Solving security problems with Encrypted Traffic Management (ETM)
The growing risk of un-inspected encrypted traffic in enterprise networks has been discussed for some time now. Security leaders are beginning to realise the far reaching implications of network encryption: that it truly affects the effectiveness of the entire security infrastructure.
Blue Coat provide some examples of challenges plaguing security and network operation teams and how, with the use of an encrypted traffic management solution (ETM), these can be helped:
1. Limited encrypted traffic visibility that enables data loss and exfiltration
Most Data Loss Protection (DLP) devices are blind to SSL traffic, whereas ETM solutions intelligently feed devices like DLP technologies with decrypted SSL traffic allowing them to do their job more effectively and expose critical data movement and potential exfiltration. This reduces overall risk while helping to maintain data privacy and industry compliance.
2. Incomplete sandboxing that can’t analyse all malicious threats
Encrypted traffic can be managed by feeding both decrypted and unencrypted traffic to anti-malware or sandboxing solutions for more complete threat analysis, and increase the number of malware detections isolated.
3. Inadequate intrusion protection that won’t stop attacks
Intrusion prevention system (IPS) solutions cannot see or stop threats hidden within encrypted traffic, which creates dangerous blind spots. ETM solutions can automatically identify all SSL traffic and, based on the policies in place, feeds decrypted flows to IPS solutions so they can better detect and eliminate advanced threats without hindering the device performance. This is especially important due to the rapid rise in nefarious Command and Control (C&C) traffic that utilise SSL and originate from inside an organisation’s network.
4. Weak network forensics that can’t monitor and capture sophisticated attacks
Encryption makes it difficult for security analytics or network forensic tools to monitor and detect network breaches and targeted attacks. With ETM solutions businesses can more effectively analyse all network traffic for suspicious network and attacker behaviour.
5. Decentralised SSL decryption that adds complexity and cost
With a comprehensive policy engine, having some form of SSL visibility appliance provides decrypted content of SSL flows to existing security appliances such as content analysis and network forensics, so businesses can easily get the full visibility and control needed to fight SSL-borne threats. This approach doesn’t require any special software or APIs on the security devices in the infrastructure.
6. SSL traffic decryption and inspection really slows a business down
There are some solutions available that ensure the automatic visibility of all SSL traffic without affecting the performance of the network or requiring complex scripting and rule sets. This can increase network security device performance, by taking away the process-intensive burden of SSL inspection. This also preserves and extends the return-on-investment (ROI) of existing security devices in your network, making them more effective in seeing all traffic, applications and potential threats.
7. Adhering to growing data privacy and compliance demands
As data privacy continues to grow as a critical business concern, IT Security teams struggle with how to balance it with maintaining strong network security. Some ETM solutions selectively decrypt the suspicious and malicious SSL/TLS traffic, while allowing known good traffic to pass through in its encrypted state and therefore ensuring data privacy and compliance.
This piece was originally featured in the SecurityNewsDesk Newspaper Issue 18.