The importance of TLS/SSL decryption in a zero-trust model
With upwards of two-thirds of UK adults set to work remotely for the remainder of this year, it’s clear that the pandemic will create a larger attack surface, and increase opportunities for cyber criminals. In effect, the enterprise perimeter has not only expanded but it has also become much more distributed.
Likewise, modern cyber attacks are not just limited to network intrusion from the outside. Internal threat actors can often be found at the center of sophisticated attacks. Therefore, today, threats come from both inside and outside the organization, via the business partner and supplier ecosystem, and through employees working remotely. This means we need to re-assess and re-think the way we defend our networks, users and data. For example, organizations will need more support around connecting and managing BYOD devices on the home network, including sharing of policies and tools around sensitive data, which could be accessed via insecure Wi-Fi. Additionally, with ransomware, phishing and DDoS attacks growing exponentially, they will also be looking for technologies that enable them to protect networks from cyber attacks, especially those that threaten network availability.
Defending your network against a Trojan Horse
In the past, defending yourself and your sensitive assets was simple -- you had a general idea who your enemies were, from where they might attack, and what weapons they might use. It is the equivalent of putting all your key assets inside a castle, building strong walls and moats around them, and defending the barriers with all available resources. Defensive strategies were built around this concept for centuries. Throughout history, we have seen that such defenses failed whenever there was sabotage from within, made possible by "insiders" with malicious intent. However, there have also been instances where attacks and breaches were made possible by insiders who weren’t necessarily aware of the threats. They were unwittingly bringing in, as in the example of ancient Troy, the Trojan Horse that was used to invade the city.
Today, attackers are always evolving their methods; always looking for weak points in network defenses and coming up with novel ways to infiltrate the perimeter. Therefore, the concept of zones, perimeters and network segments and placing all the protected assets "inside" the secured network perimeter just doesn’t work anymore. We also need to realize that the "castle and moat" approach to our network defenses was mostly effective against threats that resided outside the network. But now we have the challenge of threats on the inside and modern attacks that work on multiple levels to try to bring the networks down. How do we protect our networks from people who have legitimate access to all its resources? Add to these challenges regulations like GDPR, and the rising fines, and you will appreciate that having your networks attacked and data breached is one of the worst things that can happen to a company.
Adopting the Zero-Trust model
In order to combat both internal and external threats many organisations are adopting a Zero-Trust approach. The Zero-Trust model, based on the simple principle of "trust nobody", defines rules which enhance the security of networks against attacks, whether they are initiated from the outside or within. The Zero-Trust model dictates that networks are redesigned in a way that traffic and access can be restricted. That incident detection and response is improved using comprehensive analytics and automation solutions, as well as centralized management and visibility into the network, data, workloads, users and devices. And that access is restricted as much as possible, limiting excessive privileges for all users. In multi-vendor networks, the Zero-Trust model decrees that all solutions should integrate and work together seamlessly, enabling compliance and unified security.
Combating blind spots in our network defences
That said, with the rise of encryption of internet traffic, it is becoming increasingly difficult to implement the Zero-Trust model in an effective way. That’s because with encryption comes the creation of a "blind spot" in our network defenses as most of the security devices we use are not designed to decrypt and inspect traffic. The Zero-Trust model is not immune to this problem as visibility is considered as one of the key elements to its successful implementation. Without complete encrypted traffic visibility, the model will fail, introducing vulnerabilities that can be exploited by both insiders and hackers. Therefore, a centralized and dedicated decryption solution must be placed at the center of the Zero-Trust model and should be included as one of the essential components of your security strategy.
Many security vendors will make claims of the ability to decrypt their own traffic, working independently of a centralized decryption solution. However, this "distributed decryption" approach can introduce problems of its own, including inferior performance and network bottlenecks, and fixing these could require costly upgrades.
Anthony Webb is EMEA VP, A10 Networks