The field of network security has been going through a signifcant evolution during recent years. Services that used to be run locally by organizations, such as email servers and offce solutions, have largely been transformed into cloud services. In addition, the amount of remote work has increased considerably, mostly due to the COVID-19 pandemic which forced network users to become remote almost overnight. The separation of good and bad network traffc has become increasingly diffcult, and the appearance of false positive and false negative security events is unacceptably frequent. Network security solutions are forced to produce innovative approaches for providing reliable protection for their users.

This thesis focuses on the concept of improving the traffc inspection process of a network security solution with endpoint awareness. There are three main contributions in this thesis. The frst contribution is in providing a comprehensive understanding of how a network security solution can gain endpoint awareness. A patent is included in the thesis, introducing a novel, concrete way of gaining further aware¬ness of the endpoint based on the information stored in the extensions included in the handshake process of an encrypted TLS connection. This method has already been implemented into the Forcepoint Network Security Platform and has proven to be a valuable addition to the product. In addition, a study is performed on existing methods of gaining endpoint awareness where both active and passive methods are examined, as well as the state-of-the-art in different network security solutions. The second contribution is in introducing well rationalized improvements for the existing hash fngerprinting algorithms. An update is proposed for these algorithms where the pre-hash string is used as the fngerprint instead of taking the fnal hash value. Experiments are performed using machine learning on the pre-hash strings for endpoint awareness, showing promising results. The third contribution is in defning two concrete methodologies for implementing endpoint awareness into a network secu¬rity solution. The effcacy of the second methodology, entitled JAPPI, is evaluated in a larger-scale experiment. The model performed exceptionally well, with 99.5% coverage, demonstrating that it provides an excellent means for introducing endpoint awareness into the inspection process of a network security solution.