Today, most attacks use SSL/TLS encrypted tunnels to hide malicious activity—getting malware in and sensitive data out. Despite the fact that encrypted tunnels are meant to secure communications, cyber criminals routinely use forged or compromised keys and certificates to create encrypted tunnels for malicious purposes or hijack legitimate tunnels to use in cyber attacks.
Manoj Sharma, World Wide Solutions Architect at Symantec, and Mark Sanders, Lead Security Architect at Venafi will explore how organizations are exposed to these types of attacks at the 63rd Annual ASIS International in Dallas, Texas on September 26. The following is a brief glimpse at some of the cyber security trends that they will discuss in a session entitled, Threats Are Hiding in Encrypted Traffic on Your Network.
Cyber criminals use SSL/TLS to hijack the blind trust that most security controls grant to SSL/TLS encrypted traffic. Many of these attacks go undetected for years, and, for those that are detected, details about the attack and how it was remediated are seldom shared. Organizations need to plan a strategy specifically designed to prevent, detect, and respond to these types of attacks.
In their ASIS presentation, Manoj and Mark will provide a vendor-neutral evaluation of how architectures need to continue to evolve to defend against today’s cyber attacks that hide in SSL/TLS traffic:
- How threats that leverage SSL/TLS have adapted within the 2017 threatscape.
- Where most organizations have security gaps—regardless of the depth of their security stacks.
- Best practices on enabling SSL/TLS inspection, including how to create an efficient architecture that provides access to cryptographic keys and digital certificates necessary for decryption without compromising system and network performance.
Interested in learning more? See Manoj Sharma and Mark Sanders present at ASIS International 63rd Annual Seminar and Exhibits, September 25-28, 2017.