Encryption Audit
Encryption Audit Intelligence
The following page provides information on the Encryption Audit indicator drivers included in Netify's Intelligence engine.
Overview
Much like locking your front door with an outdated key, relying on legacy TLS versions and weak ciphers may seem secure but leaves you vulnerable to modern decryption attacks. For organizations, continuing to support these obsolete standards creates serious risks to data integrity, regulatory compliance (such as PCI DSS), and defense against Man-in-the-Middle (MitM) attacks.
Other Intelligence Info
Intelligence OverviewIntelligence Catalog
Intelligence Categories
Intelligence Release Log
| Score | Description |
|---|---|
| 0 | Informational |
| 1-25 | Low Risk |
| 26-50 | Medium Risk |
| 51-75 | High Risk |
| 76-100 | Critical Risk |
Best Practices
Detecting vulnerable ciphers on legacy or poorly maintained devices is essential for maintaining a strong security posture. Many enterprise environments include older hardware like IoT sensors, legacy printers, or industrial controllers that lack the processing power or firmware updates needed for modern encryption. These devices often become easy targets for attackers.
Indicator Drivers
TLS Cipher Score Driver
To ensure strong data protection, the TLS cipher score driver evaluates cipher suites by grouping them into risk levels based on their exposure to known cryptographic attacks. Ciphers in the critical category, such as those using the broken RC4 stream cipher, are considered fundamentally insecure.
| Tag | Default Score |
|---|---|
| tls_cipher_score | Risk severity varies |
TLS Version Score Driver
The TLS version score driver assesses the security of connections by categorizing TLS versions into risk levels based on their known vulnerabilities. Older versions like TLS 1.0 and 1.1 are considered weak due to outdated cryptographic methods and lack of support in modern security standards. In contrast, TLS 1.3 represents the strongest option, offering improved performance and enhanced security features.
| Tag | Default Score |
|---|---|
| tls_version_score | Risk severity varies |