MANILA, Philippines — One of the most dangerous security vectors facing enterprises is also one of the least understood.
Research into Encrypted Traffic Threats shows that 41% of businesses do not have a solid understanding of the existence and nature of encrypted traffic threats, and the harm that they can cause.
However, encryption has gradually become one of the most substantial vehicles for cyber threats organizations now have to deal with.
Encrypted traffic became a potential hazard precisely because so much data is now encrypted. In 2016 just over a half (53%) of all web traffic was encrypted, but by 2019, that percentage had grown to a massive 87%, opening an opportunity that is almost the size of the entire Internet’s data for hackers to slip malicious code into enterprise networks.
The risk that encrypted traffic threats pose is simple; they are hard to see. Cybercriminals find this pathway to be one of the most effective ways to bypass firewalls, intrusion prevention systems, unified threat management, secure web gateways, data loss prevention, anti-malware and most other security solutions.
One way to protect against this is to deploy decryption solutions, but even here, there are some concerns, with 36% of those surveyed citing concern over data privacy, 29% worried about decryption causing performance bottlenecks and 18% worried about having a lack of available skills to manage such a security solution.
Consequently, nearly one-half (48%) of organizations have yet to implement decryption solutions.
How to manage the threat
The best way to address these issues is to have an automated solution that can proactively monitor and analyze encrypted data.
When the Czech Republic’s National Cyber and Information Security Agency sought a more robust way to fortify the country’s selected government institutions against modern advanced threats, it turned to Flowmon and the Flowmon Anomaly Detection System for threat-hunting capability.
The system uses 44 detection methods comprising 200+ algorithms to immediately spot and alert the IT teams of any anomalies that had been hidden in network traffic, encrypted or not. (More about the National Cyber and Information Security Agency experience here.)
This application of AI became a valuable source IT expertise that multiplied staff bandwidth to manage the solution and allowed for full and complex monitoring of the entire networked environment.
With Flowmon ADS in place, the institute has a comprehensive, yet noise-free overview of suspicious behaviors in the partner networks, flawless detection capability, and a platform for the validation of indicators of compromise.
Flowmon’s solution works at scale, too. GÉANT, a pan-European data network for the research and education community, is running one of the world’s largest data networks, and transfers over 1,000 terabytes of data per day over the GÉANT IP backbone.
For something of that scale, there is simply no way to manually monitor the entire network for aberrant data. With a redundant application of two Flowmon collectors deployed in parallel, GÉANT was able to have a pilot security solution to manage the data flow of this scale live in just a few hours.
With a few months of further testing, integration and algorithmic learning, the solution was then ready to protect GÉANT’s entire network from encrypted data threats. (More about the GÉANT experience here.)
Cross-team collaboration
Uncertainty and a lack of understanding are driving the hesitancy for enterprises to adopt encrypted traffic threat response solutions.
Furthermore, for a response to this threat to be effective, it is critical that network operations and security operations (NetOps + SecOps = NetSecOps) work in collaboration, but according to the study, 40% of enterprises do not currently have these teams working closely together.
By adopting tools that are built with the NetSecOps philosophy in mind in order to foster collaboration between the two teams, companies can greatly cut down on incident resolution time and save expenditure on tools with functional overlap.
In 2020, Kemp Technologies announced the acquisition of Flowmon. In doing so, the company has been able to bring together holistic solutions that allow partners to become a one-stop-shop for robust network security.
“We are excited to extend the value offered to customers in the areas of infrastructure security, network observability and automated incident response by welcoming Flowmon to the Kemp family,” Kemp Technologies CEO Ray Downes said.
“The expansion of Kemp’s portfolio to include Flowmon’s solutions will provide customers the ideal combination of network analysis, pre-emptive threat detection and workload delivery for optimal, uninterrupted user and application experience,” he added.
Kemp’s two product families comprising the LoadMaster load balancer and the Flowmon NetSecOps suite allows companies to take full control of their digital environment, with load balancing, network performance monitoring and response solutions. The solution is easy to deploy and configure and boasts data on the dashboard within 30 minutes.
With government regulation and privacy concerns demanding that corporations show ever-greater responsibility around data and encryption, Flowmon and Kemp are proving to be an essential response in also protecting the network from cybercrime.
Kemp is currently offering Free Network Assessment. To learn more, email sales@acw-group.com.ph, call (+632) 8706 5592 or visit www.acw-distribution.com.ph.
REFERENCES:
Encrypted Traffic Threats Research: https://www.flowmon.com/en/idg-research-encrypted-traffic-threats
Case Studies: https://www.flowmon.com/en/our-customers