With the release of Zenarmor 2.2, we've expanded our TLS inspection capabilities to give administrators finer-grained control over encrypted traffic. You can now specify individual websites and domains where TLS inspection should be applied, building upon our earlier version, which enabled inspection on a per-web-category basis.
This enhancement delivers greater flexibility and precision in securing encrypted traffic while maintaining optimal performance and privacy compliance.
Background: The Growing Importance of TLS Inspection
Today, over 95% of web traffic is encrypted. While encryption is vital for protecting data privacy, it also provides a convenient hiding place for cyber threats such as:
- Malware hidden within encrypted payloads.
- Phishing sites use HTTPS to appear legitimate.
- Data exfiltration via encrypted channels.
Without TLS inspection, these threats remain invisible. TLS inspection allows Zenarmor to securely decrypt, analyze, and re-encrypt traffic in real time, uncovering malicious or policy-violating content before it reaches your users or systems.
Zenarmor's integrated Secure Web Gateway (SWG) and Content Inspection engine, part of our Single-App, Single-Pass, Single-Stack approach, enable organizations to detect and block threats concealed within encrypted sessions, preserving visibility and control across distributed networks.
What's New in Version 2.2
Previously, TLS inspection in Zenarmor could be applied based on web categories, such as "Social Media," "Cloud Storage," or "Finance."
In version 2.2, administrators gain domain-level precision. You can now:
- Specify exact websites (e.g., example.com, crm.company.net) for TLS inspection
- Exclude trusted domains to maintain privacy or comply with regulations.
- Create mixed policies that combine both category and site-based rules.
This fine-tuned control helps maintain the perfect balance between security, performance, and privacy. For example, you might enable TLS inspection on file-sharing or unknown sites but skip it for banking or healthcare portals where sensitive data should remain untouched.
Benefits of Granular TLS Inspection
1. Deep Threat Visibility
Reveal malware, phishing, and data leaks hiding within encrypted traffic, the primary attack vector in modern cyber threats.
2. Privacy-Aware Control
Respect regulatory requirements and user privacy by excluding specific domains or services from inspection.
3. Performance Optimization
Avoid unnecessary decryption on high-volume, low-risk traffic, keeping inspection focused where it matters most.
4. Unified Policy Management
All inspection rules, whether site-based or category-based, are configured and monitored within the Zenconsole dashboard, providing a centralized view and effortless management across all enforcement points.
5. Seamless Integration within Zenarmor SASE Anywhere Architecture™
Because Zenarmor performs inspection locally, on the device, edge, or private gateway, there's no need to backhaul traffic to a cloud POP. This ensures low latency, data sovereignty, and consistent protection everywhere.
Zenarmor's enhanced TLS inspection capability represents another step in our mission to deliver enterprise-grade security and visibility, on your terms. By empowering administrators to apply inspection at both the category and domain level selectively, Zenarmor ensures you maintain the ideal balance of security, compliance, and user experience.
For details of the release please check the documentation: Zenarmor SASE 2.2 Release
