Thought Leadership

Can Your Firewall See Threats Hidden in Encrypted Traffic?

threats hidden in encrypted traffic

(December 27, 2022) Hackers aren’t oblivious to the privacy and security benefits of encryption, which is why they increasingly send malware and steal credentials and other sensitive data by utilizing encrypted channels. Can your firewall see threats hidden in encrypted traffic?

Google reports that 95 percent of Internet traffic to the search engine is now encrypted, and 99 percent of web pages loaded in Chrome use HTTPS connections. In fact, Google penalizes websites that use HTTP instead of HTTPS, which uses SSL to automatically encrypt communication between the web server and the user’s browser.

According to the ThreatLabz: The State of Encrypted Attacks 2022 report, more than 85 percent of cyberattacks used encrypted channels in some fashion. That represents a 20 percent increase over 2021.

The NGFW Advantage

Organizations that aren’t inspecting encrypted traffic are missing most threats. However, older firewalls weren’t designed to perform this process efficiently.

When firewalls encounter encrypted traffic, they must decrypt it before inspecting it. This degrades performance by up to 95 percent, according to tests performed by NSS Labs. As a result, many network administrators are forced to allow encrypted traffic to pass through unchecked.

Next-generation firewalls (NGFWs) use system-on-a-chip processors to decrypt and inspect encrypted traffic up to 600 percent faster. And while traditional firewalls use stateful packet inspection that looks only at packet headers, NGFWs use deep packet inspection to examine the content of data packets once they’ve been decrypted.

Best-in-class NGFWs also support the latest Transport Layer Security (TLS) protocol for encrypting data in transit. TLS is the successor to SSL protocol, and TLS version 1.3 was designed with an eye toward reducing the compute processes required to decrypt and inspect data packets.

Reducing Latency

When initiating communication between two devices, TLS requires a handshake negotiation between the two sides. This involves exchanging messages to acknowledge each other, verify each other, establish the encryption algorithms they will use, and agree on session keys. Previous versions required about a half-dozen round-trip communications, which added significant latency. TLS 1.3 cuts the required round trips in half, making the entire process quicker and more responsive.

Older TLS versions also offered dozens of choices for cipher suites, the set of algorithms that secure the connections. The process of negotiating which suite would be used was time-consuming, again adding to latency. In TLS 1.3, that process is much faster because there are only five recommended cipher suites. The suites themselves are smaller, too, comprising fewer ciphers. All of this adds up to increased efficiency and better performance.

Selecting the Right Solution

Despite these advances, inspecting encrypted traffic still creates performance overhead. Many NGFWs also incorporate other security features that can potentially degrade performance if they’re all enabled. That makes selecting the right NGFW tricky. Organizations need to ensure that the NGFW can deliver all the desired functionality without negatively impacting the user experience.

A qualified managed services provider (MSP) can help by analyzing network traffic volumes and predicting future growth. The MSP can also determine what security features the organization will benefit from the most. Mainstream’s Firewall-as-a-Service (FWaaS) offering provides small and medium size businesses with access to high-performance firewall solutions for a predictable monthly fee that includes the hardware, maintenance, and support.

Although encryption has become essential for data privacy, it has also become a very efficient delivery mechanism for malware. The Q3 2022 Internet Security Report from WatchGuard’s Threat Labs found that 82 percent of malware was delivered through encrypted connections. An MSP can help you select and implement an NGFW that detects and stops encrypted attacks without compromising network performance.

Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting, custom software development, and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution