<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

Browser Encryption Is a Double-Edged Sword

Posted by Drew Kaiser on Mar 14, 2019 4:05:49 PM

There’s is a war brewing, and it’s on our browsers.

Browsers Favor HTTPS Over HTTP

Have you ever noticed the green lock next to a website address inside Google Chrome, or Firefox? That’s the symbol for a website using HTTPS, the secure variant of the HTTP protocol, and it’s becoming more common.

Growth in Percentage of Websites Using HTTPS

Google’s goal is to achieve 100 percent encryption with HTTPS across all their products and services, and they’re not alone,1 Firefox is following suit. Unlike HTTP where customer websites are at risk for undetected malicious activity, HTTPS helps strengthen the security of your customer’ sites, keeping them safe from eavesdropping and tampering.

Google, using its significant browser presence, fired the first shot at HTTP in July, 2019 by labeling the HTTP traffic “not secure” in the browser.2 The change is intended to persuade companies to adopt HTTPS to avoid the alert, ‘not secure’ shown below.

Encryption Capabilities are Widely Available

Enabling encryption for websites has never been easier. Since the founding of Let’s Encrypt at the start of 2016, obtaining a certificate for a website is now free, automated and open source.3 Their mission is, “to create a more secure and privacy-respecting web,” and they’re doing just that. Encryption is no longer an arduous, costly process of validation and re-validation in order to obtain a security certificate. Now it’s simple, easy and widely available.

Let’s Encrypt Certificates Issued Per Day

While edge appliances (routers, firewalls, etc.) are able to see into encrypted HTTPS traffic, it’s costly and lowers performance because they must create and manage the connection. This is referred to as SSL decryption. Here’s the process:

  1. An HTTPS packet is sent to the internet
  2. The appliance (firewall/router) intercepts the packet
  3. The appliance establishes a connection with the original destination
  4. The response is decrypted by the appliance, checked for malware, then returned to the initial user

All data in transit requires decryption, and then re-encryption on the firewall. This can result in up to an 80 percent decrease in performance for some appliances.4 But it’s the only way to ensure a virus is not hidden in the HTTPS packet, or is it?

How to Detect Threats in Encrypted Traffic Without Decryption

There is a way to analyze encrypted traffic for malware without decryption. New technology uses a combination of data and telemetry to detect threats in encrypted traffic.

There is a predictable pattern in encrypted malware, and malware cannot pretend to be something it’s not. New security technologies compare the characteristics of unencrypted data with known threats and combine the information with statistical analysis, performed by machine learning. The result generates a probability about the packet and whether it contains malware or not.

Protect Your Customers From Malicious Attacks

With advanced security technologies, like Stealthwatch, the future has never looked brighter. With a safer web on the horizon, your customers will be able to appreciate the protection it provides and they won’t have to worry about HTTP hijackers.

Be sure your vendor partner offers technology to handle a malware-free HTTPS future. To find how Stealthwatch protects your customers from encrypted attacks, contact us ciscomomentum@techdata.com.

About the Author
Drew Kaiser is a technical consultant with Tech Data Cisco. He’s worked in the Information Technology field for 11 years, in both customer-facing and network engineering roles. With experience across multiple verticals and vendors, Drew’s current focus is security and enterprise. His certificates include CCNA, Security, CCNA, Route and Switch, CCDA, CMNA, CompTIA Network+ and CompTIA Security+.

1 https://transparencyreport.google.com/https/overview?hl=en

2https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl

3 https://letsencrypt.org/

4 https://www.rsaconference.com/writable/presentations/file_upload/tech-r01-ready-for-ssl-decryption-v2.pdf

 

Tags: malware, security, HTTPS, Malicious Attacks, HTTP

Subscribe to Email Updates