TECH TALK
UNCOVERING CYBER THREATS IN SSL TRAFFIC
Encrypted traffic accounts for a large and growing percentage of all network traffic . While the adoption of SSL , and its successor , Transport Layer Security ( TLS ), should be cause for celebration – as encryption improves confidentiality and message integrity – it also puts organisations at risk . This is because hackers can leverage encryption to conceal their exploits from security devices that do not inspect SSL traffic , writes Mohammed Al-Moneer , Regional Director , MENA , A10 Networks .
How serious is the threat ? According to a recent Gartner survey , “ less than 20 % of organisations with a firewall , an intrusion prevention system ( IPS ) or a unified threat management ( UTM ) appliance decrypt inbound or outbound SSL traffic .” This means that hackers can evade over 80 % of companies ’ network defences simply by tunnelling attacks in encrypted traffic . To stop cyber attacks , organisations must gain insight into encrypted data , and to do this , they need a dedicated security platform that can decrypt inbound and outbound SSL traffic .
The importance of being earnest … When evaluating SSL inspection platforms To eliminate the SSL blind spot in corporate defences , organisations should provision solutions that can decrypt SSL traffic – both inbound traffic to corporate servers and outbound traffic from internal users to the Internet – and allow all security products that analyse network traffic to inspect encrypted data . Organisations must carefully evaluate the features and performance of SSL inspection platforms before selecting a solution . If IT security teams deploy SSL inspection platforms in haste , they might be blindsided later by escalating SSL bandwidth requirements , deployment demands or regulatory implications .
Because SSL inspection potentially touches so many different security products – from firewalls and intrusion prevent systems ( IPS ) to data loss prevention ( DLP ), forensics , advanced threat prevention and more – organisations must develop a list of criteria and evaluate SSL inspection platforms against these criteria before selecting a solution . SSL inspection platforms should :
Meet current and future SSL performance demands Performance is perhaps the most important evaluation criteria for SSL inspection platforms . Organisations must assess their current Internet bandwidth requirements and ensure that their SSL inspection platform can handle future SSL throughput requirements . When
78 INTELLIGENTCIO www . intelligentcio . com