The business world is turning increasingly cloudy, writes Mark Jow, EMEA Technical Evangelist, Gigamon.
Digital transformation continues apace, despite political uncertainty and strong economic headwinds, driving agility for UK organisations. But these investments in cloud computing to support this transformation come at a price. They might help to increase productivity and drive innovation-fuelled growth, but new projects also expand the cyber-attack surface within the organisation. Threat actors are all too aware of the new opportunities this creates to reach sensitive data, disrupt critical business processes, and hold organisations to ransom.
An unlikely ‘hero’ that makes it easier for them is TLS/SSL encryption, which enables bad actors to work in the dark, hidden from the gaze of security operations teams. Unfortunately, current methods of decrypting cloud traffic streams are expensive, unwieldy, inaccurate, and often ineffective. Organisations need a better way to shine a light on threats concealed in encrypted communications and deal with them before they threaten the business.
Hiding behind the clouds
Cloud adoption continues to accelerate. According to Flexera, 98 percent of global enterprises have invested in public cloud services from one or multiple providers. That means applications are, in turn, migrating from relatively secure on-premises environments to more complex hybrid cloud infrastructure, where risk is more pronounced, and the tools needed to secure and manage it are still evolving. At the same time, developer teams are under growing pressure to deliver new products and features for cloud-native apps, sometimes prioritising speed-to-market over security. Many are unaware of the potentially dangerous vulnerabilities they may be introducing into the applications they develop.
Against this backdrop, it’s increasingly important for security operations (SecOps) teams to gain visibility into encrypted cloud network traffic, to spot the tell-tale signs of malicious activity. But as mentioned, threat actors have an ace in the hole: TLS/SSL encryption, including modern techniques like perfect-forward secrecy (PFS), makes it impossible for traditional security tools to see what they’re doing. This enables malicious actors to deliver malware, move laterally inside networks and exfiltrate data, all without SecOps teams knowing.
A significant amount of malware now hides behind encryption, some sources say as much as 90 percent. That’s no surprise when less than half (48 percent) of organisations have visibility into data moving laterally across networks, according to recent research from Gigamon. While insight into North-South traffic shines a light on movement between locations and processing centers, it is visibility into this East-West traffic (the traffic moving inside these locations, across and between applications and hosts) that really matters. It makes the difference between a catastrophic breach and one that is contained before the threat actors can achieve their goals.
It’s no surprise then, that cybersecurity blind spots are the top threat cited by IT and security leaders; named by over 50 percent. It’s part of the reason why ransomware, data breaches and other threats are surging. According to data victims have paid ransomware groups $449.1 million in the first six months of this year. For all of 2022, that number didn’t even reach $500 million, which just shows the extent of the problem and without effective solutions it will get worse.
UK organisations are in the crosshairs. Government stats claim 59 percent of mid-sized businesses and 69 percent of large organisations were hit by a cyber-attack or breach in the past year.
The impact is potentially serious. IBM’s calculations show an ever-increasing cost associated with data breaches in particular. They reveal that the average for breached UK companies now stands at $5.1m per incident, more than the global average of $4.5m. In some industries like finance ($5.9m) and healthcare ($10.9m) the figure is even higher.
Encrypted data
Some 94 percent. of global IT and security leaders we spoke to say their tools and processes deliver complete visibility and insight into hybrid cloud environments. Yet at the same time, 90 percent claim to having suffered a data breach in the previous 18 months, and one in three of these breaches went undetected. It’s time to dispel this false sense of security and find a way to gain visibility into encrypted traffic as traditional security tools can be five to seven times less effective when set to work in these environments.
Current solutions that purport to see into encrypted streams might saddle organisations with operational complexity stemming from key management requirements. They may require complex virtual network routing to work. Or they may not work at all when faced with modern encryption like PFS. Instead, we need a different way of doing things: technology that runs independently of applications or container workloads, to capture traffic either before encryption or after decryption. This could save significant costs and operational overheads associated with current tools. Any such technology should also be engineered to protect sensitive personal identifiable information (PII) by masking this traffic from view.
This is the way to reduce cyber risk, support compliance requirements and bolster Zero Trust initiatives. Because Zero Trust only works when SecOps teams have deep observability into users and traffic flows. The time has come to shine a light on malicious activity hidden in encrypted traffic. It’s the beginning of the end for security blind spots.
About Mark Jow
As Technical Evangelist EMEA at Gigamon he’s the company’s first field evangelist for EMEA, and has over 30 years of experience in the industry, having held senior technical leadership positions in Oracle, EMC, Veritas and more recently Commvault.
