Encrypted traffic: the threat nobody’s talking about
In the ever-changing landscape of cybersecurity, professionals are fighting a relentless battle. As defensive measures advance, malicious actors find new ways to exploit vulnerabilities, leading to an ongoing game of cat and mouse. An intense battleground has emerged in the form of encrypted data: while encryption offers a robust shield against data breaches, it also serves as a convenient cloak for cybercriminals to execute their attacks covertly. In an era dominated by cloud technology and encryption, the need for deep observability has become more important than ever in order to achieve the required level of visibility into data in motion.
The duality of encryption
Back in 2018, Cisco's annual report predicted that a majority of cyberattacks would leverage encryption in the near future. This prediction has now become reality. The widespread adoption of encryption by businesses, even more so with the transition to the cloud, has provided attackers with an ideal cover for executing stealthy tactics. Presently, a staggering 93 percent of malware hides behind encryption, yet a recent Gigamon Hybrid Cloud Survey revealed that only 30 percent of UK IT and security leaders believe their organisations possess adequate visibility into encrypted traffic. What's more, it's alarming that only 1 in 3 of those who fell victim to cyberattacks claimed to understand how they were attacked, indicating that the obscurity of threats within encrypted traffic played a significant role in this lack of awareness.
In an environment where resource allocation decisions are challenging and maintaining productivity is essential, justifying the time, financial investment, and processing power needed to decrypt and analyse traffic often takes a backseat. However, overlooking deep observability is a risky strategy. Without proper monitoring for encrypted threats, businesses expose themselves to a perfect storm of cyber risk, with alarmingly low visibility into their network activities.
Gaps in visibility
A significant concern among IT and security professionals is their inability to comprehensively analyse data flowing through both cloud and on-premises networks, and these blind spots present a significant worry. Complete visibility across networks holds the key to predicting, monitoring, and rapidly addressing breaches. Nevertheless, the complex web of modern business networks complicates this task.
Hybrid and multi-cloud networks, with their inherent complexity, blur the lines of network visibility. On-premises tools lack the visibility required for cloud and container-based traffic, and cloud-native tools might not capture network-level traffic. This disparity results in isolated cloud environments, allowing space for concealed threats.
Perception and reality often diverge. While nearly 94 percent of professionals who responded to the Gigamon Hybrid Cloud survey believe their security tools provide comprehensive visibility into hybrid cloud environments, the actual attainment of end-to-end visibility is an elusive goal. Less than half of the same respondents have visibility into laterally moving data, also known as East-West traffic, leaving room for malicious activities to traverse within networks unnoticed.
A double-edged sword
The visibility gap is most glaring when dealing with encrypted traffic. While SSL/TLS encryption secures data-at-rest and data-in-transit, safeguarding sensitive information, this very shield can be exploited by malevolent actors while businesses have limited visibility into encrypted traffic entering or exiting their networks.
Encryption isn't only leveraged by cybercriminals in ransomware attacks; it also serves as a vehicle for concealing malware, suspicious traffic, and communications. Malicious actors exploit encryption to deliver malicious code and exfiltrate sensitive data. As businesses continue their digital transformation and rely more on encryption, the increasing volume of encrypted data only amplifies the risks associated with unmonitored encryption.
Streamlining decryption
Network security hinges on visibility. The prevalence of encryption as a tool for cyberattacks has remained largely unaddressed. Cybersecurity leaders must acknowledge the urgent need for deep observability and advocate for necessary resources from their boards.
Addressing network visibility challenges through meticulous decryption and traffic inspection presents its own hurdles, including high costs and demanding computing power. By employing tactics like application filtering and traffic deduplication, network security teams can reduce processing requirements and prioritize risk management.
In a world where business success is inextricably linked to security posture, turning a blind eye to unprotected vulnerabilities is no longer an option. To combat the concealed threats lurking in encrypted traffic, cybersecurity leaders must spotlight the importance of visibility and drive changes that fortify an organization's defences. After all, defending against the unseen is a daunting task, but it's one that businesses can't afford to ignore.
Upcoming Cyber Security events
Cyber Security updates
Sign-up to get the latest updates and opportunities from our Cyber Security programme.
Authors
Mark Jow
Mark Jow at Gigamon aims to help organisations leverage deep observability to optimise hybrid cloud performance. As the organisation’s first field evangelist for EMEA, Mark Jow has over 30 years of experience in the industry, having held senior technical leadership positions in Oracle, EMC, Veritas and more recently Commvault.