Information technology security departments are challenged with rising malicious attacks, and cybercriminals who use stolen digital certificates and encrypted keys to acquire valuable enterprise and customer data, says network security multinational F5 Networks senior engineer Martin Walshaw.
The increasing volume of encrypted traffic is placing enormous strain on company networks. The use of secure sockets layer (SSL) and transport layer security (TLS) cryptographic protocols is expected total 70% of all Internet traffic in the near future.
However, SSL/TLS traffic inspection is typically enabled in less than half of all network security appliances, which render solutions blind to malware passing through the system if it is encrypted traffic that is not inspected.
“When most security infrastructures were implemented, the amount of encrypted traffic was significantly less than what it is today. This resulted in solutions that are inadequate when configuring them to inspect the current amount of encrypted traffic.
“Encryption is an effective weapon against cybercrime and securing valuable data flow between applications is essential to safeguard identity information and help communications between a Web browser and a server to remain private,” he says.
However, traditional security solutions are vulnerable, owing to the growing volume of bandwidth, as cloud-based services are enabling cybercriminals to infiltrate networks with encrypted traffic without being detected. Therefore, firms that do not adopt advanced security tools to inspect SSL/TLS traffic are exposed to cyberattacks because they lack visibility into malware and control over traffic.
The unseen enemy can impair the performance of network systems and sabotage services. Hackers use techniques that install Web shells on servers that use SSL/TLS encryption, which results in the requests to and from the compromised machine being encrypted with the server’s own legitimate private key, Walshaw explains.
“The first step to improving the visibility of encrypted traffic is to deploy a scalable solution. Once a company has assessed its visibility and SSL/TLS decryption, it should consider adopting standalone SSL/TLS application protection products, like file analysis sandboxes, network sensors and modern end-point security solutions for the detection of malicious targeted attacks.”
With such comprehensive reports, it is possible to close the attack vectors hiding within SSL/TLS traffic, he adds.
However, the implementation of a comprehensive SSL/TLS strategy comes with its own challenges of visibility, performance and scale, Walshaw highlights.
Being knowledgeable about the dangers of encrypted traffic will enable firms to protect their operations and ensure uninterrupted service. Robust security solutions and intelligently designed cloud architecture will help to safeguard them, he says.
“A rigorous SSL/TLS strategy mitigates the risk of damaging breaches that are hidden in encrypted traffic. Greater visibility into vulnerabilities aids in intelligently evaluating threats, protecting the physical and virtual environment and stymieing cybercriminals,” he concludes.
Edited by: Martin Zhuwakinyu
Creamer Media Senior Deputy Editor
EMAIL THIS ARTICLE SAVE THIS ARTICLE
ARTICLE ENQUIRY
To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here