Network devices, including intrusion detection systems (IDS), distributed denial of service (DDoS) mitigation systems, firewalls, and network monitoring devices (e.g., Data Analyzer, sniffer), cannot perform their functions on an encrypted traffic flow. Some of these network devices may be able to perform their duties with only limited functionality. For example, a firewall cannot inspect an encrypted payload if it does not have the decryption key. Therefore, the decision to forward or drop a packet containing encrypted data is based only on the unencrypted part of the encrypted packet.