According to a recent Gartner study, SSL/TLS traffic now comprises 15-25 percent of total web traffic. Up to a third of enterprise internet traffic is now encrypted, and that figure is growing rapidly.
While encryption helps to keep private information private and secure, it is a double edged sword. “Bad guys” often use it to conceal advanced and targeted cyber threats, and to sneak out data without being noticed.
While encrypting web sessions protects end-user data from being viewed in transit over the Internet, it creates a blind spot for IT administrators; they typically have no visibility into SSL-encrypted traffic. Unfortunately, SSL has become one of the most popular ways to inject malware and mask malicious code, such as Trojan horses and viruses.
Gartner reports that less than 20 percent of organizations with NGFW or IPS appliances decrypt inbound or outbound SSL traffic. Gartner believes that by 2017, more that 50 percent of the network attacks will use encrypted SSL/TLS communications.
Hence, SSL network protocol, is one of those really interesting technologies that were designed to keep us safe on the Internet. Ironically, in doing so, it has completely disrupted the network security industry to a point where our protection and detection equipment have become blind.
Network operators have had to choose between two extremes in confronting these issues. They can take a draconian approach by blocking all SSL communications entirely, or allow SSL communications transparently, without inspection.
To address this growing concern and new attack vector, it is highly recommended that enterprise organizations take steps to gain visibility into encrypted traffic and implement an SSL encrypted traffic management solution.
Bluecoat recommended the following approach:
1.) Take inventory and plan for growth
Assess the SSL encrypted network traffic in your organization for mix and volume. On average, plan for at least 20 percent year-over-year growth in SSL traffic.
2.) Evaluate risk of un-inspected traffic
Share insights, compare to established policies, understand and decrease the gap from a security and privacy standpoint and create joint action plan to resolve vulnerabilities.
3.) Enhance network security with an Encrypted Traffic Management solution
Empower your existing NGFW, IDS/IPS, Proxy, anti-virus, DLP, malware analysis, and security analytics solutions with the ability to detect all threats.
4.) Monitor, refine, and enforce
Constantly monitor, refine, and enforce the acceptable use policies for encrypted applications and traffic in and out of your network.
5.) Security, High Performance, Policy-Based Control
Encrypted traffic is pervasive in today’s networks. Market research indicates continued rapid growth over the next several years. IT network operators need new solutions that satisfy the need for information security for both the Enterprise and individual users, as well as requirements for compliance, acceptable-use policies, and government regulations for security and privacy. The resulting solution must not require re-architecting the security infrastructure, nor impact network performance, because compliance at the expense of throughput is no more acceptable than meeting user and application bandwidth requirements while ignoring security. Historically it has been difficult, if not impossible, to satisfy these competing requirements for comprehensive security, high performance, and effective, policy-based control.
Companies can also focus on the following 3 areas to solve the network security encryption dilemma:
- Develop a network security defense eco-system that co-exists in an encrypted world. Blue Coat have taken the initiative to build a new certification program for Encrypted Traffic Management (ETM Ready) to provide oversight and ensure third party vendor products work seamlessly together, in particular with the Blue Coat SSLV.
- Ensure that decrypted data cannot be modified or changed. This fundamentally comes back to trust. Any approach that provides an air gap or zone between decrypting and re-encrypting where decrypted data is uncontrolled should raise a red flag. For this reason the original data is sent and not a modified copy. As part of the ETM Ready certification, data must be tested and certifies unmodified.
- Industry collaboration and cohesiveness to support existing and new cipher suites as they become mainstream. We don’t want to weaken the key exchange, encryption or authentication methods between client and server when an SSL Visibility appliance is present, but rather natively support the cipher suite from end to end.