People familiar with Hypertext Transfer Protocol Security (HTTPS) know it protects online activities and communications by applying Secure Sockets Layer (SSL) encryption to web traffic. This is a benefit to organizations that need to shield private data from exposure. And what organization doesn’t?
But SSL encryption is also a double-edged sword, because bad actors can use it to get around conventional cybersecurity. When traffic is encrypted, security can’t see inside it, leaving them not knowing whether data is leaving or entering the network — or mitigate threats, for that matter.
Hackers know this, of course, and will use encryption to sneak threats past your security in innocuous ways. An increasingly common tactic is to send phishing emails to unsuspecting employees with an invitation to click on a file that looks harmless, but when launched, creates an encrypted session that downloads malware.
With Sandvine predicting that two-thirds of Internet traffic will be encrypted by the beginning of 2017, the risks of hackers disguising attacks in SSL traffic need to be addressed.
To Encrypt or Not to Encrypt — What’s the Answer?
One of the biggest concerns to companies is that traditional firewalls cannot inspect encrypted Internet traffic and that savvy hackers will use this to their advantage. The rise in the variety of phishing types, as well as the number of successful attacks, speaks to the validity of these concerns.
Nevertheless, IT teams struggle with the question of what to encrypt and how to do it. The answer isn’t so simple when companies have to consider the concerns of employees and collaborators who may worry about confidentiality when too much is decrypted.
SSL Inspection Best Practices
Aside from privacy concerns, inspecting all SSL traffic isn’t a good idea— it would consume far too many resources and degrade network performance. To avoid using excessive resources during encryption and decryption, it’s best to follow a few basic steps:
- Know your traffic including how much to expect and what percent of it is encrypted. Consider limiting the number of policies that allow encrypted traffic.
- Be selective about what you choose to encrypt — using white lists or creating policies that apply SSL inspection only where needed are good places to start.
- Test SSL inspection performance in your actual network environment by deploying it gradually, instead of all at once.
Firewalls Make a Difference
Another factor to look at is the flexibility and functionality of your firewall. When Infogressive works with customers on encryption inspection, we recommend SSL inspection in a firewall platform that interoperates and shares threat intelligence with anti-malware and antivirus tools, sandbox environments, IPS (intrusion prevention systems) and other security tools. This enables the management of security — and SSL inspection — in a holistic fashion that eliminates blind spots in the network infrastructure. Contact us to learn more about our managed firewall service.
In SSL Encryption, Pros Top Cons
By unlocking encrypted sessions, inspecting encrypted packets for suspicious code and blocking threats found, SSL inspection can protect your network from attacks using HTTPS and other common SSL encrypted protocols including SMTPS, POP3S, IMAP and FTPS. Infogressive can help you optimize encryption inspection to keep your data safe and your employees, productive.