Spread of Internet encryption creating 'visibility void' claims Blue Coat

Marketing hype or the limits of SSL inspection?

Large numbers of websites and Internet services are disappearing behind encrypted connections, part of a growing "visibility void" in which organisations struggle to tell friendly traffic from foe, security firm Blue Coat has argued.

At first sight it's an odd perspective because the use of encrypted HTTPS connections by services such as Google, Facebook and Twitter is normally seen as a good thing, which indeed it is. But tolerance of unmonitored traffic is now carving out a space for malevolent traffic to flourish, or so the argument goes.

The problem is that organisations can ignore encrypted traffic and risk letting in malevolent software which also increasingly uses encryption to hide command and control, or disallow it all, making it impossible for employees to visit legitimate sites.

Using figures from Blue Coat's customers, 69 percent of traffic to the top 50 most popular websites is now encrypted by default, with Google, Facebook, YouTube, Yahoo and Baidu the top five in that order.

Only mass-market news sites such as ESPN, BBC News, CNN, or Pandora, leave encryption turned off for maximum compatibility. In the UK, the BBC is now the only non-encrypted site in the top ten.

Meanwhile, the growth of cloud services - big users of encryption - is adding to the probability that in time almost all corporate traffic would be 'invisible'.

"The tug of war between personal privacy and corporate security is leaving the door open for novel malware attacks involving SSL over corporate networks that put everyone's data at risk," claimed Blue Coat's chief security strategist, Hugh Thompson.

"For corporations to secure customer data and meet regulatory and compliance requirements, they need the visibility to see the threats hiding in encrypted traffic and the granular control to make sure employee privacy is also maintained."

The firm also said that around one in ten of the security requests its researchers received in an average week was now regarding a suspicious website using encryption, equivalent to around 100,000 requests.

It is these dark or unknown sites that underline the need to monitor encrypted channels, he firm said, giving the example of the Dyre malware as only the latest example from a growing list using encrypted channels.

The orthodox solution is to turn of SSL inspection at gateway level if such a capability exists, but this hits performance. Admins usually then roll back inspection to categories that fall outside given types of traffic, for instance visits to known websites.

SSL inspection is also not always able to go much beyond HTTPS traffic, which a significant large chunk unaccounted for in security oversight.

Blue Coat's answer is Encrypted Traffic Management, which it claims can direct suspect payloads to other security infrastructure after first decrypting traffic. This can end up sounding a lot like SSL inspection in another form because there will still be an overhead even if it is reduced.

Taken private in 2012 in a $1.3 billion (£830 million) buy-out, Blue Coat has continued to reinvent itself since then by buying Solera Networks a year later and sandboxing firm then Norman Shark some months later.

Join the CSO newsletter!

Error: Please check your email address.

Tags blue coatsecurityencryption

More about CNNESPNFacebookGoogleindeedNewsNormanSolera NetworksYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place