​Monitoring SSL traffic now everyone's concern: A10 Networks

As the uptake of SSL grows, Tim Blombery, systems engineer at A10 Networks, said threat actors are increasingly leveraging SSL-based encryption to hide malicious activity.
Written by Asha Barbaschow, Contributor

As usage of Secure Sockets Layer (SSL) moves beyond the login page or banking website and out into the wider web, Tim Blombery, Systems Engineer at security firm A10 Networks, believes monitoring SSL traffic should now be a concern for almost every company.

Blombery believes that encryption is necessary to protect online data in transit from being compromised, but noted threats are always evolving. With over half of the traffic on the internet now encrypted with SSL, he said bad actors are leveraging SSL-based encryption to hide malicious activity from existing security controls and technology.

Consequently, Blombery said this means enterprises have lost the ability to look at the traffic that is traversing their network, opening themselves up to attack.

"This is becoming an increasing vector for attacks and compromises of networks," he said. "I think SSL offers a very pertinent threat at the moment."

Blombery said attacks often arrive via the likes of a Gmail account, which is encrypted to the desktop, with someone unwittingly opening a file containing a cryptolocker.

"Off they go, they've compromised that particular system and potentially the entire network," he said. "Having SSL visibility is vital for Australian enterprises and I think they're just starting to get that idea."

As it often takes a breach for someone to jump on board with a specific security solution, Blombery said more and more Australian businesses are starting to become aware of the need to monitor SSL traffic because they have either been affected or heard of someone who has been affected by this sort of attack.

"There are serious breaches regularly, but everyone's breach is serious for them," he said. "Even the smallest of companies needs to be security conscious these days."

The hardware for SSL inspection is a device sitting on the perimeter taking the SSL offload, the company said, which decrypts traffic and then passes it on to the firewall or IPS.

"Once those devices do their job, they hand the traffic back to our device to re-encrpyt and send on to the destination -- that's traffic coming in or out," Blombery said.

Image: A10 Networks

With mandatory breach reporting laws not yet in place in Australia, Blombery noted that even if there was an abundance of breaches due to SSL traffic not inspected, the public might not even know about it.

"For the individuals affected, you certainly want to know if your account or any account is being breached -- you should be informed," he added.

"A lot of people silly enough have the same password for everything or the same subset of passwords, so if a company you're working with has been breached and you don't have that visibility, then potentially all of your online identity can be compromised."

A10 Networks recently completed its first acquisition, scooping up cloud application delivery firm Appcito.

"It really expands us into not just the cloud but as a cloud native company as well," Blombery said. "Appcito brings load balancing as-a-service, in the cloud functionality that we'll be able to tie in with our own existing infrastructure based functionality, and allow for common policy to support the applications whether they're in the datacentre or in the public cloud somewhere."

Blombery said Appcito is already embedded within A10 and are essentially the cloud decision of the organisation.

Editorial standards