Inspecting Encrypted Traffic

Is encrypted traffic the biggest blind spot in your network?

Encrypted web traffic is continuing to grow, protecting businesses and users operating online from eavesdropping and data tampering. However, without inspection, this encrypted traffic could present an easy opportunity to slip past your network defenses. In this way, the tools we use to secure our legitimate information could be used to obscure the attacks of our adversaries.

NSS predicts that by 2019, 75% of web traffic will be encrypted.
ZScaler reports a 400% increase in phishing attempts delivered over SSL/TLS per day in the first half of 2017 compared to 2016.
In a Radware survey, only 31% of respondents said they currently have the ability to defend against an SSL flood attack.

What’s all the fuss about encrypted web traffic?

Encrypting web traffic improves security and privacy for businesses. It can help to ensure that sensitive data and proprietary information stays hidden from hackers and facilitate the secure transfer of data for business purposes.
Consumers have also been educated to look for the lock in the corner of their browser before entering sensitive information or check for the “https” before performing their banking activity. More and more businesses are simply encrypting all traffic on their sites to give their customers confidence that their data will remain safe.

However, while encrypting your web traffic seems like a sure-fire way to stay protected from attack, it can also leave blind spots in your security. In fact, encryption creates an opportunity for hackers to leverage this technology to slip malicious code through your network defenses undetected. These types of attacks are growing in frequency, circumventing perimeter security measures that only inspect HTTP traffic, and necessitating that companies inspect their encrypted traffic to ensure there’s nothing malicious entering their network and nothing proprietary leaving it.

 

How can you inspect encrypted traffic without impacting performance?

With SSL vulnerabilities like Heartbleed and Poodle making the headlines, it’s critical that organizations are leveraging the benefits of encrypted web traffic while securing themselves from the risks.

The best way to ensure that hackers aren’t sneaking malware through your encrypted traffic is to decrypt and inspect it. By decrypting traffic and quickly scanning the contents, organizations can shine light on hidden threats, ensuring malicious elements stay out of their network and that protected, sensitive data stays in it.

However, decryption and re-encryption of HTTPS traffic is process intensive, and could quickly cause a bottleneck in your environment if your UTM is not properly spec’d. At WatchGuard, we recognize the threat encrypted traffic poses to businesses of all sizes. Our Firebox platform delivers market-leading performance of HTTPS inspection in full UTM mode. In recent reports, third-party testing organization Miercom reports that time and again WatchGuard appliances outperform their competitors’ throughput performance in inspecting encrypted web traffic with all security services turned on. In fact, our M370 appliance maintained 820 Mbps in full UTM most for HTTPS traffic, while competitors averaged 155 Mbps in the same test.

As more web traffic becomes encrypted, businesses will need to find a network security solution that keeps them secure without impacting their performance. See more about why WatchGuard appliances are the right solution for you!

“I’ve personally used Cisco, Juniper, Fortinet, Palo Alto, SonicWall and Check Point amongst others, but I’ve always returned to using WatchGuard wherever possible.”

Bob Sampson, Head of IT, Wrest Park

What are you waiting for?

For any additional questions, visit our How to Buy page, chat with one of our
Sales Agents or give it a trial spin.