While AI is the shiny new distraction when it comes to cybersecurity, the most immediate and threatening problem has yet to be solved: Visibility into an organization’s encrypted cloud traffic. You can’t protect what you can’t see, and the very technology that is supposed to secure traffic – transport layer security (TLS), otherwise known as encrypted traffic – is actually a perfect hiding place for cybercriminals.
As most organizations continue to operate in multi-cloud environments to keep pace with today’s digital workforce, we’ve simultaneously seen an exponential growth in encrypted traffic, accounting for roughly 95% of all network traffic. While encryption was once created with the intent to protect sensitive data, it limits an organization’s view into traffic patterns where malicious actors may be lurking and creates a more complex landscape for security operations (SecOps) teams to detect the “needle in the haystack” and prevent a threat actor from stealing an organization’s most valuable asset: its data.
Encrypted Traffic is Skyrocketing
In fact, 93% of malware hides behind encrypted traffic, but only 30% of security professionals claim visibility into it. It’s no wonder that in the first half of 2023, there were more ransomware attacks than all of 2022. Recent breaches such as MGM, Caesars and CDW have occurred due to an IT employee whose credentials were compromised — rendering perimeter security useless – leaving these organizations without any visibility into the traffic patterns to detect and stop the successful exfiltration of their data. With average dwell times being over a week, time is of the essence. However, cybersecurity professionals certainly aren’t unaware of the security risks that encrypted traffic holds; unknown blind spots keep 70% of CISOs, including myself, up at night.
Decryption is Time-Intensive and Daunting
So why have traditional decryption tactics not been sufficient? Unfortunately, the answer isn’t so simple. It’s a perfect storm fueled by increasing budgetary concerns – only heightened in today’s economic climate, expanding IT complexities and the growing talent shortage. Decrypting traffic is a manual and labor-intensive process. This leads to a substantial overhead cost and lost productivity that could be spent on more productive tasks. For context, 64% of SOC teams report spending over half of their time on mundane tasks like chasing false positives. In an industry where security professionals report burnout and that over half will quit their jobs in the next year, we can’t afford to waste time and resources. The new layers of innovation in TLS 1.3 – the latest version of the internet’s most deployed security protocols encrypting data to provide a more secure communication channel – also add layers of complexity that make it even more problematic to decrypt traffic.
However, despite the challenges decryption presents, it’s time to flip the status quo, beat cybercriminals at their own game and implement the deepest levels of visibility possible. Here are four benefits to gaining complete visibility into your organization’s encrypted cloud traffic:
- It isn’t ‘game over’ if your perimeter security tools fail – Once a threat actor enters an organization’s environment, they may traverse the network looking for the opportune person or time to make their move. With visibility into the continuous flow of lateral traffic, organizations can detect and prevent a threat actor from exfiltrating an organization’s data. While the assumed breach mentality remains and cybercriminals will always find a way in, it doesn’t have to be ‘game over’ once they’ve successfully breached perimeter controls.
- Your AI/ML tech stack is only as strong as the data within – Advancements in AI/ML are the innovation of the decade, yes. However, large language models, (LLMs), are only as accurate and beneficial as the data they are trained on. However, if 95% of network traffic is encrypted, that is an exorbitant amount of data your LLMs are lacking for accurate analysis of what is really taking place in your network. Only with a holistic view of the traffic and data can organizations train their AI/ML toolset for more optimized solutions and an improved security posture.
- Alleviate SOC burnout – 70% of their SOC analysts report burnout due to high-pressure environments, alert fatigue, false positives, and lack of real-time visibility. By granting your teams the tools they require to focus on less mundane tasks and more fulfilling tasks, not only will your organization be better protected from unseen threats, but they will also reap the benefits of a more meaningful career, leading to less turnover and, hopefully a closure in the talent gap.
- Meet SEC/Zero Trust Architecture Mandate – As of September 5, 2023, the SEC mandated organizations to comply with its new requirements to provide annual cybersecurity risk management, strategy and disclosures of any cybersecurity incident. This will be a forcing function for organizations to implement new approaches, such as a zero-trust model. However, zero-trust wasn’t supposed to be a slightly better, smaller perimeter. Zero-trust means that there is no perimeter, which requires monitoring all traffic, east to west and north to south, in plain text, to confidently state that the organization is free of immediate danger.
Only with complete visibility into all north-south (data leaving and entering an organization) and east-west traffic (data free flowing within your network) can organizations get the most out of their data and stay one step ahead of threat actors. Without it, organizations will continue to experience the devastating consequences of a cyber attack, SecOps teams will continue to feel the immense pressure contributing to the rising talent shortage and we’ll be left hunting blindly for the needle in the haystack. It’s time security professionals regain control and prioritize visibility in 2024 and beyond.
Recent Articles By Author