The Need for SSL Inspection
SSL inspection is a vital network security capability for modern organizations since the overwhelming majority of web traffic is now encrypted, and some cybersecurity analysts estimate more than 90% of malware may now hide in encrypted channels.
Despite this increased encryption usage, many organizations still only perform SSL/TLS inspection on some of their traffic while allowing traffic from certain “trusted” sources to go uninspected. Because the internet can change so easily, this can be risky. Websites, for example, are delivered dynamically and can draw from multiple sources to display hundreds of objects, each of which may pose a threat.
Meanwhile, malware authors are increasingly using encryption to hide their exploits. With more than 100 SSL certificate authorities around the globe today, it’s easy and inexpensive to obtain a valid signed certificate. At any given time, around 70% of traffic the Zscaler Cloud processes is encrypted, accentuating the importance of being able to inspect SSL traffic.
So, why doesn’t everybody do it? Quite simply, decryption, inspection, and re-encryption of SSL traffic are highly compute-intensive, and without the right technology, the process can have a devastating impact on your network’s performance. Most companies can’t afford to grind business and workflows to a halt, so they have no choice but to bypass HTTPS inspection by appliances that can’t keep up with the processing demands.
Encryption and the Modern Threat Landscape
With mounting concerns over data privacy in recent years, there’s been a strong trend toward encryption by default. This is great for privacy, but the technical requirements—and in many cases, the pricing of the necessary hardware—are too much for many organizations. As a result, these organizations aren’t equipped to inspect encrypted traffic at scale.
Threat actors know this, so SSL-based threats are on the rise. Though hackers have found many ways to infiltrate systems and steal data, breaking encryption remains difficult and time-consuming and is, therefore, an inefficient approach. Instead, they have begun to use encryption themselves to serve malicious content, hide malware, and carry out attacks without detection.
For years, the symbol of a lock next to a website’s URL address communicated that the site was secure, but it is no longer any guarantee of safety. Traffic moving through encrypted channels should not be trusted simply by virtue of a digital certificate. Once seen as the ultimate protection for data being transmitted over the internet, SSL has become the ultimate playground for cybercriminals to carry out their nefarious acts.