Encryption can prevent bad actors from snooping on critical data, but it can also allow them to hide malicious activity from network defenders. That’s why LiveAction, a web vision company, has launched ThreatEye NV – a platform that gives SecOps teams powerful tools to look for threats and anomalies in encrypted traffic. “In 2014, about 30% of traffic was encrypted. Now it is between 80% and 90%. By the end of 2025, it will be almost all traffic,” says Thomas Bohr, Director of Product Marketing at LiveAction. This is a problem for Network Defender. If you are unable to identify these encrypted tunnels and connections, how can you identify threats? “.

Ed Cabrera, Senior Cyber ​​Security Specialist at Trend Micro, adds: “Encrypted traffic gives cybercriminals more opportunities to forge or generate legitimate SSL/TLS certificates for phishing sites, deliver malware using encrypted C2 servers and extract stolen data using Asymmetric and Symmetric Encryption.

Check also:

ThreatEye can analyze more than 150 attributes and behaviors of a package

LiveAction explains in a press release that ThreatEye uses deep packet analysis to eliminate the need to decrypt network traffic and check for malicious payloads. The platform can analyze more than 150 attributes and behaviors of a packet in multi-vendor, multi-domain, and multi-cloud network environments. This helps speed up real-time threat detection, eliminate crypto-blindness, check cryptographic compliance, and allows teams to better secure the entire network and coordinate responses with other security tools like SIEM and SOAR, the company adds.

Other benefits of the platform include:

• Real-time detection of threats and anomalies

• Eliminate encryption blindness without the need for decryption or performance degradation

• Simple implementation in a SaaS model with software sensors that can be deployed wherever visibility is required

• SOC support including dashboards to increase response efficiency.

• Leverage machine learning models specifically developed for specific security and visibility use cases.

91.5% of detected and blocked malware came from encrypted traffic

“Web encryption and encryption in general are good things,” says Corey Publisher, CEO of Watchguard, a network security company in Seattle, Washington. “It serves an enormous business purpose that we all care about.” Security checks. “Inside the device, the traffic is decrypted. It scans, re-encodes and sends it on its way. However, this method does not seem to be very popular. Nachreiner admits that only about 20% of Watchguard customers use this feature because configuration requires some effort on the administrator’s part.

However, the effort involved in preparing this process has some significant advantages. Nachreiner notes that in organizations that use decryption, 91.5% of malware detected and blocked came from encrypted traffic.

Analysis of encrypted traffic in the future to enhance the security situation

“Security analysts cannot rely solely on system log messages to identify challenges. We need to take advantage of machine learning and identify network traffic and these advanced attack patterns,” says Bohr, adding that encryption will continue to improve, making encryption blindness more difficult and expensive for For solutions that rely on data decoding and re-encoding. He believes that “there will be no clear vision in future versions of encryption”. “It will be a huge problem for defenders. This is why the analysis of encrypted traffic will be a future tool to enhance the security of the organization.”

Source: CSO