[BreachExchange] SSL: The unchecked security blind spot

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 15 14:19:21 EDT 2016


http://memeburn.com/2016/04/ssl-unchecked-security-blind-spot/

When changing lanes on the highway, you would first indicate to make other
drivers aware of your intentions and then check your blind spot to make
sure it was safe to switch lanes. Those safety measures, which only take a
few seconds, could be the difference between arriving at your destination
safely and causing a massive pile-up with potentially fatal consequences.

Yet we see this recklessness all the time – on the information
superhighway, that is.

We’re facing a bit of a conundrum in the security industry. In order to
effectively protect company networks, we need full visibility of the
network – i.e. the cars in the lanes around us. However, increasing data
encryption, in the form of the Secure Sockets Layer (SSL) security standard
(or our blind spot), is making this difficult.

Ever since the Edward Snowden leaks, there has been a steady rise in SSL
encryption – a security protocol designed to protect information as it
travels across the Internet from one destination to the next.

This is good news for consumers who make online purchases, for example, as
they are assured that their credit card information is encrypted and can
only be accessed by the intended recipient.
But many businesses don’t understand SSL or why they need it. Until now,
businesses have been more concerned about attacks coming into their
networks – the cars swerving in front of them – than attacks going out, and
have structured their security architecture accordingly.

By the end of 2015, more than half of the world’s Internet traffic was
expected to be encrypted. We expect 2016 to be the year of ‘SSL everywhere’
as encryption becomes standard. If businesses do not prepare their
infrastructure to decrypt outgoing traffic, they will be putting themselves
at unnecessary risk. In fact, Gartner predicts that, in 2017, more than
half of network attacks targeting enterprises will use encrypted traffic to
bypass security controls.

Know who’s inside

The Ashley Madison hacks, one of the most notorious data breaches of the
past year, originated from within the network and probably could have been
avoided if the right security tools were in place.

It’s a governance, risk and compliance problem. Many businesses do not have
protocols in place for inspecting outbound encrypted traffic; they falsely
assume that the information leaving their networks has been cleared to do
so.

These companies have solid unified threat management (UTM), intrusion
prevention control (IPS) systems and secure web gateways (SWGs) in place
but these typically only monitor incoming traffic for malware and are
useless against outbound traffic.

According to Gartner, less than 50% of businesses with SWGs decrypt
outbound traffic. This figure drops to 20% for those with a firewall, an
IPS or a UTM appliance. While these existing tools might have the best
intrusion prevention signatures, most are unable to do SSL offloading and
are therefore becoming less effective.

Businesses of all sizes need to boost their security infrastructure with
tools that allow them to monitor outbound traffic and to choose what they
want to decrypt. These tools provide some leeway before information leaves
the network and flag abnormal traffic – like batches of credit card
information being sent to a strange website. As in the highway example,
these checks can be done in very little time but could protect businesses
against massive damage as it gives them enough time to block the traffic
and prevent a costly data breach.

The ability to decrypt outbound SSL traffic will become ever more crucial
as more local businesses move into the cloud and as more applications start
to use SSL. Any business with an online presence, no matter its size, needs
full visibility into its network if it has any hope of securing its
information.

A data breach could be catastrophic for any organisation – both from a
financial and reputational perspective. But with a few additional
precautions – by simply checking your blind spot before changing lanes –
businesses can achieve full network visibility while enjoying the benefits
of SSL encryption.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160415/e67d1238/attachment-0001.html>


More information about the BreachExchange mailing list