Kevin Bocek , VP Security Strategy & Threat Intelligence
InfoSec Expert
April 22, 2021 4:58 pm
<p>Organisations should never assume that traffic is safe just because it’s encrypted. For cybercriminals, hiding within encrypted traffic offers the perfect disguise: they know this is a major security gap for organisations since AV tools can’t look inside encrypted tunnels. This gives the bad guys free reign to send malware or other exploits over HTTPS – and as more machines and clouds rely on encrypted traffic, this tactic will become even more popular among cybercriminals.</p> <p> </p> <p>The best defence organisations have is to inspect all inbound, cross-network, and cross-cloud traffic, and ensure that security tools are able to inspect encrypted traffic to eliminate blind spots. This creates a need for centralised intelligence and automation to ensure that all security tools – such as firewalls, intrusion detection and prevention, or analytics – are fed and updated with the all the relevant machine identities to ensure they can inspect all traffic. Otherwise these just become gaping holes in a company’s defence for hackers to exploit.</p>
<p>Organisations should never assume that traffic is safe just because it’s encrypted. For cybercriminals, hiding within encrypted traffic offers the perfect disguise: they know this is a major security gap for organisations since AV tools can’t look inside encrypted tunnels. This gives the bad guys free reign to send malware or other exploits over HTTPS – and as more machines and clouds rely on encrypted traffic, this tactic will become even more popular among cybercriminals.</p> <p> </p> <p>The best defence organisations have is to inspect all inbound, cross-network, and cross-cloud traffic, and ensure that security tools are able to inspect encrypted traffic to eliminate blind spots. This creates a need for centralised intelligence and automation to ensure that all security tools – such as firewalls, intrusion detection and prevention, or analytics – are fed and updated with the all the relevant machine identities to ensure they can inspect all traffic. Otherwise these just become gaping holes in a company’s defence for hackers to exploit.</p>