Unchecked encrypted traffic in enterprise networks presents a growing risk for every business. As the use of SSL/TLS encrypted communications continues to grow, so does risk due to hidden threats. Security leaders are beginning to realise the implications of network encryption and its impact on the effectiveness of the entire security infrastructure.
Blue Coat has identified a few challenges plaguing security and network teams and how the right Encrypted Traffic Management (ETM) solutions can help:
Most of today’s Data Loss Protection (DLP) devices are blind to SSL traffic, which leaves networks at a high risk. Advanced ETM solutions can intelligently feed devices like DLP technologies with decrypted SSL traffic allowing them do their job more effectively and expose critical data movement and potential exfiltration. This reduces overall risk while helping maintain data privacy and industry compliance (i.e. HIPAA, PCI, and Sarbanes-Oxley).
It is now possible for organisations to manage encrypted traffic by feeding both decrypted and unencrypted traffic to anti-malware or sandboxing solutions for more complete threat analysis, and increase the number of malware detections isolated.
IDS/IPS solutions cannot see or stop threats hidden within encrypted traffic, which creates dangerous blind spots. Automatically identifying all SSL traffic based on an organisations policy, feeds decrypted flows—as well as all non-SSL traffic and SSL traffic that policy determined should be left encrypted—to IDS/IPS solutions so they can better detect and eliminate advanced threats without hindering the device performance. This is especially important due to the rapid rise in nefarious Command and Control (C&C) traffic that utilise SSL and originate from inside an organisation’s network.
Encryption makes it difficult for security analytics or network forensic tools to monitor and detect network breaches and targeted attacks. With the right ETM solutions you can now more effectively analyse all network traffic for suspicious network and attacker behaviour. Blue Coat’s ETM solutions does this and also allows for the prompt response and remediation of compromised network assets and devices.
With a comprehensive policy engine, Blue Coat’s SSL Visibility Appliance provides decrypted content of SSL flows to existing security appliances such as DLP, NGFW, IPS, content analysis, network forensics and more, so you can easily get the full visibility and control you need to fight SSL-borne threats. This approach does not require any special software or APIs on the security devices in the infrastructure.
This can be managed by ensuring automatic visibility of all SSL traffic without affecting the performance of the network or requiring complex scripting and rule sets. An efficient ETM solution can actually increase network security device performance, by taking away the process-intensive burden of SSL inspection. This also preserves and extends the return-on-investment (ROI) of existing security devices, making them more effective in seeing all traffic, applications and potential threats.
As data privacy continues to grow as a critical business concern, IT Security teams struggle with how to balance it with maintaining strong network security. The best ETM solutions provide a comprehensive policy engine that keeps all products up-to-date with threat intelligence, website and traffic categorisation. Only a solution that selectively decrypts the suspicious and malicious SSL/TLS traffic, while allowing known good traffic to pass through in its encrypted state is able to deliver security and high performance.
Advanced enterprise security provider, Blue Coat Systems offers a white-paper on the above modern security problems - you can download it here.