As security professionals, we all understand the importance of protecting data and the need for proper encryption. It’s no surprise, then, that more and more traffic crossing our networks is encrypted. This is a good thing from both a security and privacy perspective, but what if the encryption is being used to hide malicious activity on enterprise networks?

When Encryption Works Against Security

Our networks not only facilitate the connected world in which our businesses thrive, but also provide the conduit for threats to infiltrate our organizations. Threat activity can easily hide deep within network content to avoid detection by traditional methods, which is why we need solutions that can analyze this content with application-level context to distinguish legitimate activity from malicious behavior. But what happens when our network data is encrypted?

Here’s the irony: As more and more network traffic is encrypted, we’re gaining more and more options to decrypt that data. I know it sounds counterintuitive, but as more network traffic is encrypted, there is an increasing need for network vendors to build decryption capabilities into their devices.

Since many of these devices are already deployed inline, they can terminate an encrypted session on one side and start another encrypted session on the other. The data remains encrypted in transit on both sides of the network device, but it provides visibility into the traffic in its decrypted form. Whether it’s a next-generation firewall looking to block intruders or a managed switch directing or filtering select data, visibility is key.

Many of these devices allow decrypted traffic to be mirrored out of a port for full content analysis. As a result, most organizations have either deployed or plan to deploy network devices that are capable of decrypting traffic. Gaining the network visibility we need to secure our organizations is often a matter of enabling those decryption capabilities.

To Decrypt, or Not to Decrypt …

While network visibility is crucial for identifying malicious activity as it crosses a network, there are cases where we may prefer to keep that data encrypted at all times. But despite our best efforts, it’s often difficult to ensure that all of our sensitive data is encrypted properly. Just think of the myriad devices and applications that need to be configured properly to encrypt communications with the latest protocol versions.

By analyzing every network session in detail and knowing which are encrypted, how strong the certificates are, and what encryption protocol version is in use, we can ensure that our data is adequately protected. And while it’s tempting to focus on reports that the volume of encrypted web traffic is increasing, it’s easy to forget about the large amount of traffic on our networks that is associated with non-web applications spanning a wide range of network protocols. Many organizations find that when they take a deeper look into the data that is crossing their networks, a lot less is encrypted than originally thought.

Clearly, we are trending toward increased encryption of network data and we should all embrace it as a valuable tool to help protect our crown jewels. But it’s not the roadblock many think it is when it comes to deep network analysis. There is a growing variety of methods and devices that deliver full network content visibility in a controlled and secure manner. Every organization should consider this approach as part of its network and security evolution and strategy.

More from Data Protection

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates. Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?…

3 min read

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read