By Glen Ogden, Regional Sales Director, Middle East at A10 Networks
The security industry has shifted its focus to the client side. Malware and other malicious programs are increasingly being installed unknowingly on client computers where they can replicate to other clients, and relay information to malicious entities.
Security vendors provide tools to detect and mitigate these problems by inspecting the traffic between client and the untrusted side of the network (the Internet). At the same time, most online web services or cloud applications now use TLS/SSL to secure the session with the client. While this is a good strategy for many reasons, it introduces a problem for active traffic inspection tools—the information is encrypted and thus, unreadable.
SSL encryption is a double-edged sword for organizations. It bolsters security by providing confidentiality and message integrity. It enables users to verify the identity of application owners and it allows applications to authenticate users with client certificates. As threats like snooping, phishing, and data theft continue to grow, encryption has become an essential way to protect users and data.
But encryption also puts organizations at risk. Hackers leverage encryption to conceal their exploits from security devices that can’t keep up with increasing SSL decryption demands or that cannot decrypt SSL traffic at all because of their location in the network. Security devices such as firewalls, intrusion protection systems and anti-virus protection devices are built to perform in-depth traffic analysis of unencrypted flows, and make policy decisions. These devices usually are not designed to inspect SSL traffic because the content is encrypted. How serious is the threat?
According to a recent Gartner survey, “less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.” This means that hackers can evade over 80% of companies’ network defenses simply by tunneling attacks in encrypted traffic.
SSL Usage on the Rise
To reduce the risk of snooping and theft, an increasing number of applications encrypt data using SSL or SSL’s successor, Transport Layer Security (TLS). SSL usage has become ubiquitous and many leading websites now encrypt every web request and response. In fact, 48% more of the million most popular websites use SSL in 2014 than a year earlier.
However, the transition from 1024- to 2048-bit SSL key lengths, combined with growing SSL bandwidth demands, has burdened security devices that decrypt SSL traffic. The impact of decryption on security devices is startling. Analysis by NSS Labs reveals that 2048-bit SSL ciphers “caused a mean average of 81% in performance loss” for seven leading next-generation firewalls.
To combat the above issue, organizations need to implement high-speed SSL decryption technology to help decrypt and inspect SSL traffic without degrading network performance. The technology should enable third-party security devices to inspect encrypted traffic so as to completely eliminate the blind spot imposed by SSL encryption.
