Secure Sockets Layer (SSL) encryption is a double-edged sword for many organisations in the Middle East, as it bolsters security by providing confidentiality and message integrity, according to an expert.

It also enables organisations to verify the identity of application owners and allows applications to authenticate users with client certificates. Unfortunately, encryption can also be used by attackers to infiltrate enterprises.

Glen Ogden, regional sales director, Middle East at A10 Networks said that encryption puts organisations at risk.

The hackers leverage encryption to conceal their exploits from security devices like firewalls, intrusion prevention systems, forensics solutions, and more that can not keep up with increasing SSL decryption demands or that cannot decrypt SSL traffic at all because of their location in the network.

According to a recent Gartner survey, ‘less than 20 per cent of organisations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.’

This means that hackers can evade over 80 percent of an organization’s network defenses simply by tunneling attacks in encrypted traffic, it said.

SSL usage has become ubiquitous, and many leading websites now encrypt every web request and response, said Ogden.

In fact, 48 per cent more of the million most popular websites use SSL in 2014 than a year earlier. However, the transition from 1024- to 2048-bit SSL key lengths, combined with growing SSL bandwidth demands, has burdened security devices that decrypt SSL traffic. The impact of decryption on security devices is startling.

The analysis by NSS Labs revealed that 2048-bit SSL ciphers ‘caused a mean average of 81 per cent in performance loss’ for seven leading next-generation firewalls.

However, encrypted traffic is often not protected with intrusion protection technology. Cyber tools are not protecting the organisation’s assets and are letting encrypted traffic pass through the network unchecked.

Specialised appliances, load balancers, application delivery optimisation, and offloading CPU-intensive SSL encryption processes are all aimed to address these issues. However, in addition organisations need modern tools to secure and optimise their modern firewalls and cyber protections.

To help organisations decrypt and inspect SSL traffic without degrading network performance, third-party security devices can be used to inspect encrypted traffic and eliminate the blind spot imposed by SSL encryption.

These security devices have the capabilities to uncover cyberattacks hidden in SSL traffic; maximise uptime by load-balancing multiple third-party security appliances; scale performance and throughput to successfully counter advanced threats; and deploy best-of-breed content inspection solutions to fend off attacks and malware.

In today’s work environment, more and more network traffic is being encrypted. As information technology managers, we need to ensure the correct information is being protected, while the necessary infrastructure is in place to protect the organisation.

Managed correctly, SSL traffic can provide the necessary protections while not exposing the vulnerabilities on the company’s security infrastructure. - TradeArabia News Service