We are living in, as the Chinese proverb-curse says, interesting times. A growing awareness of confidentiality and integrity has led to a groundswell of efforts to, in effect, encrypt “all the things.”
Whether it’s web sites and applications (SSL Everywhere) or internal communications (SSH), encryption is often considered the foundation of every organization’s security strategy.
And yet encryption is not a panacea and can, in fact, create as many problems as it solves. End-to-end encryption makes communications (and the data it might carry) safe from inspection and prying eyes and that is, in general, a good thing. Except when it blinds security practitioners from being able to use the myriad tools in its infrastructure toolbox to ensure other aspects of security.
Because we all know that encrypted malicious data is still malicious, and encrypted unauthorized command execution is still, well, unauthorized.
What we’re losing from the picture is visibility; the ability to “see” who is doing what, from where and why.
Visibility lost that can make useless investments in security infrastructure. Visibility lost that can prevent IT from detecting and preventing data leakage. Visibility lost that can prevent policy enforcement that protects devices, things, and systems from unauthorized access. Research from Gartner stated that “80% of the organizations that use these security devices [NGFW, IPS, UTM] might be allowing cybercriminals to bypass the organization’s existing security controls by leveraging SSL tunnels to sneak malware into the corporate network…” (Are Cybercriminals Hiding in Your SSL Traffic?)
Running a business blind to those threats that can cause damage is not exactly the outcome hoped for by encrypting all the things.
Like the Force, there must be balance. Communications must be encrypted to ensure confidentiality and privacy, but security policies and practices must also be enabled with the visibility necessary to enforce and execute.
That’s why "smart” intermediaries are a must in any architecture supportive of a comprehensive security strategy. Intermediaries that are capable of maintaining the security and privacy offered by encryption without eliminating the visibility necessary to detect and prevent malicious or unauthorized communication. Whether those intermediaries are acting as terminating points for encrypted communications or simply offering a view into what’s beneath the cryptographically encoded stream, these architectural gateways are imperative to ensure visibility is available in this era of encrypt everything.
About the Author
Related Blog Posts
F5 ADSP Partner Program streamlines adoption of F5 platform
The new F5 ADSP Partner Program creates a dynamic ecosystem that drives growth and success for our partners and customers.
Accelerate Kubernetes and AI workloads with F5 BIG-IP and AWS EKS
The F5 BIG-IP Next for Kubernetes software will soon be available in AWS Marketplace to accelerate managed Kubernetes performance on AWS EKS.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.