By Duncan Hughes, Systems Engineering Director EMEA, A10 Networks
Verizon’s 2016 Data Breach Investigations Report found that 89 percent of breaches last year were motivated by greed or espionage. Since motives are increasingly financial, it makes sense that the financial institutions that underpin the world’s economy are increasingly targeted. The Ponemon Institute found, on average, 83 percent of financial companies suffer more than 50 attacks per month. As a result, banks, credit unions, brokerage firms and exchanges — large and small — are shoring up their defenses to prepare for the inevitability of a cyberattack. One of the defensive measures they use is encryption, which protects the privacy and integrity of sensitive information by rendering it unreadable if stolen or intercepted.
The dark side of SSL encryption
Unfortunately, encryption also has a dark side; increasingly, cyber attackers are using encryption to hide their exploits. A10 recently sponsored a survey by the Ponemon Institute, “Hidden Threats in Encrypted Traffic: Industry Verticals,” to dig into the risks posed by encrypted traffic. The results demonstrated that financial institutions may be woefully unprepared to protect against the attacks using encrypted traffic to hide their activity. As a baseline, respondents estimate 32 percent of their institution’s outbound traffic is encrypted today; they expect that percentage to go up to 46 percent over the next 12 months. As that percentage increases, it’s logical the percentage of threats in encrypted traffic will also go up. In fact, 58 percent of respondents think attackers will increase their use of encryption (to evade detection and bypass controls) over the next 12 months. When asked whether their institution recognises that malicious users leverage SSL encryption to conceal their exploits, only 41 percent agreed (23 percent were unsure and 36 percent disagreed). While this percentage may seem to imply there is a disconnect between the risk and an institution’s recognition of that risk, it is probably more indicative of an institution’s direct experience. Notably, 40 percent of the respondents confirmed that attacks on their institution had used encryption to evade detection. (81 percent acknowledged they had been a victim of a cyberattack or malicious insider activity in the past 12 months.)
Gauging the importance of SSL inspection
So, perhaps institutions are waiting to see these attacks firsthand before they implement measures to prevent them? Despite 90 percent of the financial services respondents recognizing that the inspection of SSL traffic is “Important” to “Essential” to their overall security infrastructure, only 42 percent are actually decrypting Web traffic to detect attacks, intrusions and malware. This can be a very dangerous game of chicken for financial institutions to play. Respondents indicated they knew their institutions were at risk:
- 70 percent were concerned or very concerned that encrypted traffic would leave their network vulnerable to hidden threats
- 71 percent felt that compromised insider credentials, due to malware hiding inside encrypted SSL traffic, could cause a data breach (18 percent were unsure)
- 61 percent agreed that the inability of their current security infrastructure to inspect encrypted traffic compromises their ability to meet existing and future compliance requirements.
- 33 percent felt their institution would be able to prevent costly data breaches and loss of intellectual property by detecting SSL traffic that is malicious
Why aren’t they decrypting encrypted traffic to look for attacks it may hide? Respondents cited a lack of enabling security tools (53 percent), insufficient resources (43 percent) and performance degradation (42 percent) as the main reasons they don’t decrypt and inspect their Web traffic. Unsurprisingly, 50 percent noted their institution’s security solutions are collapsing under growing SSL bandwidth demands and SSL key lengths.
Your SSL decryption strategy
All told, 57 percent of the financial services respondents, which don’t currently decrypt, have plans to decrypt and inspect traffic to uncover potential attacks. Before they can, however, they need to find solutions that truly meet their needs. They indicated the following features were “Important” to “Essential” in an SSL inspection tool:
- Securely manage SSL certificates and keys – 90 percent
- Scale to meet current and future SSL performance demands – 87 percent
- Maximise the uptime and performance requirements of the overall capacity of the security infrastructure – 84 percent
- Satisfy compliance requirements – 81 percent
- Granularly parse and control traffic based on custom-defined policies – 78 percent
- Categorize web traffic to ensure confidential or sensitive data remains encrypted (satisfy regulatory requirements) – 77 percent
- Intelligently route traffic to multiple security devices – 77 percent
- Interoperate with a diverse set of security products from multiple vendors – 75 percent
Decrypt, inspect SSL traffic with Thunder SSLi
These are capabilities that the A10 Thunder® SSLi® can provide. SSLi offloads SSL decryption and re-encryption from third-party security devices to enhance the performance of the overall infrastructure and ensure malware and insider threats hidden in SSL are detected. With SSLi, financial services firms can eliminate blind spots created by SSL to protect their sensitive data, meet compliance (e.g., PCI, GLBA, SOX) requirements and improve their network’s overall performance — all with a lower total cost of ownership (TCO). For more information on the Ponemon survey, please check out this white paper; for more details on our SSLi offering, you can download our solution brochure.