F5 Networks on the threat of hidden malware
Cybersecurity continues to climb the priority list for organisations of all sizes and, with things changing as quickly as they do and new threats being introduced daily, it’s difficult to keep up.
The latest threat under debate is that of hidden malware.
“It’s a sneaky one,” said Simon McCullough, F5 Networks’ Major Channel Account Manager.
“Whereas threats like ransomware are really scary exhibitionists that strive to be acknowledged and feared, hidden malware would actually prefer to never be found.
“That way, it can lie in the dark collecting personal and business data with absolutely nobody being the wiser.”
With a large percentage of businesses now encrypting their web traffic using SSL/TLS, it’s many have increased their use of data encryption in an effort to stall hacks and threats. But these encryption measures come with their own brand-new set of issues.
“Overall, this is a positive trend,” added Anton Jacobsz, Managing Director at Networks Unlimited.
“However, as they do, hackers have quickly evolved their approaches and found a way to introduce hidden and malicious code with SSL/TLS encryption basically serving as a tunnel, allowing it smooth and hidden passage as it breezes through firewalls and into the business network – undetected.”
This reality is forcing businesses to build or adopt efficient solutions that allow their network and apps to respond to the increased demands of ubiquitous encryption.
There are a few routes these businesses can take, said McCullough, but only one of them is worthwhile.
Do nothing: “We can hold our breath and pray they don’t find us but it’s not likely or smart,” said McCullough.
“Attackers are increasingly concealing their code in traffic that security devices cannot see – the ‘do nothing’ option is a recipe for disaster.”
Deploy a decryption air gap: Decryption ‘air gaps’ are where security teams decrypt in and outbound traffic before passing it through a daisy chain of security inspection devices and then re-encrypting it.
“This approach may uncover the hidden malware so that it is at least seen, but it also creates a red zone where user passwords are transmitted into the open,” said McCullough.
Orchestrate: When applying policy-based decryption and traffic steering to both in and outbound traffic, companies can conduct their ‘orchestra’ of security devices. A high performing SSL/TLS orchestration solution can improve visibility and protect apps while increasing the security, efficiency and resilience of the security stack.
Jacobsz explained: “Outbound traffic flows into the SSL/TLS orchestration device, which decrypts it. Then, based on a set of customisable rules, the encryption traffic passes directly to the associated chain of security devices.
“Traffic is scanned and cleared by the security devices and it goes back to the SSL/TLS orchestration device, which re-encrypts it and sends it on its way.
“Visibility into encrypted traffic is key to protecting applications and securing data and an SSL/TLS orchestration solution can provide high-performance decryption and encryption of outbound TLS traffic – without slowing your traffic down.”
McCullough added: “The current growth of hidden malware within encrypted traffic is cause for concern. Without visibility into SSL/TLS traffic, you’re going to be facing some serious blind spots in your security, which could lead to data breaches, financial losses and damage to the corporate brand.
“It is essential to regain visibility into this traffic – allowing malware-scanning and prevention devices to protect apps and the network.
“Much like a conductor who needs to see every musician in the orchestra, enjoying better visibility means increased performance and less risk.”