Insights from the Ponemon Institute Survey “Hidden Threats in Encrypted Traffic”
We know attackers are increasingly hiding their exploits in encrypted traffic to bypass security controls and get into a network undetected. What we don’t know is the extent of the threat within healthcare and pharmaceutical organizations.
To shed light on the challenges that encrypted traffic poses, A10 Networks sponsored a survey by the Ponemon Institute, the “Hidden Threats in Encrypted Traffic: A Study of North America and EMEA.”
Within healthcare, encryption is considered a best practice for protecting the electronic medical records (EMR) and personal health information (PHI) of patients, helping organizations adhere to the strict privacy rules set out by regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).
Encryption ensures sensitive data remains private when it’s transmitted, preventing unauthorized users from viewing it, even when intercepted. According to the Ponemon survey, within healthcare and pharmaceutical companies, an average of 30 percent of outbound Web traffic is encrypted today; these organizations expect that percentage to increase to 48 percent over the next 12 months.
While great at protecting sensitive data, SSL encryption can be turned against healthcare organizations and used by attackers to hide their actions. It’s an attack vector that healthcare and pharmaceutical respondents to the Ponemon study seem to be aware poses an increasing danger.
In fact, 80 percent agreed it was possible they could suffer from a data breach that leveraged compromised insider credentials due to malware hiding inside encrypted SSL traffic; 64 percent were not confident their organization would be able to prevent costly data breaches or the loss of intellectual property by detecting SSL traffic that is malicious.
Most healthcare organizations simply don’t have the capabilities they need to mitigate the risks potentially hiding in encrypted traffic. According to the Ponemon study, 41 percent of healthcare and pharmaceutical respondents felt their current perimeter security investment was ineffective because of outbound/inbound encrypted traffic (29 percent are unsure); 68 percent agreed the inability of their organization’s current security infrastructure to inspect encrypted traffic compromises their ability to meet existing and future compliance requirements.
While 92 percent of healthcare and pharmaceutical organizations recognize that SSL Inspection of traffic is “Important” to “Essential” to their organization’s overall security infrastructure, only 39 percent decrypt Web traffic to detect attacks, intrusions and malware. When probed on why they are not inspecting more encrypted traffic, the reasons centered around performance degradation (51 percent), lack of enabling security tools (47 percent) and inefficient resources (43 percent).
Many existing solutions are unable to effectively handle the CPU-intensive decryption and re-encryption of SSL traffic. Independent tests show most security devices experience an 80 percent performance degradation.
The problem is compounded when traffic uses Elliptic Curve Cryptography (ECC) to encrypt the session. When ECC is used, many security devices experience a 75 percent performance degradation over and above other SSL methods when they encrypt and decrypt ECC sessions. From the survey, 48 percent agreed with the statement that their organization’s security solutions are collapsing under growing SSL bandwidth demands and SSL key lengths. This explains why organizations, given their existing capabilities, either completely forgo or only selectively inspect encrypted traffic.
Proven solutions — like A10 Thunder SSLi — offload SSL decryption and re-encryption from third-party security devices to enhance the performance of the overall infrastructure and ensure malware and insider threats hidden in SSL are detected via SSL Inspection.
With Thunder SSLi, healthcare and pharmaceutical organizations can protect patient privacy, meet HIPAA compliance requirements, eliminate blind spots and deliver high-performance decryption with a lower total cost of ownership (TCO).