Glen Ogden, regional sales director, Middle East at A10 Networks looks at the pros and cons of SSL encryption…
UAE – Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser.
And encryption of SSL is a double-edged sword for many organisations in the Middle East. It bolsters security by providing confidentiality and message integrity. It also enables organisations to verify the identity of application owners and allows applications to authenticate users with client certificates. Unfortunately, encryption can also be used by attackers to infiltrate enterprises.
Encryption puts organisations at risk. Hackers leverage encryption to conceal their exploits from security devices like firewalls, intrusion prevention systems, forensics solutions, and more that can’t keep up with increasing SSL decryption demands or that cannot decrypt SSL traffic at all because of their location in the network.
According to a recent Gartner survey, “less than 20 percent of organisations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.” This means that hackers can evade over 80 percent of an organisation’s network defenses simply by tunneling attacks in encrypted traffic.
SSL usage has become ubiquitous, and many leading websites now encrypt every web request and response. In fact, 48 percent more of the million most popular websites use SSL in 2014 than a year earlier. However, the transition from 1024- to 2048-bit SSL key lengths, combined with growing SSL bandwidth demands, has burdened security devices that decrypt SSL traffic. The impact of decryption on security devices is startling. Analysis by NSS Labs reveals that 2048-bit SSL ciphers “caused a mean average of 81 percent in performance loss” for seven leading next-generation firewalls.
However, encrypted traffic is often not protected with intrusion protection technology. Cyber tools are not protecting the organization’s assets and are letting encrypted traffic pass through the network unchecked.
But wait a minute—didn’t we solve SSL performance problems in the data center years ago? Specialised appliances, load balancers, application delivery optimization, and offloading CPU-intensive SSL encryption processes are all aimed to address these issues. However, in addition organizations need modern tools to secure and optimize their modern firewalls and cyber protections.
To help organizations decrypt and inspect SSL traffic without degrading network performance, third-party security devices can be used to inspect encrypted traffic and eliminate the blind spot imposed by SSL encryption.
These security devices have the capabilities to:
- Uncover cyberattacks hidden in SSL traffic
- Maximize uptime by load-balancing multiple third-party security appliances
- Scale performance and throughput to successfully counter advanced threats
- Deploy best-of-breed content inspection solutions to fend off attacks and malware
In today’s work environment, more and more network traffic is being encrypted. As information technology managers, we need to ensure the correct information is being protected, while the necessary infrastructure is in place to protect the organisation. Managed correctly, SSL traffic can provide the necessary protections while not exposing the vulnerabilities on the company’s security infrastructure.