SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Encryption: the blindspot in enterprise security
Thu, 31st Mar 2016
FYI, this story is more than a year old

Encryption has created a blind spot in organisations' security framework, according to Ixia.

The company says that while digital encryption technology was initially created to protect data from being read by unauthorised users, unfortunately encryption can also provide cover for hackers who create malware and use encrypted channels to propagate and update that malware.

Stephen Urquhart, general manager ANZ, Ixia, says there are ways to regain this visibility however.

“Secure Sockets Layer, or SSL, is a widely-used cryptographic protocol for encrypting data for web browsing, email, instant messaging, and voice-over IP systems, among other platforms. It is also sometimes used to camouflage malware that has been inserted into a network,” Urquhart explains.

“Once this camouflaged malware is in a network, it can travel from server to server effectively unobserved, giving it the freedom to steal data, release viruses, and install malicious code, or worse, without anyone knowing about it,” he says.

“This presents a major source of concern to businesses, especially considering that by 2017, 50% of malware threats are expected to come from using SSL traffic, according to Gartner.”

Urquhart says one of the ways to identify encrypted malware threats in the network is for IT teams to do spot checks on their network data to see if there are hidden threats that can be identified and removed.

“Gaining network visibility is key to spotting encrypted threats in the network,” he says.

“So-called network packet brokers (NPBs) that support application intelligence with SSL decryption capabilities are a good solution for this. One of the easiest ways to gain the visibility needed to spot encrypted threats in the network is to deploy an application and threat intelligence processor.

Urquhart says application intelligence processors can be used to decrypt network packets and identify applications running on a network, as well as the presence of disguised malware.

“An application intelligence processor generally has bi-directional, decryption capability, giving visibility to both encrypted internal and external communications,” he explains.

“This solves one of the biggest challenges for network administrators: complete network visibility, which is precisely what is needed to easily spot encrypted threats.

“The increased adoption of cloud services will result in a continued use of SSL and other encryption protocols, meaning that organisations will need even more visibility into their networks to identify threats and stop them before they become big problems,” Urquhart says.