Home Cybersecurity Network Decryption – A Critical Cybersecurity Best Practice

Network Decryption – A Critical Cybersecurity Best Practice

Network Decryption - A Critical Cybersecurity Best Practice

Businesses have been moving their data and computing to the cloud. The COVID-19 pandemic has accelerated the move to the cloud. Security teams need to have a complete view of everything to spot any attacks and stop them before becoming a disaster. Strong network traffic encryption is critical to protecting sensitive business and personal data. Up to 90 percent of network traffic is encrypte today, and estimates from Google indicate that 95 percent of its internet traffic uses the encrypted HTTPS protocol. These statistics present a step forward for data integrity and consumer privacy. Businesses and organizations need to obscure their digital footprint using encrypted traffic. The commitment is not only a responsibility for companies that need to ensure data privacy.

On the other hand, cybercriminals have weaponized encryption by hiding malicious activities in benign traffic. According to a cybersecurity report, 70 percent of malware campaigns in 2020 used some form of encryption. The Joint Cybersecurity Advisory issued by the FBI, CISA, the U.K National Cyber Security Centre, and the Australian Cyber Security Centre highlighted that encrypted protocols mask lateral movement and other advanced tactics in 60 percent of attacks. Threat actors continue to devise ways to use a victim’s systems or an enterprise’s encryption to provide the perfect cover for an attack.

A Case for Network Traffic Decryption

As hackers continue to leverage encrypted channels to access and traverse enterprise networks, secure traffic decryption is critical to assessing potential threats. The situation has called for adopting a new approach in detecting threats. Decryption will help detect post-compromise activity missed in the encrypted traffic analysis. Most organizations are focus on ransomware, but the main challenge is that they can’t see what is happening laterally. Encrypted channels increase the attack surface, reduce visibility gaps, and increase challenges to security teams. In the past year, encrypted traffic has been exploite in significant cyberattacks such as Kaseya and Sunburst. Threat actors have had the upper hand by remaining invisible. Cybercriminals have used techniques such as living-off-the-land and Active Directory Golden Ticket to exploit the encrypted traffic of organizations. 

Network Decryption

Without the ability to correctly decrypt traffic, it would be near impossible to distinguish between good and evil. Security experts find it challenging to sift through the noise, and encryption doesn’t make it easier to determine what poses a threat. Most companies only focus on 50% of security in the battle, ensuring pervasive encryption but falling short on decryption and monitoring.

Organizations are wary of embracing decryption, fearing the issues of privacy, compliance, high compute costs, security, and performance impacts. However, there are ways in which businesses can decrypt the traffic without messing with compliance, privacy, performance, and security standards. 

Most organizations tend to ignore the majority of alerts. It is one of the poorly kept secrets in cyber-security operations. Many incidents or alerts are not investigate because traffic is encrypted or just because of the sheer effort to decipher an incident. Another contributing factor is the overwhelming number of alerts. The widespread problem is capture in a Trend Micro survey of 2,303 IT security professionals, and decision-makers reveal that 51% of respondents indicated that their teams were overwhelme by the sheer volume of alerts. Another 55% were not confident in prioritizing and responding to alerts and incidents. Another 43% responded by saying that they dealt with problems by turning off alerts. 

Decryption may take any of two forms – in-line decryption and out-of-hand decryption. Out-of-band decryption is use to send de-identified and tokenized data to the cloud for machine learning purposes. No clear-text data is send across the network through out-of-band decryption, eliminating additional security concerns. In-line decryption is the oldest approach in network traffic decryption which brings about additional complications associated with certificate management. Threat actors can also perform downgrade attacks when messages are re-encrypte using weaker cipher rules. In-line decryption is also referred to as man-in-the-middle or SSL interception.

Having an efficient decryption system is critical to improving the security of organizations. You must have the right people by finding the proper credentials, access controls, and looking at the correct information. Keep in mind that not all data is to be decrypte. You need to look at the correct information to make a quick triage and get a brief understanding of traffic through your network. Moving into the future, technology such as machine learning will support assisted investigation of alerts and incidents at scale. 

Businesses need to jump into understanding and addressing challenges rather than running away from them. Companies must commit to increased traffic inspection to increase the likelihood of catching malicious activity. The decryption of enterprise network traffic must not violate privacy regulations or laws. In other instances, decryption isn’t configured on sensitive subnets to avoid breaking compliance frameworks such as GDPR, PCI DSS, and HIPAA. 

In conclusion, decryption will improve security, especially for enterprise data, irrespective of where it residesDecryption allows for detecting attacks earlier in an attack campaign since malicious payloads are exposed. Secondly, decryption will improve the meantime-to-response since security teams will have a valuable context to ensure rapid detection, scoping, investigation, and remediation of threats. Lastly, decryption will provide a complete forensic record which comes in handy in post-compromise investigations. 

Previous articleTop 5 Platforms to buy virtual land
Next articleE-sports: How to Stream them on YouTube
Entrepreneur and IT enthusiast, he has been dealing with new technologies and innovation for over 20 years. Field experience alongside the largest companies in the IT and Industrial sector - such as Siemens, GE, or Honeywell - he has worked for years between Europe and Africa, today focusing his energies in the field of Certification and Data Traceability. , with the Blockchain and Artificial Intelligence. At the head of the Lirax project, he is now involved in supporting companies and public administration in the digital transition, in a certain way. Particular attention is paid to the traceability and certification of educational and professional skills, as well as the identification of the person, in compliance with European and international directives. Thanks to his activities carried out in Africa, in the governmental sphere, and subsequently as a consultant for the United Nations and the International Civil Protection, he is carrying out further large-scale projects, in the field of research and development together with international experts, which allow him to done, to broaden his vision and expertise in a unique and transversal way. The voluntary work carried out in various humanitarian missions carried out in West Africa in support of the poorest populations completes his profile. He has participated in the creation of centers for infancy and newborn clinics, in the construction of wells for drinking water and in the creation of clinics for the fight against diabetes
Exit mobile version