Blue Coat

Endorsed by Network. Trusted by Security. Empowered by Cloud. . Learn more

Caution: That SSL Blind Spot is Growing

The use of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is growing fast, and that’s a good thing for protecting user privacy and business communications. But it’s also a good thing for hackers and cybercriminals—because SSL provides a great hiding place for malware. In fact, 50% of all network attacks will hide in encrypted traffic by 2017, according to Gartner.[1]

Security professionals know about the “SSL blind spot” and most have taken action. They’ve bought tools to inspect SSL-encrypted traffic. They’re using those tools at the critical junctions: at ingress and egress points in the network and near web and cloud gateways. They’ve succeeded in identifying and thwarting attacks. And that has created a new phenomenon in the battle against SSL-borne malware attacks:


New data shows two troubling trends: a massive increase in malware hiding in SSL, coupled with a false sense of security on the part of security professionals. Consider:

  • Blue Coat Labs found dramatic increases in malware using SSL in the last two years*.
  • 85% of security professionals believe their organizations have this issue covered, according to the 2016 Cyberthreat Defense Report from CyberEdge.
  • A large percentage of advanced persistent threats (APTs) that use SSL still go undetected.

The reality is that it’s harder than ever to get a handle on the magnitude of the risk of encrypted traffic traveling through an enterprise. Take a look at this infographic for more details. Then take a second look at how well you’re really equipped to battle SSL-based malware. Because when you’re fighting the SSL blind spot, it’s good to have both eyes wide open.

* To be specific, between January 2014 and September 2015, a little more than 500 samples of malware families were seen to be using SSL each month. In the remaining three months of 2015 this figure soared to nearly 29,000 samples. A similar trend was observed in C&C servers: in Q3 2014, Blue Coat observed approximately 1,000 C&C servers using SSL, shooting up to over 200,000 observed in Q3 2015.

[1] Gartner, Security Leaders Must Address Threats from Rising SSL Traffic, Jeremy D’Hoinne and Adam Hills. Published: 9 December 2013

Join the CSO newsletter!

Error: Please check your email address.

More about GartnerHillsTransport

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by IDG staff

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts