Three-quarters of organizations not confident in dealing with SSL-based attacks
Despite 39 percent of businesses suffering an SSL-based attack in 2016, only 25 percent feel confident in their ability to deal with one according to a new study.
The report from cyber security company Radware shows that cyber attacks are becoming the norm, with 98 percent of organizations experiencing some form of attack in 2016.
SSL attacks though are of particular concern. SSL provided the backbone of eCommerce, though the Heartbleed attacks of three years ago have led many companies to switch to alternatives like TLS. For attackers though SSL offers a way to mask attack traffic and thwart malware detection in both network and application level threats.
The use of SSL makes it harder to detect attacks as many existing solutions don't inspect SSL traffic because of the difficulty of decrypting it. Radware's data suggests SSL attacks have increased by 10 percent over the last year.
The report's authors note, "SSL is both a blessing and a curse: blessing because it solves the privacy problem and secures the communication of sensitive information; curse because it creates new blind spots and vulnerabilities into an enterprise IT infrastructure."
In order to protect themselves Radware say that organizations should aim to decrypt and re-encrypt SSL sessions to enable security inspection of both clear and encrypted traffic while maintaining privacy of content en-route. Any SSL inspection solution also needs to be able to selectively forward traffic to one or more security solutions.
This needs careful implementation though as any solution must dynamically define filters that intercept and open traffic for inspection even if it ﬂows through non-standard TCP ports (such as HTTPS port 443). To avoid turning the SSL traffic inspection solution into a target itself, it must not perform like a proxy or have its own IP address.
Any solution must also be scalable to cope with varying levels of traffic, and ensure traffic is always forwarded to the fastest-responding available security servers.
You can find out much more in the full report which is available from the Radware website.