Before the cloud, the majority of traffic on a network was east-west: where both the source and destination are within the organization’s internal network. North-south traffic was dominated by web-browsing and email with other people outside the organization. But as end-user applications migrate to the cloud, the proportion of east-west and north-south traffic on your network inverts. It’s not unheard of today for north-south traffic to equal or even exceed east-west traffic.
Combine that trend with 2 others:
- Most traffic today is encrypted. In some ways that’s a good thing, because encryption enables businesses to communicate securely with customers/partners and protects the privacy and integrity of data. But it creates new problems for information security folks because the only data you can actually see is the packet header, which is nothing but IP addresses and port numbers. There’s some monitoring and analytics you can do with that information, such as with threat intelligence feeds and session profiling, but your hands are really tied if you can’t decrypt the traffic.
- The bad guys actively use encryption to evade network-based security technologies. They are increasingly enhancing their APT payloads to hide their communications with command and control servers, as well as the actual exfiltration of stolen information inside encrypted connections disguised to look like legitimate web traffic. Attackers passively benefit from the prevalence of encryption. For instance, when an attacker compromises a legitimate website and uses it to deliver or stage malicious content, the fact that that legit website uses https means your network-based probes and monitoring agents are blind to the content. This leaves organizations wide open to malware attacks amongst others.
All of this makes decryption and monitoring of network traffic extremely important if you are to catch intruders, detect data leakage and be compliant.
But ironically, decryption and monitoring traffic for compliance can cause you other compliance problems related to all of the privacy legislation taking place around the world – like GDPR.
Some organizations are decentralizing network monitoring in order to deal with each country’s privacy laws. But when you have multiple sites and employees and customers in different countries, how do you maintain centralized visibility so that you can catch any traffic abnormalities that would otherwise be lost due to isolated analytics at each site? And how do you know that policies and controls are being implemented consistently across your entire organization?
In this real training for free event, we will look at monitoring encrypted network traffic from every angle, including:
- Technical challenges of decryption
- Need for centralized control and policy
- Requirement to keep private data inside each sovereign state’s borders according to local privacy laws
- How to control which data is decrypted and which is not
- Should you decrypt data to/from trusted cloud applications?
- How to deal with traffic steering requirements
In this webinar, I will start by briefly showing you how SSL decryption works from a technology standpoint and introduce you to the technical challenges related to performance, network topology and routing. Then we will look at this technology in the context of a multi-site organization that uses cloud apps and is subject to more than one country’s privacy laws.
Our sponsor is A10 Networks and Babur Nawaz Khan will join us to talk about security “blind spot” that your network defenses cannot look in to.
In session we will discuss:
- Encryption trends, benefits and popularity
- What’s hiding within your network traffic – Challenges of encryption
- Best practices for complete visibility for superior network security while Preserving Security, Compliance and Performance
Please join us for this real training for free session.