Uncloaking corruption within encryption
F5 Networks’ Michael Brown debates encryption as a weapon against cybercrime
Encryption is an effective weapon against cybercrime. Securing valuable data flow between applications is essential for safeguarding identity and helping communications between a web browser and a server to remain private. The growth in SSL/TLS encryption is expected to reach 70% of all internet traffic in the near future. However, with advances in technology, encryption also hides corruption.
The increasing volume of encrypted traffic is placing enormous strain on company networks. Why? This is because at the time when most security infrastructures were implemented, the amount of encrypted traffic was significantly less than it is today. In 2015 it accounted for 29% of all traffic. This resulted in solutions that fall woefully short when configuring them to inspect the amount of encrypted traffic in today’s world.
IT security departments are challenged with rising malicious attacks and cybercriminals who use stolen digital certificates and encrypted keys to acquire valuable enterprise and customer data. Cybercriminals know that traditional security solutions are vulnerable because the growing volume of bandwidth gained with cloud-based service allows them to surreptitiously infiltrate networks with encrypted traffic without being detected. So, how can businesses ensure they are not blind to corruption and that their data stored in the cloud is protected?
The unseen enemy
Firms that do not adopt advanced security tools to inspect SSL/TLS traffic are exposed to cyber-attacks because they lack visibility into malware and control over traffic. The unseen enemy can wreak havoc on network systems, impair performance and sabotage services.
Hackers use techniques that install web shells on servers that use SSL/TLS encryption, which results in these requests to and from the back door being encrypted along with the server’s own legitimately installed private key. Network architectures that have not been configured to permit inspection of SSL/TLS traffic are vulnerable to the attackers’ malicious actions and often go undetected.
Many IT departments and security teams feel hindered to protect customer data and sensitive corporate assets. Security solutions that inspect network traffic have the ability to decrypt network traffic, but firms often fail to enable the capability or deactivate it under the misconception that it can hinder operational performance.
In many cases, SSL/TLS traffic inspection is enabled in less than half of all network security appliances, which render solutions blind to malware passing through the system when they are in the form of encrypted traffic.
Cybercriminals exploit this practice to steal valuable data, effectively cloak themselves in encrypted traffic. They direct malware to identify and extract vital credentials and even conduct reconnaissance over extensive periods of time.
The adoption of Office 365 is typical example where its usage has increased dramatically, albeit that many organisations have not planned for the increased bandwidth requirements and additional SSL/TLS encrypted traffic associated with
IDC believes that spending on standalone decryption appliances, application delivery controllers and other solutions to decrypt and inspect network traffic will experience rapid growth over the next five years. The market segment is projected to grow by double digits and could reach nearly $800m by 2020.
Best practice delivers the best outcomes. Deploying a solution that can scale is the first step in the process. Once a company has assessed its visibility and SSL/TLS decryption efforts, firms should consider adopting a standalone SSL/TLS app protection products: file analysis sandboxes, network sensors and modern endpoint security solutions for the detection of malicious targeted attacks.
With comprehensive reports, it is possible to defeat the latest attack vectors hiding within SSL/TLS traffic. The BIG-IP solution, for example, enables decryption, inspection and re-encryption of all SSL/TLS traffic to and from any data centre and the cloud. F5 SSL/TLS Orchestrator provides high-performance decryption and encryption of outbound SSL/TLS traffic, enabling traffic inspection to reveal and stop hidden threats. The device also supports policy-based management and steering of traffic flow to third-party security solutions so organisations can apply context-based intelligence to the handling of encrypted traffic flows.
Organisations look to SSL/TLS as a way to protect the integrity of their valuable data online. However, the implementation of a comprehensive SSL/TLS strategy comes with its own challenges of visibility, performance and scale. In a recent SANS Institute survey, 89% of respondents from the public sector and the healthcare, pharmaceutical, financial and general services industries cited the importance of SSL/TLS decryption and inspection to the security and performance of their organisations, which could help prevent data breaches.
Respondents raised several concerns in implementing SSL/TLS decryption solutions, including degradation within organisations that inspect and decrypt SSL/TLS traffic and lack of performance for organisations that do not have SSL/TLS traffic decryption.
Cybercriminals will continue to disrupt businesses and sap their systems of this vital data. Whether it is to expose weaknesses in a company’s network or simply to act upon political motivations, the cyber world is littered with complexity and encrypted crime. All organisations need the ability to respond to cyber threats and protect the interests of their customers.
By being clever in the cloud and knowledgeable about the dangers of encrypted traffic, firms will be better equipped to protect their operations and ensure uninterrupted service. Robust security solutions and intelligently designed cloud architecture will safeguard the operation.
A rigorous SSL/TLS strategy mitigates the risk of damaging breaches. Greater visibility into vulnerabilities helps to intelligently evaluate threats, protect the physical and virtual environment and vanquish the cyber villains. It is time to uncloak the cybercriminals and enable your applications to go faster, smarter and safer.