Collector Deployment
Getting Started
Alerts / Notifications / Actions


Application Tracking

Application tracking is a series of capabilities that allow for the categorization and tracking of SSL certificates and their related volumes.

About Certificates and SNI

With the increased amount of encrypted traffic, there is a need to be aware of what traffic on the network is encrypted, and the purpose of the service associated traffic. Sometimes called Shadow IT, some of these services move data outside the control of the company or can create risk to the company by allowing communications to bypass the firewall.

Most encrypted web traffic uses Transport Layer Security (TLS) and not Secure Sockets Layer (SSL). There are three fundamental differences between SSL and TLS:

  • TLS handshake and encryption options prevent passive decryption. This is when a key can be shared by a passive listener, who can then decrypt the conversation. With TLS, none of the options allow passive decryption.

  • TLS has no weak encryption options.

  • Server Name Indication (SNI) is an extension to TLS. This extension provides in the clear the hostname that the client is attempting to connect to. Like the HTTP option header hostname, the SNI does not have to match the DNS request.

Page Structure

These pages allow for the tracking of SSL/TLS certificates. The user can then assign certificates to categories and track the use of web applications.

Pages includes:

  • Histogram

  • Filters

  • Certificates

  • Category Assignment