the importance of SSL / TLS decryption

This is sponsored content.

There was a time when identifying malicious activity on your corporate or home network was a relatively simple task: most of the data traffic was not encrypted, making it possible to block the entry and exit of information based on a series of rules that dictated “can” and “can not”.

To this methodology, the name of firewall was adapted – a software or appliance specialized in monitoring a network and blocking packages based on a pre-defined security policy. It didn’t take long for firewalls to become a must-have for any information security strategy, being seen as crucial to protecting any endpoint alongside an antivirus.

Time has passed and, although they have evolved a lot (being able to find malware based on signatures and heuristic analysis), firewalls are no longer as effective. Nowadays, 80% of all web traffic is encrypted, either through the old Secure Sockets Layer (SSL) protocol or through its successor Transport Layer Security (TLS), which was designed precisely to fix some structural vulnerabilities present in its predecessor.

Stop and observe all the websites and services you use daily – they boast the famous “green lock” next to your browser’s address bar, which means that they have a digital certificate allowing an encrypted connection between your machine and the server . The browsers themselves started to issue alerts to prevent you from accessing pages that do not have such a basic security feature; of the 100 most popular sites on the web, 89 already use HTTPS by default.

With the new trends in the adoption of technologies in the cloud (including software-as-a-service or SaaS), the need to ensure that all this communication is encrypted is growing even more. There are only two problems that go unnoticed: a traditional firewall is not able to analyze SSL / TLS traffic and cyber criminals are also using this type of protection to mask their attacks against corporate targets.

Working in the dark

In fact, to verify that the use of SSL / TLS by the miscreants has become something common, just note that several fake sites used in phishing campaigns to steal personal data also have digital certificates – obtaining it has become so accessible (getting to the point in certain cases, to be free) that even malicious actors are able to do so.

About 60% of all cyber threats are masked by the TLS protocol. This includes malicious scripts that reach endpoints and exfiltrate sensitive information inside an encrypted tunnel to a remote command and control center (C2), without the firewall even realizing that there is criminal activity taking place. In addition, a quarter of all malicious websites use SSL.

On the other hand, according to research by Gigamon, 48% of security teams have no visibility at all about what is encrypted on their network. This is caused both by the common sense that SSL / TLS traffic is secure in nature and by the lack of appropriate tools to allow this type of active monitoring. In any case, protecting your connection without full visibility of your own is like working as a blindfolded guard of a castle.

This is a risk that affects both the home user working remotely in a zero trust policy and the professional allocated within a network protected by a perimeter security infrastructure. That is – it is a problem that needs to be solved regardless of whether your company adopts the home office exclusively or prefers to maintain a hybrid culture.

The best way to address this issue is to adopting an SSL / TLS decryption solution. As its name suggests, its job consists of decrypting all traffic protected by such protocols, inspecting data packets for possible malicious tracks and encrypting them again so that they continue on their way. Ideally, this process should be applied bilaterally, that is, the analysis should be carried out for incoming and outgoing data.

Challenges of successful implementation

Obviously, there are some challenges to a successful implementation of SSL / TLS decryption, the main one being work around the impact that this intermediary process will inevitably have on the speed of data transfer. Sacrificing agility in accessing systems and web apps, in an era when professional activity is mostly remote, is forcing your employees to sink into a river of unproductiveness.

The market already has endpoint security solutions and firewalls that promise to deliver this feature in an integrated manner; however, according to tests carried out by the NSS Labs laboratory in 2018, there is an average degradation of 92% in the connection rate in products that perform this type of operation. Therefore, it is crucial to choose a dedicated platform that guarantees an adequate leveling between protection level and network performance.

Before choosing the ideal solution, of course, the first step is to identify your needs. How big is your total traffic flow and how much of it is encrypted? Based on this self-awareness, you will be able to define your priorities and understand your limits, taking into account the number of active connections on the network and how many paths the inspected traffic should be directed to.

Of course, too it is crucial to anticipate any growth in traffic volume, thus ensuring the choice of a solution that is flexible and scalable enough to accompany you in future resizing. It is worth remembering that the adoption of SSL / TLS encryption grew by 25% between the years 2016 and 2019; therefore, there is still room for bandwidth growth and, consequently, a massive increase in the amount of packets protected by such encryption protocols.

The ideal partner for your journey

If you need a reliable partner to provide you with complete intelligence and visibility over your network, Gigamon is your right choice. Among a broad portfolio of solutions for managing physical and virtual infrastructures, on-premises, in the cloud or hybrids, the company offers GigaSMART Decryption, an SSL / TLS decryption platform that already has full support for the latest version (1.3) of the protocol.

Being able to operate in networks of any size – be it 10 Mb or 100 Gb -, the solution supports the strongest cryptographic standards, certificate validation controls, compatibility with the centralized key management of the Venafi Trust Protection platform and all the certifications your company needs to ensure compliance with privacy and data protection regulations.

It is no wonder that, since its foundation in 2004, Gigamon has received 60 technological patents, consolidated itself as the holder of the largest marketshare in its area of ​​operation and joined the Fortune 500 selection. Currently, the company serves more than 3,000 customers around the world, including global banking institutions, prestigious technology brands and government agencies of the greatest economic powers.

You need visibility to avoid new cyber threats – this is a fact. Join the list of companies that mitigated threats and obtained corporate intelligence by count on Gigamon to help you on this new journey!