Threat actors are crafty. They use a variety of techniques to conceal their attacks and evade detection. With HTTPS traffic now accounting for over two-thirds of all web traffic,1 encryption has become their method of choice to bypass corporate defenses. Encryption is just one of many evasive tactics attackers have up their collective sleeves; they also encode traffic contents, compress and pack files, and employ many other techniques to slip past security controls.
The Rise of SSL Encryption
Use of Secure Sockets Layer, or SSL, encryption has exploded over the past decade, growing from approximately 26 percent of all internet traffic in January 2014 to 69 percent in February 2018. Heightened concerns over privacy and industry incentives to adopt encryption have motivated application owners of all sizes to encrypt website access. Additionally, the rapid proliferation of free and low-cost SSL certificates has brought encryption within reach of virtually all web developers.
Although SSL adoption boosts privacy and security, it also allows threat actors to conceal their malicious activity in encrypted traffic. To protect corporate assets, organizations need a robust way to detect and block threats hidden in SSL communications.
Palo Alto Networks Approach to Securing Encrypted Traffic
To ensure no attack remains undetected, Palo Alto Networks has developed multiple technologies to inspect and secure all communications, including encrypted traffic. These technologies include:
- Behavioral Analytics
- High-Performance SSL Decryption
- Advanced Endpoint Protection
Detecting Internal Threats Without Decrypting Traffic
When attackers have gained access to a victim’s network, they can use any number of evasive techniques to elude security controls. Instead of relying on malware, they can leverage common utilities, such as PowerShell or native system tools, to explore a compromised network and transfer data. Attackers can steal credentials and move from endpoint to endpoint without necessarily violating security policies or setting off internal alarms.
However, attackers will inevitably betray themselves as they perform reconnaissance and expand their footprint in the network because their actions will deviate from past behavior and the behavior of other users or devices in the network. As they attempt to explore the network and control other devices, they will access new destinations, use new protocols, log in to systems with unusual user accounts, and exhibit other changes in behavior that reveal their malicious intent.
Detect Every Stage of an In-Progress Attack With Behavioral Analytics
Once threat actors have infiltrated a network, they can take advantage of their existing access to explore their surroundings and expand their realm of control until they achieve their ultimate objective: stealing, manipulating or destroying sensitive data.
Magnifier detects every step threat actors take once they have gained a foothold in the network:
- Lateral movement
- Command-and-control activity
- Data exfiltration
Download this whitepaper paper as it describes how Magnifier detects in-progress attacks and how it works in concert with Palo Alto Networks Security Operating Platform to eradicate threats in encrypted traffic.
You may also like to Read:
Top Five Requirements for Effective Endpoint Protection