Story image

7 modern security problems you can solve with Encrypted Traffic Management

09 Jun 16

Unchecked encrypted traffic in enterprise networks presents a growing risk for every business. As the use of SSL/TLS encrypted communications continues to grow, so does risk due to hidden threats. Security leaders are beginning to realise the implications of network encryption and its impact on the effectiveness of the entire security infrastructure. 

Blue Coat has identified a few challenges plaguing security and network teams and how the right Encrypted Traffic Management (ETM) solutions can help:

1. Limited encrypted traffic visibility that enables data loss and exfiltration

Most of today’s Data Loss Protection (DLP) devices are blind to SSL traffic, which leaves networks at a high risk. Advanced ETM solutions can intelligently feed devices like DLP technologies with decrypted SSL traffic allowing them do their job more effectively and expose critical data movement and potential exfiltration. This reduces overall risk while helping maintain data privacy and industry compliance (i.e. HIPAA, PCI, and Sarbanes-Oxley).

2. Incomplete sandboxing that can’t analyse all malicious threats

It is now possible for organisations to manage encrypted traffic by feeding both decrypted and unencrypted traffic to anti-malware or sandboxing solutions for more complete threat analysis, and increase the number of malware detections isolated.

3. Inadequate intrusion protection that won’t stop attacks

IDS/IPS solutions cannot see or stop threats hidden within encrypted traffic, which creates dangerous blind spots. Automatically identifying all SSL traffic based on an organisations policy, feeds decrypted flows—as well as all non-SSL traffic and SSL traffic that policy determined should be left encrypted—to IDS/IPS solutions so they can better detect and eliminate advanced threats without hindering the device performance. This is especially important due to the rapid rise in nefarious Command and Control (C&C) traffic that utilise SSL and originate from inside an organisation’s network.

4. Weak network forensics that can’t monitor and capture sophisticated attacks

Encryption makes it difficult for security analytics or network forensic tools to monitor and detect network breaches and targeted attacks. With the right ETM solutions you can now more effectively analyse all network traffic for suspicious network and attacker behaviour. Blue Coat’s ETM solutions does this and also allows for the prompt response and remediation of compromised network assets and devices.

5. Decentralised SSL decryption that adds complexity and cost

With a comprehensive policy engine, Blue Coat’s SSL Visibility Appliance provides decrypted content of SSL flows to existing security appliances such as DLP, NGFW, IPS, content analysis, network forensics and more, so you can easily get the full visibility and control you need to fight SSL-borne threats. This approach does not require any special software or APIs on the security devices in the infrastructure.

6. SSL traffic decryption and inspection that really slows you down

This can be managed by ensuring automatic visibility of all SSL traffic without affecting the performance of the network or requiring complex scripting and rule sets. An efficient ETM solution can actually increase network security device performance, by taking away the process-intensive burden of SSL inspection. This also preserves and extends the return-on-investment (ROI) of existing security devices, making them more effective in seeing all traffic, applications and potential threats.

7. Adhering to growing data privacy and compliance demands

As data privacy continues to grow as a critical business concern, IT Security teams struggle with how to balance it with maintaining strong network security. The best ETM solutions provide a comprehensive policy engine that keeps all products up-to-date with threat intelligence, website and traffic categorisation. Only a solution that selectively decrypts the suspicious and malicious SSL/TLS traffic, while allowing known good traffic to pass through in its encrypted state is able to deliver security and high performance.

Advanced enterprise security provider, Blue Coat Systems offers a white-paper on the above modern security problems - you can download it here.

Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
Mobile Infrastructure market sees fastest growth since 2014
The report from Dell’Oro shows that while the vendor rankings for the top three vendors remained unchanged with Huawei, Ericsson, and Nokia leading.
HPE unveils AI-driven operations for ProLiant, Synergy and Apollo servers
With global learning and predictive analytics capabilities based on real-world operational data, HPE InfoSight supposedly drives down operating costs.
Deloitte bolsters AWS offerings with CloudinIT
“By joining forces we can help even more organisations adopt cloud technologies and put their customers at the heart of their digital agendas.”
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
Enterprises to begin closing their data centres
Dan Hushon predicts next year companies will begin bidding farewell (if they haven't already) to their onsite data centres.
Citrix acquires micro app platform Sapho
Sapho’s micro applications improve employee productivity by consolidating access to tools, activities and tasks in a simple and unified work feed.
HPE expands AI-driven operations
HPE InfoSight extends select predictive analytics and recommendation capabilities to HPE servers, enabling smarter, self-monitoring infrastructure.