SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Unveiling hidden menaces: Hey, threat actors… we see you!

Tue, 12th Dec 2023
FYI, this story is more than a year old

A huge cybersecurity threat exists because threat actors are hiding in one of the very mechanisms created to protect us — encryption. That's why my company has launched a breakthrough cybersecurity technology for the world, specifically designed to eliminate this blind spot.

Today, over 90% of all communications are encrypted, including organisations' internal communications, and threat actors are increasingly hiding their activity under the cover of encryption.

As attackers have grown more sophisticated, they are even employing encryption for their own lateral movement, data siphoning and data exfiltration. Moreover, they are doing this on virtual and cloud workloads, where the security measures are still maturing.

More advanced security organisations have been attempting to address this using decryption. The U.S. National Security Agency (NSA), among others, promotes TLS decryption as necessary for a strong security posture.

Unfortunately, decryption can prove costly, modern TLS 1.3 has made it wicked hard, and it's an outright nightmare in cloud and containers, where systems and microservices are designed to take advantage of efficient lateral communication.

According to a report by EMA, a staggering 90% of organisations expressed concern over the lack of visibility that comes with TLS 1.3.

This problem set is now directly addressed with our new technology, Gigamon Precryption, which allows security teams to shine a bright spotlight on the encrypted lateral (also known as East-West) traffic across virtual, cloud, and container workloads.

Leveraging Linux eBPF and standard encryption libraries, Precryption technology offers plaintext visibility into all encrypted communications before the payload is encrypted, hence the name Precryption.

With Precryption, no decryption is required — the first of several reasons why this is a breakthrough technology.

Rather than try to break something that wasn't meant to be broken, we access traffic at the most basic level and then deliver it efficiently and securely to the full security stack for further inspection. We're leveraging a process that's already happening, making this an elegant solution and not some unnatural act.

Not only is it elegant, it's independent. Precryption technology is part of the GigaVUE Universal Cloud Tap, which runs independently of other applications or containers.

In this way, we're simultaneously providing an independent, immutable source of truth while avoiding any operational entanglements around testing and upgrades commonly associated with embedded agents.

Today, a proper solution for plaintext visibility is more important than ever. As organisations modernise their security posture to become perimeter-less or adopt Zero Trust architecture, inspection becomes mandatory for lateral traffic.

This point always gets head nods from those who understand how cybersecurity breaches are perpetrated and even bigger head nods when considering they need to apply it to modern virtual or cloud workloads. Precryption technology meets them exactly where they are.

The goal is to broaden the scope of an organisation's security posture, extending it all the way to lateral movement. And to do so efficiently and at scale.

Since no decryption is taking place, this means we don't have to manage keys, we don't sniff keys, we don't expose keys, we don't need key libraries, and we certainly don't care about cypher strength.
Also, we don't having to break and inspect the encrypted channel: nothing gets broken, no proxies, no re-encryption, and no retransmissions. But the critical plaintext inspection still happens.

Lastly, Precryption technology is an extension of our Deep Observability Pipeline. The plaintext access is just the first step: along with that comes a whole host of filtering, optimisation, transformation and replication capabilities.

Packets get delivered to NDR tools, metadata gets enriched for SIEM tools, and the whole security stack works better because it now knows what's inside the encrypted traffic versus guessing with other approaches.

Too often, organisations get serious about modernising their security posture only after they've had a breach. With Gigamon, you can move from reactive breach management to proactive threat detection and can now see where threat actors hide — especially in the cloud.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X