Why SSL inspection needs to become the new standard for businesses
- 03 September, 2018 06:00
In a world where data security is key, it is vitally important that every business has the best protection possible for its incoming and outgoing data and that means using Secure Sockets layer (SSL) encryption, decryption and inspection. However, it is now no longer enough to trust that encrypted data transmission is completely secure because hackers and other criminals have found a way to use it to their benefit.
Technology has reached an inflection point. Encrypted data transmission is now normal. It is no longer a complex additional function or system that costs extra. The use of SSL is now standard operating procedure but it can present challenges for security teams.
The broad uptake of encryption means some businesses have lost track of what is crossing through their gateway protection.
SSL "protected" attacks are on the rise. With almost two-thirds of internet traffic now encrypted according to a recent report produced by Gartner, it was only a matter of time before criminals, nation states and other attackers began using encryption as a shield. Unsurprisingly, nearly two-thirds of malware attacks reported in 2017 used SSL to mask the damaging payload.
This means you need an SSL inspection tool that lets you verify encrypted packets, which enter your network, aren't carrying damaging payloads.
Recent research by Gartner, published in this year's Global Application & Network Security Report found that 35% of companies surveyed had experienced an SSL-based attack. That is a 50% increase on the previous year. Less than a third of the companies had the ability to defend against an SSL flood attack. Almost half were unsure if they had even been attacked in this way.
A phishing email may contain a downloader file that initially seems harmless. But when launched it creates an encrypted session to a command and control server that is used to deposit malware onto your computer. When all that traffic is protected by SSL, traditional security measures can’t detect and block the malicious activity.
NSS Labs Chief Technology Officer, Jason Brvenik, said, "Encryption does not protect us from all threats and, in fact, can make it easier for the adversary. Enterprises must be concerned if they are not decrypting and inspecting SSL traffic from untrusted sources".
In other words, if you aren’t using SSL inspection there is a gaping hole in your security policies.
Full SSL inspection, also known as deep inspection, is the only way to ensure data moving in and out of your network is legitimate. Initial uptake has been relatively slow because of the high costs associated with the processing power required to decrypt data on the fly without causing significant impact on users. Products capable of deep inspection were also hard to configure and expensive.
But newer solutions, such as the Fortinet FortiGate next generation firewall, can conduct this complex operation with negligible impact on users. Other similarly capable firewall and gateway protection equipment may increase network latency by almost 3000% with a drop in throughput speed of up to 95%, according to a recent independent study by NSS Labs.
There are two ways to deploy SSL inspection depending on the nature of the environment and the risks you are mitigating. It can be used to either inspect traffic between multiple servers and clients or to protect an SSL server.
SSL inspection can be resource intensive, even on devices that use custom hardware and are specifically designed for the task. But by following best practice the inspection process can be optimised.
Having an understanding of normal traffic patterns is important. By knowing how much traffic is expected and the percentage that is encrypted, you can work out where to deploy SSL inspection. That knowledge can also be used to limit the number of policies allowing encrypted traffic or to modify your policy to apply SSL inspection only where it is needed.
Although there are many firewall and edge-protection devices offering SSL inspection, choose devices that use custom-made hardware for SSL content scanning and SSL acceleration.
Testing is important. Be selective about how SSL inspection is deployed, Choose highest-risk traffic first and then gradually enable it.
In conclusion, there is little doubt SSL inspection is an essential tool in the ongoing battle to protect data from malicious actors and must, at all cost, and be considered by all businesses.
Contact the Ingram Micro team to see how they can help your business.
Read Fortinet's whitepaper on 'The rapid growth of SSL Encryption'
- Physical or Virtual Firewall: What fits best for your environment?
- How to secure your corporate Wi-Fi
- Compliance with new rules needs a comprehensive risk assessment
- Security in the hybrid cloud