We all know about SSL, that vital bit of cryptographical kit that protects our online communications. It protects communications between the web browsers we use and the servers where websites such as this one are hosted. You’ll recognise a secure website by the padlock symbol, or the use of HTTPS in the address.
And generally speaking, SSL is a good thing. Any transaction that involves financial information, such as banking or online shopping, uses SSL to keep your information private. But recently there has been a drive to secure all internet traffic with SSL, not just traffic that contains username/password combinations or financial data. Headline-grabbing news stories such as the Edward Snowden global mass surveillance revelations mean more users are demanding encryption online, and providers are happy to oblige.
That’s why its use is increasing; most of the world’s most popular websites such as Google, Amazon and Facebook now have HTTPS - which provides SSL encryption - switched on by default on all traffic. It is estimated that by the end of 2015 over half the world’s internet traffic will be encrypted. (Primarily that’s due to Netflix, which accounts for a huge percentage of internet traffic and is switching to HTTPS.)
But while there’s no doubt encrypting internet traffic will protect more of our sensitive data, it does actually bring increased risks for enterprises. That’s because many enterprise security devices are blind to what’s in the encrypted traffic, meaning malware can sneak by undetected.
Firewalls, web gateways, intrusion prevention systems and more can struggle to detect malware that arrives via encrypted traffic. It could prove to be a nightmare for enterprises if cyber criminals can hide malware within a supposedly secure transaction. And this works both ways; not only can malware arrive without being detected, it can also send sensitive information back to its controller in an encrypted transaction that most security tools wouldn’t pick up.
One example of this is the Dyre banking malware. According to reports, this malware was capable of stealing information before encryption kicks in, and sending it back to the command and control server under the guise of legitimate encrypted traffic. Crucially, the session appears secure as the padlock symbol is displayed, but behind the scenes sensitive data is being hoovered up.
In fact, any dodgy website can serve up drive-by malware and if the session is encrypted security tools cannot determine what the actual content of that traffic is, or where it’s going. Devices such as the proxy server or the URL filtering gateway are completely blind to it.
It’s a very real problem that enterprises are facing. Figures from Gartner indicate that less than 20% of organisations using firewalls, IPS or UTM decrypt SSL traffic, meaning malware hidden within SSL traffic would bypass those security platforms. Gartner also claims that by 2017, over 50% of network attacks that target enterprises will use SSL to bypass security.
How do enterprises ensure they are not caught out by malware hiding within encrypted traffic? The simple answer would be to decrypt that traffic, but the question is how to do that without invading privacy or leaving sensitive data open to attacks.
So it becomes a question of knowing which traffic should be decrypted. If a business is serving content out to users externally, it needs to use some sort of device to offload SSL traffic from the server and then insert protection into the traffic flow. This will break the SSL, but in an intelligent way; you don’t want to decrypt a banking session but you do for a Facebook session.
Security needs to have the intelligence to understand where the traffic is going and then make a decision on whether it should be decrypted or left as it is. It’s breaking SSL, but in a safe and intelligent way.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...