Ransomware, malware, and other forms of cyber-attacks continue to rise each passing day. The former alone has been rising and rose by 151 percent around the globe, especially in the first half of 2021. As per the FBI’s findings, more than 100 different strains of ransomware are at large.
Even in the face of such a looming threat, organizations are guilty. Why? Because they inspect less than half of their web traffic in terms of intrusions, attacks, and malware. 28 percent of companies inspected less than a quarter of their web traffic.
Why do so many businesses risk allowing threats to enter their environment? This issue boils down to the sordid fact of the common use of Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
TLS/SSL encryption is a popular and highly effective method of preventing hackers from entering and tiptoeing into internet traffic. However, it has the same effect on security devices too. It, unfortunately, renders them unable to detect ransomware along with other kinds of malware.
Hackers are aware of this and they make ample use of this vulnerability with as many as 46% of malware attacks utilizing TLS/SSL encryption as means of delivery and communication. This is clearly a major problem and a lot of companies continue to ignore the blind spots present in TLS/SSL encryption. They have yet to address the problem effectively.
Do companies recognize the issue of the blind spot present in TLS/SSL encryption?
A lot of research surveys were carried out amongst tech executives by numerous tech firms and cybersecurity service providers too. They particularly checked the opinions of leaders in the tech industry when it comes to inspection of encrypted traffic. Without a surprise, the results found almost universal awareness of the security risks blind spots in TLS/SSL encryption faced.
Approximately 98% of tech executives, top tech executives and managers surveyed were somehow concerned about the potential for a cyber-attack to be concealed within encrypted communications entering their network. With almost more than 50 percent of these firms’ traffic being encrypted, the concern is hence justified.
Yet, a solution is available, going by the name of Encrypted Traffic Inspection (ETL). With this approach, companies decrypt inbound and outbound TLS/SSL traffic to allow inspection by their full network traffic security stack which includes the following:
• Firewalls.
• Forensics.
• Intrusion prevention systems (IPS).
• Advanced threat prevention (ATP).
• Data Loss Prevention (DLP).
Perceived pros and cons of Encrypted Traffic Inspection
Companies are quite aware of the security risks they are facing. Approximately 80 percent of respondents considered it likely that their firm was a victim of a cyber-attack or harmful insider activity within the past year.
A lot also recognize the potential value of encrypted traffic inspection. They explain that the inspection of the TLS/SSL traffic and visibility into it is important to the overall security infrastructure of their company.
Yet, when these executives were asked about their company decrypting web traffic for detecting ransomware, malware, intrusions, and other kinds of cyberattacks, only a small amount of them answered affirmatively.
For which reasons weren’t companies decrypting traffic for inspection?
When these executives were ask why they were not decrypting traffic for inspection, they cited a lack of the need tools and resources to tackle the issue. Moreover, they also had concerns regarding the performance of these tools and any violations of privacy taking place.
Performance is basically an issue of priorities. It depends on the scale of the cyber attack’s risk. Moreover, tools and resources to help check encrypted traffic inspection should be a compulsory part of each firm’s arsenal and budget. Otherwise, all efforts to maintain cyber security will go in vain.
On the other hand, performance degradation is something real. It is a pervasive problem. A lot of executives in tech departments across various firms are looking to
help companies learn and use decryption using the latest tools and technologies.
Conclusion
For most of these firms, DDoS proxy protection may not be as helpful a solution as they are perceive. This is another reason why companies should be on their feet when it comes to cybersecurity, especially for protection against ransomware and DDoS attacks too.