January 9, 2019 By Tom Obremski 2 min read

As security professionals, we all understand the importance of protecting data and the need for proper encryption. It’s no surprise, then, that more and more traffic crossing our networks is encrypted. This is a good thing from both a security and privacy perspective, but what if the encryption is being used to hide malicious activity on enterprise networks?

When Encryption Works Against Security

Our networks not only facilitate the connected world in which our businesses thrive, but also provide the conduit for threats to infiltrate our organizations. Threat activity can easily hide deep within network content to avoid detection by traditional methods, which is why we need solutions that can analyze this content with application-level context to distinguish legitimate activity from malicious behavior. But what happens when our network data is encrypted?

Here’s the irony: As more and more network traffic is encrypted, we’re gaining more and more options to decrypt that data. I know it sounds counterintuitive, but as more network traffic is encrypted, there is an increasing need for network vendors to build decryption capabilities into their devices.

Since many of these devices are already deployed inline, they can terminate an encrypted session on one side and start another encrypted session on the other. The data remains encrypted in transit on both sides of the network device, but it provides visibility into the traffic in its decrypted form. Whether it’s a next-generation firewall looking to block intruders or a managed switch directing or filtering select data, visibility is key.

Many of these devices allow decrypted traffic to be mirrored out of a port for full content analysis. As a result, most organizations have either deployed or plan to deploy network devices that are capable of decrypting traffic. Gaining the network visibility we need to secure our organizations is often a matter of enabling those decryption capabilities.

To Decrypt, or Not to Decrypt …

While network visibility is crucial for identifying malicious activity as it crosses a network, there are cases where we may prefer to keep that data encrypted at all times. But despite our best efforts, it’s often difficult to ensure that all of our sensitive data is encrypted properly. Just think of the myriad devices and applications that need to be configured properly to encrypt communications with the latest protocol versions.

By analyzing every network session in detail and knowing which are encrypted, how strong the certificates are, and what encryption protocol version is in use, we can ensure that our data is adequately protected. And while it’s tempting to focus on reports that the volume of encrypted web traffic is increasing, it’s easy to forget about the large amount of traffic on our networks that is associated with non-web applications spanning a wide range of network protocols. Many organizations find that when they take a deeper look into the data that is crossing their networks, a lot less is encrypted than originally thought.

Clearly, we are trending toward increased encryption of network data and we should all embrace it as a valuable tool to help protect our crown jewels. But it’s not the roadblock many think it is when it comes to deep network analysis. There is a growing variety of methods and devices that deliver full network content visibility in a controlled and secure manner. Every organization should consider this approach as part of its network and security evolution and strategy.

More from Data Protection

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Data residency: What is it and why it is important?

3 min read - Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.The GDPR defines the requirement that users’ personal data and privacy be adequately protected by organizations that gather, process and store that data. After the GDPR rolled out, other countries such as Australia, Brazil, Canada, Japan, South Africa and the UAE…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today