Encrypted traffic a blind spot for enterprise security

The extensive adoption of encryption online has been a double-edged sword for security, with attackers often using the technology to disguise malware attacks, according to Blue Coat Labs researchers.

An analysis by the company shows that all of the top 10 most visited websites have adopted HTTPS encryption to address users’ privacy concerns.

But the growing use of encryption is creating an environment allowing cybercriminals to hide malware inside encryption transactions, because encrypted traffic is invisible to security devices unless it is decrypted.

Over a typical seven-day period, the research shows that out of 1.1 million new sites identified, over 40,000 requests were to newly created malicious HTTPS sites and 100,000 were requests to already infected command-and-control HTTPS sites.

“Currently, encrypted traffic is a huge blind spot for enterprise visibility. The importance of privacy will ensure this trend continues, but investments in network security are largely being wasted when encrypted traffic isn’t being inspected,” 451 Research senior security analyst Adrian Sanabria said.

“Sophisticated attackers know that evading defences to get command-and-control traffic or data out of the enterprise is often as simple as using encryption in transit and perhaps a proxy or two.”

“Encryption is the tool of choice to protect privacy. But it is also quickly becoming yet another method of attack across the threat landscape,” Blue Coat vice president of business development Peter Doggart added.

Blue Coat recently added seven new industry partners for a collaboration focused on encrypted traffic management, bringing the total number of companies involved to 16. The new members are Symantec, eSentire, Gigamon, LogRhythm, ManagedMethods, TopSpin Security and Trend Micro.

Image courtesy of Yuri Samoilov under CC