Security News > 2021 > April > Organizations can no longer afford to overlook encrypted traffic

Organizations can no longer afford to overlook encrypted traffic
2021-04-27 05:20

Whether you're a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic entering and leaving can be a costly mistake, as cybercriminals are increasingly using TLS in their attacks.

"A large portion of the growth in overall TLS use by malware can be linked in part to the increased use of legitimate web and cloud services protected by TLS-such as Discord, Pastebin, Github and Google's cloud services-as repositories for malware components, as destinations for stolen data, and even to send commands to botnets and other malware," noted Sean Gallagher, Senior Threat Researcher at Sophos.

The company has also witnessed an increase in TLS use in manually deployed ransomware attacks, partly because the attackers use modular offensive tools that leverage HTTPS. In general the majority of the detected malicious encrypted communications was from droppers, loaders and other malware whose function is to download additional malware to the infected system, meaning that decrypting, inspecting and recognizing the nature of that traffic early on is key to keeping corporate systems and networks safe.

Despite obvious benefits, many organizations are reluctant to perform deep-packet inspection of their ingoing and outgoing network traffic.

The recently unveiled Sophos XGS Series firewall appliances can inspect TLS traffic across all protocols and ports, as various malware is known to use non-standard IP ports for communication.

The XGS Series also includes native support for TLS 1.3 and new Xstream flow processors for accelerating trusted traffic and improving the overall performance for important business applications.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/rJxf2Gd0BuY/