Encrypted traffic analysis: increase the visibility of your encrypted domain

Protecting sensitive customer, customer and employee data has always been important, but has become a key responsibility for organizations in recent years.

This has led to a surge in the adoption of encryption – both in transit and at rest – which is now mandated by many governments and regulators around the world, with major financial and reputational penalties for companies that do not. do not meet these requirements.

To ensure they are compliant, using best practices, and keeping critical business data private, 62% of the world’s top 1,000 websites now use TLS 1.3, the current standard for strongly encrypted communications. However, encryption remains widely misunderstood and, more often than not, can be misapplied, leading to growing problems for security and compliance teams tasked with maintaining standards and protecting end-user and transaction privacy.

When an organization’s encryption is improperly deployed, maintained, or managed, data privacy can be compromised. This is commonly seen in highly regulated industries, where organizations may not understand how encryption is used “in-flight” in their organization and whether they are meeting regulatory standards. This can be a combination of ownership over the implementation, governance and oversight of encryption usage, with a failure to clearly define who is responsible for managing encrypted security solutions, and an infrastructure legacy that has not been properly maintained.

Even in organizations that implement strict security standards, encryption can still present a significant challenge. Due to the volume of encrypted data that organizations must manage, decryption alone is not enough to provide visibility into potentially malicious traffic. Instead, organizations need to discover new ways to analyze and understand network traffic, in order to mitigate cyber risks in parts of their network where visibility using traditional tools remains a challenge. .

Mitigate the risks of encrypted traffic

Attackers are increasingly able to hide malicious activity in legitimate encrypted network traffic, creating blind spots and allowing them to breach the perimeter of unsuspecting organizations. Attacks on encrypted channels increased by one huge 314% in the first three quarters of 2021 alone. While these attacks are not necessarily particularly sophisticated, the lack of true visibility into encrypted traffic provides malicious actors with nearly unlimited access to private networks. Traditionally, this could have been solved by decryption and inspection, but the growing volume of data makes this difficult. Decrypting huge volumes of traffic data using modern encryption protocols generated by and traversing today’s enterprises presents complexities. Some of the newer standard protocol features such as “Perfect Forward Secrecy” in TLS1.3, force strong encryption between client and server, which makes decryption much more difficult. For many organizations, there are also significant financial costs to consider.

The challenge for organizations now is to successfully identify malicious, aberrant, or simply suspicious encrypted communications once a beachhead has been established. The most effective way to reduce risk to sensitive data is to monitor encrypted traffic, without having to wait for decryption. This requires security teams to direct their approach towards a detailed analysis of all encrypted communications and a complete, real-time understanding of the traffic passing through the networks.

An emerging method of risk detection is encrypted traffic analysis (ETA). ETA makes it easy to analyze and monitor encrypted traffic, without decryption, through a combination of machine learning, artificial intelligence, and behavioral analysis. This has useful applications for security teams to understand traffic behavior on networks and receive real-time updates and alerts without any impact on latency or privacy. Significantly, the speed at which malicious activity can be detected, isolated, and addressed greatly reduces business risk.

Many organizations will use static analysis to understand the certificate, but this policy does not provide the critical information required about the specific settings and features that are actively negotiated and used for individual sessions. Thus, the visibility provided by ETA platforms can ensure that the encryption put in place by organizations is as secure as necessary.

The Value of “Measure and Mitigate”

Data privacy protection does not have a one-size-fits-all solution. To minimize the risk of a data breach, organizations should adopt best practice security solutions and maintain the latest data security knowledge.

Visibility and understanding are crucial in the new era of encryption, helping organizations truly understand what’s going on with their network security. In this way, they must begin to move away from the traditional “detect and decrypt” approach and instead focus on methods to “measure and mitigate” real-time awareness and understanding of activity on their networks. encrypted.


About the Author

Simon Mullis is Chief Technology Officer at Venari Security. Venari Security is the only company in the world that focuses on analyzing encrypted traffic without decryption. We provide organizations with visibility and insight into their encrypted attack surface and how encryption is actively used in their business. Enable these organizations to set, measure, monitor and maintain strong encryption standards, highlighting and reporting deviations. Giving them actionable insights and insight into their encrypted traffic.


Charles J. Kaplan