Encryption Challenges and How an NPB Can Help
Encryption, such as SSL/TLS, is the root of trust for much of the economy now. Without the ability to securely process online transactions, it is highly unlikely that Amazon would employ over a half million people or have a market cap over US$ 900 Billion. Indeed, the internet economy represents about 6% of the total US GDP, or somewhere around US$ 1.1 Trillion.
Unfortunately there are other applications for SSL/TLS than keeping your online purchases/financial transactions secure and one of those applications is hiding malware. In fact there are two major aspects to hiding malware, one of which is obscuring the delivery of malware and exploit payloads. The other is hiding command and control traffic – traffic used by the bad guys to control the behavior of compromised systems.
With the majority of internet traffic and more than half of network attacks using encryption, you would be right in thinking that gaining visibility into encrypted traffic should be a priority. Indeed, if you are going to be serious about defending your network, you are going to need to be able to see the hidden half of the attacks you would otherwise miss out on.
Decryption – not if, but how/where
The obvious conclusion, that IT needs network decryption, is a given. The question that remains is how and where to do it. One seemingly obvious choice would be to leverage assets already in place such as Next Generation Firewalls. Unfortunately this can be an expensive and performance limiting option.
NSS Labs in their recent 2018 NGFW Group Test found that all performance metrics were impacted across the group by turning on SSL/TLS including:
- 92% drop in connection rate (range in test 84-99%)
- 672% increase in latency (range in test 99-2910%)
- 60% drop in throughput (range in test 13-95%)
Considering the critical role that the NGFW plays in the modern enterprise as well as the relatively high cost of these solutions, these are sobering figures to say the least. Considering the substantial cost of handling decryption in the NGFW, is there another approach that might prove more cost effective?
Enter the NPB
As it turns out, the NPB, or network packet broker, is a solution that may provide significant cost savings for many enterprises by offloading computationally expensive decrypt/encrypt actions from costly and CPU dependent NGFWs. Traffic can be filtered, deduplicated etc at line rate without impacting network performance.
Learn more about how a network packet broker can help you better handle encrypted traffic in this white paper, The Role of Active SSL Decryption in Network Monitoring.