While encryption plays an important role in protecting data in transit, there are a couple of downsides:
- Overconfidence. Encryption is like the lock on an armored vehicle. The stronger the encryption, the harder the locks are to pick or break. One of the most common encryption standards, for example, is AES (advanced encryption standard) and its largest key size is 256 bits. This means that the key (i.e., the thing that turns encrypted data into unencrypted data) is a string of 256 ones or zeroes. With each character having two possibilities (1 or 0), there are 2256 possible combinations. Those who like numbers enjoy calculating scenarios describing the difficulty of “breaking the lock” (also known as a brute-force attack). This article from Reddit is just one example. The author poses the scenario of using a billion high-end computers, each capable of performing 2 billion calculations per second. Even with this much compute power, the author concludes it would take several billion years to break the encryption code. Referencing back to our earlier analogy, the armored vehicle is ridiculously secure, but eventually that vehicle is going to stop at the bank and the drivers are going to open the doors, which is akin to data at rest. Today’s cybercriminals aren’t building faster supercomputers; they are following the armored vehicle and waiting for it to stop at the bank.
- Less visibility. One solution is to encrypt data at rest, also known as end-to-end encryption. But this also has a drawback because it lessens the effectiveness of some security products, such as full-packet capture tools, which rely on payload visibility. Encryption conceals the indicators of compromise used to identify and track malicious activity. This problem is described in the Cisco 2016 Annual Security Report. One study mentioned in the report examined 26 families of malicious browser add-ons over a 10-month period. Although the pattern of browser infections appeared to be on the decline, further analysis revealed this to be a false positive. HTTPS traffic increased during this same period, making it difficult to identify the signatures associated with the 26 malware families because URL information was no longer visible due to encryption.
To be clear, encrypting sensitive data is still a good practice, but IT solution providers need to adapt and equip themselves with the proper security tools to ensure complete protection. By gathering headers and other unencrypted parts of the data stream, security teams can analyze encrypted traffic more effectively. Additionally, running Cisco IOS NetFlow and other metadata-based analyses is now essential for optimum data security.
Security teams also must monitor web traffic patterns to ensure that HTTPS requests aren’t coming from—or directed toward—suspicious locations. Even more essential is the need to look for encrypted traffic over a wide variety of ports, as research indicates that malware is likely to initiate encrypted communications over the entire port spectrum.
For more information about effectively security today’s complex network environments, check out the Ingram Micro on-demand webinar, “.”