The use of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is growing fast, and that’s a good thing for protecting user privacy and business communications. However, it’s also good news for hackers and cybercriminals because SSL provides a great hiding place for malware. In fact, research from Gartner forecasts that 50% of all network attacks will hide in encrypted traffic by 2017.
Security professionals know about the “SSL blind spot” and most have taken action. They’ve bought tools to inspect SSL-encrypted traffic at the critical junctions, which include ingress and egress points in the network and near web and cloud gateways. They’ve succeeded in identifying and thwarting various attacks, and that has created a new phenomenon in the battle against SSL-borne malware attacks: Overconfidence.
New data shows two troubling trends. Firstly, a massive increase in malware hiding in SSL, which is coupled with a false sense of security on the part of security professionals. Consider this:
The reality is that it’s harder than ever to get a handle on the magnitude of the risk of encrypted traffic traveling through an enterprise. Take a look at this infographic (5 things you need to know about managing encrypted traffic) for more details. Within you’ll find:
Remember: When you’re fighting the SSL blind spot, it’s good to have both eyes wide open.
Without a strategy for managing encrypted traffic, you may be vulnerable to attacks and critical data leakage. Blue Coat's ETM solutions help security and network operations balance security demands with privacy, policy and regulatory needs.