January 9, 2019 By Tom Obremski 2 min read

As security professionals, we all understand the importance of protecting data and the need for proper encryption. It’s no surprise, then, that more and more traffic crossing our networks is encrypted. This is a good thing from both a security and privacy perspective, but what if the encryption is being used to hide malicious activity on enterprise networks?

When Encryption Works Against Security

Our networks not only facilitate the connected world in which our businesses thrive, but also provide the conduit for threats to infiltrate our organizations. Threat activity can easily hide deep within network content to avoid detection by traditional methods, which is why we need solutions that can analyze this content with application-level context to distinguish legitimate activity from malicious behavior. But what happens when our network data is encrypted?

Here’s the irony: As more and more network traffic is encrypted, we’re gaining more and more options to decrypt that data. I know it sounds counterintuitive, but as more network traffic is encrypted, there is an increasing need for network vendors to build decryption capabilities into their devices.

Since many of these devices are already deployed inline, they can terminate an encrypted session on one side and start another encrypted session on the other. The data remains encrypted in transit on both sides of the network device, but it provides visibility into the traffic in its decrypted form. Whether it’s a next-generation firewall looking to block intruders or a managed switch directing or filtering select data, visibility is key.

Many of these devices allow decrypted traffic to be mirrored out of a port for full content analysis. As a result, most organizations have either deployed or plan to deploy network devices that are capable of decrypting traffic. Gaining the network visibility we need to secure our organizations is often a matter of enabling those decryption capabilities.

To Decrypt, or Not to Decrypt …

While network visibility is crucial for identifying malicious activity as it crosses a network, there are cases where we may prefer to keep that data encrypted at all times. But despite our best efforts, it’s often difficult to ensure that all of our sensitive data is encrypted properly. Just think of the myriad devices and applications that need to be configured properly to encrypt communications with the latest protocol versions.

By analyzing every network session in detail and knowing which are encrypted, how strong the certificates are, and what encryption protocol version is in use, we can ensure that our data is adequately protected. And while it’s tempting to focus on reports that the volume of encrypted web traffic is increasing, it’s easy to forget about the large amount of traffic on our networks that is associated with non-web applications spanning a wide range of network protocols. Many organizations find that when they take a deeper look into the data that is crossing their networks, a lot less is encrypted than originally thought.

Clearly, we are trending toward increased encryption of network data and we should all embrace it as a valuable tool to help protect our crown jewels. But it’s not the roadblock many think it is when it comes to deep network analysis. There is a growing variety of methods and devices that deliver full network content visibility in a controlled and secure manner. Every organization should consider this approach as part of its network and security evolution and strategy.

More from Data Protection

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today