Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 24 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Encrypt Everything! Don’t let security be the reason you don’t (and attackers do)

by The Gurus
December 20, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Expect encryption
The case for the use of encryption by hackers to avoid detection tools and the need to detect these attacks has been well documented. Encrypted traffic is an easy hiding place for attackers and difficult for organisations to deal with.
However, trying to monitor this traffic by decrypting first, performing deep-packet inspection, and then encrypting again at line-rate speeds is problematic, even with dedicated SSL decryption, especially in the long term. There are several factors at play here.
With an increasing global desire for privacy, more traffic is encrypted by default. Earlier this year, it was revealed that 77 per cent of requests to Google’s servers are currently encrypted, up from 50 per cent in January 2014.
This is actually great news, especially for consumer privacy. Enterprises have a strategy to encrypt everything. With this encryption however, attempts to perform SSL decryption mean there will be large volumes of encrypted data to process.
Encryption undermines traffic inspection
The growth of encrypted traffic in enterprise networks is having a large impact on security technologies that rely on deep packet inspection (DPI), whose efficacy is severely degraded as more traffic is encrypted.
Even worse, traditional security responses to handling encrypted traffic, such as man-in-the-middle decryption and inspection, will become impossible as we see an increase in certificate and public key pinning built into applications by security savvy developers.
The performance of data leakage prevention (DLP) solutions, which rely on DPI, could be degraded by up to 95 per cent while traditional signature-based IDS and IPS suffer a loss in functionality of up to 80 per cent. This does not mean security should be the reason for not encrypting, because not encrypting traffic isn’t stopping attackers from doing it anyway.
Attacker behaviour analytics works on encrypted traffic
The answer lies in the behaviour of network traffic. Without even looking at what’s inside a packet, encrypted traffic has many observable characteristics and patterns that reveal attacker behaviours.
By observing the characteristic duration, timing, frequency, and volume of packets, you can tell a lot about what users and host devices are doing. Data science models applied to traffic reveal these attacker behaviours. They show which side is in control of a conversation and tell you if it is human or automated, among other things.
The distinctive patterns of malicious traffic expose botnets, remote access Trojans, malware updates, internal reconnaissance behaviours, credential theft, suspicious authentication, and other actions attackers must perform to carry out cyberattack or crime. Most important, they identify hidden tunnels in encrypted traffic that attackers user to exfiltrate data or orchestrate remote command and control.
In combination with clear text headers, focusing nonstop on the behaviour of all network traffic – not just random snapshots and samples – is extremely effective in detecting cyber attacker behaviours.
To learn more about the research Vectra Networks has performed on the impact of encryption to threat detection, read the threat report, DPI goes blind as encryption adoption increases.
By Chris Morales, head of security analytics, Vectra Networks

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Obama warns Putin on hacking; China to return US drone; lynda.com hacked

Next Post

In an age of cyber threats, 1 in 4 consumers put becoming more security-aware on their New Year’s resolutions list

Recent News

call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023
Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information