Skip to main content Skip to search

Avoid the SSL Encryption Shadow Monster: A Look at SSL Decryption

Freely Flowing SSL Encrypted Traffic

The popular Netflix series “Stranger Things” – with all of its nods to 80’s sci-fi and nostalgia – is based on the premise that there are two parallel realities: the real world and “the upside down” and evil inverted world inhabited by monsters.

And while the technology of “Stranger Things” doesn’t stray far from arcade games, TV antennas and Walkman portable radios, there’s a connection to modern cyberthreats that can’t be ignored.

Think about it, on the internet there are hidden threats that creep underground in a sort of inverted world, hidden from the naked eye. These threats are secreted in encrypted traffic.

According to industry experts, about 70 percent of internet traffic is encrypted. On the surface, this may not seem surprising, but it can be downright frightening when you consider that most security devices cannot inspect decrypted SSL traffic. Similar to how only a few in “Stranger Things” can actually see the upside down, we have very little visibility into what’s happening on our own networks.

There’s a Shadow Monster potentially lurking in encrypted traffic, and failure to see it opens the door to potential problems such as financial loss, reputation damage and exposure of intellectual property and confidential customer data. In a recent A10 survey, we found that seven out of 10 IT professionals assumed their companies had suffered at least one data leak. Meanwhile, according to a Ponemon Institute study, over 40 percent of all cyber attacks escape security by hiding in encrypted traffic.

This has led many companies to invest in myriad cybersecurity point product in their quest to keep the shadow monster away, but most of these solutions simply cannot break and inspect encrypted traffic, meaning they lack the ability to see the two parallel worlds. This lack of inspection is the open door for anyone to pass traffic from one world to another. It’s like putting a steel door in front of your company and forgetting that the back door does not lock.

At the same time, performing SSL decryption on traditional security solutions can degrade performance and force additional investments to counteract it.

Inspecting SSL Traffic can Expose Malware and Ransomware

Allowing encrypted traffic to flow freely means you are not scanning files that pass through your network. These files can contain malware and ransomware, and infect your network and applications.

For example, many companies invest a large percentage of their network security budget on next-generation firewalls, intrusion detection and prevention systems, secure web gateways and similar devices. Thus, the investment made in these network devices is wasted if they can’t SSL decrypt and inspect traffic.

In Stranger Things, the Hawkins City National Laboratory tries to create a perimeter for monsters – but leaves portals open in the woods, at school or anywhere else in the city. This is similar to other security devices that don’t break and inspect encrypted traffic- if they’re are not inspecting 70 percent of the traffic that is traversing your network, these devices are not doing their job and you’re putting yourself at risk.

Don’t allow a shadow monster cloak itself in SSL (Secure Sockets Layer) encrypted traffic to get into your network. Avoid the trouble with dedicated SSL decryption, like A10′ Thunder SSLi, that won’t impact performance and will preserve your existing security investment.

Learn more about A10 Networks’ SSL/TLS inspection solutions.


A10 PSIRT Team
February 12, 2018

About A10 PSIRT Team

The A10 SERT Team is A10 Networks' Security Engineering Research Team. Read More

Seeing is believing.
Schedule a live demo today.

Get a Product Demo