In late June, Cisco announced a new machine-learning model called Encrypted Traffic Analytics (ETA). According to the hardware giant, ETA will allow businesses to detect malware activity in encrypted traffic.
According to a company blog post by Jason Deign: “Encryption is a valuable ally in maintaining privacy. It keeps our data safe from prying eyes. It stops people robbing our credit card details, our app usage habits, and our passwords…. [However], encryption brings a bit of a double-edged sword -- the bad guys can use it too. Encryption can hide malware just as well as it can hide your own secrets. And that opened a whole can of worms (and Trojans, and viruses) for IT bosses.”
Encryption is a vital and power security tool. But, it’s absolutely true that cyber criminals are finding ways to hide attacks inside the very encrypted traffic that is designed to protect our privacy. This will only get worse as the drive for encryption continues to explode: a recent study from A10 Networks found that 41 percent of cyber attacks used encryption to evade detection. Cisco’s announcement is just the latest response to our changing threat landscape.
“It’s encouraging to see Cisco acknowledging the risks of threats that hide in encrypted traffic,” says Kevin Bocek, chief security strategist for Venafi. “However, there is still much more to accomplish.”
Even though industry analysts estimate the vast majority of cyber attacks will use SSL/TLS by 2020, very few organizations actively devote resources to protecting against these kinds of threats. An unfortunate side effect of this behavior is that the threats that hide in encrypted traffic dramatically reduce the effectiveness of most cyber security technology investments.
“It is absolutely essential for organizations to inspect cross-network/cross-cloud SSL/TLS traffic in order to protect against threats utilizing encrypted traffic,” says Bocek. “However, most IT and security professionals don’t realize how blind spots in encrypted traffic impact the security technologies they depend on to protect their business. Without proper visibility, many security solutions are useless against the increasing number of attacks hiding in encrypted traffic.”
Ultimately, we must develop regulatory and best practice advice on the proper ways to protect encryption. Simply pushing for its usage is not enough. “Federal agencies have been directed to use HTTPS with digital certificates on public webservers since the end of 2016,” concludes Bocek. “But, they were never informed about the new security risks created by increasing encrypted traffic.”
What do you think about Cisco’s announcement? How does your organization respond to risks hiding in encrypted traffic?