Malware rises in the face of lagging encrypted traffic inspection

Malware Rises In The Face Of Lagging Encrypted Traffic Inspection

Last Updated: April 6, 2022By

Malware, ransomware, and other kinds of cyber attacks are still rising. Last year, ransomware rose alone by 151 percent around the globe. As per the FBI’s findings, more than 100 different strains of it are at large.

In the face of such a threat, authorities inspect less than half of the web traffic for attacks, malware, and other intrusions. Moreover, 28 percent inspect less than a quarter of the web traffic. Why are businesses risking allowing a threat to enter their environment? Why are they complacent about this matter?

This matter boils down to the common and widespread use of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

TLS/SSL encryption is a popular and effective method to prevent hackers from peeking into web traffic. Unfortunately, it also has the same effect on security devices. It renders them unable to look for ransomware along with other malware.

Hackers are aware of this. This is the reason they use this vulnerability with zeal, contributing to at least 46% of malware attacks using TLS/SSL encryption as part of the delivery and communication methods last year.

This is indeed a major issue. Professionals from DDoS proxy protection in North York explain that a lot of businesses, brands, and companies alike continue to ignore the TLS/SSL encryption blind spot, as they daily address the issue on an effective footing.

Organizations recognize the problem of blind spots in the TLS/SSL encryption mechanism

Numerous firms conducted surveys and explored the opinions of industry leaders in technology, particularly those sitting in leadership positions, in regards to encrypted traffic being inspected. Without much of a surprise, the results found that the awareness of such among these professionals was near-universal, especially the security risks that posed a threat to TLS/SSL encryption.

Moreover, a large part of directors, tech executives, and managers in the surveys were concerned about the potential for a cyber-attack to be concealed within encrypted communications networks of their firms. Moreover, 50 percent of the traffic of these firms is indeed encrypted but the concern is justified without a doubt.

Any available solution?

A solution to such an issue is available. It is known as encrypted traffic inspection. This approach can help companies decrypt inbound and outbound TLS/SSL traffic to allow inspection by their full network traffic security stack.

Composing such a stack are firewalls and intrusion prevention systems (IPS), Data loss prevention (DLP) systems, forensics, advanced threat prevention (ATP) systems, and the like. Once such an inspection is complete, and malware detect is block, traffic can be hence easily re-encrypt before going on its way.

How many companies are taking advantage of this? Are they really doing so, or are they not? Let us now find out.

Perceived Pros and Cons of inspecting Encrypted Traffic

Companies are quite aware of the security risks they are facing. More than 80 percent of respondents considered it more likely that their firm has been the victim of a cyber-attack or any malicious insider activity within the past year.

Most executives and firms realize and recognize the potential value of encrypted traffic inspection. Around 73 percent of them say that inspection of TLS/SSL traffic plus any visibility into it is moderately

important (or quite important) when it comes to improving their firm’s overall security infrastructure.

Yet, when asked if their company has been decrypting web traffic for detection of ransomware,

malware, instructions, and other forms of cyberattacks, only two-thirds gave an affirmative answer. While twenty percent denied it and another twenty percent were not sure, one way or the other.

When asked why they did not decrypt the traffic for inspection, firms revealed that they lacked

the needed tools and resources. Moreover, they had privacy and performance concerns. The former indicates a lack of priorities in the face of a risk of a cyber attack. Tools and resources for encrypted traffic inspection should be a must-have in the budget of each organization.

Performance degradation is a real problem and can persist too. 80 percent of firms have encountered such a phenomenon when using decryption. This means a technical solution for such a problem is need.