[BreachExchange] 7 security problems you can solve with Encrypted Traffic Management
Audrey McNeil
audrey at riskbasedsecurity.com
Fri May 6 15:48:07 EDT 2016
http://www.itproportal.com/2016/05/06/7-security-problems-you-can-solve-with-encrypted-traffic-management/
The growing risk of un-inspected encrypted traffic in enterprise networks
has been discussed for some time now. Security leaders are beginning to
realise the far-reaching implications of network encryption: that it truly
affects the effectiveness of the entire security infrastructure.
Below are some examples of challenges plaguing security and network ops
teams and how an encrypted traffic management solution (ETM) can solve
these:
1. Limited encrypted traffic visibility that enables data loss and
exfiltration
Most Data Loss Protection (DLP) devices are blind to SSL traffic, whereas
ETM solutions intelligently feed devices like DLP technologies with
decrypted SSL traffic allowing them do their job more effectively and
expose critical data movement and potential exfiltration. This reduces
overall risk while helping maintain data privacy and industry compliance
(i.e. HIPAA, PCI, and Sarbanes-Oxley).
2. Incomplete sandboxing that can’t analyse all malicious threats
Now you can manage encrypted traffic by feeding both decrypted and
unencrypted traffic to anti-malware or sandboxing solutions for more
complete threat analysis, and increase the number of malware detections
isolated.
3. Inadequate intrusion protection that won’t stop attacks
IDS/IPS solutions cannot see or stop threats hidden within encrypted
traffic, which creates dangerous blind spots. ETM solutions can
automatically identify all SSL traffic and, based on your policies, feeds
decrypted flows—as well as all non-SSL traffic and SSL traffic that policy
determined should be left encrypted—to IDS/IPS solutions so they can better
detect and eliminate advanced threats without hindering the device
performance. This is especially important due to the rapid rise in
nefarious Command and Control (C&C) traffic that utilise SSL and originate
from inside an organisation’s network.
4. Weak network forensics that can’t monitor and capture sophisticated
attacks
Encryption makes it difficult for security analytics or network forensic
tools to monitor and detect network breaches and targeted attacks. With ETM
solutions you can now more effectively analyse all network traffic for
suspicious network and attacker behaviour. As well as allowing for the
prompt response and remediation of compromised network assets and devices.
5. Decentralised SSL decryption that adds complexity and cost
With a comprehensive policy engine, having some form of SSL visibility
appliance provides decrypted content of SSL flows to existing security
appliances such as content analysis, network forensics and NGFW, so you can
easily get the full visibility and control you need to fight SSL-borne
threats. This approach doesn’t require any special software or APIs on the
security devices in the infrastructure.
6. SSL traffic decryption and inspection that really slows you down
There are some solutions available that ensure the automatic visibility of
all SSL traffic without affecting the performance of the network or
requiring complex scripting and rule sets. This can increase network
security device performance, by taking away the process-intensive burden of
SSL inspection. This also preserves and extends the return-on-investment
(ROI) of existing security devices in your network, making them more
effective in seeing all traffic, applications and potential threats.
7. Adhering to growing data privacy and compliance demands
As data privacy continues to grow as a critical business concern, IT
Security teams struggle with how to balance it with maintaining strong
network security. Some available ETM selectively decrypt the suspicious and
malicious SSL/TLS traffic, while allowing known good traffic can pass
through in its encrypted state. This ensures data privacy and compliance
and makes everyone happy — especially Legal, Compliance, and HR teams.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160506/677faf79/attachment.html>
More information about the BreachExchange
mailing list