Cloud Security , Encryption & Key Management , Next-Generation Technologies & Secure Development
Encrypted Traffic: Highly Secure or a Bastion of Hidden Threats?
In the 2002 blockbuster Minority Report, pre-cognition allowed for the prediction of crimes before they occur, preventing them from happening in the first place.
Similarly, in 2024 hidden threats within encrypted traffic present a significant challenge to cybersecurity. Some 62 percent of respondents to the Gigamon 2024 Hybrid Cloud Security Survey admit their encrypted traffic is less likely to be inspected because it’s deemed trustworthy.
More than three quarters of those respondents, 76 percent also believe that encryption makes network traffic more secure. However, separate research indicates that in reality, 93 percent of malware now lurks in traffic that has been encrypted1. And in some cases, the malware itself is also encrypted as threat actors use encryption to their advantage to mask their actions.
With most malware hiding in the secure sockets layer/transport layer security (SSL/TLS) encryption used by secure websites and 65 percent of lateral East-West network traffic encrypted2, the latest Gigamon survey findings indicate that there’s a huge security blind spot inside many organizations.
Modern hybrid cloud infrastructure only amplifies the challenge as encrypted traffic moves in and out of the cloud. Yet more than half of the respondents to the Gigamon survey (53%) say they don’t decrypt this traffic because doing so would be too time-consuming and processing-intensive.
How should CISOs address this vulnerability? How can they ensure that encrypted traffic — especially lateral traffic that has already cleared the firewall — is inspected without overburdening their security team’s resources?
Do Nothing? Decrypt? Or Precrypt?
“You can’t secure what you can’t see,” said Gigamon Chief Product Officer Michael Dickman, who explained that because many threats pick up speed as they move laterally across an organization, “it’s important to be able to view encrypted data once it’s inside the network — and not just at the perimeter.”
Basically, organizations tend to use one of three options when it comes to traffic inspection. Some choose to simply let encrypted traffic flow without inspection. Others prefer to decrypt certain applications and workloads, rerouting lateral encrypted traffic to a decryption appliance, where it can be viewed and inspected.
Still others choose to take advantage of technologies like Precryption to gain the visibility needed. Just as the “pre-crime” unit relied on the foresight of “precogs,” Gigamon Precryption™ technology provides pre-emptive plaintext visibility into encrypted data — allowing organizations to anticipate and neutralize threats before they materialize.
Gigamon Precryption technology provides plaintext visibility by leveraging inherent features in Linux eBPF kernel technology to examine traffic, either before its encrypted or after it’s decrypted, Dickman explained. Since Precryption technology doesn’t actually decrypt traffic, there are no encryption keys that need to be intercepted and no key libraries to be managed. This makes Precryption easier to deploy with much lower overhead than other decryption approaches.
“Encrypted traffic poses a real challenge,” said Omer Singer, VP of Strategy at Anvilogic. “Industry advances like Gigamon Precryption technology presents a compelling path for monitoring encrypted traffic across a hybrid cloud infrastructure,” he explained.
Eliminating Hybrid-Cloud Blind Spots
As cloud migration continues to accelerate, CISOs must contend with many more blind spots due to traffic encryption than ever before. To underscore this point, 37 percent of cloud security incidents have gone undetected this year, according to Gigamon’s survey, up from 31 percent in 2023.3
Proliferating attacks concealed in encrypted lateral East-West network traffic “are why so many organizations are moving to Zero Trust architectures,” Dickman explained, because “to achieve Zero Trust, you need full visibility across your entire network, regardless of whether assets reside on-premises or are hosted in the cloud.”
According to Michael Trofi, Founder of Trofi Security and CISO for the United States Holocaust Memorial Museum, as his organization’s reliance on cloud services increases, the ability to inspect encrypted communications is critical. “With Precryption, Gigamon is 10 years ahead of the security industry,” he said.
Mike McCann, Network Manager for Information Systems at Foxwoods Resort Casino, agreed. “When I realized that Gigamon Precryption eliminates the complexity of key management and enables us to detect threats with a single view, it became clear that this technology will redefine our security processes and significantly enhance our security posture,” he said.
Next Steps
Gigamon Precryption technology is the latest addition to the Gigamon Deep Observability Pipeline, which provides complete visibility into all network traffic across hybrid cloud infrastructure, regardless of whether it’s encrypted — much like seeing the future without altering it.
To learn more about how Precryption reveals threat activity in the cloud, visit the Gigamon Precryption web page, or request a demo.
1 "New Report from WatchGuard Threat Lab Shows Surge in Endpoint Ransomware, Decline in Network-Detected Malware,” WatchGuard Technologies https://www.watchguard.com/wgrd-resource-center/security-report-q4-2022
2 "2022 TLS Trends Report,” Gigamon