Cisco : Hackers are using encryption to bypass your security controls

Cisco Blog >Security

As of today more than half of the web traffic is encrypted. That's a big win for businesses and all of us, since it guards against eavesdropping and tampering with content as it moves from device to server and back again.

Of course this rise in encryption comes with one big, obvious downside. Hackers too now use encryption for their attacks, making them harder to spot amidst a stream of encrypted traffic.

Attacks that weaponize two common encryption protocols, Secure Sockets Layer (SSL) and Transport Layer Security (TLS), are on the rise. Some 39 percent of organizations experienced an SSL or TLS attack in 2016, but only a quarter said they were confident they could detect and mitigate them. Beyond this, recent research found that there were twice as many encrypted malware payloads in the first six months of 2017 than the whole of 2016.

In fact, Gartner predicts that in 2017 more than half of network attacks targeting enterprises will use encrypted traffic to bypass controls.

Gartner finds that defense-in-depth effectiveness gaps are being ignored. For example, most organizations lack formal policies to control and manage encrypted traffic. Less than 50 percent of enterprises with dedicated Secure Web Gateways (SWG) decrypt outbound Web traffic. Less than 20 percent of organizations with a firewall, an intrusion prevention system (IPS), or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.

The rapid adoption of cloud apps and services dramatically expands and complicates the IT environment, accelerates SSL/TLS encrypted traffic use, and expands the risk surface for attacker exploitation. Modern applications such as social media, file storage, search engines, and cloud-based software increasingly use SSL/TLS as their communications foundation. Monitoring and scouring these applications and services for malicious content and activity is highly recommended. At minimum, the expanding use of these applications creates more questions about when to strategically encrypt and decrypt

We have attackers preying on the security gaps created by traditional data encryption method, which involves decrypting the data, and this paves way to the attackers to steal your valuable information from the system.

Encrypted Traffic Analytics (ETA) focuses on identifying malware communications in encrypted traffic through passive monitoring, the extraction of relevant metadata elements, and supervised machine learning with cloud based global visibility

Encrypted Traffic Analytics extracts four main data elements: the sequence of packet lengths and times, the byte distribution, TLS-specific features and the initial data packet. Cisco's unique Application-Specific Integrated Circuit (ASIC) architecture provides the ability to extract these data elements without slowing down the data network.

Encrypted Traffic Analytics also identifies encryption quality for every network conversation, providing the visibility to ensure enterprise compliance with cryptographic protocols. It delivers the knowledge of what traffic is being encrypted and not being encrypted on your network, so you can confidently claim that your digital business is protected.

To learn more, visit cisco.com/go/ETA