Note: encrypted traffic can be a threat!

Without any sane strategy to manage encrypted traffic, you can be vulnerable to attacks and leakage of critical data.


The use of SSL and TLS is growing rapidly. This is good because it allows you to protect the privacy of users and business communications. However, it is also good news to hackers. SSL allows perfectly hiding malware. The report that is provided by Gartner, showed that 50% of all network attacks will occur using encrypted traffic in 2017 year.

Security professionals know about it and have already taken some measures. Many experts acquired tools for inspecting SSL-critical traffic to nodes that include the entry and exit points in the network and cloud gateways. Other attacks quickly identified and stopped at the very beginning.

New data revealed two disturbing trends. Firstly, a significant increase of malware hidden in SSL, and it is connected with a false sense of security among many professionals. It is necessary to consider the following:

Blue Coat Labs identified a crucial growth of malicious software that uses the SSL, in the last two months. To be specific, the more than 500 examples of malware families that use SSL each month were identified between January 2014 and September 2015. In the remaining three months of 2015, this figure increased to nearly 29,000 cases.

According to a 2016 Cyberthreat Defense Report, 85% of security professionals believe that their companies are holding all the questions. However, a high percentage of threats (APT), which are related to the SSL, remains unsolved.

The reality is that it is difficult to estimate the exact risk of encrypted traffic. Without encrypted traffic management strategy, you can be vulnerable to various attacks and data leak.

Posted in Vulnerabilities Tagged with: , , , , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.