How to Inspect Encrypted Traffic without Draining Network Performance

How to Inspect Encrypted Traffic without Draining Network Performance

According to a recent report from Internet Trends, 87 percent of all global web traffic in the first quarter of 2019 was encrypted. That’s a significant increase from 53 percent just three years earlier. Some industry analysts believe the entire Internet will be encrypted within five to 10 years. Not only are organizations more aware of IT security threats, but nobody wants their URL to be accompanied by a “not secure” message in web browsers because they’re using the http protocol instead of https, which encrypts all traffic.

Problem is, the bad guys don’t necessarily see encryption as a challenge anymore. They see it as an asset. If hackers can’t see what’s in your organization’s traffic when SSL is used to prevent exposure, you won’t be able to see the malware hiding in the hacker’s traffic for the same reason. In many cases, known threats can enter a network because they’re hidden in encrypted traffic.

In fact, one study found that more than two-thirds of malware campaigns use encryption to prevent visibility into traffic when communicating with command-and-control servers. These servers provide instructions for the next phase of attack, which could involve data exfiltration or the delivery of additional malware.

Here are two more problems. First, traditional firewalls can’t inspect encrypted traffic, which can create a huge blind spot in your security. There’s no way to see if something malicious is hiding in the traffic entering your network or if sensitive data is leaving your network. In a recent Gartner survey, just 31 percent of respondents said they have the ability to stop an SSL attack, while 48 percent said they weren’t sure.

Second, even if your firewall has this capability, decrypting and inspecting traffic is a complex, CPU-intensive process that can affect network performance. Research from NSS labs found that deep packet inspection caused a 60 percent decrease in application performance and an average connection rate decrease of 92 percent, while response time increased by 672 percent. Many organizations are increasing encryption levels from 2,048- to 4,096-bit keys, which makes security more effective but also places additional strain on security tools.

Network administrators have been known to turn off security features because of performance problems. That’s not a good solution. The key is to deploy a firewall that can decrypt and inspect traffic efficiently and support your organization’s performance requirements.

WatchGuard Firebox firewalls were specifically designed to support high performance requirements even when all security services are active. In fact, Miercom found that WatchGuard delivered higher performance than any other tested vendor, and three times the throughput of the closest competitor, when all security services were enabled for HTTPS traffic. WatchGuard also allows you to create whitelist and blacklist categories to automatically allow or block certain types of traffic so they don’t have to be inspected for no reason.

No organization should have to choose between security and performance because neither choice will deliver a positive outcome. Let us show you how WatchGuard Firebox firewalls inspect encrypted traffic for hidden malware without affecting the performance of your business applications.