Can Good Encryption be a Double-Edged Sword for Security in Australia?

by Sandeep Joshi, General Manger at Dell SonicWALL

If every exchange or communication of data on the web was encrypted, would it make our virtual world a more secure place in Australia? A report by PwC found Australia had the highest number of cyber security incidents in the previous 12 months amounting to 9434, more than double the previous year.

As the global traffic surpasses the one zettabyte mark by the end of 2016, it represents a rapid, global surge in Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption of websites, which until recently, was a security measure reserved largely for financial institutions and online checkout processes.

According to the 2016 Dell Security Annual Threat Report, in the fourth quarter of 2015, around 65 percent of total web connections worldwide were SSL/TLS encrypted. That means that every time a website is accessed, there’s a good chance SSL/TLS is being used. Overall, this is a positive trend that should create safer web interactions. Below the surface however, lurks a hidden threat that might take both you and your firewall by surprise.

The Darker Side of Encryption

Exactly a year ago, attackers used an advertisement on Yahoo to redirect users to a site infected by the Angler exploit kit. Just weeks before, users were exposed to more malicious software through compromised advertisements that showed up across the web. In total, at least 910 million users were potentially exposed to malware through these attacks. The common thread? The malware was hidden from firewalls by SSL/TLS encryption.

When victims don’t have the right protection measures in place, attackers can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems. In effect, the SSL/TLS encryption serves as a tunnel to hide malware as it can pass through firewalls and into organisations’ networks undetected if the right safeguards aren’t in place. As SSL/TLS usage grows, the appeal of this threat vector for hackers too increases.

Protecting Against Encrypted Attacks

Companies can stop SSL/TLS attacks, however most don’t have their existing security features properly enabled to do so. Legacy network security solutions typically don’t have the features needed to inspect SSL/TLS-encrypted traffic. The ones that do, often suffer from such extreme performance issues when inspecting traffic, that most companies with legacy solutions abandon SSL/TLS inspection.

However, with an updated infrastructure with next-generation firewalls (NGFW) in place, incorporating Deep Packet Inspection technology on a multi-core architecture that scales out as needed to meet performance or resiliency requirements, companies can perform this inspection without reducing performance beyond a reasonable threshold. In this case, IT teams simply need to activate the SSL/TLS inspection capability, but if they aren’t aware of the threat, they typically don’t.

It is possible for organisations to enjoy the security benefits of SSL/TLS encryption without providing a tunnel for attackers. Just follow these steps:

1. If you haven’t conducted a security audit recently, undertake a comprehensive risk analysis to identify your risks and needs.

2. Upgrade to a capable, extensible NGFW with integrated IPS and SSL-inspection design that can scale performance to support future growth.

3. Update security policies to defend against a broader field array of threat vectors and establish multiple security defense methods to respond to both HTTP and HTTPS attacks.

4. Train staff continually to be aware of the danger of social media, social engineering, suspicious websites and downloads, and various spam and phishing scams.

5. Inform users never to accept a self-signed, non-valid certificate.

6. Make sure all software is up-to-date. This will keep you protected from older SSL exploits that have already been neutralised.

The growth of SSL/TLS encryption can and will be a positive security trend for the global community, but it will remain a mixed bag until companies recognise and address the risks. By investing in updated solutions and enabling SSL/TLS inspection, you can have the best of security and performance at the same time.

Join the CSO newsletter!

Error: Please check your email address.

Tags TLShackerszettabyteDell securitySecure Sockets Layer (SSL)Transport Layer Security (TLS)IPSencryptionSSLencryption software2016 annual security reportcyber securityHTTPS attacks

More about DellIPSTransportYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sandeep Joshi

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place