Part 2: Understanding SSL/TLS encrypted attack vectors
As cloud-based technologies become the tool of choice for today’s global workforces, keeping businesses protected from web-based attacks is a primary challenge for IT service providers.
First, let’s look at how encryption is used to keep web traffic safe. For example, hypertext transfer protocol secure — or HTTPS — uses encryption technologies like transport layer security (TLS), and previously secure socket layer (SSL), to keep Internet users and cloud services safe by securely connecting web browsers and apps to websites. In fact, because HTTPS ensures these connections stay safe, security best practices recommend that any website or web services that require login credentials should be using HTTPS.
Yet, the issue for any managed service provider (MSP) or managed security service provider (MSSP) that is responsible for securing customers’ web traffic, is that encrypted traffic has become a problematic security issue. That’s because, while HTTPS encryption continues to be a key defense in protecting data traffic on the web — cybercriminals are also using encryption techniques to hide malware and launch malicious attacks.
The reality is, hiding malware in encrypted web traffic is an easy way for attackers to undermine vulnerable websites. And as small and mid-size businesses (SMBs) adapt, and even find productivity benefits from cloud-based services and the current work-from-home experiment, the volume of malicious, encrypted web traffic is growing. Worse, it’s becoming more difficult for traditional security measures to detect and protect against these new techniques and attacks.
In our What’s Hiding in SSL/TLS Traffic? white paper, we examine the rise in encrypte ..
Support the originator by clicking the read the rest link below.
