John Komarthi’s innovations show how enterprises can secure encrypted traffic with AI, metadata, and behavior analysis-without breaking privacy.
encrypted traffic security
With most online traffic now encrypted, enterprise security teams are facing a growing problem: “how do you protect what you can’t see?” Traditional tools have long struggled to inspect encrypted data without slowing down performance or breaching privacy. It's a tricky balance between keeping systems secure and respecting users' confidentiality.
This challenge has been especially pressing for large organizations managing vast amounts of encrypted traffic over VPNs and secure web connections. At the heart of a more practical solution is a Security Expert, John Komarthi, whose work across companies like SonicWALL, McAfee, and Fortinet has helped shift how encrypted traffic is handled.
While at SonicWALL, his focus was on firewalls and secure mobile access systems used in enterprise environments. “A recurring challenge in enterprise networks was the inability to inspect this traffic without breaking performance or violating privacy,” he shared. The problem his team faced was clear: either let encrypted data pass unchecked, risking hidden malware, or decrypt it entirely, which can introduce legal, privacy, and technical issues. Neither of the options was ideal. So, instead, he came up with a different solution. “What I brought to the table was a middle ground-leveraging metadata fingerprinting, SNI analysis, certificate behavior, and behavioral flow heuristics to detect threats inside encrypted streams without full decryption.”
Discussing further, he noted, “My contributions helped the team build a detection model that didn’t rely entirely on payload visibility. Instead, we used machine learning to profile “good” vs. “suspicious” session behavior, enabling smart enforcement without full content inspection.” By analyzing patterns like session timing, the way encryption handshakes were performed, or how certificate information appeared, they could spot suspicious activity without decrypting the data. For instance, when a normally stable application started switching encryption settings unexpectedly or showed signs of automated behavior, it could indicate a bot or malware communication trying to avoid detection.
These insights became part of the detection models built into the organisation’s security products. They allowed teams to spot threats hidden in encrypted traffic while still maintaining performance and privacy standards, something previously thought difficult to achieve.
Komarthi didn’t just work on concepts, he built tools to test them. Using real-world attack simulations, he validated whether security systems could catch threats even when traffic remained encrypted. These tests included malware using secure channels to leak data or command-and-control systems hiding inside HTTPS traffic. His automation scripts, often written in Python, helped ensure these detections worked consistently under different conditions.
Earlier, during his time at Intel Security (McAfee), his focus had been even lower in the tech stack. He looked at how firmware and wireless systems handled encrypted communication, particularly around things like certificate validation and handshake security. This work helped him understand the earliest points where encryption can be vulnerable, before a secure session is even fully established.
Today, he applies that knowledge at Fortinet. He works on FortiWeb, a system designed to protect web applications in cloud environments. Here too, encrypted traffic poses a challenge, especially as attackers use it to hide bot attacks or abuse login systems. His team uses artificial intelligence to track things like how quickly data moves, the size of headers, and how often sessions are created. These details help spot problems without needing to decrypt the traffic-crucial for services running in platforms like AWS and Azure.
Across all of these roles, the underlying goal has stayed the same: finding ways to secure encrypted traffic without breaking it open. “You don’t always need to decrypt to detect,” he advocates. Encryption is important, it protects privacy and data, but it can also hide threats. His work shows that you don’t always need to see inside the data to know something’s wrong. Sometimes, how it behaves tells you enough.
For companies trying to protect their systems in a world where encryption is everywhere, that message matters. Full decryption isn’t always an option, especially at scale. But by focusing on behavior and using smart detection tools, it’s possible to keep systems secure without compromising what encryption is meant to protect. It’s a quiet shift in strategy, but one that’s helping solve a problem that’s been around for years.
Subscribe today by clicking the link and stay updated with the latest news!" Click here!
