As the title says, I am curious whether this is usual and what are alternatives to HTTPS traffic interception to protect a company and for doing incident response & analysis.
I've worked for customers in the past who did this. For the most part it was a huge hassle and didn't really help with incident response and analysis.<p>You have to install company root certificates on clients, perhaps even merely self-signed ones if they've been particularly cheap and lazy. Then traffic needs to be routed through a firewall / proxy as well.<p>This in turn can lead to issues with tools such as Maven or NPM. These issues can be hard to debug.<p>Besides, if you don't know what you're doing - and most companies don't specialise in network security - it's easy to get the setup wrong and create major security problems.<p>Sometimes the motivation isn't so much protection against malware but rather a petty desire to know what employees are doing.<p>For these reasons I'd strongly advise against this practice.<p>As for alternatives:<p>Follow and encourage the use of accepted best practices.<p>Educate and trust your employees about security.
Yep, we have proxy servers with SSL decryption/inspection. Root CA installed on all company devices.<p>There are a number of whitelisted URLs (banks, and services that refuse to work with a MITM'ed cert) but other than the initial headache during implementation, it is pretty seamless now.
My current company doesn't do this but I'm curious how it is supposed to help with incident response and analysis. Are you talking about server traffic or employee laptop's traffic?