markdown) \[\](mailto:?subject=To Decrypt or Not to Decrypt – Is That Even a Question?) Link copied By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross") Apr 05, 2018 3 minutes [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [Application Framework](https://www.paloaltonetworks.com/blog/tag/application-framework/?ts=markdown) [behavioral analytics](https://www.paloaltonetworks.com/blog/tag/behavioral-analytics/?ts=markdown) [Magnifier](https://www.paloaltonetworks.com/blog/tag/magnifier/?ts=markdown) [SSL Decryption](https://www.paloaltonetworks.com/blog/tag/ssl-decryption/?ts=markdown) When you clicked a link to view this blog post, both your web request and the response were encrypted. Many of the websites you visit today---search engines, social media sites, news sites, video streaming sites---use HTTPS to encrypt communications. In fact, HTTPS now accounts for more than 69 percent of web traffic.[\[1\]](#_ftn1){#\_ftnref1} Although all this encryption improves security and privacy, it also allows attackers to conceal their threats from security controls that inspect application traffic. If you're a security professional, you might be wondering what you should do to protect your organization and your data. If you've implemented Palo Alto Networks Next-Generation Security Platform, then you can relax; we've got you covered. You just need to make sure you're taking advantage of the features we offer to eliminate blind spots in your defenses. A Comprehensive Approach to Securing Encrypted Traffic Palo Alto Networks has developed multiple technologies to inspect and secure all traffic, including encrypted traffic. These technologies include: |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/04/magnifier1.png) | ![Magnifier 2](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/04/screenshot-2.png) | ![magnifier3](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/04/magnifier3.jpg) | | **High-Speed SSL Decryption** Next-generation firewalls can decrypt and inspect SSL traffic. Supporting flexible deployment options, including the ability to act as an [SSL decryption broker](https://www.paloaltonetworks.com/blog/2018/02/announcing-pan-os-8-1-streamline-ssl-decryption-accelerate-adoption-security-best-practices/), next-generation firewalls can decrypt SSL traffic and provide the decrypted data to other inline security devices. | **Behavioral Analytics**Magnifier behavioral analytics monitors network traffic and detects anomalies indicative of active attacks. Because Magnifier analyzes network metadata rather than traffic contents, it can detect advanced attacks without requiring traffic to be decrypted. | **Advanced Endpoint Protection** Attacks hidden in HTTPS traffic ultimately target endpoints and their data. Traps advanced endpoint protection stops exploits and malware before they can compromise corporate machines. | Powerful SSL Decryption To stop attackers in their tracks, organizations should leverage all the capabilities of Palo Alto Networks Next-Generation Security Platform. By configuring the next-generation firewall to decrypt and inspect network traffic, customers can take full advantage of features and services such as App-ID, Threat Prevention and WildFire cloud-based threat analysis service. Stopping Network Attacks Without Decrypting Traffic Threat actors operating inside the network will typically perform a step-by-step process to explore their surroundings and expand their realm of control until they locate and steal or destroy valuable data. Leveraging their existing access and privileges, they can often stay under the radar by avoiding the use of malware. [Magnifier behavioral analytics](https://www.paloaltonetworks.com/products/secure-the-network/magnifier-behavioral-analytics), the first app for Palo Alto Networks Application Framework, profiles user and device behavior and detects anomalies that indicate an attack is underway. Because Magnifier primarily analyzes network metadata---such as the source and destination IP addresses, the protocols, and volume of traffic transferred---rather than application contents, it can detect threats even when application contents are encrypted. Magnifier draws on rich data from next-generation firewalls, such as User-ID and endpoint data gathered by Magnifier Pathfinder endpoint analysis service, to augment its network findings. **To learn how Magnifier uncovers internal network threats, download the white paper "[Stop Targeted Attacks Without Decrypting Traffic](https://www.paloaltonetworks.com/resources/whitepapers/stop-targeted-attacks-without-decrypting-traffic.html)."** [\[1\]](#_ftnref1){#\_ftn1} Let's Encrypt with Firefox telemetry, [https://letsencrypt.org/stats/](https://letsencrypt.org/stats/), web page loads as of March 12, 2018. *** ** * ** *** ## Related Blogs ### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### The Best Ideas In Security, Faster and Easier Than Ever Before](https://www2.paloaltonetworks.com/blog/2018/05/best-ideas-security-faster-easier-ever/) ### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown) [#### Two Steps Forward: Magnifier and the Cloud Services Portal](https://www2.paloaltonetworks.com/blog/2018/02/tech-doc-two-steps-forward-magnifier-cloud-services-portal/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown) [#### Unveiling Magnifier Behavioral Analytics: Rapidly Hunt Down and Stop the Stealthiest Network Threats](https://www2.paloaltonetworks.com/blog/2018/01/magnifier-behavioral-analytics/) ### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### One Vendor or Many Vendors to Secure Your Hybrid Workforce?](https://www2.paloaltonetworks.com/blog/sase/one-vendor-or-many-vendors-to-secure-your-hybrid-workforce/) ### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Best Practices for Enabling SSL Decryption](https://www2.paloaltonetworks.com/blog/2018/11/best-practices-enabling-ssl-decryption/) ### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### SSL Decryption Series: The Security Impact of HTTPS Interception](https://www2.paloaltonetworks.com/blog/2018/10/ssl-decryption-series-security-impact-https-interception/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language