BrainBlog for Gigamon by Jason English
Editor’s note: This is part three of a four-part series. For part one, see “Be Sure to Whack Your Cybersecurity Blind Spots,” and part two, see “Avoid Dead Reckoning: Why Zero Trust Requires Network Visibility.”
By now, we’re all waking up to the reality that ransomware and other malicious cyberattacks aren’t going away anytime soon. Threat actors are cashing in on a lucrative environment for exploits with few negative consequences.
Companies are moving critical business applications — once contained in on-premises walled gardens — into increasingly service-oriented and cloud-based hybrid IT environments. This is only natural as development teams want to be more agile in delivering software, scaling their environments, and expanding network topologies to meet changing business requirements and customer needs.
Unfortunately, this new norm of a distributed expanse of nodes and connections has opened up new network threat vectors, and the hacker world has devised new attacks and payloads that seem invisible to detection until they cause damage, even with Zero Trust security policies in place.
How can we realize the benefits of encryption, while getting ahead of the risk it can become in the hands of attackers?
Chasing Encryption in the Cloud
There are a few natural advantages of a modern cloud stack for cyber defense.
Major hyperscalers maintain perimeter security for North-South traffic coming into cloud instances and firewalls against incoming DDoS attacks — though AWS makes it clear in their shared responsibility model that “while AWS manages security of the cloud, you are responsible for security in the cloud.”
Further, the elastic property of cloud infrastructure allows developers to call for microservices workloads that are launched into ephemeral clusters and containers that are released when no longer needed, often before attackers can detect them.
Still, having so many moving, changing systems and services loosely tied together within a hybrid IT application environment also exposes a complex and broad network threat surface with many potential handholds for attackers.
To obfuscate sensitive data from attacks, especially for East-West traffic that moves laterally within the organization’s extended network, messages are routed through readily available open-source encryption libraries like OpenSSL, making it much harder for an outsider to break into a secured channel and decrypt that data into any useful or recognizable form.
Strong encryption was a game changer for cyber defense. At the same time, cyber attackers also have ready access to modern encryption tools to cloak their actions. By encrypting their own traffic and lateral movement through the network, they can often lurk undetected by threat hunters with security tools.
In fact, 31 percent of data breaches went undetected by security and observability tools, some of which may be attributed to this blind spot for encrypted traffic, according to a recent study by Gigamon.
Read the entire BrainBlog here.