07-25-2022 02:29 PM
I haven't come across any sites that utilize QUIC yet that won't fallback to working over traditional TLS when QUIC is blocked. Unless it's changed QUIC utilizes proprietary encryption, so I don't think decryption is something that PAN would be able to add unless Google has/decides to open that encryption up. I'd love to be wrong about the encryption though, because it is becoming more heavily utilized (Microsoft is also doing SMB over QUIC now as well).
Personal Take: I think we'll shortly run into a situation where network security from a decryption aspect needs to move to a host based agent. Since decryption is essentially a MiTM attack against your own assets (well, hopefully your own assets) it's also by nature something that you don't really want to make easy to accomplish. Either this moves to a host based agent, or Google/Apple/Microsoft will need to make some kind of exception process for enterprise endpoints. I personally think a host based agent is more likely.
