All that data coming into your enterprise? It’s encrypted. Well, nearly 90 percent of it is, at least according to Google. Most encryption serves a noble purpose: Users employ it to secure the data they send across the open internet. Unfortunately, so too do threat actors, who encrypt their destructive payloads to obscure them from traditional security inspection.
The real problem is one of scale: Legacy hardware cannot easily scale to inspect all incoming and outgoing data traffic, especially when data traffic volume spikes. Some security approaches simply ignore that fact, others sample incoming secured data. Both approaches leave enterprises vulnerable.
More and more hackers are taking advantage of the fact that many organizations simply can’t inspect all encrypted HTTPS traffic. Those organizations make attractive attack targets: In the last nine months, SSL/TLS-encrypted threat activity has increased 260 percent over last year. And in the last six months, the Zscaler ThreatLabZ security research team has seen ransomware attacks delivered inside encrypted traffic grow five-fold. (A recent Zscaler ThreatLabZ study analyzed threats hidden in encrypted traffic and looked deeper into sophisticated attack techniques).
The cloud-based Zscaler Zero Trust Exchange offers comprehensive inspection of all SSL/TLS-encrypted data traffic, with no impact to performance. But that’s only a first step: Many organizations may still face obstacles—architectural, technological, or legal—implementing full inspection of encrypted data. Some organizations must delay adopting encryption-inspection due to GDPR-compliance or worker-council concerns. But such delays expose enterprises to risk, and not just because they’re not using the full power of their security solution(s).
Zscaler is helping organizations protect their users, applications, and data assets with full SSL/TLS encryption inspection. Next month, join me and my colleagues Brad Moldenhauer and Nicolas Casimir (Zscaler CISOs for the Americas and EMEA regions, respectively) at Zenith Live 2020, where the three of us will present “SSL Inspection is Critical: How to Overcome Legal and Privacy Objections.”
Our talk will focus on the risks posed by encrypted threats; the business, legal, privacy, and security implications of managing that risk; and how the Zscaler Zero Trust Exchange applies a scalable approach to SSL/TLS inspection.
This year, every seat at Zenith Live is in the front row, as the event goes virtual: All sessions are available online and free. But space is limited, so register today at ZenithLive.com.
*** This is a Security Bloggers Network syndicated blog from Research Blogs Feed authored by Kevin Schwarz. Read the original post at: https://www.zscaler.com/blogs/company-news/zenith-live-2020-session-spotlight-ssl-inspection-critical-how-overcome-legal