Enterprises and online businesses face mounting challenges as the use of secure web based content and applications continue to grow. Easy-to-access, highly mobile, and social are the new user mantras of today’s IT. The proliferation of new mobile applications, advanced threats, and encrypted traffic are putting pressure on traditional security defences. Web attacks have become more targeted, sophisticated, and clandestine. Internet fraud, cyber-attacks, and more recently complex advanced threats have made “security” a heightened and more important topic for today’s enterprise business.
The 2012 Cyber Crime and Security Survey: Systems of National Interest, published by the Australian Government, discloses some of the cyber security measures that key infrastructure sectors have in place. 255 organisations surveyed in Australia's banking and finance, communications, energy, resources, transport, and water sectors reported that over 90% deployed firewalls, anti-spam filters, and security software in their networks. However, 20% of the same respondents described some form of ''cyber incident'' that occurred in 2012, and that harmed the confidentiality, integrity or availability of the network data.
So the question really is what protective armour do businesses need to defend themselves?
One important aspect of today’s enterprise security is Secure Sockets Layer (SSL). The use of encryption, more commonly known as SSL, has been exploding for a number of years. Websites today commonly use SSL encryption to protect web transactions, whether it is by email, web 2.0 or ecommerce. Yet, encryption is not a panacea for today’s security. While SSL secures the link between the user and the web server and enables more secure transactions, it reduces security by creating blind spots for security applications. Cybercriminals are aware of this, and often make use of encrypted channels for covert command and control communications for botnets, as well as data exfiltration from the corporate network.
The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to, protecting data from hackers and identity thieves. Cybercrime, and advanced threats in particular, increasingly leverage encrypted SSL tunnels to hide their malicious communications as this traffic (over port 443) in rarely inspected. In fact, levering SSL is a very effective method for the reason is encryption, the very thing that keeps content secure and unreadable, makes it nearly impossible for IT administrators to see, understand, or manage as well.
Harmful malicious code can be masked by this encryption and this raises pertinent security questions that need to be addressed.
- Is the content running over SSL truly secure? Are there hidden threats inside encrypted traffic that users are inadvertently accessing?
- Can external users “break” the protocol or “listen in” on secure communications over SSL?
- How do I know that our existing security applications and mechanisms are working properly?
- What is the best way to determine what our most critical vulnerabilities are?
Today most enterprise and cloud-based applications use HTTPS to secure the user. In fact, more and more internet websites and mobile apps also using HTTPS technology and it’s estimated that SSL is growing by more than 20% year/year. The prevalence of web sites using HTTP – such as Google and Facebook – means that the percentage of SSL traffic on corporate networks continues to expand, accounting for between 25% to 50% of an enterprise’s traffic mix.
Today Enterprises use many (inline and passive) network and security appliances for perimeter protection, internal security and compliance. Such a distributed approach to SSL interception has developed over time and adds complexity. Adding a single control to manage SSL traffic not only provides a simpler management solution, but can reduce the complexity by consolidating SSL interception at a single controlled point in the network
A single control point is less complex if it can provide simultaneous bi-directional SSL support. Ideally it should:
- work together with outbound security solutions(i.e. network-based anti-virus) to protect your internet and cloud apps.
- work together with inbound (i.e. data loss protection) security solutions to protect your enterprise apps and your data
Many SSL inspection platforms require separate solutions for each direction. A single solution that can feed decrypted traffic to each of these security solutions avoids the complexity of supporting SSL on each of these separate appliances and reduces complexity.
Finally, SSL interception should be policy based. Some applications cannot be decrypted or are not allowed to be decrypted such as banking apps or personal privacy apps. So we need to have policy-based control with exceptions. IT needs to have the flexibility to choose what content to decrypt and what to not decrypt.
Below are a few best practice tips for organisations electing to address the growing regulatory and technical gap of truly securing SSL traffic within their networks:
1) Single point to control SSL – simplify your network by using a single solution that can feed decrypted traffic to each application (Internet/cloud apps, enterprise apps)
Implement a single security solution to provide simultaneous bi-directional SSL support protecting outbound and inbound data.
2) Stop attacks at the gateway – Block and detect known threats commonly known as ‘commercial’ malware’ on the world-wide web.
Implement an advanced web gateway solution that scans ALL web traffic and protects all types of user access and devices while integrating with a real-time global cloud intelligence network for fast and effective protection.
3) Contain and analyse new threats – Investigate and block new threats in real-time such as executables on premise to mitigate more advanced threats that can pass through the traditional inspection of AV, IDS/IPS, or firewalls.
Install high performance and accurate sandboxing technology on premise that complements the gateway solution. On site malware analysis
4) Prevent and remediate breaches- In the event of a breach, organisations need to be able to investigate and remediate breaches almost instantly with threat
Utilise a holistic approach towards security leveraging intelligent visibility across all data to solve problems while maximising IT investments.
A number of organisations lack the ability to inspect and control SSL-encrypted traffic. This needs to change. Any solution implemented must understand and control native SSL traffic in real-time, closing all doors to cybercrime. This type of lifecycle defence approach will help organisations seamlessly embrace new technology confidently. If you’re considering advanced threat protection, consider re-evaluating your SSL inspection and decryption capabilities by making SSL visibility and control a foundation of your modern Enterprise defense.