这是您想要的页面.
查看搜索结果:
您希望搜索哪方面的内容?
建议的搜索
No product matches found - System Exception
符合的结果
Keysight Uncovers Hidden Transport Layer Security Covert Channel Threat Evading Network Defenses
Application and Threat Intelligence research team discovers covert channel that uses legitimate TLS protocol behaviors for malicious purposes
CYBERSECURITY
Keysight Uncovers Hidden Transport Layer Security Covert Channel Threat Evading Network Defenses
Keysight’s Application and Threat Intelligence (ATI) research team has uncovered a novel Transport Layer Security (TLS) handshake exploit that uses protocol-compliant behavior to evade traditional network defenses. This newly discovered covert channel allows attackers to manipulate TLS handshake packets by simply rearranging parameter settings, without injecting malicious code, making detection by firewalls and intrusion prevention systems nearly impossible.
By leveraging the flexible, permutation-friendly structure of TLS Client Hello packets, attackers can exfiltrate data or establish command and control (C2) communications, all while remaining invisible to most security tools.
This finding highlights how adversaries are exploiting the very design flexibility of widely used encryption protocols like TLS.
“The discovery of this novel covert channel that leverages legitimate TLS protocol behaviors for malicious purposes is a game changer,” said Ram Periakaruppan, Vice President and General Manager of Network Test & Security Solutions at Keysight. “It helps shift the balance of power back to cyber-defenders.”
A Wake-up Call for the Industry
The prevalence of TLS encryption in nearly every internet-connected system makes this exploit especially dangerous. According to IBM’s 2024 Cost of a Data Breach Report, the average breach costs $4.88 million and takes over 250 days to contain, amplifying the need for early detection and robust testing.
This isn’t just another update, it’s a vital breakthrough. At the recent Silicon Valley Cybersecurity Conference, Keysight presented its findings, offering the first opportunity for the security community to learn about this previously unknown class of threats. The presentation earned the Best Paper Award, underscoring its significance as a major advancement in cybersecurity research.
Empowering Defenders with Real-World Testing
With this discovery, Keysight continues to lead the charge in security innovation, helping enterprises, service providers, and network equipment manufacturers confidently validate that their infrastructure is protected against even the most evasive and cutting-edge threats.
To help organizations proactively mitigate this unprecedented threat, Keysight has integrated the TLS covert channel exploit into the latest ATI update of its network application and security test solutions. This enables organizations to:
- Emulate the TLS exploit in a controlled lab environment
- Validate whether their defenses can detect and block the attack
- Measure performance impacts of mitigation strategies, before deploying them in production
“Cybersecurity is a constant race to stop new and emerging attacks while also maintaining the network performance that users demand,” said Periakaruppan. “Our ATI research team worked tirelessly to uncover this covert exploit. By quickly integrating it into our products, we are empowering our customers to proactively test their systems’ ability to both defend against this threat, and maintain system performance, before attackers can gain widespread traction.”
Unmatched Threat Intelligence. Actionable Insight.
Keysight’s ATI team is dedicated to uncovering the most elusive cyber threats and rapidly integrating them into security test content. By incorporating this novel TLS exploit into its latest ATI update, users benefit from:
Unparalleled Application and Threat Intelligence
- Backed by a team of security researchers specializing in software development, reverse engineering, vulnerability assessment, and malware investigation
- Provides access to threat intelligence unavailable from any other security provider, ensuring early defense against evolving attacks
Comprehensive Real-World Threat Simulation
- Over 10,400 security strikes and evasions, including the new TLS client exploit
- Provides 200,000+ daily malware samples and 75+ DDoS attack simulations
High-Fidelity Performance Testing
- Offers more than 840 applications, 410 application profiles, and 5,100 Superflows
- Tests hyperscale performance with up to 12 Tbps of application throughput
- Validates security effectiveness and network performance impacts
Advanced Customization and Evasion Techniques
- Delivers tailored security strike configurations and evasions
- Provides realistic, flexible simulations to mirror today’s attack complexity
Continuous Threat Intelligence Updates
- Bi-weekly ATI rollups and daily malware updates
- Eliminates the need for multiple third-party threat intelligence subscriptions, ensuring users remain protected against newly uncovered vulnerabilities
Simplified Licensing for Full Coverage
- Includes full access to all security and application content under a single license
- No tiered fees or access restrictions
By rapidly integrating this vulnerability into its network application and security test solutions, Keysight enables enterprises, service providers, and network equipment manufacturers to simulate this new attack, helping them stay ahead of threat actors who use the TLS encryption protocol itself as a weapon.
For additional resources:
TLS Covert Channel Exploit Paper: https://zenodo.org/records/15315091
TLS Covert Channel Github: https://github.com/Keysight/helol-Tunnel
Service Page: Application and Threat Intelligence
Need to contact Media Relations at Keysight?