Question is decrypting CDN important or should we not bother? We have been but discovered an issue with our eLearning platform.
So should be fight to keep this or let it slide, thoughts on the risks for not doing?
Darren
All things Palo Alto Networks
Nah Tom they are using the default ones, which sucks.
A CDN can deliver anyone's content, making it the ideal target to sneak malware onto. Is your eLearning platform using customized hostnames on the CDN, or are they on the default naming convention? If they have custom names you could exclude their hostnames from decryption without needing to let everything slide. If not, I would recommend biting the bullet and trying to work around the issue (with the eLearning provider if needed/possible) rather than letting decryption slide