To Decrypt or Not to Decrypt – Is That Even a Question?

When you clicked a link to view this blog post, both your web request and the response were encrypted. Many of the websites you visit today—search engines, social media sites, news sites, video streaming sites—use HTTPS to encrypt communications. In fact, HTTPS now accounts for more than 69 percent of web traffic.[1] Although all this encryption improves security and privacy, it also allows attackers to conceal their threats from security controls that inspect application traffic.

If you’re a security professional, you might be wondering what you should do to protect your organization and your data. If you’ve implemented Palo Alto Networks Next-Generation Security Platform, then you can relax; we’ve got you covered. You just need to make sure you’re taking advantage of the features we offer to eliminate blind spots in your defenses.

 

A Comprehensive Approach to Securing Encrypted Traffic
Palo Alto Networks has developed multiple technologies to inspect and secure all traffic, including encrypted traffic. These technologies include:

Magnifier 2 magnifier3
High-Speed SSL Decryption
Next-generation firewalls can decrypt and inspect SSL traffic. Supporting flexible deployment options, including the ability to act as an SSL decryption broker, next-generation firewalls can decrypt SSL traffic and provide the decrypted data to other inline security devices.
Behavioral Analytics
Magnifier behavioral analytics monitors network traffic and detects anomalies indicative of active attacks. Because Magnifier analyzes network metadata rather than traffic contents, it can detect advanced attacks without requiring traffic to be decrypted.
Advanced Endpoint Protection Attacks hidden in HTTPS traffic ultimately target endpoints and their data.

Traps advanced endpoint protection stops exploits and malware before they can compromise corporate machines.

 

Powerful SSL Decryption
To stop attackers in their tracks, organizations should leverage all the capabilities of Palo Alto Networks Next-Generation Security Platform. By configuring the next-generation firewall to decrypt and inspect network traffic, customers can take full advantage of features and services such as App-ID, Threat Prevention and WildFire cloud-based threat analysis service.

 

Stopping Network Attacks Without Decrypting Traffic
Threat actors operating inside the network will typically perform a step-by-step process to explore their surroundings and expand their realm of control until they locate and steal or destroy valuable data. Leveraging their existing access and privileges, they can often stay under the radar by avoiding the use of malware.

Magnifier behavioral analytics, the first app for Palo Alto Networks Application Framework, profiles user and device behavior and detects anomalies that indicate an attack is underway. Because Magnifier primarily analyzes network metadata—such as the source and destination IP addresses, the protocols, and volume of traffic transferred—rather than application contents, it can detect threats even when application contents are encrypted.

Magnifier draws on rich data from next-generation firewalls, such as User-ID and endpoint data gathered by Magnifier Pathfinder endpoint analysis service, to augment its network findings.

 

To learn how Magnifier uncovers internal network threats, download the white paper “Stop Targeted Attacks Without Decrypting Traffic.”

 

[1] Let’s Encrypt with Firefox telemetry, https://letsencrypt.org/stats/, web page loads as of March 12, 2018.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.