KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

Similar documents
Protecting Against Encrypted Threats

DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT

STATE OF THE NETWORK STUDY

Encrypted Traffic Security (ETS) White Paper

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

SSL INSIGHT SSL ENCRYPTION CHALLENGES SSL USE EXPOSES A BLIND SPOT IN CORPORATE DEFENSES SOLUTION BRIEF UNCOVER HIDDEN THREATS IN ENCRYPTED TRAFFIC

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

The Cost of Denial-of-Services Attacks

Mastering The Endpoint

Sponsored by Raytheon. Don t Wait: The Evolution of Proactive Threat Hunting Executive Summary

CYBER RESILIENCE & INCIDENT RESPONSE

The 2017 State of Endpoint Security Risk

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Security-as-a-Service: The Future of Security Management

IBM Security Network Protection Solutions

Uncovering the Risk of SAP Cyber Breaches

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

with Advanced Protection

RSA INCIDENT RESPONSE SERVICES

Vulnerability Management Trends In APAC

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

The Top 6 WAF Essentials to Achieve Application Security Efficacy

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Are we breached? Deloitte's Cyber Threat Hunting

Comprehensive datacenter protection

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Rethinking Security: The Need For A Security Delivery Platform

RSA INCIDENT RESPONSE SERVICES

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Reducing Cybersecurity Costs & Risk through Automation Technologies

The State of Cloud Monitoring

THE CYBERSECURITY LITERACY CONFIDENCE GAP

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

State of Cloud Survey GERMANY FINDINGS

Deploying a Next-Generation IPS Infrastructure

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

Spotlight Report. Information Security. Presented by. Group Partner

Transforming Security from Defense in Depth to Comprehensive Security Assurance

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

The Problem with Privileged Users

2015 VORMETRIC INSIDER THREAT REPORT

Big Data Cybersecurity Analytics Research Report Sponsored by Cloudera

The Third Annual Study on the Cyber Resilient Organization

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

THE EVOLUTION OF SIEM

Best Practices in Securing a Multicloud World

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

How to Improve Your. Cyber Health. Cybersecurity Ten Best Practices For a Healthy Network

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Cybowall Solution Overview

Operationalizing the Three Principles of Advanced Threat Detection

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Protecting Against Online Banking Fraud with F5

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Evolving Threats Call For Integrated Endpoint Security Solutions With Holistic Visibility

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Combating Cyber Risk in the Supply Chain

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

Validating the Security of the Borderless Infrastructure

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Toward an Automated Future

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Big Data Analytics in Cyber Defense

Maximum Security with Minimum Impact : Going Beyond Next Gen

RSA NetWitness Suite Respond in Minutes, Not Months

Transport Access Control

Careful What You Wish For: Poor Colocation Design Could Cost You. Thorough assessment of upfront costs to prevent future system failures

Deploying a Next-Generation IPS Infrastructure

DDoS MITIGATION BEST PRACTICES

INSIDER THREAT 2018 REPORT PRESENTED BY:

Security for SIP-based VoIP Communications Solutions

McAfee epolicy Orchestrator

Phishing is Yesterday s News Get Ready for Pharming

ISO in the world today

Ponemon Institute s 2018 Cost of a Data Breach Study

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

Hidden Figures: Securing what you cannot see

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Juniper Networks Adaptive Threat Management Solutions

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

MarkMonitor Dark Web and Cyber Intelligence TM Dark Web Threat Intelligence to Protect Against Cyberattacks

Security in a Converging IT/OT World

Transcription:

KEY FINDINGS INTERACTIVE GUIDE Uncovering Hidden Threats within Encrypted Traffic

Introduction In a study commissioned by A10 Networks, Ponemon surveyed 1,023 IT and IT security practitioners in North America and EMEA who are involved in preventing and/or detecting Web-based attacks and are familiar with their organization s network traffic inspection. The detailed study evaluated understandings of threat actor behavior changes, abilities to defend attacks hiding in SSL traffic, barriers for implementing needed decryption controls and critical features for solution selection.

Survey Highlights Survey Respondents Say: Half of all known cyberattacks used SSL encryption to evade detection in the last 12 months. Encryption of inbound and outbound Web traffic will continue to increase. Use of SSL encryption to mask malicious activity will parallel this growth. The inability to inspect encrypted traffic will compromise capacity to meet existing and future compliance requirements. Three common barriers to implementing proper SSL inspection are a lack of security tools, insufficient resources and performance degradation. Most don t believe their organization can properly inspect SSL traffic. SSL bandwidth requirements diminish the effectiveness of existing security controls.

Target Audience Most respondents (73 percent) are from organizations with 5,000 or more employees. Top 4 Roles Of all respondents, 55 percent report directly to the CIO, CTO or head of corporate IT. Core Focus Survey targets were identified for their involvement or responsibility in preventing or detecting Web-based attacks in North America, Technician 25% Manager 22% Director 16% Supervisor 16% Europe, Africa and the Middle East. Industries The survey was strategically distributed to 14 primary industries. Almost half of respondents (49 percent) were from financial services, health and pharmaceuticals, general services and the public sector. Organization Size 55% 5,001-25,000 employees

The Encryption Landscape Of all the respondents who disclosed they were victims of a cyberattack in the preceding 12 months, nearly half claimed the attack leveraged SSL traffic to evade detection. Another 15 percent were unsure. The majority of respondents also agree that SSL decryption and inspection is either essential or very important to the performance and security of their business. 80% Were Victims of a Cyberattack 41% 89% Attacks Hid in SSL Traffic Think SSL Decryption is Important

