Encrypted traffic has become increasingly ubiquitous at most organizations. According to new ESG research, a vast majority (87%) of organizations surveyed encrypt at least 25% of their overall network traffic today (note: I am an ESG employee) Network encryption is a security best practice as it protects the privacy and confidentiality of network traffic as it travels from source to destination.
While network encryption protects the confidentiality and integrity of data-in-transit, security professionals also understand that network encryption can also be used for malicious purposes. Cyber-criminals and hackers can use encrypted channels to hide reconnaissance activities, malware distribution, and command-and-control (C&C or C2) traffic alongside benign SSL/TLS sessions. Are organizations vulnerable to cyber-attacks that use network encryption as a cloaking technique? ESG research suggest that the answer is “yes,” – 22% say that their organization is extremely vulnerable to some type of cybersecurity attack that uses SSL/TLS encryption as a cloaking technique to circumvent their existing security controls while 40% believe that their organization is somewhat vulnerable to some type of cybersecurity attack that uses SSL/TLS encryption as a cloaking technique to circumvent their existing security controls.
Given the rising threat represented by SSL/TLS traffic, most organizations say they are actively implementing network security countermeasures. A strong majority (87%) of the organizations surveyed decrypt and then inspect SSL/TLS traffic for signs of reconnaissance activity, malware, C2 communications, etc. Of the remaining organizations, 8% say they are rolling out the right network security technologies enabling them to inspect SSL/TLS traffic within the next 12 months. The remaining 5% are not decrypting/inspecting encrypted SSL/TLS traffic today but are interested in doing so in the future.
So large organizations are encrypting more of their network traffic AND decrypting this encrypted traffic to inspect it looking for Indications of Compromise (IoCs) and malware. Hmm, if you’re thinking that this seems like a lot of tedious work that could lead to a host of problems, you are right. Look for another blog soon that highlights what ESG research discovered about network encryption/decryption challenges and the strategies used to overcome these issues.