Encryption: Why Security Threats Go Under The Radar


Read the article

One of the most dangerous security drivers facing businesses is also one of the least understood. Encrypted Traffic Threat Research shows that 41% of organizations do not have a solid understanding of the existence and nature of threats associated with encrypted traffic, and the damage they can cause. However, gradually, encryption has become one of the most important vehicles for the cyberthreats that organizations now face.

Encrypted traffic has become a potential danger precisely because so much data is now encrypted. In 2016, just over half (53%) of all web traffic was encrypted, but by 2019 that percentage had risen to 87%, opening up an opportunity that is almost the size of the entire internet data set. for hackers. malicious code in corporate networks.

The risk posed by encrypted traffic threats is simple; they are difficult to see. Cybercriminals find this route to be one of the most effective ways to bypass firewalls, intrusion prevention systems, unified threat management, secure web gateways, data loss prevention, anti-virus software. – malicious program and most other security solutions.
One way to protect against it is to deploy decryption solutions, but even here there are concerns, with 36% of respondents citing a concern about data privacy, 29% fearing that decryption would cause bottlenecks. performance bottleneck and 18% are concerned about the lack of skills available to manage such a security solution.

As a result, nearly half (48%) of organizations have yet to implement decryption solutions.

How to deal with the threat

The best way to resolve these issues is to have an automated solution that can proactively monitor and analyze encrypted data.

When the National Agency for Cybersecurity and Information Security of the Czech Republic sought a more robust way to strengthen the country’s selected government institutions against advanced modern threats, it turned to Flowmon and the System Flowmon anomaly detection for threat detection capability. The system uses 44 detection methods comprising more than 200 algorithms to spot and immediately alert IT teams to any anomalies hidden in network traffic, encrypted or not.

This AI application has become a valuable source of IT expertise that has increased the bandwidth of staff to manage the solution and has enabled comprehensive and complex monitoring of the entire networked environment. With Flowmon ADS in place, the institute has a comprehensive, but noise-free overview of suspicious behavior in partner networks, flawless detection capability and a platform for validating indicators of compromise. .

Flowmon’s solution also works on a large scale. GÉANT, a pan-European data network for the research and education community, operates one of the largest data networks in the world and transfers over 1000 terabytes of data per day over the GÉANT IP backbone. For something of this scale, there is simply no way to manually monitor the entire network for outliers. With a redundant application of two Flowmon collectors deployed in parallel, GÉANT was able to have a pilot security solution to directly manage data flows of this magnitude in just a few hours. After a few months of additional testing, integration and algorithmic learning, the solution was then ready to protect the entire GÉANT network against encrypted data threats.

Why Team Collaboration Accelerates Encrypted Threat Response

Uncertainty and lack of understanding make organizations reluctant to adopt solutions to respond to encrypted traffic threats. In addition, for a response to this threat to be effective, it is essential that network operations and security operations (NetOps + SecOps = NetSecOps) work collaboratively, but according to the study, 40% of companies do not have currently of these working teams. tightly together.

By adopting tools built with the NetSecOps philosophy in mind to foster collaboration between the two teams, organizations can dramatically reduce incident resolution time and save on tools with functional overlap.

In 2020, Kemp Technologies announced the acquisition of Flowmon. In doing so, the company has been able to bring together holistic solutions that enable partners to become a one-stop-shop for robust network security.

“We are delighted to extend the value offered to customers in the areas of infrastructure security, network observability and automated incident response by welcoming Flowmon to the Kemp family,” said Ray Downes, CEO of Kemp Technologies at the time. “Expanding Kemp’s portfolio to include Flowmon’s solutions will provide customers with the ideal combination of network analysis, preemptive threat detection and workload delivery for an optimal, uninterrupted user and application experience.
Kemp’s two product families including the LoadMaster load balancer and the Flowmon NetSecOps suite allow businesses to take full control of their digital environment, with load balancing, network performance monitoring and response solutions . The solution is easy to deploy and configure and displays data on the dashboard within 30 minutes. With government regulations and privacy concerns requiring companies to take ever greater responsibility for data and encryption, Flowmon and Kemp are proving to be an essential response to also protect the network from cybercrime. .

For more information on encrypted traffic threats, contact Kemp Technologies and Flowmon [email protected]

Kemp currently offers a free network assessment. Go to Kemp.ax

Case studies – https://www.flowmon.com/fr/nos-clients

If you have an interesting article / experience / case study to share, please contact us at [email protected]

Source link


About Author

Comments are closed.