Is Your SSL Traffic Hiding Attacks?
Thu, 01/17/2019 – 11:22
The results of a Gartner survey show that, “Less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.” Therefore, in over 80% of the organizations that use these security devices, cybercriminals can bypass the organizations’ existing security controls by leveraging SSL tunnels to sneak malware into the corporate network, hide command and control traffic, and exfiltrate data. This is a serious threat.
Gartner predicted that eventually more than 50% of the network attacks targeting enterprises would use SSL encryption. For this majority of organizations that do not decrypt data, most lack the ability to decrypt and inspect encrypted communications to assess these threats. This blind spot undermines traditional layered defenses and increases the risk of information breach and data loss.
Security professionals know that visibility into and control over SSL traffic is a necessity. And just as importantly, failing to find, use, and secure ALL keys and certificates for decryption undermines existing critical security controls. These tasks are critical:
- Have access to keys and certificates that can decrypt inbound traffic
- Secure the volumes of keys and certificates necessary to enable inspection
Failing to decrypt traffic and maximize decryption with ALL keys and certificates means that network attacks may be able to bypass your existing security investments
Having automatic, secure access to all enterprise keys and certificates maximizes the amount of decrypted traffic, enables inspection of SSL traffic, and eliminates blind spots that are otherwise hidden in encrypted traffic. So when it comes down to it, every extra key and certificate available for decryption means one less place for nefarious actors to hide threats in SSL encrypted sessions.
Blue Coat and Venafi have partnered to help organizations uncover blind spots from malicious SSL/TLS threats that are obscured by encrypted traffic. The Blue Coat SSL Visibility Appliance and Venafi TrustForce integration maximizes the amount of traffic that can be decrypted and inspected to eliminate blind spots. Venafi TrustForce delivers keys and certificates to Blue Coat SSL Visibility Appliances securely and efficiently, thereby eliminating manual maintenance and reducing administrator burden.
Encrypted traffic is growing fast and becoming mainstream. According to Gartner, SSL traffic comprises 15-25% of the total web traffic, making it a significant percentage. The use of SSL varies by industry, but often helps to securely transmit sensitive or confidential information.
So what’s the problem? While SSL provides confidentiality and security for an individual session, it can also create a problem for enterprise security. Cybercriminals can use SSL to hide their exploits from an organization’s security devices, like firewalls, Intrusion Prevention System (IPS), Unified Threat Management (UTM), secure web gateways, Data Loss Prevention (DLP), anti-malware solutions, and more. Cybercriminals are well aware of SSL/TLS encryption blind spots and they are using SSL/TLS to hide malicious content, evade detection, and bypass critical security controls.
*** This is a Security Bloggers Network syndicated blog from Rss blog authored by kdobieski. Read the original post at: https://www.venafi.com/blog/your-ssl-traffic-hiding-attacks-0