Network Encryption, Modern Applications Impact Security Visibility

Encrypted traffic, and today’s constantly changing application environments, make network security more challenging.

data securitylock picture id1204583789

There has been massive growth in the encryption of Internet traffic—from 50% in January 2014 to 95% as of March 20, 2021, according to Google’s Transparency Report.

This rise is a double-edged sword. It’s a good thing that organizations are using encryption to protect critical network data. However, adversaries are also using the technology. They’re increasingly encrypting their attacks, using protocols like Transport Layer Security (TLS) to hide malware in network traffic.

The sheer volume of encrypted traffic has made it difficult to gain visibility into threats.

“Many organizations are flying quite blind with regard to network visibility,” says Bill Mabon, Senior Manager of Network and Application Security Products at Cisco. “It’s operationally challenging to decrypt everything to inspect it, especially when an organization has legal restrictions on what can be decrypted.”

Additionally, application developers may include certificate pinning in software development, where an app-specific cryptographic certificate prevents any form of decryption prior to receipt on a client system. The functionality is meant to protect sensitive data, such as banking and health information. Yet, when used elsewhere, it makes regulatory compliance doubly hard for organizations conducting deep packet inspection, a critical function for gaining visibility into potential network threats. Administrators likely cannot decrypt every flow, whether because of certificate pinning, legal reasons, or lack of resources.

Another trend is challenging network security: changes in application architectures. The shift from monolithic apps to multicloud, containerized and microservices-based development increases the layers, functions, and flows that must be secured. Applications can change daily, even hourly, making it impossible to keep up without automation. Modern continuous integration and continuous delivery (CI/CD) applications necessitate tighter coordination among developers, security, and network teams to ensure application environments and workloads are secure, firewalls are appropriately configured, and policies are baked-in. Otherwise, vulnerabilities and misconfigurations in these constantly changing environments leave open doors for potential threat actors.

Amid these challenges, the IT infrastructure continues to grow and expand, with more endpoints being added to the network. Security teams are being tasked with additional monitoring, and they’re spending more time threat hunting and inspecting higher volumes of log data.

Improving network and application visibility and security

Cisco’s portfolio of network and application workload-level security solutions helps organizations meet these challenges. For example, Cisco Secure Firewall inspects web traffic to block network intrusions. In situations where decrypting to inspect isn’t feasible or permitted, Secure Firewall enables security policy enforcement without the performance penalty, or compliance risks, associated with full decryption and inspection. Additionally, Secure Firewall’s unique TLS Server Identity Discovery feature maintains Layer 7 firewall policies with encrypted TLS 1.3 flows.

To further enhance visibility with encrypted traffic, the solution is also available with Security Analytics and Logging (SAL) to quickly find anomalies in encrypted network traffic, while also enabling log retention compliance. Available as a cloud-based SaaS or on-premises solution, SAL aggregates log data across all Secure Firewalls in multicloud, data center, and on-prem environments to help security teams to operate efficiently.

Cisco also provides automation capabilities in dynamic application environments for policy coordination, rapid vulnerability identification, and workload microsegmentation. “For organizations investing in Kubernetes, including now in AWS EKS environments,” says Mabon, “Cisco Secure Workload establishes a baseline for secure workflows and then enforces policies automatically.”

These innovations simplify the complexity of network and workload security, “empowering security teams with the visibility to secure more environments, under more conditions, with more success,” Mabon says.

Learn more about Cisco Secure Firewall and Cisco Secure Workload.


Copyright © 2021 IDG Communications, Inc.