Straight Talk Technology
Enterprises can't afford to ignore encrypted network traffic. Attackers love to use it to hide malware and other attacks where they can't be seen. But most organizations don't inspect encrypted traffic. And for those that do, new standards and evolving technology are about to force some big changes.
The percentage of inbound enterprise network traffic that is encrypted has been steadily increasing, now averaging 70–80%. Visibility into and inspection of this traffic is essential for sound enterprise network security.
To obtain that visibility, organizations must decrypt that traffic—using technically complex and expensive solutions—before being able to inspect it. Security-conscious organizations have invested heavily, sometimes hundreds of thousands of dollars or the equivalent, to buy and implement a decryption architecture that meets their needs.
But legacy decryption solutions won't last much longer. Many can't handle the growing volume of encrypted traffic, while the rest can't support changes in the new, more secure TLS 1.3 encryption standard.
That means in the near term, nearly every enterprise will be forced to revisit how it gains visibility into inbound encrypted network traffic.
Fortunately, a number of emerging, nontraditional approaches to network traffic decryption offer nascent but promising alternatives.
- Cloud-based network traffic decryption offloads the process to the cloud, often as part of a broader cloud-delivered security service called an identity-aware proxy.
- Session key forwarding simplifies decryption by obtaining encryption key pairs from host memory without the standard, processor-intensive techniques.
- Encrypted traffic inference solutions analyze aspects of encrypted traffic flows to discern whether they are likely to be malicious, without even using decryption.
Omdia encourages enterprises to accelerate the viability reviews of their current decryption capabilities. If considering alternatives, don't overlook these non-traditional options. While nascent, they offer promise in reducing the cost and complexity that comes with traditional decrypt-and-inspect approaches.
Above all, don't disregard the risk posed by inbound encrypted traffic. Attackers always take the path of least resistance—and the easiest defense for them to beat is no defense at all.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.