One of the most dangerous security vectors facing enterprises is also one of the least understood. Research into Encrypted Traffic Threats shows that 41 per cent of businesses do not have a solid understanding of the existence and nature of encrypted traffic threats, and the harm that they can cause. However, gradually, encryption has become one of the most substantial vehicles for cyber threats organizations now have to deal with.
Encrypted traffic became a potential hazard precisely because so much data is now encrypted. In 2016 just over a half (53 per cent) of all web traffic was encrypted, but by 2019, that percentage had grown to a massive 87 per cent, opening an opportunity that is almost the size of the entire Internet’s data for hackers to slip malicious code into enterprise networks.
The risk that encrypted traffic threats pose is simple; they are hard to see. Cyber criminals find this pathway to be one of the most effective ways to bypass firewalls, intrusion prevention systems, unified threat management, secure web gateways, data loss prevention, anti-malware, and most other security solutions.
One way to protect against this is to deploy decryption solutions, but even here there are some concerns, with 36 per cent of those surveyed citing a concern over data privacy, 29 per cent worried about decryption causing performance bottlenecks, and 18 per cent worried about having a lack of available skills to manage such a security solution.
Consequently, nearly one half (48 per cent) of organisations have yet to implement decryption solutions.
How to manage the threat
The best way to address these issues is to have an automated solution that can proactively monitor and analyse encrypted data.
When the Czech Republic’s National Cyber and Information Security Agency sought a more robust way to fortify the country’s selected government institutions against modern advanced threats, it turned to Flowmon and the Flowmon Anomaly Detection System for threat-hunting capability. The system uses 44 detection methods comprising 200+ algorithms to immediately spot and alert the IT teams of any anomalies that had been hidden in network traffic, encrypted or not.
This application of AI became a valuable source IT expertise that multiplied staff bandwidth to manage the solution and allowed for a full and complex monitoring of the entire networked environment. With Flowmon ADS in place, the institute has a comprehensive, yet noise-free overview of suspicious behaviours in the partner networks, flawless detection capability, and a platform for the validation of indicators of compromise.
Flowmon’s solution works at scale, too. GÉANT – a pan-European data network for the research and education community – is running one of the world’s largest data networks, and transfers over 1,000 terabytes of data per day over the GÉANT IP backbone. For something of that scale there is simply no way to manually monitor the entire network for aberrant data. With a redundant application of two Flowmon collectors deployed in parallel, GÉANT was able to have a pilot security solution to manage data flow of this scale live in just a few hours. With a few months of further testing, integration and algorithmic learning, the solution was then ready to protect GÉANT’s entire network from encrypted data threats.
Why cross-team collaboration accelerates encrypted threat response
Uncertainty and a lack of understanding is driving the hesitancy for enterprises to adopt encrypted traffic threat response solutions. Furthermore, for a response to this threat to be effective, it is critical that network operations and security operations (NetOps + SecOps = NetSecOps) work in collaboration, but according to the study, 40 per cent of enterprises do not currently have these teams working closely together.
By adopting tools that are built with the NetSecOps philosophy in mind in order to foster collaboration between the two teams, companies can greatly cut down on incident resolution time and save expenditure on tools with functional overlap.
In 2020, Kemp Technologies announced the acquisition of Flowmon. In doing so, the company has been able to bring together holistic solutions that allow partners to become a one-stop-shop for robust network security.
“We are excited to extend the value offered to customers in the areas of infrastructure security, network observability and automated incident response by welcoming Flowmon to the Kemp family,” Ray Downes, CEO of Kemp Technologies, said at the time. “The expansion of Kemp’s portfolio to include Flowmon’s solutions will provide customers the ideal combination of network analysis, pre-emptive threat detection and workload delivery for optimal, uninterrupted user and application experience.”
Kemp’s two product families comprising the LoadMaster load balancer and the Flowmon NetSecOps suite allows companies to take full control of their digital environment, with load balancing, network performance monitoring, and response solutions. The solution is easy to deploy and configure and boasts data on the dashboard within 30 minutes. With government regulation and privacy concerns demanding that corporations show ever-greater responsibility around data and encryption, Flowmon and Kemp are proving to be an essential response in also protecting the network from cyber-crime.
For more information on of encrypted traffic threats, Kemp Technologies and Flowmon contact [email protected]
Kemp is currently offering Free Network Assessment. Go to Kemp.ax
Case Studies – https://www.flowmon.com/en/our-customers