Encryption: What you can't see can hurt you

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bi-me.com/main.php?c=3&cg=4&t=1&id=66534

The security industry has shifted its focus to the client side. Malware and
other malicious programs are increasingly being installed unknowingly on
client computers where they can replicate to other clients, and relay
information to malicious entities.

Security vendors provide tools to detect and mitigate these problems by
inspecting the traffic between client and the untrusted side of the network
(the Internet).

At the same time, most online web services or cloud applications now use
TLS/SSL to secure the session with the client. While this is a good
strategy for many reasons, it introduces a problem for active traffic
inspection tools—the information is encrypted and thus, unreadable.

SSL encryption is a double-edged sword for organizations. It bolsters
security by providing confidentiality and message integrity. It enables
users to verify the identity of application owners and it allows
applications to authenticate users with client certificates. As threats
like snooping, phishing, and data theft continue to grow, encryption has
become an essential way to protect users and data.

But encryption also puts organizations at risk. Hackers leverage encryption
to conceal their exploits from security devices that can’t keep up with
increasing SSL decryption demands or that cannot decrypt SSL traffic at all
because of their location in the network.

Security devices such as firewalls, intrusion protection systems and
anti-virus protection devices are built to perform in-depth traffic
analysis of unencrypted flows, and make policy decisions. These devices
usually are not designed to inspect SSL traffic because the content is
encrypted. How serious is the threat?

According to a recent Gartner survey, “less than 20% of organizations with
a firewall, an intrusion prevention system (IPS) or a unified threat
management (UTM) appliance decrypt inbound or outbound SSL traffic.”[1]
This means that hackers can evade over 80% of companies’ network defenses
simply by tunneling attacks in encrypted traffic.

SSL Usage on the Rise
To reduce the risk of snooping and theft, an increasing number of
applications encrypt data using SSL or SSL’s successor, Transport Layer
Security (TLS). SSL usage has become ubiquitous and many leading websites
now encrypt every web request and response. In fact, 48% more of the
million most popular websites use SSL in 2014 than a year earlier[2].

However, the transition from 1024- to 2048-bit SSL key lengths[3], combined
with growing SSL bandwidth demands, has burdened security devices that
decrypt SSL traffic. The impact of decryption on security devices is
startling. Analysis by NSS Labs reveals that 2048-bit SSL ciphers “caused a
mean average of 81% in performance loss”[4]  for seven leading
next-generation firewalls.

To combat the above issue, organizations need to implement high-speed SSL
decryption technology to help decrypt and inspect SSL traffic without
degrading network performance. The technology should enable third-party
security devices to inspect encrypted traffic so as to completely eliminate
the blind spot imposed by SSL encryption.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!