Written by Glen Ogden, Regional Sales Director, Middle East at A10 Networks
SSL encryption is a double-edged sword for many organisations in the Middle East. It bolsters security by providing confidentiality and message integrity. It also enables organisations to verify the identity of application owners and allows applications to authenticate users with client certificates. Unfortunately, encryption can also be used by attackers to infiltrate enterprises.
Encryption puts organisations at risk. Hackers leverage encryption to conceal their exploits from security devices like firewalls, intrusion prevention systems, forensics solutions, and more that can’t keep up with increasing SSL decryption demands or that cannot decrypt SSL traffic at all because of their location in the network.
According to a recent Gartner survey, “less than 20 per cent of organisations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.” This means that hackers can evade over 80 per cent of an organisation’s network defences simply by tunnelling attacks in encrypted traffic.
SSL/TLS is the new default transportation protocol
SSL usage has become ubiquitous, and many leading websites now encrypt every web request and response. In fact,48 percent more of the million most popular websites use SSL in 2014 than a year earlier. However, the transition from 1024- to 2048-bit SSL key lengths, combined with growing SSL bandwidth demands, has burdened security devices that decrypt SSL traffic. The impact of decryption on security devices is startling. Analysis by NSS Labs reveals that 2048-bit SSL ciphers “caused a mean average of 81 percent in performance loss” for seven leading next-generation firewalls.
However, encrypted traffic is often not protected with intrusion protection technology. Cyber tools are not protecting the organisation’s assets and are letting encrypted traffic pass through the network unchecked.
But wait a minute, didn’t we solve SSL performance problems in the data centre years ago? Specialised appliances, load balancers, application delivery optimisation, and offloading CPU-intensive SSL encryption processes are all aimed to address these issues. However, in addition organisations need modern tools to secure and optimise their modern firewalls and cyber protections.
To help organisations decrypt and inspect SSL traffic without degrading network performance, third-party security devices can be used to inspect encrypted traffic and eliminate the blind spot imposed by SSL encryption.
These security devices have the capabilities to:
- Uncover cyberattacks hidden in SSL traffic
- Maximise uptime by load-balancing multiple third-party security appliances
- Scale performance and throughput to successfully counter advanced threats
- Deploy best-of-breed content inspection solutions to fend off attacks and malware
In today’s work environment, more and more network traffic is being encrypted. As information technology managers, we need to ensure the correct information is being protected, while the necessary infrastructure is in place to protect the organisation. Managed correctly, SSL traffic can provide the necessary protections while not exposing the vulnerabilities on the company’s security infrastructure.