Matching encryption against encryption: the new SSL battleground
It’s pretty much standard these days that website traffic is encrypted and even the most undemanding app users are starting to wake up to the fact that it’s a good idea that Internet traffic, in general, is made safe and secure.
Despite the (major) glitch of the Heartbleed flaw in 2014 affecting OpenSSL, since patched, secure socket layer encryption is a technology recognized by just about everyone who’s online – even if it’s only knowing to check for the padlock symbol on a web browser.
However, SSL can also be, unfortunately, a double-edged sword. As far back as 2016, a report from A10 Networks, stated 50 percent of all cyber attacks carried out would likely be using encryption; a tactic employed by hackers to hide their invasive activities from installed security platforms.
With up to 70 percent of traffic now marked by encryption, it would be fair to say that the internet is in the midst of a Secure Sockets Layer (SSL) encryption explosion. While there may be many reasons for such rapid growth in the fostering of SSL encryption – from garnering favorable page rankings in a Google search, to a significant lack of ATS support influencing App listings in the Apple App store – oversights regarding traffic encryption can directly affect business revenue.
“Although SSL is used to protect legitimate communications containing sensitive data, it can also hide more nefarious behavior from inspection,” noted the report.
Cybercriminals now use it to hide activities from IT security tools, which typically can’t inspect or analyze encrypted communications.
“Malicious insiders have been hiding from corporate security measures for years by using encrypted communications,” it adds. “Increasing use of secure, cloud-based storage has made data exfiltration even easier, allowing insiders to exfiltrate sensitive data while evading data loss prevention and other monitoring solutions.”
For business leaders investing in potential SSL inspection partners, this means performance, compliance, availability, and security must be core considerations.
Performance, for one, is a critical characteristic of any newly-implemented business solution, particularly when that solution must emulate ever-increasing loads. Of course, ever-increasing SSL inspection keys require rising levels of computing power, which could ultimately affect network performance and drive corporations to turn them off altogether.
Despite the fact that many firewalls and threat solutions are capable of decrypting SSL traffic, the majority are inadequate when it comes to keeping pace with emerging demands of decryption.
Fact is that an absence of SSL inspection means your organization is vulnerable to attacks, leaving it open to costly downtime, loss of sales, customer backlash and a compromise of intellectual property – not to mention the hefty costs attached to fixing data breaches, as well as patching up a bruised and damaged reputation.
“Protection against encrypted threats starts with incline encryption,” adds the A10 Networks report. “An SSL inspection appliance decrypts the traffic, sends it to one or more security solutions (UTM, IDS/IPS, firewall, etc) and then passes it back through another partition to encrypting it again.”
The report stated that this process helps phase out the well-documented degradation that firewalls encounter when organizing all encrypted traffic.
“At the same time, the data in question is only exposed to the security device(s), ensuring that compliance and data privacy requirements are maintained. Policies can even be set up to allow specific data, like patient health records, to remain encrypted to comply with relevant mandates.”
On top of supporting the performance of your new business solution, the best defense your company can have is an SSL inspection platform that also complies with these criteria:
- The tool satisfies compliance mandates, categorizing web traffic in terms of type while ensuring confidential data remains encrypted;
- It supports complex deployment requirements and is able to decrypt traffic from multiple devices;
- The platform is able to maximize security infrastructure uptime and capacity, enabling advanced monitoring that allows it to rapidly identify network and application errors;
- It must securely handle SSL certificates and keys, integrating with third-party SSL certificate management solutions that discover and control certificates;
- The tool must also be able to decrypt all standards-compliant encrypted traffic, with techniques like 4096-bit SSL keys, and elliptic curve ciphers.
- techniques like 4096-bit SSL keys,and elliptic curve ciphers.
If your business isn’t secure, standard industry mantra states that it’s a case of when you’ll be hacked, not if. Seek out specialist knowledge today.
4 October 2022