17Nis
Can API Security/WAF tools decrypt "mirrored" traffic?
We're doing a PoC on a new API Security/WAF tool, and we're planning to place this solution out-of-ban rather than inline. So traffic wont go through the solution and we'll send the mirrored traffic to analyze in the new solution.
My question is, should these solutions have the capability to decyrpt ssl when i send the mirrored https traffic to it? Is it possible to decrypt mirrored https traffic?
And what are the advantages and disadvantages of inline and out-of-band architectures?
