Chief Security Strategist
  • Security
Ever seen a sign with these words on it: “CAUTION: If you can’t see my mirrors, I can’t see you?” If you’ve ever driven on an interstate highway, I’m guessing you have. It’s a common sign posted on tractor-trailer vehicles, warning surrounding drivers that blind spots exist; therefore, they should be aware of the risk and take precautionary measures.

Similar guidance applies to the use of Secure Sockets Layer (SSL) encryption. SSL encryption is a vital tool in protecting data in flight. Transmitting sensitive data without modification is risky because if it is stolen, the data is in clear text and easily can be used by identity thieves. SSL encryption addresses this issue by using an encryption algorithm to encode the data before it is transmitted, protecting the data in transit by preventing it from being sent in clear text. Essentially, SSL encryption enables you to “hide” the content within an encrypted data stream, so hackers won’t be able to make sense of the data even if they can “see” it.

Unfortunately, the benefit of SSL encryption works both ways—for you and your adversaries. Next-generation firewalls do a great job of monitoring network traffic, categorizing applications, and enforcing application-based policy controls. But when it comes to SSL data streams, the devices have no way of interpreting the content of the encrypted traffic and pass it through unchecked, creating a “blind spot” for your security technologies. And hackers know it. Advanced persistent threats (APTs) use imbedded malware to steal data from inside corporate networks and mask that activity using SSL encryption to transmit those stolen records to the outside world. 

More companies are using SSL encryption to protect data in transit primarily to comply with privacy and data security requirements such as those specified by HIPAA, PCI, NIST and other regulatory standards. And while compliance is not the sole driver, sixty-one (61) percent of respondents in a recent study listed compliance as the “main driver to extensive encryption use within their company” (2016 Global Encryption Trends Study conducted by the Ponemon Institute and sponsored by Thales e-Security and Vormetric).

To eliminate the blind spot posed by the extensive use of SSL encryption, first make sure you are only encrypting the data you need to encrypt. To do that, you must know which data sets contain sensitive information, where those data sets reside, and who should be authorized to access them. Then, implement an SSL decryption solution. There are several good products on the market, including solutions from Gigamon, Blue Coat, and Radware to name a few.

With an SSL decryption solution, you can encrypt the data from the application outward to protect the data transmitted inside your corporate network and then decrypt it before passing the traffic through your next-gen firewall. Doing that enables your security technologies to “see” the content of the data stream and to apply security policies to it. Once that is complete, the data can be encrypted again and transmitted securely to the outside world. As a result, your data is protected both from unknown malware lurking within your network and any exposures posed from cyber thieves outside your network. 

Implementing SSL encryption is not unlike following a tractor-trailer on the interstate: Pay attention, be aware of the blind spots, and take precautionary measures to ensure you are protecting your organization against advanced malware tactics. Use an SSL decryption solution and review your security architecture to make sure you are leveraging those capabilities to the fullest extent possible.

If you would like help implementing SSL encryption to protect your confidential data without exposing your organization to unnecessary security risks, click here to get in touch with us or contact your ePlus Account Executive.

Comments

Load more comments
Thank you for the comment! Your comment must be approved first
* Required
comment-avatar

Ready To Begin? Contact Us Today.

Request A Presentation