The use of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is growing fast, and that’s a good thing for protecting user privacy and business communications. However, it’s also good news for hackers and cybercriminals because SSL provides a great hiding place for malware. In fact, research from Gartner forecasts that 50% of all network attacks will hide in encrypted traffic by 2017.
Security professionals know about the “SSL blind spot” and most have taken action. They’ve bought tools to inspect SSL-encrypted traffic at the critical junctions, which include ingress and egress points in the network and near web and cloud gateways. They’ve succeeded in identifying and thwarting various attacks, and that has created a new phenomenon in the battle against SSL-borne malware attacks: Overconfidence.
New data shows two troubling trends. Firstly, a massive increase in malware hiding in SSL, which is coupled with a false sense of security on the part of security professionals. Consider this:
- Blue Coat Labs found dramatic increases in malware using SSL in the last two years. To be specific, between January 2014 and September 2015, a little more than 500 samples of malware families were seen to be using SSL each month. In the remaining three months of 2015, this figure soared to nearly 29,000 samples. A similar trend was observed in C&C servers. In Q3 2014, Blue Coat observed approximately 1,000 C&C servers using SSL, shooting up to over 200,000 observed in Q3 2015.
- According to the 2016 Cyberthreat Defense Report from CyberEdge, 85% of security professionals believe their organisations have this issue covered.
- A large percentage of advanced persistent threats (APTs) that use SSL still go undetected.
The reality is that it’s harder than ever to get a handle on the magnitude of the risk of encrypted traffic traveling through an enterprise. Take a look at this infographic (5 things you need to know about managing encrypted traffic) for more details. Within you’ll find:
- The factors contributing to the network security blind spot
- How Encrypted Traffic Management (ETM) helps security devices see all traffic
- How you can achieve visibility without disrupting privacy needs
Remember: When you’re fighting the SSL blind spot, it’s good to have both eyes wide open.
Without a strategy for managing encrypted traffic, you may be vulnerable to attacks and critical data leakage. Blue Coat's ETM solutions help security and network operations balance security demands with privacy, policy and regulatory needs.