Story image

Encryption: the blindspot in enterprise security

31 Mar 2016

Encryption has created a blind spot in organisations’ security framework, according to Ixia.

The company says that while digital encryption technology was initially created to protect data from being read by unauthorised users, unfortunately encryption can also provide cover for hackers who create malware and use encrypted channels to propagate and update that malware.

Stephen Urquhart, general manager ANZ, Ixia, says there are ways to regain this visibility however.

“Secure Sockets Layer, or SSL, is a widely-used cryptographic protocol for encrypting data for web browsing, email, instant messaging, and voice-over IP systems, among other platforms. It is also sometimes used to camouflage malware that has been inserted into a network,” Urquhart explains.

“Once this camouflaged malware is in a network, it can travel from server to server effectively unobserved, giving it the freedom to steal data, release viruses, and install malicious code, or worse, without anyone knowing about it,” he says.

“This presents a major source of concern to businesses, especially considering that by 2017, 50% of malware threats are expected to come from using SSL traffic, according to Gartner.”  

Urquhart says one of the ways to identify encrypted malware threats in the network is for IT teams to do spot checks on their network data to see if there are hidden threats that can be identified and removed.

“Gaining network visibility is key to spotting encrypted threats in the network,” he says.

“So-called network packet brokers (NPBs) that support application intelligence with SSL decryption capabilities are a good solution for this. One of the easiest ways to gain the visibility needed to spot encrypted threats in the network is to deploy an application and threat intelligence processor.”

Urquhart says application intelligence processors can be used to decrypt network packets and identify applications running on a network, as well as the presence of disguised malware.

“An application intelligence processor generally has bi-directional, decryption capability, giving visibility to both encrypted internal and external communications,” he explains.

“This solves one of the biggest challenges for network administrators: complete network visibility, which is precisely what is needed to easily spot encrypted threats.

“The increased adoption of cloud services will result in a continued use of SSL and other encryption protocols, meaning that organisations will need even more visibility into their networks to identify threats and stop them before they become big problems,” Urquhart says.

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.