Since the start of this year, it has felt like Armageddon within the cyber-security arena. Attacks are coming thick and fast, with resultant breaches hitting the headlines. Many experts believe we've seen just a glimpse of the potential threat landscape devastation. So, what's behind the headlines?
Advanced malware. And the reason it's making headlines? It's clever, almost always relentless, and increasingly it's encrypted!
The elephant in the room In every organisation there are two types of traffic--inspected traffic and non-inspected traffic. There's a reason for that. Well, actually, it's one of three reasons - performance, scalability or cost.
According to research published by NSS Labs (https://www.nsslabs.com/reportsissl-performance-problems), it found that organisations inspecting SSL code on average experienced 74% performance loss with 512 and 1024 bits ciphers. This increases to 81% loss with 2048 bits cipher--the current industry standard. And the proxy performance drop is even worse.
In light of this reality, many organisations are faced with a decision--either accept the hit to performance, spend money on more kit to inspect SSL traffic, or turn a blind eye to all HTTPS. While once the latter may have been a working solution, today it's a foolhardy strategy.
SSL-a growing hill to climb Today, the reality is that 25% of all Internet traffic uses SSL encryption, and it is likely that this traffic is not being scanned for malware due to limitations of security systems in place or lack of bandwidth.
For those that like a visual reference - for every four people knocking on the organisation's virtual front door, three are frisked while one is allowed to jump unchallenged through an open window. That statistic is frightening - one quarter of enterprise traffic has the potential to carry a malicious payload right into the heart of the organisation, with this figure predicted to increase by 20% year on year. And malicious coders are relying on this inaptitude.
In fact, according to Zscaler's filters, 16% of all malware traffic blocked is over SSL. And while you might like to think that it's relatively harmless bits of code, it's not - ZeroAccess, Bitcoin miner Trojans, Poison backdoor, BlackHole, Ransomware, Kazy Trojan. The one thing they all had in common was SSL.
Another element to cover before moving on is sandboxing - allowing the binary code to run and then check it behaves normally or if it triggers rules that identify it as...