Secure web gateways, or “proxies,” have been heavily adopted in recent years as organizations have fought to defend against malware and attacks originating through website traffic. Such proxies can decrypt outbound encrypted (e.g., via Hypertext Transfer Protocol Secure (HTTPS)) traffic to determine whether the traffic could prompt a malicious event. For example, the proxy may determine whether outbound encrypted traffic will initiate communication with a bad actor.
However, it is estimated that encrypted network traffic grows about 90% every year. Over 50% of websites encrypted traffic in 2017, compared to just 31% in 2016. It is further estimated that 80% of traffic will be encrypted by 2019. Since proxies today are heavily Central Processing Unit (CPU) resource dependent, and as such were not purpose built to handle large amounts of encrypted traffic, proxies have struggled to handle increasing volumes of encrypted traffic. This is because proxies often need to decrypt encrypted traffic in order to determine whether the traffic could cause a malicious event. The compute resources needed to decrypt/encrypt payloads will continue to increase exponentially as the industry moves to 2048 bit keys.
As such, many organizations implement whitelists. Whitelists identify specific outbound web traffic that is permitted to bypass proxy inspection. Such traffic would otherwise be deeply inspected (e.g., decrypted and examined) by a proxy. Administrators use whitelists for many reasons, such as managing system resources, incompatibility of services, privacy requirements, and high volume trusted connections.