| Forward Untrust Certificate has been a feature since day one, the earliest document mentioning Forward Untrust I was able to find online is for PANOS 6.0 which is like 8 years ago? in company of thousands users nobody has the energy to spy on employees - it is simply not worth the effort. Why would company spy on own employees, it is not something that brings profit for the company. The only purpose of SSL decryption is to decrypt traffic and enforce policies: prevent users from going to shady websites, downloading malware, clicking on phishing links, stop viruses, trojans and hackers' command&control comms. It is because majority of http traffic is TLS encrypted, that security vendors no other choice other than decrypt and inspect. Nobody is looking over zillions of logs, looking at what pages a random employee is browsing in a given day - aint nobody got time, energy, nor infrastructure to do that. User identity (also device identity, and app identity) is used as to classify traffic and it is then up to company admins to create policy for enforcement. Whatever the policy is - it will be enforced, and it is the same policy&terms you agree to by signing employment contract. Which says something like - your work laptop and corporate Internet connection can only be used for work related stuff and not personal stuff, etc, etc. |