Lack of Data Decryption Could Endanger Network Security
64 percent of organizations polled in a recent survey say they cannot detect data breaches in malicious SSL traffic endangering network security.
By - In a recent study conducted by Ponemon, nearly two-thirds of organizations polled believed their organization could properly leverage data decryption technology in order to project against malicious network traffic.The use of of server socket layer (SSL) decryption and inspection could go a long toward ensuring network security.
The Ponemon study, Uncovering Hidden Threats within Encrypted Traffic, surveyed over 1,000 IT and IT security practitioners across all industries. The survey found that “SSL bandwidth requirements diminish the effectiveness of existing security controls.”
SSL is the security technology that establishes an encrypted link between a webserver and a client or browser. SSL technology is an industry standard used by most organizations with encrypted data, including healthcare institutions. While SSL helps protect data, the encryption can cause blind spots capable of being exploited by hackers to bypass network security protocols.
The SSL blind spot is the double-edged sword of IT infrastructure security. Encrypting data protects it from being stolen, but without a way to decrypt the data, IT may not be able to detect malware traveling in and out of the network.
Types of attacks hiding in SSL encryption are:
- Outbound port abuse
- Phishing
- Internal hide and seek
- Phoning home
- Cookie theft
For health IT infrastructure, this blind spot can pose a serious problem for securing protected health information (PHI) and maintaining HIPAA compliance.
According to the Ponemon study, 80 percent of the organizations polled were victims of a cyberattack in the past year and 41 percent of those attacks were hidden in SSL traffic. Nearly all respondents agreed that SSL decryption is important.
While about a third of respondents could detect malicious SSL traffic, the majority of respondents could not, leaving their infrastructure dependent on other security measures (e.g., firewalls). Other security measures help protect network infrastructure, but detection should be the first line of defense against malicious attacks.
Organizations polled that are currently inspecting decrypted traffic are using one or a blend of the following methods:
- Commercial solution utilizing deep packet inspection
- Commercial solution utilizing big data
- Homegrown monitoring
- Manual inspection
While these methods help protect the network, some add cost to the IT budget, limit network bandwidth, and place strain on IT staff. Including certain features in a decryption solution will ensure that it’s efficient and secure.
SSL certificates create bonds used to connect public and private cryptographic keys to an organization’s information. Clients use the public key to access the server. When an organization’s public key is matched up to its private key, the encrypted connection is established. More than 75 percent of respondents stated that SSL certificate management was their most desired feature.
Scalability was also a desired feature. As organizations grow, more data will need to be encrypted and protected. Scaling up the solution without too much difficulty saves on cost and prevents long periods of network downtime.
Integrating new solutions into an existing IT infrastructure can introduce compatibility issues. Organizations polled expressed the need in a decryption solution for easy vendor integration so all elements of the infrastructure will work together.
The Ponemon study recommends organizations without decryption or inspection solutions begin assessing their infrastructure now to determine where a solution would fit and what method would be best. Looking at tools individually can help scale down the project in order to prevent overspending in areas that don’t require decryption.
The Ponemon study also suggests building a plan based on what is specifically important to an organization to determine what is most needed out of a solution. Deciding what is needed from a platform will help eliminate the solutions that don’t offer exactly what an organization is looking for.
SSL is likely to remain a preferred method of network infiltration for malicious attacks. The survey concluded that organizations are aware and concerned about these attacks but are not entirely sure about the best way to defend against them.
Dig Deeper:
- Protecting Health IT Infrastructure with Government Resources
- Breaking Down HIPAA: Health Data Encryption Requirements