The Dividing Line Of all respondents, only a third believe their organization can properly leverage SSL decryption and inspection to prevent a costly data breach. Can You Detect Malicious SSL Traffic? No 64% Yes 36%

Today vs. Tomorrow Will threat actors continue to hide malicious activity in SSL traffic? With the volume of encrypted inbound and outbound Web traffic increasing the next 12 months, it is the likely trend. Today 39% 45% Inbound 33% 41% Outbound Next Year Inbound Outbound

Top 3 Reasons for Not Inspecting SSL Traffic More than half of all respondents (62 percent) admit that their organization does not currently decrypt Web traffic. Why? 47% Lack of Enabling Security Tools 45% 45% Insufficient Resources Performance Degradation Of this group, 51 percent say they will implement SSL decryption within the next 12 months.

Inspection Strategies For organizations that are inspecting decrypted traffic, most haven t found a seamless or cost-effective manner of implementing the process. Many are using a blend of commercial-grade solutions, in-house technology and labor-intensive manual inspection. 53% 44% 35% 28% 010110101001 101010110110 010110101001 101010110110 010110101001 101010110110 Commercial Solution with Deep Packet Inspection (DPI) Commercial Solution that Utilizes Big Data Homegrown Traffic Monitoring Manual Inspection

Performance is Big The overwhelming concern in implementing SSL decryption solutions? Performance. The notion is confirmed by organizations currently decrypting and inspecting SSL traffic, as well us companies that haven t yet invested in a solution. Concerned 61% Lack of performance a concern for organizations that don t decrypt SSL traffic. Confirmed 83% Decryption results in some type of degradation within organizations currently decrypting and inspecting SSL traffic.

Features They Want Organizations are looking for SSL decryption solutions that combine a wide range of attributes and capabilities. The most popular features each acknowledged by more than 50 percent of respondents as important focus on SSL certificate and key management, scalability, compliance and performance. 79% 68% 63% 62% 54% SSL Certificate Management Scalability Compliance Requirements Uptime, Performance & Security Multi-Vendor Security Integration

Five Attacks Hiding in SSL Encryption There are numerous approaches to masking malicious activity within SSL traffic. Below are common attack vectors, the likelihood each will occur and the ability of responding organizations to resolve the event. Outbound Port Abuse When asked: About the possibility of an attack hiding in normal port 443 traffic. 78% 30% Thought they would likely be targeted by a similar attack. Only a third were confident in their ability to resolve it. 79% 17% Believe it s highly likely this could occur within their organization. Claim their organization has the ability to mitigate such an attack. Phishing When asked: If traffic from an SSL-secured malware server could be spotted by their intrusion prevention system (IPS).

Internal Hide & Seek When asked: About malware hiding outbound data (e.g., passwords, credentials, etc.) within encrypted traffic. 74% 16% Admit that this attack vector is highly likely. State that their organization could identify and mitigate the SSL-encrypted malware attack before data exfiltration. 66% 26% State that the likelihood of such an event is highly possible. Believe their organization could spot this behavior and prevent data loss. Phoning Home When asked: If an attacker could obfuscate outbound communications and/or stolen data to a command and control server. Cookie Theft When asked: About the dangers of cross-site scripting (XSS) and how threat actors are able to steal cookies to highjack sessions, change user settings, poison cookies, etc. 62% 19% Acknowledge that XSS activity could hide within SSL-encrypted traffic. Assert that their organization could stop XSS attacks, even when concealed within encrypted traffic.

4 Key Takeaways One thing is clear: threat actors will continue to leverage SSL-encrypted traffic to obfuscate malicious activity. While most organizations confirm that this is a concern, the urgency or understanding of the threat varies between respondents. 1 2 Organizations recognize threat actors evolving strategy of leveraging encrypted SSL traffic to hide activity. Performance is a major barrier for deployment of SSL decryption solutions. 3 4 Respondents require a diverse range of necessary features and benefits. Organizations are highly concerned that they aren t able to detect and stop encrypted attacks, but aren t sure where to start or how best to defend their business.

Recommendations for Inspecting SSL Traffic 1 START NOW. SSL decryption is rapidly becoming a necessity to properly inspect Internet traffic and stop potential attacks. Be proactive and expose the hidden threats within your environment. 2 TAKE INVENTORY. Assess your tools and determine which can benefit from adding SSL decryption and inspection capabilities. You ll gain better visibility to what s needed to protect the efficacy of your existing investment and avoid costly over-spending and redundancies. 3 IDENTIFY CRITICAL NEEDS. Prioritize the tools you need and what s important to your business. Some organizations value scalability. Others require specific compliance controls. Many seek easier integration with third-party security vendors. Outline what s important and build your plan. 4 EVALUATE SSL DECRYPTION SOLUTIONS. By mapping SSL decryption capabilities to a proven platform, you will be able to properly inspect and analyze encrypted traffic for malicious behavior without hindering performance or significantly adding to your security program s TCO.

A10 Networks Thunder SSLi A10 Networks Thunder SSLi products feature A10 s SSL Insight technology, which eliminates the blind spot imposed by SSL encryption by offloading CPUintensive SSL decryption functions from third-party security devices. Thunder SSLi decrypts SSL traffic and forwards it to one or more third-party security devices. To learn more about A10 Thunder SSLi, please visit a10networks.com/ssli Part Number: A10-EB-14106-EN-02 JAN 2018 2018 Ponemon. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback