While protecting data, encryption blinds network security and application monitoring tools. The only way to fix it is to inspect traffic, continuously monitor and automate the lifecycle of TLS certificates.
As companies deploy more applications in different clouds (private and public) and as the use of SaaS becomes more widespread, TLS encryption becomes essential to secure traffic. Unfortunately, while protecting data in transit, encryption blinds the security tools responsible for monitoring traffic and inspecting packets. Cybercriminals are exploiting this “blind spot” to conceal malware and command and control traffic and to hide the infiltration of stolen data.
In a study, Venafi, the specialist in protecting machine identities, connections and communications between machines, reveals that 75% of CIOs say that TLS certificates are their main concern. More than half of CIOs (56%) fear business interruptions related to the expiration of machine identities. The study polled the opinions of 550 CIOs based in the United States, the United Kingdom, France, Germany and Australia.
“Compromising machine identities can have major financial repercussions,” explains Venafi. A recent AIR Worldwide study estimated that the global economy could avoid financial losses of between $ 51 billion and $ 72 billion by adequately protecting machine identities. “
Inflation in the number of TLS certificates in companies
TLS certificates act as machine identities by protecting the flow of sensitive data to trusted machines. Due to the accelerating digital transformation, the number of machine identities has exploded. 97% of CIOs estimate that the number of TLS machine identities used by their company would increase by 10 to 20% next year, and 93% of those questioned estimated at least 10,000 the number of active TLS certificates in their companies, while 40% report more than 50,000. At the same time, cybercriminals target machine identities, including keys and TLS certificates as well as their functions such as the encrypted traffic they protect, in order to protect them. use for their attacks.
“According to a 2018 Venafi study, when IT professionals deploy a complete machine identity protection solution, they typically detect 57,000 unknown TLS machine identities in their business and in the cloud,” said Kevin Bocek, vice president from the security strategy and threat analysis department of Venafi.
The importance of traffic inspection
“This study concludes that many CIOs are likely to vastly underestimate the number of TLS machine identities currently in use. As a result, they do not know the size of the attack surface or the operational risks that these unknown machine identities pose to their company. Whether it’s disabling failures from expired certificates or attackers lurking in encrypted traffic for long periods of time, risks abound. The only way to fix it is to continuously detect, monitor, and automate the lifecycle of all TLS certificates on the corporate network, including ephemeral certificates used in cloud, virtual, and DevOps environments, “said Kevin Bocek.
Given the amount of encrypted traffic, the threat vector it now represents, and the importance of traffic inspection for a zero-trust strategy, there must be ways for businesses to effectively decrypt TLS traffic. However, it is extremely greedy in computing resources and can introduce latencies in the network.