Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

SSL Encryption: Keep Your Head in the Game

Cryptography isn’t new. Humans have always liked to keep secrets. Or at least try.

More than 400 years ago, Mary, Queen of Scots, tried. Unfortunately, in the encryption-gone-wrong Babington plot, she didn’t fair so well. When one of Queen Elizabeth’s cunning advisors decrypted a coded correspondence about an assassination conspiracy, it was off with poor Mary’s head.

Cryptography isn’t new. Humans have always liked to keep secrets. Or at least try.

More than 400 years ago, Mary, Queen of Scots, tried. Unfortunately, in the encryption-gone-wrong Babington plot, she didn’t fair so well. When one of Queen Elizabeth’s cunning advisors decrypted a coded correspondence about an assassination conspiracy, it was off with poor Mary’s head.

Decryption can be used to your advantage. It certainly was in Elizabeth’s case.

Encryption: The Double-Edged Sword

Today, more and more Internet traffic is encrypted. In fact, according to the Dell 2016 Annual Threat Report (PDF), nearly 65 percent of it is.

But encryption is a double-edged sword. It’s good when it protects you, your confidentiality, and your data. However, as with most things in life, there’s two sides to every story. And encryption’s not so good when it protects the bad guys, too.

Decrypting SSL

See, in addition to the growth of SSL traffic, studies also show that SSL is one of the fastest growing attack vectors. In fact, in its report, “Security Leaders Must Address Threats from Rising SSL Traffic,” Gartner predicted that, by 2017, more than 50 percent of network attacks will use encrypted traffic to bypass controls. Hackers are drawn to encryption because it makes it easier for them to move and hide malware, and, even, take from you the very data and privacy you aim to protect.

By all estimations, not only should a decryption and inspection strategy be viewed as a necessity for businesses, but as a top security priority in 2016.

Advertisement. Scroll to continue reading.

What’s Fair to Decrypt?

If you’re using a company-issued laptop and company-hosted servers for email, should you be allowed to send work email to your personal Gmail account? Well, not really. Or at least not unless you’re cool with allowing your company to inspect those emails because, you got it, the situation does pose a legitimate security risk.

In the United States, it’s a touchy topic. Many privately held companies have begun to inspect this type of traffic, while many public companies are awaiting new legislation on the matter. In Europe, even where privacy reigns supreme, when and where to use decryption is coming up for debate more and more.

What’s important is to determine where there’s a clear security rationale for decrypting certain SSL-encrypted streams, and get a better understanding of who’s doing the encryption that may be traversing your network. Because, oh yeah, another thing about today’s encryption: It’s stronger and more difficult to decrypt than ever before. So even if organizations wanted to decrypt every bit of SSL traffic (which would most certainly make their users uncomfortable with regards to loss of privacy), their networks would take huge performance hits due to the computationally intensive nature of SSL decryption.

Finding a Balance

Most security architectures use multiple inline and out-of-band security and monitoring tools, each responsible for inspecting traffic and performing its own unique function. The problem is complexity and cost. Decrypting and routing SSL traffic to numerous security and analytics tools or enabling those tools with decryption capabilities isn’t simple and can be expensive.

And if one thing is certain, it’s that security can be neither a business bottleneck nor an operational money pit.

That means organizations need to find a balance and, in many cases, find ways to do more with less. For now, a practical tack is to establish security policies with regard to traffic inspection, and implement the right mix of SSL decryption and traffic inspection systems such that they don’t introduce latency or business disruption.

A good place to start is with a security delivery platform (SDP) and SSL visibility appliances. An SDP enables scalability and availability of your network while ensuring that relevant traffic is delivered to all the right tools at once. With its load-balancing capabilities, you can spread traffic flows across multiple SSL visibility appliances, avoiding bottlenecks and strengthening your security architecture as a whole.

Once traffic is decrypted by an SSL visibility appliance, it can be quickly routed through several security and performance monitoring tools, inspected, and sent back to the SSL visibility appliance for re-encryption. And should ever an SSL visibility appliance crash, an SDP’s inline bypass capabilities usually offer a range of failover options, including fail close, fail open, logical pass-through, or distribution to other devices.

Too bad Mary and Elizabeth couldn’t have found a similar way to align. As they say, two heads are better than one.

Related ReadingTo Improve Security Effectiveness, Look Inside

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet