:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/PGNN3XEG7QMBB4CZDBV5CE5OXA.jpg)
:fill(white):background_color(white)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VO2MNWB3KXRL2PNOXWP6TW2I74.png)
There is an unprecedented demand for enterprises to optimise resources, become more agile and digitally transform at pace. They have to do it safely too, maintaining strong security policies that ensure frictionless business operations.
As technology continues to evolve, so too does the threat landscape. Security defences and risk mitigation strategies need constant attention.
Malware is a notable example why and one of the biggest threats facing today’s businesses.
The problem may have been around for a while but its constantly mutating forms and attack vectors are more nuanced than ever. There is a new level of pressure on business’ security defences.
Typical methods to safeguard against malware include sandboxing, data loss prevention (DLP), Intrusion Prevention Systems (IDS) and web gateways.
That isn’t always enough, however, particularly with the increasing influence of Secure Sockets Layer (SSL) reducing visibility of traffic flowing between the web server and browser.
SSL is an industry standard that protects online transactions between organisations and their customers. All data passing between browser and web server stays private and integral.
One of the main reasons malware is such a concern is its ability to hide within this encrypted traffic and go undetected. Businesses often only have visibility over the unencrypted traffic, which can range from 25 - 50 per cent of the total amount. Unfortunately, decrypting and re-encrypting traffic between each prevention system would take too long, not to mention cause latency issues and a decrease in performance.
A vivid example of modern malwares’ disruptive abilities is the Man-in-the-Browser attack, whereby it shims itself between a browser and the encrypted SSL layer.
Imagine if an employee is logging in from their SSL VPN at home, likely using a domain username and password to access the company server. All this captured by malware. The information would then be sent to C&C (Command & Control) servers where the details are compromised. An outsider now holds the keys to the kingdom and can gain access to the enterprise system. A perfect opportunity to drop in some more malware and exfiltrate sensitive company data.
A solution in sight
While big problems inevitably arise from malware hiding in SSL traffic, there are ways to stay safe without compromising operation agility.
F5 technology can solve provisioning and performance challenges via orchestration that automates workflows and the process of encrypting and decrypting SSL-encrypted traffic. Meanwhile, F5’s Forward Proxy SSL feature gives the Application Delivery Controller (BIG-IP) an ability to optimise SSL-secured communications that are directly authenticated by the user. The result is greater control in securing the traffic, while also allowing for improved latency and faster performance. As the administrator, F5 can define different security service chains for the traffic being sent from the web server to the browser. In other words, businesses get their visibility back.
[ f5.com/security ]
Keiron Shepherd is principal systems engineer with F5 Networks