Simply put: the use of encryption is on the rise. Sadly, so is its misuse.
Last year, over 21 million websites obtained security certificates through the Let’s Encrypt program. In addition, at the beginning of 2017, Mozilla announced that half of the web traffic on FireFox was encrypted.
Encryption is a valuable tool for many organizations and individuals. But its very popularity has also made it a valuable tool for cyber criminals, who use encryption to mask malicious behavior.
A new report from Zscaler revealed that 54% of the threats blocked by their product line hid in SSL traffic. In addition, the cloud security company counted 600,000 malicious activities using SSL per day. Zscaler’s research demonstrates a significant rise in encrypted based attacks. For example, an A10 Networks report from last August revealed that roughly 41% of cyber attacks used encryption to evade detection. Now, it’s grown to over half.
There are many reasons for our current encryption boom: from an explosion in the number of IP-enabled devices to growing geopolitical concerns. But simply using encryption is not enough to protect your business. Unfortunately, many organizations are not taking the proper steps needed to protect themselves from encryption-based attacks.
As cyber criminals become more adept at hiding in SSL traffic, security professionals are struggling to keep their encrypted tunnels free of dangerous traffic. After all, only 29% of security professionals have high levels of confidence in their organizations’ ability to secure and protect encrypted communication.
Ultimately, proper encryption requires consistent protection and visibility. Organizations must inspect and decrypt their traffic on a regular basis in order to catch malicious actors before they take advantage of encrypted systems.
Unfortunately, most security programs were created before encrypted SSL/TLS contributed the majority of network traffic. Integrating security with certificate management is a huge leap forward in the effective inspection of encrypted traffic. And automation streamlines the entire process of encryption monitoring.
Encryption usage, and malicious attacks, will continue to grow in 2017 and beyond. Your organization can’t afford to be left behind.
Are you confident in your ability to thwart attacks hidden in SSL traffic?