How Decryption of Network Traffic Can Improve Security

Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy. However, organizations with a commitment to data privacy aren’t the only ones who see value in obscuring their digital footprint in encrypted traffic. Cybercriminals have been quick to weaponize encryption as a means to hide their malicious activity in otherwise benign traffic. Gartner shared that 70 percent of malware campaigns in 2020 used some type of encryption. And Zscaler is blocking 733 million encrypted attacks per month this year, an increase of 260 percent over 2019. According to a Joint Cybersecurity Advisory issued by the FBI, CISA, the U.K. National Cyber Security Centre and the Australian Cyber Security Centre, encrypted protocols are used to mask lateral movement and other advanced tactics in 60 percent of attacks using the 30 most exploited network vulnerabilities. Put another way, organizations are blind to 60 percent of CISA’s most exploited vulnerabilities. Security researchers have also found sophisticated emerging attack techniques with line-rate decryption of the most commonly abused Microsoft protocols, such as SMBv3, Active Directory Kerberos, Microsoft Remote Procedure Call (MS-RPC), NTLM, LDAP,…