• Simon Mullis, Chief Technology Officer at Venari Security


• 14.10.2022 03:00 pm
#security

As the breadth of cyber security threats continue to grow, the protection of sensitive customer, client and employee data has become a key concern for organisations in recent years. This has meant a rapid rise in the adoption of encryption - both in transit and at rest - which is now mandated by many governments and regulators across the globe. Firm’s that fail to adhere to these requirements, and subsequently suffer from data breaches, risk major financial and reputational penalties.

In order to remain compliant, and ensure they are employing best-practise maintenance of the privacy of business-critical data, two-thirds of the top 1,000 internet websites globally now use TLS 1.3 - the current benchmark for ensuring strongly encrypted communications. However, there is still a significant confusion around encryption and, more often than not, it can be poorly applied, causing growing issues for security and compliance teams, who have been tasked with upholding the highest security standards and safeguarding end-user and transactional privacy.   

Poor deployment, maintenance and management of encryption can make it easier for the privacy of data to be compromised by malicious actors. This is often seen in highly-regulated industries, when organisations might lack the necessary knowledge of how encryption is being used “in-flight” across their organisation and whether they are meeting regulatory standards. This can be a combination of ownership over the implementation, governance and monitoring of the use of encryption, with a failure to clearly define who is in charge for managing encrypted security solutions, and legacy infrastructure that hasn’t been properly maintained.

Encryption can still present significant challenges, even in organisations that implement strong security standards. Due to the volume of encrypted data firms need to manage, the use of decryption alone isn’t always enough to provide sufficient visibility of potentially malicious traffic. Instead, organisations should aim to discover new methods of analysing and understanding network traffic. This will help in the mitigation against cyber risks in parts of their network where visibility using traditional tooling remains a challenge.

Mitigating the risks of encrypted traffic

Increasingly, attackers are able to conceal malicious activity within legitimate encrypted network traffic, enabling them to breach the perimeter of unsuspecting organisations through the creation of blind spots. There was an enormous 314% rise in attacks in the first three quarters of 2021 alone. While these attacks aren’t always particularly sophisticated, the inability to gain full oversight over encrypted traffic is providing malicious actors with almost unfettered access to private networks. In the past, this might have been solved by decryption and inspection, however the sheer volume of data that firms are required to process makes this difficult. There are complexities in decrypting the huge volumes of data traffic generated by today’s enterprise organisations. Some of the more recent standard encryption protocol features like “Perfect Forward Secrecy” in TLS1.3, necessitate strong encryption between the client and server making decryption much more difficult. Many organisations also need to take into account financial costs associated with this volume of decryption.

The aim for organisations is to successfully identify malicious, aberrant or simply suspicious encrypted communications, once a beachhead has been established. Oversight is the single most effective method of reducing risk to sensitive data over encrypted traffic, without the requirement to wait for decryption. This means security teams need to tailor their approach towards the detailed analysis of all encrypted communications, and full, real-time understanding about the traffic that is passing over networks.

Encrypted Traffic Analysis (ETA) is an emerging method of risk detection. Without the need for decryption, ETA facilitates analysis and oversight of encrypted traffic via a combination of machine learning, artificial intelligence, and behavioural analytics. This has useful applications for security teams, helping them to understand the behaviour of traffic across networks, and receive real-time updates and alerts without any impacts on latency or privacy. Significantly, the rate at which malicious activity can be found, isolated and dealt with, is capable of reducing the risks considerably.

A great number of organisations will use static analysis to understand digital certificates, but this strategy fails to offer critical information required on what specific settings and features are actively negotiated and used for the individual sessions. As such, the visibility, provided by ETA platforms, can ensure the encryption put in place by organisations is as secure as needed.

The value in ‘measuring and mitigating’ 

There isn’t a singular solution when it comes to the protection of data privacy. In an effort to minimise the risks of a data breach, organisations should transition towards using best practise security solutions and seek to maintain the very latest in data security knowledge.

In the new age of encryption, and against a backdrop of growing cyber security threats, visibility and understanding is crucial in helping organisations to truly understand what is happening within their network. In this way, they must begin to move away from the traditional ‘decrypt and detect’ approach, instead focusing on methods to ‘measure and mitigate’ for real-time knowledge and understanding over activity on their encrypted networks.