SSL/TLS Encrypted Network Traffic Brings Privacy for Users and Headaches for Security Teams
The use of encryption over the Internet is growing. Fueled by Edward Snowden's revelations on the extent of NSA and GCHQ content monitoring, encryption is now increasingly provided by the big tech companies as part of their standard product offerings. It's effectiveness can be seen in the continuing demands by different governments for these same tech companies to provide government backdoors for that encryption. Encryption works: it safeguards privacy.
Against this background, the use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt network traffic is likely to grow dramatically. Google is encouraging this. It already uses HTTPS as a positive weight for web sites in its search algorithm, while current rumors suggest it will soon start to place a warning red X in the URL bar of sites that do not use it. Taken together, these are strong incentives for businesses that don't currently use SSL/TLS to start doing so. Some predictions believe that almost 70% of network traffic will be encrypted by the end of this year.
But SSL and TLS traffic encryption brings its own problems for businesses. Encryption is already used by criminals to hide malicious traffic on the basis that defenders cannot find what they cannot see. Enterprises are already forced to decrypt encrypted traffic at the gateway in order to inspect and determine whether it is safe or harmful.
A10 Networks' Rene Paap, who expects 67% of all network traffic to be encrypted by the end of this year, thinks this will place an intolerable demand on existing firewalls – effectively reducing the performance of the average firewall by 81%. That, he says, is the issue: "If you encrypt less, attackers can spy on your traffic and Google will put you in the penalty box. If you encrypt more, you’ll need to decrypt everything so that your security systems will still work."
Read More Encrypted Network Traffic Comes at a Cost | SecurityWeek.Com
The use of encryption over the Internet is growing. Fueled by Edward Snowden's revelations on the extent of NSA and GCHQ content monitoring, encryption is now increasingly provided by the big tech companies as part of their standard product offerings. It's effectiveness can be seen in the continuing demands by different governments for these same tech companies to provide government backdoors for that encryption. Encryption works: it safeguards privacy.
Against this background, the use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt network traffic is likely to grow dramatically. Google is encouraging this. It already uses HTTPS as a positive weight for web sites in its search algorithm, while current rumors suggest it will soon start to place a warning red X in the URL bar of sites that do not use it. Taken together, these are strong incentives for businesses that don't currently use SSL/TLS to start doing so. Some predictions believe that almost 70% of network traffic will be encrypted by the end of this year.
But SSL and TLS traffic encryption brings its own problems for businesses. Encryption is already used by criminals to hide malicious traffic on the basis that defenders cannot find what they cannot see. Enterprises are already forced to decrypt encrypted traffic at the gateway in order to inspect and determine whether it is safe or harmful.
A10 Networks' Rene Paap, who expects 67% of all network traffic to be encrypted by the end of this year, thinks this will place an intolerable demand on existing firewalls – effectively reducing the performance of the average firewall by 81%. That, he says, is the issue: "If you encrypt less, attackers can spy on your traffic and Google will put you in the penalty box. If you encrypt more, you’ll need to decrypt everything so that your security systems will still work."
Read More Encrypted Network Traffic Comes at a Cost | SecurityWeek.Com
