The new report showed the risk of lack of validation of encrypted packets.
There is an important clause of the encrypted traffic in the new research, published this week: encryption works so well that hackers are using it as a cover.
A new study from the A10 and the Ponemon Institute found that 80% of respondents believe their organizations have become a victim of cyber attacks or malicious activity in the past year – and 41% of attacks using encryption to avoid detection. In addition, 75% say that the malware hidden within encrypted traffic, bear the risk for their organizations.
The report notes that SSL encryption is not only hides the data from potential hackers, but also from security tools.
Hackers use SSL encryption to get away from the standard protection, says Chase Cunningham of A10 Networks.
Cunningham believes that companies need to start thinking about the use of technologies that can inspect the SSL packets and send to quarantine the bad or malicious packets. It adds that this will be even more important because organizations transmit the encrypted data to the cloud – companies need to know if all the encrypted packets in the cloud is secure.
Three main reasons why organizations do not decrypt encrypted traffic, according to the report: the lack of the necessary means of security (47%), lack of resources (45%), and reduced productivity (45%).
Another 53% of respondents admit that their security solutions are becoming worse due to the growing demands for bandwidth and SSL key lengths.
Kevin Bocek from Venafi noted that there are dangers and inside encrypted traffic. He points to three aspects of the inspection of encrypted traffic.
First, companies need to focus on key management for inbound traffic. Bocek said that they need to know where the keys are stored and used automated tools, which are regularly updated.
Second, companies need to create a trusted center for outbound traffic so that when the system initiates a new connection, a new certificate is created. Boček says that the majority of security tools have these types of opportunities.
Finally, the same kind of key management that the company has established for incoming traffic, should be used for internal traffic.
Security managers must understand that encrypted packets are legitimate threat that must be regularly checked and inspected.