Research: IT Managers Regard Encrypted Traffic as a Source of Cyberthreats, but Their Defenses Are Inadequate
New research from Flowmon and IDG Connect shows 99% of IT managers recognize encrypted network traffic as a source of security risks, but two-thirds of businesses fail to protect their assets from both internal and external threats misusing SSL/TLS.
Flowmon Networks, an actionable network intelligence company, today published the results of a survey mapping organisations’ defense strategies in addressing the threats in encrypted traffic. Conducted on behalf of the company by IDG Connect, the survey of over 100 IT managers explores their experiences facing this rapidly growing attack vector.
Throughout IT history, new technologies have been co-opted by bad actors and abused for malicious activities. And there can be no doubt that encryption is any different. Though SecOps teams deploy it as a default security countermeasure, it also opens up space for threat actors to hide their activities in what is considered to be safe traffic. A large number of companies have been exposed not just to attacks exploiting SSL/TLS vulnerabilities, but also attacks that employ SSL/TLS to mask movement over the network and to attack applications. Without a proper toolset that covers all attack vectors, dealing with encrypted threats is a significant challenge.
“The study shows that the vast majority of investments go to traffic decryption on the perimeter, leaving the organization vulnerable to many common forms of attack such as ransomware, botnets obscuring communication with Command & Control servers or browser exploits. Only 36% of respondents have both perimeter and network protection deployed together,” says Mark Burton, Managing Director at IDG Connect.
Two biggest obstacles of deploying network traffic decryption by using an SSL proxy are the fear of breaching data privacy (36%) and concerns over performance degradation (29%).
Network Defenders Need to Team up to Repel All Encrypted Traffic Threats
The survey’s findings highlight the importance of deploying Network Traffic Analysis (NTA) and SSL decryption together to provide equal protection against external and internal threats.
Respondents recognize NTA tools as a way to bring together network and security operations teams, to share a single version of the truth (49% rank this as a number 1 capability of such tools), and to improve prevention and accelerate detection and response.
“Most organizations are unable to inspect SSL/TLS traffic at scale and cybercriminals are aware of this. Decryption is powerful but also expensive and resource-intensive. Therefore, it makes tactical sense to use Encrypted Traffic Analysis (ETA), which is lightweight and covers the most cases, to monitor the network holistically and reserve the use of decryption for critical services only,” says Artur Kane, Head of Product Marketing at Flowmon Networks.
Recommended AI News: AiThority Interview Eyal Mekler, Regional Vice President Asia Pacific – Sisense