Encrypted traffic has become such a potential hazard precisely because so much data is now encrypted. The research titled Encrypted Traffic Threats To better understand the network security and encryption landscape, IDG Connect was commissioned by Flowmon Networks to survey over 100 respondents across the US, Europe and Canada via an online questionnaire.
The risk that encrypted traffic threats pose is simple; they are hard to see. Cyber criminals find this pathway to be one of the most effective ways to bypass firewalls, intrusion prevention systems, unified threat management, secure Web gateways, data loss prevention, anti-malware, and most other security solutions.
Research show important lessons to be learnt specifically, while managing encrypted traffic is a critical form of defense for organizations.
Key findings into network encryption, security and the challenges organizations face today.
- 41% of businesses do not have a solid understanding of the existence and nature of encrypted traffic threats.
- There is near-universal consensus (99%) that encrypted network traffic is an important source of security risks
- Four in 10 (41%) respondents feel that they don’t have a very good understanding of how to repel such attacks
- A similar number (40%) say that network operations and security operations staff don’t work very closely together
- The number-one attribute of ETA tools is that they enable NetOps and SecOps teams to work together
- The biggest potential negative impact of encrypted traffic is exposure of sensitive personal data (70%)
- Over half of respondents (52%) have traffic decryption tools. Over a third of the audience that have not deployed decryption say the main reason is user privacy (36%)
- Over half (58%) are not highly confident about their knowledge of network attached device activity
Managing Threats & Challenges: The challenges mainly are cost of data loss, governance, high costs, straggling performance or complexity of deployment and integration. The common method used in this is to deploy decryption solutions which are widespread.
36% of those surveyed citing a concern over data privacy, 29% worried about decryption causing performance bottlenecks, and 18% worried about having a lack of available skills to manage such a security solution.
48% of organisations have yet to implement decryption solutions.
The best way to address these issues is to have an automated solution that can proactively monitor and analyse encrypted data.
The system Kemp and Flowmon Anomaly Detection System for threat-hunting capability uses has 44 detection methods comprising 200+ algorithms to immediately spot and alert the IT teams of any anomalies that had been hidden in network traffic, encrypted or not.
This application of AI became a valuable source IT expertise that multiplied staff bandwidth to manage the solution. GÉANT which is a pan-European data network for the research and education community – is one of the world’s largest data networks, and transfers over 1,000 terabytes of data per day over the GÉANT IP backbone.
Furthermore, for a response to this threat to be effective, it is critical that network operations and security operations (NetOps + SecOps = NetSecOps) work in collaboration, but according to the study, 40% of enterprises do not currently have these teams working closely together.
Breached data privacy leads encryption concerns
While almost every company surveyed either has deployed network traffic decryption or is considering it, obstacles remain in the way.
This backs up a commonly held feeling about decryption: while it is undoubtedly an important exercise, when things go wrong, they can go very wrong.
Question asked by researchers what concerns do organizations have over encrypted traffic?
The largest concern, cited by seven in 10 respondents and by more than three in 10 as the biggest single concern, was data privacy. Rules such as GDPR have only accentuated an already powerful trend and penalties have made data governance a board-level concern. Over a third of the audience fears breaching data privacy and almost a third have concerns over creating performance degradation.
In this regard researchers asked what kind of technologies being used to monitor encrypted traffic?
Have organizations considered decrypting network traffic using SSL proxy?
Methodology: All organizations surveyed had a minimum of 500 employees and most had 1,000 to 4,999 employees. All respondents had IT management roles and 40% held C-suite positions.
(Image Courtesy: www.f5.com)