Хелпикс

Главная

Контакты

Случайная статья





Экзаменационный письменный перевод для студентов



Экзаменационный письменный перевод для студентов

ФТИ направлений подготовки  «информатика и вычислительная техника», «программная инженерия»

Encrypted Traffic Reaches A New Threshold

11/28/2018 John Maddison, SVP Products & Solutions, Fortinet

Over 72% of all network traffic is encrypted, and that figure is expected to grow. Unfortunately, very few security devices can inspect encrypted data without severely impacting network performance.

As organizations invite more mobile and IoT devices into their networks and adopt increasingly complex multi-cloud architectures, data and workflows are no longer confined to a static and highly secured segment of the network. Web and application-based traffic comprise a higher volume of total traffic, with much of that traffic including sensitive data. To accommodate this change, organizations are increasing their reliance on encryption, primarily secure sockets layer (SSL) and transport layer security (TLS), to protect their data in motion.

As a result, encrypted traffic has hit athreshold of over 72 percent of all network traffic.
While in many ways the growth of encryption is a good thing for security, higher encryption rates also present severe challenges to deep inspection of traffic to monitor for and detect threats. Because encryption is merely a tool, it can be used to protect any traffic from detection, whether good or malicious. Cybercriminals, for example, are very aware of the growth of encryption and use it to their advantage to obscure their presence and evade detection.

One reason why this is a growing concern is that inspecting encrypted traffic imposes critical performance limitations on nearly all firewall and IPS devices available on the market today. Generally speaking, examining encrypted traffic puts an enormous strain on a security device. Using ciphers to decrypt and inspect SSL/TLS traffic correctly is extremely CPU-intensive.

According to recent test results from NSS Labs, very few security devices can inspect encrypted data without severely impacting network performance. On average, the performance loss totaled 60 percent due to deep packet inspection, connection rates dropped by an average of 92 percent and response time increased by up to 672 percent! Even more concerning is that not all products were able to support the top 30 cipher suites either, meaning that some traffic wasn't being processed by some of the security devices at all.

Of course, these types of results render most traditional security devices nearly useless in today’s networks where encryption is the norm and performance is critical. As a result, much of today’s encrypted traffic is not being analyzed for malicious activity—making it an ideal mechanism for criminals to spread malware or exfiltrate data.

 

Here are a handful of suggestions to help organizations address this growing security concern:

1) practice good security hygiene – patch, upgrade or replace vulnerable devices, check configurations for errors to harden the exploitation of ports;

2) test your current devices –identify potential bottlenecks before they occur. Test existing security devices for performance issues, ensure that they support all of the major ciphers;

3) implement network controls – implement NAC to identify devices, automatically segmenting traffic to limit risk and using behavioral analytics so that when applications aren't where you expect them, or traffic is originating from an unexpected place, you get an alert;

4) consider an off-device decryption solution – If your volume of encrypted traffic is overwhelming available resources, consider implementing a purpose-built solution whose only function is to decrypt and re-encrypt data;

5) not all security devices are the same – view test results from third-party labs like NSS. A fully integrated solution solves a lot of problems, especially when resources are tight.

The best approach is to address the challenge before it becomes critical.

Adapted from: https://www.networkcomputing.com/network-security/encrypted-traffic-reaches-new-threshold/1863799705



  

© helpiks.su При использовании или копировании материалов прямая ссылка на сайт обязательна.