If You Can’t Inspect Encrypted Traffic, You Don’t Know What You’re Missing (and It’s Not Good)

More and more traffic traveling across the Internet is encrypted. By 2019, more than 80 percent of enterprise web traffic will be encrypted, according to Gartner forecasts. On the surface, this sounds like great news that should bring a collective sigh of relief from the IT security folks. Encrypted traffic translates to a smaller chance that sensitive data will be exposed to unauthorized parties.

Problem is, it’s not just the good guys who are using encryption. The bad guys are always looking for ways to cover up their activity. In fact, Gartner predicts that some type of encryption will be used in more than half of new malware campaigns in 2019 and more than 70 percent in 2020.

HTTPS is taking over HTTP as the primary communication protocol between browsers and websites. Again, that’s great news on the surface, but hackers are also using HTTPS to deliver malware, which makes it more difficult to detect threats. Gartner believes that more than six in 10 organizations will be unable to efficiently decrypt HTTPS traffic by 2020.

Traditional firewalls aren’t capable of inspecting encrypted traffic, which means organizations using these firewalls can’t detect and prevent an increasing number of Internet malware attacks. Deep packet inspection doesn’t work on SSL-encrypted traffic. That means a user trying to do the right thing by only visiting approved websites and search engines could be exposed to attacks involving malware embedded in encrypted traffic.

Suppose you have a next-generation firewall capable of decrypting traffic. In most cases, you sacrifice performance for security due to the complexity of the decryption process. You need a firewall that can quickly and efficiently decrypt and inspect encrypted traffic so you don’t have to make those tradeoffs.

Palo Alto Networks recently introduced updates to its PAN-OS operating system that simplify decryption and reduce the complexity that hampers the implementation of cybersecurity best practices. PAN-OS 8.1 makes it easier to deploy SSL decryption in multivendor environments, using high-throughput decryption on the next-generation firewall. Cleartext traffic is shared with other devices, such as data loss prevention tools, to support more widespread policy enforcement. This also eliminates the need for separate SSL offloaders, which further streamlines deployment, infrastructure and operations.

The new PA-3200 Series next-generation firewall appliances offer 20 times more SSL decryption session capacity than their predecessor and deliver high-performance decryption at the Internet edge. The new PA-5280 appliance doubles the session capacity and boosts performance for securing large data centers and mobile network operator infrastructures.

With the new PAN-OS, Palo Alto’s App-ID technology can be implemented more efficiently to support best practices for application controls and maintain and track application-based security policies. Proactive device monitoring can be integrated into an automated workflow to alert administrators to unusual activity and accelerate remediation. Additionally, updates to the WildFire cloud-based threat analysis service provide advanced threat detection and prevention, while the next-generation firewall continuously collects rich data for analytics.

All organizations need to ask a simple question: Is our firewall capable of efficiently inspecting encrypted traffic? If not, the risk of exposure will grow exponentially in the next two years. Let us show you how new solutions from Palo Alto improve your security posture.