pixel_dreams - Fotolia
- Kathleen Richards, Information Security
The numbers vary, but by all accounts, encrypted traffic is increasing on the internet. The problem? Most companies fall short when it comes to SSL traffic inspection, which creates a blind spot in inbound and outbound communications that may increase the threat of web-based attacks.
The SSL protocol uses authentication and encryption -- public-key and symmetric-key -- to secure communications between servers and other systems. It is frequently used to encrypt email, web transactions and data in transit, including data used by mobile apps. While the protocol usually works as intended, lack of SSL traffic inspection is actually putting companies at risk, according to an August 2016 report by the Ponemon Institute.
For the "Hidden Threats in Encrypted Traffic: A Study of North America and EMEA" report, sponsored by A10 Networks, Ponemon researchers independently surveyed 1,023 IT and security professionals. According to survey respondents, 80% of organizations have been victims of cyberattacks or malicious insiders in the past 12 months, and 41% of those attacks used encryption to evade detection.
The majority of those surveyed expect the potential dangers hiding in SSL traffic, such as malware and other intrusions that threaten to bypass security controls, to get worse in the next 12 months, the report found. While 51% of those surveyed indicated that their companies plan to install some form of traffic decryption in the next 12 months, 62% said they did not inspect decrypted web traffic.
The reasons range from lack of tooling and skilled personnel to network performance degradation and it not being a priority. The speed of SSL traffic inspection, its use of bandwidth and SSL key lengths also pose challenges, researchers said.
Enterprises face threat of SSL malware
7 steps to implement SSL security
Learn more about deep-packet inspection techniques