SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Encryption
#
CIOs
#
Ixia
Encryption: the blindspot in enterprise security
Thu, 31st Mar 2016
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Encryption has created a blind spot in organisations' security framework, according to Ixia.

The company says that while digital encryption technology was initially created to protect data from being read by unauthorised users, unfortunately encryption can also provide cover for hackers who create malware and use encrypted channels to propagate and update that malware.

Stephen Urquhart, general manager ANZ, Ixia, says there are ways to regain this visibility however.

“Secure Sockets Layer, or SSL, is a widely-used cryptographic protocol for encrypting data for web browsing, email, instant messaging, and voice-over IP systems, among other platforms. It is also sometimes used to camouflage malware that has been inserted into a network,” Urquhart explains.

“Once this camouflaged malware is in a network, it can travel from server to server effectively unobserved, giving it the freedom to steal data, release viruses, and install malicious code, or worse, without anyone knowing about it,” he says.

“This presents a major source of concern to businesses, especially considering that by 2017, 50% of malware threats are expected to come from using SSL traffic, according to Gartner.”

Urquhart says one of the ways to identify encrypted malware threats in the network is for IT teams to do spot checks on their network data to see if there are hidden threats that can be identified and removed.

“Gaining network visibility is key to spotting encrypted threats in the network,” he says.

“So-called network packet brokers (NPBs) that support application intelligence with SSL decryption capabilities are a good solution for this. One of the easiest ways to gain the visibility needed to spot encrypted threats in the network is to deploy an application and threat intelligence processor.

Urquhart says application intelligence processors can be used to decrypt network packets and identify applications running on a network, as well as the presence of disguised malware.

“An application intelligence processor generally has bi-directional, decryption capability, giving visibility to both encrypted internal and external communications,” he explains.

“This solves one of the biggest challenges for network administrators: complete network visibility, which is precisely what is needed to easily spot encrypted threats.

“The increased adoption of cloud services will result in a continued use of SSL and other encryption protocols, meaning that organisations will need even more visibility into their networks to identify threats and stop them before they become big problems,” Urquhart says.

Related stories
Kaspersky illuminates LockBit ransomware group's advanced tactics
Cado Security unmasks Cerber ransomware threat to Confluence servers
Malwarebytes launches free Digital Footprint Portal to protect personal data
VIAVI introduces Post-Quantum Cryptography testing for secure future
How to defend your business against AI-powered ransomware
Top stories
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
AI & ML form critical defence against digital deception
Firms outsource new email security measures implementation
Telegram users targeted in cryptocurrency scam, Kaspersky reports