Sponsored by:
WEBINAR EXECUTIVE SUMMARY
The Threat You Can’t See: SSL, Cyber Attacks, and You
KEY TAKEAWAYS
- Encryption is designed to improve security and privacy.
- On the flip side, encryption enables attackers to hide malicious content and data extraction.
- IT can eliminate encryption blindness and still take advantage of SSL
- A10 SSL Insight provides visibility with versatility and high performance.
Secure Socket Layer (SSL) was initially designed to encrypt data as it traveled across the network, protecting sensitive information.
Cybercriminals are now using this same encryption tool to obfuscate their own attacks, making it difficult for IT professionals to identify when an attack is occurring or has occurred.
A10 Networks offers a solution. SSL Insight, which decrypts encrypted traffic, enabling security devices to inspect and analyze it, so an attack can be identified early enough to stop it or quickly control the damage.
Watch the webinar or download a PDF of the summary.
Encryption was designed to improve security. Instead, it’s being used against you and making your environment less secure.
– Nick Cavalancia, Contributing Editor, IT Pro Today
Presenters
SSL enables attackers to hide leading and active threat indicators in network traffic.
SSL encryption reduces IT visibility into the network traffic, essentially limiting IT to perform session profiling. This enables attackers to hide both leading threat indicators and active threat indicators from IT so that phishing scams and infections aren’t found until it is too late.
Tools that typically help IT teams identify threats are of little use when the threat is encrypted by SSL. This includes deep packet inspections (DPI), threat intelligence, user and application profiling, and content review. This obfuscation allows leading threat indicators and active threat indicators to hide in network traffic and go undetected.
Leading Threat Indicators and Active Threat Indicators Hidden by SSL
Leading Threat Indicators
- Enhanced Coverage for Command and Control (C2) traffic
- Communications that can provide context before, during, and after the event
Active Threat Indicators
- Communications that can provide context before, during, and after the event
- Remote Access Trojan (RAT) sessions
- Exfiltration
When information is hidden, IT can’t stop an attack nor can they quickly and easily recover from an attack. In the United States, data breach notification laws often require that when the scope of a breach is unknown, the company must assume that all records were impacted. Because encryption hides information that can show which data was impacted, a company experiencing an SSL attack must assume that all records were breached and must respond accordingly.
IT can eliminate encryption blindness and still take advantage of SSL.
Attackers may have figured out how to use SSL to hide their attacks, but it doesn’t mean that companies need to stop encrypting their traffic. Instead, as part of their security strategy, companies need to figure out how to increase visibility and gain the context necessary to respond quickly and appropriately to attacks.
IT teams should use an SSL proxy, which performs SSL encryption and decryption between the client and server, enabling the security stack against encrypted threats.
A next-generation firewall or intrusion prevention solution can be used to focus on network traffic detection and provide intelligence for response. These solutions also expose data, enabling IT to perform enhanced profiling and provide information that can be used by a security information and event management (SIEM) solution, a data loss prevention (DLP) system, or a user behavior analytics (BA) system.
A10 SSL Insight provides visibility and versatility with fast performance.
Many decryption solutions on the market today are expensive, inefficient, and complex; some are so complicated that they are purchased but never implemented.
A10 SSL Insight provides a versatile solution with an industry-leading performance of up to 25 gigabytes (GB) of throughput on a 1U device.
People are scared to try something new because security devices are very complex to configure.
– Almas Raza, Technical Marketing Engineer, A10
SSL Insight intercepts traffic that comes through and decrypts it. When this occurs, traffic can be inspected and analyzed for attacks before the data is re-encrypted and sent to its final destination. The product works on the “decrypt once, inspect many times” principle where in it decrypts traffic for the whole security stack, connecting to inline, passive and ICAP-based devices. SSL Insight can also improve the performance of your security stack by classifying and bypassing SaaS traffic from non-SaaS, decrypting only the latter while bypassing the former, to improve user experience.
You can rest assured that when you deploy SSL Insight, it’s not going to break the network and it’s going to provide full visibility.
– Babur Nawaz Khan,Senior Technical Marketing Engineer, A10
Harmony Controller
SSL Insight, with A10 Harmony Controller, offers centralized management for multi-site deployments, rich and actionable analytics, application detection and control, and a simplified wizard-driven configuration.
Additional Resources
