Abstract: A system and method for real-time threat detection for encrypted communications are provided. A method includes monitoring a data stream in a network, such as an M2M network, including encrypted message data and non-encrypted metadata associated with the encrypted message data being transmitted between endpoints on the network. The method includes extracting data stream metadata from the data stream including data points extracted from the non-encrypted metadata. The method includes enriching the data stream metadata with contextual data relating to one or more of threat, vulnerability and reputation data points and being obtained from one or more signal sources to output enriched data. The enriched data is analysed and a risk probability score associated therewith is calculated. An action is initiated in accordance with the risk probability score so as to mitigate a threat present on the network.