Throughout IT history, new technologies have been co-opted by bad actors and abused for malicious activities. And there can be no doubt that encryption is any different. Though SecOps teams deploy it as a default security countermeasure, it also opens up space for threat actors to hide their activities in what is considered to be safe traffic. A large number of companies have been exposed not just to attacks exploiting SSL/TLS vulnerabilities, but also attacks that employ SSL/TLS to mask movement over the network and to attack applications. Without a proper toolset that covers all attack vectors, dealing with encrypted threats is a significant challenge.
New research from Flowmon and IDG Connect shows 99% of IT managers recognize encrypted network traffic as a source of security risks, but two-thirds of businesses fail to protect their assets from both internal and external threats misusing SSL/TLS.
“The study shows that the vast majority of investments go to traffic decryption on the perimeter, leaving the organization vulnerable to many common forms of attack such as ransomware, botnets obscuring communication with Command & Control servers or browser exploits. Only 36% of respondents have both perimeter and network protection deployed together,” says Mark Burton, Managing Director at IDG Connect.
Two biggest obstacles of deploying network traffic decryption by using an SSL proxy are the fear of breaching data privacy (36%) and concerns over performance degradation (29%).
Network defenders need to team up to repel all encrypted traffic threats
The survey’s findings highlight the importance of deploying Network Traffic Analysis (NTA) and SSL decryption together to provide equal protection against external and internal threats.
Respondents recognize NTA tools as a way to bring together network and security operations teams, to share a single version of the truth (49% rank this as a number 1 capability of such tools), and to improve prevention and accelerate detection and response.
“Most organizations are unable to inspect SSL/TLS traffic at scale and cybercriminals are aware of this. Decryption is powerful but also expensive and resource-intensive. Therefore, it makes tactical sense to use Encrypted Traffic Analysis (ETA), which is lightweight and covers the most cases, to monitor the network holistically and reserve the use of decryption for critical services only,” says Artur Kane, Head of Product Marketing at Flowmon Networks.
The full report is available at: link www2.flowmon.com/IDG-eta-research
IDG Connect conducted the survey on behalf of Flowmon Networks to study the network security landscape and network encryption across the US, Canada and Europe. In late 2019, IDG Connect surveyed over 100 respondents via an online questionnaire. The audience came from across sectors including 27% from the technology vertical. All respondents had IT management titles with 40% in C-suite roles. All came from companies with at least 500 staff, with the highest number (39%) coming from companies with 1,000 to 4,999 staff.
About IDG Connect
IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2006, it utilizes access to 44 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localized messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnect.com