Survey: Businesses Failing to Fully Protect Assets

New research from Flowmon Networks and IDG Connect shows nearly all IT managers recognize encrypted network traffic as a source of security risks, while two-thirds of businesses fail to protect their assets from both internal and external threats misusing secure sockets layer/transport layer security (SSL/TLS).

The survey maps organizations’ defense strategies in addressing the threats in encrypted traffic. Conducted on behalf of Flowmon by IDG, the survey of more than 100 IT managers explores their experiences facing this rapidly growing attack vector.

Artur Kane, Flowmon’s head of product marketing, tells us MSSPs have to make sure that the right technologies are in place, and these technologies are configured and used properly.

Flowmon’s Artur Kane

“This requires a complex ecosystem of next-generation firewall to protect the perimeter, endpoint security, network traffic analysis to cover the internal network, log management and vulnerability assessment in place together with proper knowledge and security processes,” he said. “The challenge, but also an opportunity for MSSPs is to bring the tooling, best practice and guidance with a proper level of outsourcing of these resources based on the customer current situation and needs.”

A large number of companies have been exposed not just to attacks exploiting SSL/TLS vulnerabilities, but also attacks that employ SSL/TLS to mask movement over the network and to attack applications. Without a proper toolset that covers all attack vectors, dealing with encrypted threats is a significant challenge.

Two of the biggest obstacles of deploying network traffic decryption by using an SSL proxy are the fear of breaching data privacy (36%) and concerns over performance degradation (29%).

“The most surprising is the gap between IT experts’ confidence and their real ability to repel encrypted traffic threats,” Kane said. “According to the survey, 96% of IT managers claim confidence to repel encrypted traffic threats. But the vast majority of respondents primarily inspects encrypted traffic at the perimeter, meaning they are unprotected from insider, unknown or advanced persistent threats (for example, SSL/TLS vulnerabilities misuse, cloak malware delivery, hide data exfiltration, and mask botnet communications). Only one-third of respondents have both perimeter and network protection deployed together. When common forms of attack avoid perimeter detection, such as ransomware, botnets obscuring communication with command and control (C&C) servers, advanced persistent threats or browser exploits, there appears a considerable gap in the security strategies that businesses deploy.”

The survey’s findings highlight the importance of deploying network traffic analysis (NTA) and SSL decryption together to provide equal protection against external and internal threats.

Respondents recognize NTA tools as a way to bring together network and security operations teams, to share a single version of the truth (49% rank this as a No. 1 capability of such tools), and to improve prevention and accelerate detection and response.

“Encryption can carry some very common threats,” Kane said. “Thinking about the security strategies, encryption creates certain obstacles for security teams, who are still required to protect their networks in spite of the lack of visibility. So basically, it is a danger that things get out of control without your notice. It is estimated that up to 50% of all known cyberattacks use encryption, and there is universal agreement that encrypted traffic is an important source of security risks. In spite of this, many businesses still lack the means to inspect/monitor encrypted traffic.”