Review: How Barac ETV analyzes encrypted data streams

Barac’s Encrypted Traffic Visibility Platform can halt encrypted attacks — without breaking the encryption. In our tests, the results seemed mostly instantaneous.

Encryption is one of the best ways that organizations can protect their data from thieves. If critical information is stored or transported in an encrypted format, it has some measure of protection even if it gets compromised or stolen. For example, even a huge database of credit cards is not much good to a hacker if the whole thing is heavily encrypted and unreadable.

But hackers use encryption to their advantage too, mainly by using encrypted channels to launch attacks against networks. If the code of an attack is encrypted, there is a much better chance of it slipping past cybersecurity defenses.

Some cybersecurity platforms today can inspect encrypted traffic, most commonly by examining each packet directly, or by decrypting them for scanning before sending them on their way. While this kind of process works, it can be somewhat cumbersome and use a lot of computing resources and/or bandwidth, depending on the application. And it may not work for much longer. That is because the Transport Layer Security (TLS) 1.3 standard has been finalized and is starting to see deployments. TLS 1.3 prevents any decryption or inspection in transit, seeing it as a compromise. As such, it may soon be impossible at most organizations to inspect encrypted traffic without first completely decrypting and assembling it. And doing that gives malicious code a chance to perform its nefarious mission.

That situation is why Barac created the Encrypted Traffic Visibility (ETV) Platform. It’s designed to analyze encrypted data streams and determine whether or not they are malicious — without unencrypting them or doing any kind of deep inspection that would indicate tampering under TLS 1.3.

Getting started

The platform is installed in two main pieces. The first is the brains of the program that analyzes all the information about traffic and puts it into a graphical interface. The core of the ETV platform can also take automatic actions like blocking malicious data streams or sharing threat data with a security information and event manager (SIEM). It can exist as an appliance within a network or be accessed through the web in a software as a service model.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!