SSL: The unchecked security blind spot

When changing lanes on the highway, you would first indicate to make other drivers aware of your intentions and then check your blind spot to make sure it was safe to switch lanes. Those safety measures, which only take a few seconds, could be the difference between arriving at your destination safely and causing a massive pile-up with potentially fatal consequences.

Yet we see this recklessness all the time – on the information superhighway, that is.

We’re facing a bit of a conundrum in the security industry. In order to effectively protect company networks, we need full visibility of the network – i.e. the cars in the lanes around us. However, increasing data encryption, in the form of the Secure Sockets Layer (SSL) security standard (or our blind spot), is making this difficult.

Ever since the Edward Snowden leaks, there has been a steady rise in SSL encryption – a security protocol designed to protect information as it travels across the Internet from one destination to the next.

This is good news for consumers who make online purchases, for example, as they are assured that their credit card information is encrypted and can only be accessed by the intended recipient.
But many businesses don’t understand SSL or why they need it. Until now, businesses have been more concerned about attacks coming into their networks – the cars swerving in front of them – than attacks going out, and have structured their security architecture accordingly.

By the end of 2015, more than half of the world’s Internet traffic was expected to be encrypted. We expect 2016 to be the year of ‘SSL everywhere’ as encryption becomes standard. If businesses do not prepare their infrastructure to decrypt outgoing traffic, they will be putting themselves at unnecessary risk. In fact, Gartner predicts that, in 2017, more than half of network attacks targeting enterprises will use encrypted traffic to bypass security controls.

Know who’s inside

The Ashley Madison hacks, one of the most notorious data breaches of the past year, originated from within the network and probably could have been avoided if the right security tools were in place.

It’s a governance, risk and compliance problem. Many businesses do not have protocols in place for inspecting outbound encrypted traffic; they falsely assume that the information leaving their networks has been cleared to do so.

These companies have solid unified threat management (UTM), intrusion prevention control (IPS) systems and secure web gateways (SWGs) in place but these typically only monitor incoming traffic for malware and are useless against outbound traffic.

According to Gartner, less than 50% of businesses with SWGs decrypt outbound traffic. This figure drops to 20% for those with a firewall, an IPS or a UTM appliance. While these existing tools might have the best intrusion prevention signatures, most are unable to do SSL offloading and are therefore becoming less effective.

Businesses of all sizes need to boost their security infrastructure with tools that allow them to monitor outbound traffic and to choose what they want to decrypt. These tools provide some leeway before information leaves the network and flag abnormal traffic – like batches of credit card information being sent to a strange website. As in the highway example, these checks can be done in very little time but could protect businesses against massive damage as it gives them enough time to block the traffic and prevent a costly data breach.

The ability to decrypt outbound SSL traffic will become ever more crucial as more local businesses move into the cloud and as more applications start to use SSL. Any business with an online presence, no matter its size, needs full visibility into its network if it has any hope of securing its information.

A data breach could be catastrophic for any organisation – both from a financial and reputational perspective. But with a few additional precautions – by simply checking your blind spot before changing lanes – businesses can achieve full network visibility while enjoying the benefits of SSL encryption.