Encrypted Attacks Create New Security Worry For Partners, Enterprises

As more companies embrace encryption technologies to protect their critical data, they need to stay aware of threats that can be hiding in encrypted traffic, Ixia's Director of Channels Engineering Alexander Karstens said at XChange Solution Provider 2017 in National Harbor, Md.

Karstens said by the end of the year, around 75 percent of traffic will be SSL encrypted, with some regulated industries seeing even higher rates. However, with that comes risk, he said, as 50 percent of attacks by the end of 2017 will be hidden inside of encrypted traffic.

The challenge, Karstens said, is that 80 percent of organizations use firewalls, IPS or UTM appliances that do not decrypt SSL traffic, leaving them open to threats hidden inside encrypted traffic. Some of those threats can include malicious attachments sent over SMTPS, drive-by downloads from an HTTPS site, a malicious file in instant messaging, command and control server communication, stolen data sent via email or to cloud storage sites, and malware receiving command and control updates from social media sites.

[Related: 8 Security Trends Affecting The Midmarket]

"It is a major concern," Karstens said.

Bob Savage, president of Brandon, Fla.-based Save Consulting, said his business primarily serves small medical and dental offices, with fewer than 50 users. He said he sees a lot of demand for encryption technologies in those markets, due to regulatory requirements.

"We have to use encryption. Encryption is a big part of the medical field," Savage said.

Savage said he didn't realize the growing threat posed by encryption, particularly when it comes to transmitting ransomware under encrypted traffic. He said he would be checking to see the SSL decryption options offered by his current UTM offering to protect his clients better. Savage said security is a growing part of his business, one that is becoming more and more critical to be an expert in for his clients.

"We are going to. We need to. We have to. We have been trying to focus on that because it's a big problem," Savage said.

However, Karstens said decrypting SSL traffic to scan for threats poses significant challenges for many organizations. In particular, he said it could cause significant performance issues, and there is a large cost differential.

Karstens said companies could address these issues by decreasing the volume of traffic reaching the network, opening more encrypted traffic to inspection and by smartly managing traffic to improve inspection effectiveness.

He said companies could also invest in SSL decryption devices, whose sole purpose is to offload SSL decryption from the firewall, saving appliance resources and preventing packet loss from congestion. He said companies in intelligent traffic management and visibility could also help make the most of these added solutions, as it helps optimize the traffic flow and improve the SSL inspection process.