Month: February 2021

SSL Decryption

Eliminating Firewall Blind Spots with SSL Decryption

Eliminating Firewall Blind Spots with SSL Decryption

Published

Written by

Filed under

For years, it was common to visit websites that were not available over HTTPS, and even as recent as 2019, major websites like ESPN were still only available over regular, insecure HTTP. However, thanks to initiatives from web browsers, like Google Chrome in 2018 who began warning users that any website visited over HTTP is “not secure”, encountering a website that is only available via HTTP is a rare occurrence these days. In fact, according to Google, Chrome users are now spending more than 90 percent of their time using encrypted websites and applications.

This astounding statistic makes it clear that encrypted traffic has become the new normal. As a user, this statistic represents an amazing shift forward in regards to privacy and security, but as an IT and cybersecurity professional, this brings new challenges: is your firewall effective against traffic that is, by design, supposed to keep prying eyes out?

SSL Decryption
Percentage of pages loaded over HTTPS in Chrome by platform

How can SSL create a blind spot?

Secure Sockets Layer (SSL), later replaced by Transport Layer Security (TLS), is the standard protocol to transmit secure data over the internet. It is what makes visiting a website over HTTPS secure versus plain HTTP. SSL encrypts traffic, placing it inside of a “tunnel” so the confidentiality and integrity of your banking transaction, for example, remain unaffected.

Unfortunately, this technology was designed for good, but can also be used for evil, as cybercriminals commonly hide threats inside of encrypted traffic in order to go around security controls. Even businesses with the most extensive security measures in place can be targeted if they are not closely monitoring encrypted traffic.

Solution: SSL Decryption

On a next-gen firewall like a Fortinet FortiGate, the key to monitoring and protecting against threats that may be contained inside encrypted traffic is SSL decryption, also commonly called SSL deep packet inspection. With SSL decryption enabled, the firewall is configured to intercept encrypted traffic before it reaches its destination. Once intercepted, the firewall will decrypt, inspect, and re-encrypt the traffic before forwarding it to the original destination. SSL decryption gives the firewall new capabilities to identify and analyze encrypted traffic and applications to prevent these previously undetectable threats, attacks, and data leakage.

SSL Decryption

SSL decryption is a very powerful capability, and in some cases regulations may prohibit you from decrypting user data. In these cases, the firewall can be configured to decrypt HTTPS only on certain questionable websites and applications, while other web traffic from familiar and recognizable organizations smoothly bypasses SSL decryption.

Firewall Limitations Without SSL Decryption

Without SSL decryption, the security profiles on your next-gen firewall are limited in their ability to protect you against these hidden threats. The table below gives an example of how a FortiGate next-gen firewall’s features are limited when SSL deep inspection is not enabled:

SSL Decryption

And these firewall limitations don’t just apply to HTTP and HTTPS traffic. Other secure protocols can be inspected with SSL deep inspection as well, such as SMTPS, POP3S, IMAPS, and FTPS.

If your organization is unsure if your firewall is performing SSL decryption, or if you want expert guidance on enabling SSL decryption, please reach out to us. We are happy to offer a free consultation on how our team of certified security experts can help give you the visibility needed in today’s world of almost completed encrypted traffic. 

Read More from this Author

network services

Who is the Insider Threat?

Who is the Insider Threat?

Published

Written by

Filed under

The insider threat is something that’s faced by all organizations, regardless of size or industry. This year alone, insider threat attacks have skyrocketed, and organizations are now looking for ways to identify these threats before it’s too late.

Part of the challenge for modern organizations is that today’s perimeter is no longer easily defined. The data center was once your network’s primary point of entry and exit. However, the explosion of new connected devices, 5G, and hyper-scale cloud deployments have expanded the perimeter across the entire infrastructure. The modern network has even reached our home offices, creating new edges that now need to be secured. The proliferation of applications and the number of connected devices create billions of edges that need to be managed and protected. In addition, according to Google, more than 80% of online traffic is now encrypted, presenting new challenges for inspection of malicious traffic.

