Cybersecurity and Outrunning the ‘Zombie Marathon’
Cybersecurity is a lot like the zombie marathon: you don’t necessarily have to be the fastest one to avoid being eaten, you just have to be faster than the guy next to you. That was a key message in recent media coverage of a Ponemon Institute survey commissioned by A10 Networks that examined the threats hiding inside SSL encrypted traffic. The survey revealed some startling data, including that 41 percent of companies who were victims of a cyberattack said the attacker used SSL encryption to hide their activities, yet 61 percent said that they don’t decrypt and inspect SSL traffic due to the perceived network impact. Industry reporters around the globe prominently featured the Ponemon survey and its results, and some of them spoke with cybersecurity expert and A10’s new Director of Cyber Operations, Dr. Chase Cunningham, for additional commentary on the report and other cybersecurity topics. In many of the pieces, Cunningham compared avoiding attackers to being chased by a zombie army. For example, in the Converge Network Digest article, “A10: Malware Hidden in SSL Traffic Poses Growing Threat,” Cunningham says:
“The bad guys are looking for ROI just like the good guys, and they don’t want to work too hard to get it. Instead of focusing on doing everything right 100 percent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available. It’s the cyber security equivalent of the zombie marathon — as long as you can avoid being the slowest in outrunning the zombies, you minimize risk.”
Cunningham’s zombie analogy also appeared in the Healthcare Informatics article, “A New Study Looks at the Hidden Threats Within Network Traffic:”
“The interesting point is that nearly half of the people who responded said that yes, we know there are bad things taking place using encrypted channels, and three-quarters of individuals don’t know exactly what’s going on. So they concede that there’s some sort of sickness, but most don’t know what it is, and that’s not good….I often use the following metaphor: I talk about the zombie marathon, where I don’t have to outrun the zombies, I just have to run faster than the guy next to me, so that I don’t get eaten.”
And a feature article in CIO Magazine, “Performance, management and privacy issues stymie SSL inspections – and the bad guys know it,” cited the risks that stem from a growing reliance on encryption technology, and how companies may feel a false sense of security about their encrypted traffic – when bad guys are actually using it more frequently to spread malware. According to the article:
“There’s a misconception that if they start looking at SSL traffic, that’s going to be half the traffic in their network,” said Cunningham. “If they start looking at it, that it will slow down the network enough to cause performance degradation.” Plus, managing SSL certificates can be a cumbersome chore, he said.
The CIO article continues:
“The absolute truth of the situation is that every time you as a user sign on to the system, you sign off on something that says that your company has the right to inspect your traffic,” [Cunningham] said. “They need to look at that traffic to see if there’s malicious activity taking place — to protect users and protect data.”
According to the CIO article:
A10, for example, offers appliances that take care of the pain of managing SSL certificates and take on the CPU-intensive encryption and decryption tasks so that the dedicated security devices on the network aren’t slowed down. Both incoming and outgoing traffic is decrypted, sent to the security devices for inspection, and then encrypted again.
For a full list of all the press coverage from this announcement, be sure to check out the A10 “In the Press” page, which also lists all of A10’s news coverage to date.