You can’t fight what you can’t see. Cliché as it may sound, cybercriminals are using organizations’ lack of network visibility as a cornerstone for their attack strategies. Savvy threat actors are encrypting their malware payloads to cloak attacks and defeat standard security controls. At RSA Conference 2018 in San Francisco, SonicWall president and CEO Bill Conner spoke with TechRepublic about the rapidly changing cyber arms race and the need to properly detect and inspect encrypted traffic, which made up 68 percent of all web traffic in 2017 — a 24 percent year-over-year increase from 2016.
In previous webcasts and blogs, I’ve spoken of a woman who was the victim of a terrible ransomware attack as well as an intrusion on her computer. It was her first computer breach in over 25 years of business. When these happened, she was running traditional anti-virus and minimal network security in front of her endpoints.
“Inspect every packet, every time.” This has been my advice to any network admin or business owner for many years. This is equally important in regards to encrypted traffic. Much of the internet has become encrypted, meaning that it can only be perused and accessed over HTTPS. While this rightly includes traffic such as online banking and financial sites, it also now includes webmail, social media, online streaming video, music and even search engines.
Recently, the personal information of Palo Alto High School students was published via a website that allowed students to see class rankings, grade-point averages and identification numbers. Is your school network at risk? Know your best defense against new threats. Join SonicWall at Booth 904 at the 2017 CETPA Annual Conference on Nov.
Equifax just rolled into the history books as the victim of one of the most widespread and dangerous data breaches of all time. The breach happened on March 10, 2017, at which time the cyber criminals leveraged the critical remote code execution vulnerability CVE-2017-5638 on Apache Struts2. This attack highlights the value of an Intrusion Prevention System (IPS) and virtual patching security technologies.
Day after day, the number of users is growing on the web, and so is the number of connections. At the same time, so is the number of cyberattacks hidden by encryption. SonicWall continues to tackle the encrypted threat problem by expanding the number of SSL/TLS connections that it can inspect for ransomware.
I often get asked, “Why should we implement SSL inspection? We just upgraded our security from stateful inspection to deep inspection. If something is encrypted, is it not encrypted for a reason, for being secure?” Let me explain… Back in the day, network traffic was well behaved. If you were a software vendor and wanted to offer a new application, you had to sign up with IANA and get a reserved port for your application.
Night vision goggles. Airport x-ray machines. Secret decoder rings. What do they all have in common? Each helps you find something that is hidden, whether it’s an object or code that someone may not want you to discover. Your organization’s security solution needs to perform in a similar manner by inspecting encrypted traffic.
If you have been in this industry for more than a few years, you have probably heard the sales pitch, “What keeps you up at night?” It’s a typical sales tactic to elicit an emotional response to threats that seem to be out of your control. It’s designed to draw you out, start a conversation, and ultimately, prey on your fears.