Gartner predicts that by 2017 more than half of network attacks targeting enterprises will use encrypted traffic to bypass controls. With attackers preying on the security gaps created by encrypted traffic, there are various common network traffic inspection errors being made by organisations today.
Lack of attention. Gartner finds that in-depth defence effectiveness gaps are being ignored. For example, most organisations lack formal policies to control and manage encrypted traffic. Less than 50 percent of enterprises with dedicated Secure Web Gateways decrypt outbound Web traffic. Less than 20 percent of organisations with a firewall, an intrusion prevention system or a unified threat management appliance decrypt inbound or outbound SSL traffic.
Inaccuracy. Enterprises inaccurately throw money at all kinds of solutions, from IDS/IPS and DLP to NGFW, malware analysis and more. While these solutions address a variety of issues, they only offer SSL inspection as an add-on feature, and oftent have limited visibility into just web/HTTPS traffic. In this case, multiple appliances must be deployed to support the inspection of processor-intensive SSL traffic, which is costly, ineffective and operationally challenging.
Hesitation. Starting and stopping often plagues IT security teams when it comes to encrypted traffic decryption projects. The complex set of laws and regulations on data privacy typically impedes decision-making by the legal, HR or compliance teams. Furthermore, the risk of conflict and dissatisfaction with employees often derails these encrypted traffic decryption efforts.
Playing with a weak defence. Malware uses SSL to do its damage. For example, according to Gartner, the pervasive Zeus botnet uses SSL/TLS communication to upgrade after the initial email infection.
Letting the environment cloud your game. The rapid adoption of cloud apps and services dramatically expands and complicates the IT environment, accelerates SSL/TLS encrypted traffic use, and expands the risk surface for attacker exploitation. Modern applications such as social media, file storage, search and cloud-based software increasingly use SSL/TLS as their communications foundation. Monitoring and scouring these applications and services for malicious content and activity is highly recommended. At least, the expanding use of these applications creates more questions about when to strategically encrypt and decrypt.
A number of solutions and steps can be taken by organisations to eliminated several security blind spots in their networks such as:
- Take inventory and plan for growth. Assess the SSL encrypted network traffic mix and volume in your organisation.
- Evaluate the risk of uninspected traffic. Gather information and collaborate with your non-IT colleagues in HR, legal or compliance. Then review and refine established policies from a security, privacy and compliance standpoint and then create a joint action plan to resolve any vulnerabilities.
- Enhance your network security infrastructure with comprehensive encrypted traffic management. Empower existing NGFW, IDS/IPS, anti-virus, DLP, malware analysis (sandbox) and security analytics solutions with the ability to detect all threats – even from formerly encrypted traffic – and process them accordingly.
- Monitor, refine and enforce. Constantly monitor, refine and enforce the acceptable use policies for encrypted applications and traffic in and out of your network.