Over half of web traffic is now encrypted, according to the Electronic Frontier Foundation (EFF). That’s a big win for businesses and all of US since it guards against eavesdropping and tampering with content as it moves from device to server and back again.
This rise in encryption comes with one big, obvious downside. Hackers now work encryption for their attacks, starting them harder to spot amidst a current of encrypted traffic.
Attacks that weaponize two common encryption protocols, Secure Sockets Layer (SSL) and Transport Layer Security (TLS), are on the rise. 39 % of groups encountered an SSL or TLS attack in 2016, but only a quarter said they were confident they could detect and mitigate them. Beyond this, recent research found that there were twice as many encrypted malware payloads in the first six months of 2017 than the whole of 2016.
Stopping them is easier said than done. Several businesses are deserted in the dark, striving to identify good traffic from bad when it’s all encrypted. But there are steps organizations can take to avoid becoming the next victim.
What encrypted attacks look like
Recognizing encrypted attack traffic in encrypted traffic issues is unfortunate than searching for a needle in a haystack; it’s like searching for a piece of hay in a haystack.
Decrypting and re-encrypting SSL traffic to find an attack only adds requirements for processing the traffic, which can ultimately clog up the network and application infrastructures. Devices can decrypt manage to rely on checking the rate of the request, which can drop legitimate traffic, effectively making the attack a success.
Here are some of the most common forms these encrypted attacks take:
- Encrypted SSL floods — These attacks seek to exhaust system resources by forcing use of SSL handshakes for illegitimate encrypted traffic.
- SSL renegotiation — By initiating a regular SSL handshake and then immediately requesting the renegotiation of the encryption key, this attack repeats this renegotiation request to exhaust all server resources.
- HTTPS floods — Floods of encrypted HTTP traffic waste a server, often as part of multi-vector attack campaigns. While common HTTP floods are a freight, HTTPS floods add the extra twist of tying up encryption and decryption mechanisms.
- Encrypted web attack — By encrypting web traffic, web application logic attacks often pass undetected within both DDoS and web application protection.
How to sift attack traffic from legitimate traffic
To make SSL more blessing than curse means having a strategy to effectively pluck malicious traffic from encrypted streams. Here are a few of the most effective.
Regain visibility — Decrypt and re-encrypt SSL sessions so that you can inspect both clear and encrypted traffic without compromising privacy when content is in motion from point A to point B.
Implement service chaining — Give your SSL inspection tool lines to one or more security solutions so it can selectively forward traffic as needed to quickly mitigate an attack.
Gain traffic inquiry flexible — Your purpose constantly to support the effective flow of authorized traffic, which can be tough when inspecting it all. But it’s possible by dynamically defining filters that intercept and open traffic for inspection.
Hold your SSL traffic investigation secure —SSL traffic inquiry liquid can itself display a game. It’ll wait safely if you block it from performing like a proxy and deny it an IP address.
Seek scale — As traffic continues to grow, you shouldn’t have to bother with forklift upgrades. Find an SSL traffic inspection solution that will seamlessly scale with your rise in traffic.
Advance high availability — If this SSL traffic investigation extract eternally sends traffic to the fastest-responding possible protection servers, you can sidestep any out-of-service servers that might cause downtime.
Encrypted traffic is performing to grow
Encrypted traffic is now a majority of whatever crawls back and forth on the internet, and there’s no going back. It secures sensitive information and maintains privacy when data is in motion. Exactly, another edge of the threat is the chance spots it inevitably creates in any organization’s security.
It is possible, however, to have the best of both worlds. By culling the malicious traffic from the real traffic, legitimate users don’t notice a thing and attacks are stopped in their tracks.