Unfortunately, most security breaches today are due to human error. Anyone with access to your data or systems—whether that be your employee, former employee, partner, supplier, or even your board member — has the potential to expose confidential information.

Accidental Insiders

When looking at the different types of insider threats, accidental insiders represent the largest percentage. These are individuals that are unwittingly causing harm by clicking on malicious links, failing to follow policies and procedures, or simply just being careless. Accidental insiders can also be the people that are driving technology changes within your organizations but don’t want to be slowed down with processes. They can even be overworked admins who try to take shortcuts by not patching or having weak passwords.

Malicious Insiders

The malicious insiders are deliberate and intentional in their efforts to either steal information or cause disruption. Usually, it’s for financial gain, but it also can be a disgruntled employee that has been downsized or laid off. While these individuals can work on their own, they can also work on behalf of a third-party agent.

Credential Thieves

The last group of insiders is the credential thieves. Once any adversary compromises a username and password, they are essentially an insider. While hiding behind legitimate credentials, they can masquerade around your organization as a known trusted employee, taking whatever information they can. What makes this type of insider threat so hard to combat is that they are pretending to be someone that is a known and trusted entity within the organization. 

Creating A Strategy

Every organization should be concerned by insider threats. Not only can you lose valuable data, but the financial implications of an insider security breach can be detrimental. According to the Ponemon Institute, accidental insiders have cost on average $4.5 million, malicious insiders over $4 million, and credential thieves about $2.7 million. With these numbers on the rise, it is essential that organizations are concerned and focused on reducing the risk of damage caused by insider threats.

So, how can organizations address the challenge of insider threats? How can organizations identify what is good versus bad behavior? How should your security posture compare with similar organizations? How can teams create an environment where employees don’t feel as if they’re not trusted? How can you explain the potential impact of the insider threat to other executives who drive some of that investment and strategic outlook? What tasks should be prioritized in the near term to address these? And most importantly, how do you achieve that cyber situation awareness and keep breaches at bay?

When it seems like the adversary is someone who could potentially be inside your environment, the task may seem improbable to address. What organizations need to leverage are the pillars of IT security: People, Processes, and Technology. An approach combining these three elements is needed to address the human risk challenge.

People Strategies for Combatting Insider Threats

First, the organization must create and prioritize a culture of security. Education is key here, with investments in security awareness training, phish testing, etc. People need to understand what they should and should not be doing within the environment and how to practice good cyber hygiene. Since most ransomware attacks are largely done by social engineering attacks, phish testing is important to prepare and train your workforce for these types of attacks.

As a result, as employees become more familiar and prepared, they can become more vigilant and help report incidents. Similarly, organizations need to support incidence reporting by helping employees understand where to go with this information.

Read More from this Author

network services

ZR Systems, now VPLS, selected as one of 2021 Best Places to Work in Hawaii

ZR Systems, now VPLS, selected as one of 2021 Best Places to Work in Hawaii

Published

Written by

Filed under

We are excited to announce that ZR Systems (now VPLS) has ranked as one of the 2021 Best Places to Work in Hawaii by Hawaii Business Magazine. ZR Systems (now VPLS) has made several appearances on this annual list, which identifies organizations that help employees develop their full potential.

We are proud of our Hawaiian team and the local leadership who remain invested in growing and maintaining local talent. Last year was a year characterized by unprecedented stress and turmoil. In this challenging environment, the Hawaii team was able to provide an exceptional employee experience and fair and equal workplace, while ensuring employees felt stable and valued. I applaud everyone for creating such a positive workplace culture.”

“Our team has always been committed to excellent customer service and this achievement shows that our service-oriented attitude permeates both externally and internally,” says Ricky Zheng, VP/GM of Hawaii and Pacific Islands. “I am pleased that we have created a positive and inspiring environment that attracts, retains, and empowers our people. I look forward to continuing to build and support this diverse and talented team.”

As one of Hawaii’s top employers, VPLS is continuing to expand its Aiea team, with roles open in engineering and help desk support. Employees enjoy generous benefits and perks, including career guidance, paid parental leave, and more.

Read More from this Author

Scroll to Top