Cybercriminals are using encryption to attack organizations at an ever-increasing rate. SSL/TLS is being turned against enterprises to deliver malware undetected, to listen in on private conversations, to disrupt secured transactions, and to exfiltrate data over encrypted communication channels. For example, the pervasive Zeus botnet used SSL communication to upgrade the attack after the initial email infection. Following the Boston Marathon bombing, a malware attached to a spam message also used SSL to communicate with its command and control server.
With more and more encrypted traffic, this trend is likely to expand rapidly. For organizations that lack the ability to decrypt and inspect encrypted communications to assess these threats, this blind spot undermines traditional layered defenses and increases the risk of information breach and data loss.
To mitigate the impact of attacker encrypted communications, organizations should first evaluate the security risks from uninspected encrypted network traffic and update relevant risk indicators. In addition, the must also leverage existing network security solutions to enforce the outbound web policy on SSL traffic. With policies in place, companies should establish a prioritized list of the traffic profiles they need to decrypt. They should initiate a multiyear plan to improve coverage of encrypted traffic, starting with decrypting inbound and outbound Web traffic. And quantify current encrypted traffic mix with the anticipation it will grow 10% to 20% yearly.
