1 / 25

When Your Security Measures Become the Threat: The Hidden Dangers of SSL Traffic

Learn about the increasing use of SSL traffic and the threats it introduces. Discover how to protect against SSL threats and the potential impact of a breach.

herbertn
Download Presentation

When Your Security Measures Become the Threat: The Hidden Dangers of SSL Traffic

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. When Your Security Measures Become the Threat: The Hidden Dangers of SSL Traffic February 2016 02242015

  2. Agenda • The Cyber Threat Landscape • The Need for Encryption • SSL Usage Trends • Threats Introduced by SSL Traffic • How to Protect Against SSL Threats

  3. Impact of a Breach: World’s Largest Data Breaches Investigation and notification costs Brand damage Lost revenue Regulatory fines Lawsuits Source: Information Is Beautiful

  4. Data Breaches by the Numbers Escalating Risk Individual Cost Total Cost $3.79 million Average total cost of a data breach $154 Cost per lost or stolen record 23% increase in total cost of a data breach since 2013 Sources: Ponemon Institute, 2015 Cost of Data Breach Study: Global Analysis

  5. Top Causes of Large-Scale Breaches Advanced Persistent Threats • Insider • Abuse • Malware • 55% of abuse caused by users with legitimate access 225,000 new malware strains detected per day • 66% believe their organization will be the target of APT Sources: PandaLabs Report Q1 2015 | 2015 Verizon Data Breach Investigation Report | Mandiant, a FireEye company

  6. Solutions are Failing Despite $71.1B investment in security • Next Gen Firewall • Secure Web Gateway • Intrusion Detection & Prevention • Advanced Threat Protection • SIEM • Network Forensics • Data Loss Prevention • Unified Threat Management SOURCE: Information Security, Worldwide, 2012-2018, 2Q14 Update, Gartner 

  7. SSL Traffic Is Increasing… 100%? 25-35% 67% In 2013 In 2016 Sources: NSS Labs, Sandvine 7

  8. Reasons Why More Organizations Are Encrypting Traffic • Snowden revelations of NSA snooping • Disclosures in 2014 that governments were injecting surveillance software in web traffic • YouTube and Microsoft Liveused as conduits to inject malware • Both now encrypt traffic • Google ranks SSL sites higher for SEO Source: Washington Post

  9. Security Experts Agree: SSL Can Create New Risks • “Bad actors are after our data... and encrypting data is the best way to hide their transfers and malware communications from security devices.” • J. Michael Butler, SANS Institute SOURCE: Finding Threats by Decrypting SSL. SOURCE SANS –Speaker OK. Gartner ask permission for BDM LOGOS

  10. Cyber Threats Hidden in SSL Traffic 67% 50% 80% of Internet traffic will be encrypted by 2016 of attacks will use encryption to bypass controls by 2017 of organizations with firewalls, IPS, or UTM do not decrypt SSL traffic Sources: Sandvine Internet Phenomena Report“Security Leaders Must Address Threats From Rising SSL Traffic,” 2013

  11. Security Infrastructure Inspects Traffic to Stop Attacks Network Forensics Alert Alert SIEM Block Block ATP IPS Firewall z Sales & Marketing Accounting Engineering Sales & Marketing Accounting Engineering

  12. Encryption Makes Security Devices Blind to Attacks Anomalous Activity Data Exfiltration Network Forensics SIEM Undetected Malware Successful Attack ATP IPS Firewall z Sales & Marketing Accounting Engineering Sales & Marketing Accounting Engineering

  13. Attacks that Can Hide in SSL Traffic

  14. Infiltration and Attacks • Malvertising delivered over SSL-encrypted Adtechnetworks • Malware distributed via social media • Malware sent as attachments in email and instant messaging apps • DDoS and Web app attacks • Yahoo malvertisingattack • Facebook, Twitter, LinkedIn use SSL • Koobface was a multimillion malware campaign that used Facebook • Whatsapp, Snapchat encrypt IM • Attackers can use SSL to bypass controls or overwhelm servers

  15. Data Exfiltration Hidden in SSL • Insider Abuse • Insiders can send sensitive data through web-based email • Gmail, Yahoo Mail, MS Live encrypt • Insiders can upload sensitive files to file sharing services • Box, Dropbox, iCloud, OneDrive encrypt data • C&C Communications • Malware-infected machines communicate to command & control servers via SSL • China’s APT1, Zeus, Shylock, KINS and CryptoWall malware use SSL

  16. How Malware Developers Exploit Encrypted Traffic • Bot Infection Hidden in SSL Traffic • Data Exfiltration over SSL Malicious attachment sent over SMTPS Malicious file in instant messaging Drive-by download from an HTTPS site Command and control server communication Stolen data sent via email or to cloud storage sites Malware receiving C&C updates from social media sites

  17. Security Experts Agree: Businesses Must Inspect SSL • “Organizations without traffic decryption plans are blind not only to these new sophisticatedattacksbut also to any attacks that take place over encrypted connections.” • Gartner • “Many current security tools also cannot inspect encrypted traffic, allowing hackers to hide behind the encryption that protects sensitive data..” • Robert L. Scheier SOURCE: Security Leaders Must Address Threats From Rising SSL Traffic, Jeremy D’Hoinne, Adam Hills, December 2013, refreshed Jan 2015 • Six Steps to Stronger Retail Security, Robert L. Scheier SOURCE SANS –Speaker OK. Gartner ask permission for BDM LOGOS

  18. SSL Decryption is Critical • Eliminate Blind Spots • Detect Advanced Threats • Empower Your Security Infrastructure • Prevent Data Breaches

  19. SSL Insight Overview IDS Other DLP UTM Internet • Client Initiates outbound communication • Traffic is decrypted • Decrypted traffic is inspected by security solutions • Data is encrypted • Secure tunnel is established • Any data returned is decrypted, inspected and encrypted before reaching the client 4 Encrypted 3 SSL decryption Decrypted 5 Inspection/Protection 2 SSL decryption Encrypted 6 1 Client

  20. SSL Insight – Inline Single Appliance Deployment Firewall or Inline Security Device HTTP ADP 1 ADP 2 Secure Traffic Clear Traffic SSL SSL • This deployment mode provides SSL visibility to an inline security device • One partition decrypts SSL traffic and forwards it to security devices • A second partition encrypts traffic • L2 deployment

  21. SSL Insight – Inline and Passive Mode Security Devices SSL HTTP HTTP SSL • Open once and inspect multiple times • Multiple security devices • Inline (Layer 2) and passive (TAP) mode devices supported on SPAN/Mirror Port Secure Traffic SWG Secure Web Gateway IPS/Firewall Client Clear Traffic ATP / SIEM

  22. Why Customers Choose A10 Best-in Class Performance Advanced Security &Networking Features All-Inclusive Licensing and Support Flexible CloudDeployment & APIs Data Center Efficient Design Gold Standard for Reliability and Support

  23. SSL Insight Benefits 1 3 Security Uncover threats concealed in inbound and outbound SSL traffic PerformanceRelieves the security gateway and server of SSL tasks AvailabilityFaster server response time and automatic redundancy ScalabilityScale server and security gateway capacity with integrated load balancing 2 4

  24. SSL Insight Provides the Visibility You Need • Escalating Risks from SSL Traffic • SSL Insight Value $ • Data breaches are costly • SSL traffic renders security devices ineffective; decrypting SSL traffic slows down firewalls • To ensure you’re not the next victim, deploy an SSL inspection platforms • Full SSL visibility to uncover attacks and prevent breaches • 10x More Performance • Decrypt once and inspect many times with load balancing and flexible explicit and transparent proxy deployment

  25. Thank you

More Related