UAE. The security industry has shifted its focus to the client side. Malware and other malicious programs are increasingly being installed unknowingly on client computers where they can replicate to other clients, and relay information to malicious entities.
Security vendors provide tools to detect and mitigate these problems by inspecting the traffic between client and the untrusted side of the network (the Internet).
At the same time, most online web services or cloud applications now use TLS/SSL to secure the session with the client. While this is a good strategy for many reasons, it introduces a problem for active traffic inspection tools—the information is encrypted and thus, unreadable.
SSL encryption is a double-edged sword for organizations. It bolsters security by providing confidentiality and message integrity. It enables users to verify the identity of application owners and it allows applications to authenticate users with client certificates. As threats like snooping, phishing, and data theft continue to grow, encryption has become an essential way to protect users and data.
But encryption also puts organizations at risk. Hackers leverage encryption to conceal their exploits from security devices that can’t keep up with increasing SSL decryption demands or that cannot decrypt SSL traffic at all because of their location in the network.
Security devices such as firewalls, intrusion protection systems and anti-virus protection devices are built to perform in-depth traffic analysis of unencrypted flows, and make policy decisions. These devices usually are not designed to inspect SSL traffic because the content is encrypted. How serious is the threat?