Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Decrypt SSL traffic to detect hidden threats

Kacy Zurkus | Feb. 3, 2016
The percentage of encrypted Internet traffic continues to grow creating a space where not only private information but also criminals can travel about undetected.

There are virtually no performance hits to encrypting traffic, said Ollmann, but there are many business benefits. 

“I think if I’m the CSO or the head of IT for an organization, I would be working on the assumption that at some point all of my traffic will be encrypted,” Ollmann said. 

Right now enterprises have three options for dealing with their hidden threats in SSL.  Block encrypted traffic all together, SSL termination using man-in-the-middle to inspect traffic, or the third, Ollman continued, is for the enterprise to install a number of software agents on the computer itself. 

Ollmann said, "Those technologies operating on the computer itself are seeing traffic before its being encrypted so that the encryption no longer matters.” The problem with this option is that in a malware attack, the first thing it does is turn those things off.

Placing emphasis on protecting end points in order to mitigate encryption threats is a problem, said Ollmann said, “Because all of those agents assume processing power and slow down machines. With BYOD there are so many devices and operating systems that the breadth of devices that need to be protected is growing at a faster rate than vendors have the ability to provide software that are capable of protecting.”

It’s a constant battle with a real live enemy on the other side. In order to build the best defense, Ollmann said, “They should look in their environment and assume they will no longer have visibility into the data layer of their network traffic.”

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.