WavebreakmediaMicro - Fotolia
Encryption is a double-edged sword, says Blue Coat
Seven more security suppliers join Blue Coat encrypted traffic management programme amid fresh warnings of attackers using encryption to hide malicious activity
The demand for data privacy in the post-Snowden era is driving the use of encryption, but that has security and other implications for business.
According to Wikipedia founder Jimmy Wales, around 65% of web traffic will be encrypted by 2016, a complete reversal of the current situation in which 65% is still unencrypted.
While encryption is the "only option" for new websites and there is "no moral excuse" for failing to encrypt, search engine optimisation (SEO) is more difficult, he told attendees of IP Expo 2015 in London.
"Encryption means search terms are no longer visible, which means SEO get a bit harder," said Wales. But that is not the only negative implication for businesses.
According to security firm Blue Coat, the trend towards encryption also has important security implications.
Research by Blue Coat Labs has showed that the 10 most-visited websites use encryption, making 100% of that traffic invisible to all security devices unless it is decrypted.
This means the growing use of encryption to address privacy concerns is creating a perfect set of conditions for cyber criminals to hide malware inside encrypted transactions.
Blue Coat researchers have revealed that encryption often reduces the level of sophistication required for malware to avoid detection.
ETM Ready Program
In March 2015, the security firm set up the Blue Coat Encrypted Traffic Management (ETM) Ready Program, which is designed to prepare and certify Blue Coat Technology Alliance Partners to integrate Secure Sockets Layer (SSL) visibility systems into the Blue Coat architecture to enable their security products to detect and eliminate the hidden threats in encrypted traffic.
The programme has a total of 17 members, with the recent addition of eSentire, Gigamon, LogRhythm, ManagedMethods, Symantec, TopSpin Security and Trend Micro.
The founding partners are CA Technologies, Cyphort, Damballa, Fidelis Cybersecurity, HP, Lastline, RSA, SafeNet -- now Gemalto -- Venafi and VSS Monitoring.
Read more about encryption
- The Wikimedia Foundation calls on all sites to join its move to encrypt all connections by default
- Encryption provides an additional layer of protection to hide cyber attackers' traffic, resulting in a preference for HTTPS
- A US government HTTPS-Only Standard directive requires that all federal websites accessible to the public must encrypt all data exchanges
"Currently, encrypted traffic [HTTPS] using SSL/TLS is a huge blind spot for enterprise visibility. The importance of privacy will ensure this trend continues, but investments in network security are largely being wasted when encrypted traffic isn't being inspected," said 451 Research senior security analyst Adrian Sanabria.
"Sophisticated attackers know that evading defences to get command and control traffic or data out of the enterprise is often as simple as using encryption in transit and perhaps a proxy or two. However, the technology to decrypt that traffic is only half the challenge -- the other half is to use existing network security investments, which is why Blue Coat's partnering efforts are so important," he added.
Peter Doggart, vice-president of business development for Blue Coat, said encryption is the tool of choice to protect privacy, but it is also quickly becoming yet another method of attack across the threat landscape.
"Customers are telling us that protecting employee and customer data is critical, but they also need to protect their network and the sky-rocketing use of encryption is hindering their ability to do so. Blue Coat and our ETM Ready Program partners are working to ensure enterprises can protect both privacy and their networks even as their use of encryption grows," he said.
Multiple security appliances required
According to Gigamon director of security solutions marketing Johnnie Konstantas, today's best practice in network security requires multiple inline security appliances to have visibility into the growing amount of SSL-encrypted traffic.
"Integrating Blue Coat's SSL visibility appliance with the GigaSecure security delivery platform, gives our joint customers scalable infrastructure that unobtrusively enables security analytics and inspection at scale," he said.
LogRhythm corporate and business development vice-president Matthew Winter said detecting and responding to today's cyber threats requires pervasive visibility across the entire network, including visibility into encrypted SSL traffic.
"The combination of Blue Coat's encrypted traffic management solution and LogRhythm Network Monitor delivers a powerful new way to detect threats concealed within SSL traffic and provides a holistic view of application, network, and user activity, while preserving privacy and regulatory compliance," he said.
With the increasing use of cloud applications and services in the enterprise, it is imperative IT security organisations gain visibility into their usage, according to ManagedMethods chief executive Charlie Sande.
"The combination of Blue Coat's encrypted traffic management appliances and the ManagedMethods Cloud Access Monitor product provides customers with a potent new weapon in the fight against shadow IT. This is crucial today as most software-as-a-service applications use encrypted traffic which creates blind spots that traditional security measures cannot inspect," he said.
Symantec information protection vice-president Nicolas Popp said his firm's Data Loss Prevention (DLP) product helps customers identify and protect sensitive information.
"And by integrating with the Blue Coat SSL Visibility Appliance, our customers will now have an additional option to easily identify and monitor sensitive data shared outside of the organisation," he added.
Kevin Simzer, chief marketing officer at Trend Micro, said the company's Deep Discovery provides visibility throughout a network to mitigate next generation threats including targeted and zero-day attacks that can be delivered through encrypted communications.
"Working in concert with Blue Coat's SSL Visibility Appliance will apply Deep Discovery's dynamic capability to analyse this traffic and ensure these sophisticated attacks are contained in virtually real time. This, in turn, will provide customers with additional peace of mind without compromising privacy or performance," he said.