By Tim Bedard, director of threat intelligence and analytics for Venafi
Encryption plays a critical role in the safety and security of our digital economy. Whether it’s protecting data from malicious actors or government intrusion, encryption provides organizations with strength, integrity, and privacy.
Encryption usage is on the upswing, especially with unpredictable geopolitical situations driving data protection concerns. For example, almost three-fourths (72%) of security professionals say they are more concerned about data privacy. As a result, two-thirds of security professionals (66%) say their organizations are considering increasing their use of encryption.
But as we adopt these solutions, cybercriminals are finding ways to hide attacks inside the very encrypted traffic that is designed to protect your privacy. These tactics will only become worse as the drive for encryption continues to explode. After all, a recent study from A10 Networks found that 41% of cyber attacks used encryption to evade detection.
But, are organizations successfully responding to these growing cyber risks? During RSA Conference 2017, one of the largest information security events in the world, Venafi conducted a survey to see if security professionals are properly defending themselves against threats hiding in encrypted communications.
More than 1540 attendees participated in the survey, and unfortunately, the responses revealed major gaps in their protection.
Interesting highlights from the survey included the following:
- Nearly a quarter of the respondents (23%) had no idea how much of their encrypted traffic was decrypted and inspected.
- 41% of respondents thought they could detect and respond to a cyber attack hidden in encrypted traffic within one week. Additionally, 20% believed they could detect and respond to a cyber attack within 24 hours.
- A surprising number of respondents (41%) said they encrypted at least 70% of their internal network traffic. Additionally, 57% said they encrypted 70% or more of their external web traffic.
Ultimately, it’s pretty alarming that nearly one out of four security professionals is unaware if their organization is actively looking for threats hiding in encrypted traffic.
Encryption offers a useful cover for cybercriminals. But, it’s startling clear that most IT and security professionals don’t realize how these blind spots can impact the security technologies they depend on. Organizations need proper visibility into their encryption program. Without this understanding, many of their security solutions are useless against the increasing number of attacks hiding in encrypted traffic.
In addition, it’s clear that many security professionals are overconfident in their ability to quickly remediate a cyber-attack hidden in their encrypted traffic, despite only inspecting and decrypting a small percentage of their internal traffic. According to the 2017 Mandiant M-Trends report, the average time it takes to detect a cyber attack is 99 days.
Unfortunately, the problem is that attackers lurking in encrypted traffic make quick responses even more difficult. This is especially true for organizations without mature inbound, cross-network, and outbound inspection programs. This bullishness makes it very clear that most security professionals don’t have the right strategies necessary to protect against malicious encrypted traffic.
Security professionals must understand that encryption, like all security solutions, is not a silver bullet. Additional tools and protocols are needed to effectively utilize encryption and protect their organization’s traffic, including solutions that offer consistent identification, remediation, and protection. Security professionals must inspect and decrypt their traffic on a regular basis in order to catch malicious actors before they take advantage of encrypted systems.
Sadly, most security programs were developed before encrypted TLS/SSL contributed to the majority of organizations network traffic. However, integrating security with machine identity protection is a huge leap forward in the effective inspection of encrypted traffic. Combined with automation, organizations can streamline the entire process of encryption monitoring.
Encryption is a fundamental security tool, but it can carry unique risks. With proper machine identity protection, you can utilize encryption without exposing your organization sensitive corporate data and IP from malicious actors.
About the Author
Tim Bedard is responsible for digital trust analytics at Venafi. With more than twenty years of IT security and strategy experience, Tim successfully launched SailPoint Technologies cloud-based identity and access management offering with responsibilities for strategic planning to execution of all services. Previously, he has held leadership positions in product strategy, management, and marketing at RSA Security and CA Technologies. Tim is an active security evangelist at industry leading tradeshows and events.