Aug 15 2014

Encrypted Highway to the Danger Zone

Russian gangs, NSA vigilantes, and bleeding hearts – sounds like the groundwork for a cool, blockbuster movie. Unfortunately, this is the reality we now face.  According to Authentify, a data breach could cost your company up to $5.4 million, not to mention a lifetime of damage control to your company’s reputation.

One way organizations are cracking down on data security is through encryption. The 2013 Global Encryption Trends Study reported that thirty-five percent of organizations now have an encryption strategy in effect throughout their entire enterprise, up from 29 percent in 2012.

There’s no denying that organizations have embraced encryption technology. So why is it a risk to your organization? The problem is not in the encryption, it’s in the management of your encrypted channels.

What you don’t see, can hurt you

Encryption is a key ingredient in your overall security strategy and most organizations have adapted encryption as a way of mitigating the effects of a data breach. This is a great first step, but if your organization lacks sufficient access controls, continuous monitoring, DLP or forensics capabilities into your encrypted channels, how can you really know what’s going on in your network?

These encrypted connections often carry high value payloads such as credit card numbers and personally identifiable information, but without visibility or monitoring capabilities, the encryption used to protect this data inevitably blinds operations & forensics teams.

If a network’s encrypted channels are compromised, hackers can have unlimited access to your confidential data, and will use your privileged access and secured channels to transport high value assets right under your nose and out of your network. By the time a data breach is discovered, the damage has already been done. In many cases, you are left in the dark as to what was taken, and by whom, all while your company’s name is being printed across the top of every news outlet.

Malicious Insiders or External Threats?

Who do you defend yourself against? Privileged users, like system and application administrators, have access to your most sensitive business information and systems, and while most trusted insiders are just that, trusted, it only takes one bad actor to cause permanent damage to your organization. It’s not just insiders you need to protect yourself from. As Jonathan Lewis, Director of Product Marketing at SSH explains, “The insider may already have those privileges. The outsider has to obtain them first. From that point on, the outsider is, effectively, an insider.

One thing insider and external threats have in common, is they all know that these secured channels go unmonitored. In fact, a simple Google search reveals a plethora of hacking how-to’s for using encryption protocols to bypass corporate firewalls.

So whether it’s a malicious insider who has access to secured channels and privileged identities, or an external threat using stolen credentials, if these sessions are not continuously monitored, your encrypted channels could become a highway for malicious activity.

The good news is you can defend your company against these attacks by controlling what a privileged identity can do, limiting the size and scope of a potential exploit.

Monitor, control, repeat.

Encrypted communications are vital for securing confidential information but your organization needs to employ an encrypted channel monitoring solution, giving you access controls, monitoring capabilities and proactive data loss prevention. Here’s what you’ll need.

  • Deep Protocol Inspection of SSH, SFTP, RDP, and sub-protocols
  • Enforce policy based access controls allowing you to monitor transactions in real-time and if necessary, shut them down
  • Full session visibility and recording means that you can easily find and investigate sessions of interest with search and video replays
  • Security infrastructure inspection enablement. Send session traffic to your DLP, IPS, and SIEM systems enabling real-time detection and extending the value of your DLP deployment
  • Capturing the traffic with a centralized vault, providing unified, transparent system management without any changes to the end user experience
  • Audit trails. If a breach does occur, it’s important to have forensics capabilities to find out which identity was involved, what was taken and where it was taken

Don’t be the next headline

McAfee released a report last month, estimating the global cost of cybercrime at an astonishing $400 billion, and that’s what they are calling a “conservative” estimate. Cyber threats are a relentless and fast-growing problem, and with a continuous stream of incidents popping up in the news, it’s difficult to know where to start.

An encrypted channel monitoring solution provides visibility into SSH, SFTP and RDP traffic moving across your encrypted networks. This prevents critical data from being stolen while remaining completely transparent to the end user. Don’t let your company be the next headline. Open up your encrypted channels and take a look.

Want to hear more?
Download our white paper: Preventing Data Loss In Privileged Channels
Or watch the video: Monitoring and Controlling Encrypted Communications

Jason Thompson by Jason Thompson Former Vice President of Worldwide Marketing
Jason served as Vice President of Worldwide Marketing until October 2014.