Cybersecurity is a cat-and-mouse game in which IT professionals and cybercriminals continually refine their tactics in an attempt to stay one step ahead of one another. The evolution of web traffic encryption provides a good case study of this process.
Studies show that more than half of all web traffic is now encrypted, largely due to increased usage of HTTPS, the secure version of the Hypertext Transfer Protocol. In theory, that makes web information exchanges more secure by protecting the integrity of data flowing from authenticated web sites.
Unfortunately, cybercriminals have figured out how to use cryptographic protocols to trick firewalls into accepting malicious traffic. According to a study by the Ponemon Institute, 41 percent of attacks in 2016 used encryption to either disguise their entry into the network or to hide their connection to a command-and-control server.
Up to now, network defenses haven’t adequately handled encrypted traffic. Many firewalls just don’t have the processing power necessary to inspect it. As more and more web traffic is encrypted, organizations are faced with having to either turn off some security services or compromise throughput in order to manage the burden.
A new line of firewall appliances released by WatchGuard offers a better solution. The company’s Firebox M Series firewalls come equipped with Intel processors featuring AES-NI and CaveCreek crypto acceleration. These chipsets allow the M Series firewalls to inspect encrypted traffic with industry-leading performance, while keeping all security services fully enabled. The independent testing lab Miercom says the appliances perform full HTTPS inspection 94 percent faster than competing solutions.
This performance boost gives organizations the ability to sniff out malicious traffic hiding in encrypted streams. The new Firebox appliances serve as intermediaries, intercepting, decrypting and analyzing all HTTPS traffic. All legitimate traffic is then encrypted again and sent to its final destination.
The M Series appliances are targeted for organizations with 100 to 7,500 users and include a unified suite of security solutions such as intrusion prevention, antivirus capabilities, URL filtering, data loss preventing, ransomware protection and more. They also feature WatchGuard Dimension, a suite of security visibility and reporting tools that instantly identify and distill key network security threats, issues and trends, accelerating the ability to set meaningful security policies across the entire network.
In addition, WatchGuard’s new M470, M570 and M670 firewalls have an expansion slot for network modules. This enables users to increase the number of copper or fiber ports available to support the growing use of 10G fiber in midsize enterprise data centers.
Gartner estimates that 80 percent of all web traffic will be encrypted within the next two years. However, the research firm also predicts that encrypted traffic will carry more than 70 percent of web malware by that time, largely because the vast majority of installed firewalls do not recognize or prevent threats within encrypted traffic.
To deal with the threat, organizations need security solutions that can process the rising tide of encrypted traffic without performance penalties involving reduced throughput or disabled features. With the hardware upgrades in its new Firebox M Series, WatchGuard ensures that customers don’t have to choose between performance and security.
