There’s a long-standing misconception that organizations are forced to sacrifice performance for security and vice versa. And it’s one of the reasons most often cited by companies when asked why they don’t inspect SSL-encrypted traffic.
In a recent article, “Performance, management and privacy issues stymie SSL inspections – and the bad guys know it,” CIO.com and CSO contributing writer Maria Korolov examines how cyberattackers are using encrypted traffic to hide their malicious activity. The piece also notes that businesses aren’t adopting the technology necessary for SSL inspection due to concerns that it will negatively impact performance, management and privacy.
In the article, Korolov cites a Ponemon Institute survey commissioned by A10 Networks that found 41 percent of companies that were victims of a cyberattack said the attacker used SSL encryption to hide their activities. Still, 61 percent of companies said they don’t decrypt and inspect SSL traffic because of the presumed performance penalty it could impose on their network.
“There’s a misconception that if they start looking at SSL traffic, that’s going to be half the traffic in their network. If they start looking at it, that it will slow down the network enough to cause performance degradation,” A10’s Director of Cyber Operations Dr. Chase Cunningham told Korolov.
The percentage of SSL-based attacks is likely to increase, Korolov reports, as encryption tools become commercialized, easier to use and more readily available to threat actors who can take advantage of the explosive growth in encrypted traffic, which is expected to balloon from 29 percent last year to 67 percent by the end of 2016.
“I’ve already seen some exploit kits with the options of using advanced encryption capabilities,” Cunningham says in the article.
There are solutions available, however, that can help organizations uncover threats hidden in SSL traffic without degrading network performance. A10 Networks’ SSL Insight decryption technology (available in the A10 Thunder SSLi and Thunder CFW platforms) allows SSL traffic to be offloaded, decrypted and inspected before it’s re-encrypted and sent to its destination.
“A10, for example, offers appliances that take care of the pain of managing SSL certificates and take on the CPU-intensive encryption and decryption tasks so that the dedicated security devices on the network aren’t slowed down,” Korolov writes. “Both incoming and outgoing traffic is decrypted, sent to the security devices for inspection, and then encrypted again.”
Read Korolov’s full article.