Security solutions beyond encryption: The role of Encrypted Traffic Analysis
Financial institutions are now responsible for preserving and maintaining the privacy of an ever-growing myriad of datasets across a multitude of stakeholders. Governments and regulators are also mandating organisations within the industry implement best-practice encryption, with financial ramifications for data leaks. Breaching GDPR rules alone can lead to fines of up to 4% of global annual turnover, so it is essential that financial institutions understand the importance of choosing effective security solutions.
This has driven a massive uptake in encryption to ensure compliance and the support of customer data privacy while in transit and at rest, with 62% of the top 1,000 global websites now supporting TLS 1.3 – the current standard ensuring strongly encrypted communications. However, this unilateral shift has also weakened the visibility that security teams have over their networks – and this is becoming a growing issue.
Organisations need therefore to now look to Encrypted Traffic Analysis (ETA) as a more sophisticated solution, offering insight into their data without compromising on workload.
Hiding in plain sight
With financial institutions playing such a critical role in our society, there’s no room for uncertainty around the protection of data. We are seeing an increase in geo-political tensions and cyberattacks, and with finance being a part of the UK’s Critical National Infrastructure, it remains a major target. Indeed, in the first three quarters of 2021 alone, threats over encrypted channels increased by 314% from the previous year. While banks and other financial services may have perceived encryption as the ultimate solution to their data privacy concerns, in cyber security, there is no silver bullet. And not having an oversight of the transfer of data across networks, increases the risk of attack.
We are increasingly seeing attackers that breach an organisation’s perimeter are able to hide malicious activity within legitimate encrypted network traffic. These attacks aren’t necessarily cutting edge, but the lack of visibility into encrypted traffic gives intruders a far easier path to operate on private networks. So, active decryption and inspection could be the answer. However, trying to decrypt vast traffic volumes and managing keys and certificates introduces significant costs and logistical complexities. This issue is compounded by modern-day encryption protocols which use Perfect Forward Secrecy, forcing strong encryption between the client and server.
Despite these high levels of regulation, there are a multitude of reasons why an organisation may not have complete oversight of their encrypted estate. Sometimes changing teams readily accept legacy infrastructure, or – more commonly – nobody ‘owns’ or is accountable for encryption responsibilities. Sometimes actions can be too little, too late, with weaknesses in the system only becoming apparent when a breach takes place.
Reaction not recovery
The only way organisations can hope to reduce this risk, is if they can measure and understand the encrypted communication on network traffic without relying on decryption. To achieve this, security teams need to shift their approach towards a deeper analysis of encrypted communications, guaranteeing greater certainty about what is happening within encrypted traffic flows.
Encrypted Traffic Analysis (ETA) is an emerging method of identifying and detecting suspicious or anomalous behaviour hidden in encrypted traffic without decryption. It uses a combination of artificial intelligence, machine learning, and behavioural analytics to analyse encrypted traffic without decryption. It ultimately improves encrypted network traffic visibility while causing no impact on latency or privacy infringement. It also understands the behaviour of traffic across networks and provides alerts in near real-time, allowing security teams to react immediately rather than after the fact. This significantly increases the rate at which suspicious activity can be identified in encrypted traffic, thereby reducing business risk.
The network visibility gained by employing an ETA platform can also help organisations to ensure that their encrypted estate is as secure as they intend. Many organisations will use static analysis to understand the certificate, but this approach does not provide critical information required on what is actively negotiated and used for the individual sessions.
Visibility is a virtue
The shift from ‘decrypt and detect’ to ‘measure and mitigate’ is a welcome one and will have just as much impact on the sector as when encrypted communications were introduced. Ultimately, the risk posed by customer and employee data breaches will be further reduced, offering peace of mind to financial organisations.
The current global climate, with a rise in nation-state attacks, has put critical sectors like finance on high alert. To successfully guard against potential threats, it is imperative that security teams have as much visibility of their network as possible.
Harnessing Encrypted Traffic Analysis will ensure these concerns can be effectively dealt with, offering enterprises peace of mind, by understanding what is happening in the present, to mitigate against the risk of a data breach in the future.
Published by Information Security Buzz