Skip to main content
banner image
venafi logo

50% of Web Traffic Is Now Encrypted. Why Isn’t the Web 50% Safer?

50% of Web Traffic Is Now Encrypted. Why Isn’t the Web 50% Safer?

securing encrypted web traffic
February 8, 2017 | Scott Carter

Last week Mozilla data revealed that half of all web traffic on Firefox is now encrypted. This is a giant step forward in privacy and secure communications. But it’s not such good news for many internet security solutions, which are still taking baby steps. Most traditional security tools are not built to be encryption aware. So, they aren’t equipped to detect malicious activity that happens inside encrypted tunnels. 

This gap between encryption and protection effectively aids and abets cyber criminals by allowing them to hide in encrypted traffic. As Kevin Bocek, VP of security strategy at Venafi notes, “We’re actually not safe as we think: The security systems designed to defend businesses were destined for a world with little encryption. Encryption creates tunnels. And traditional security isn’t prepared to look inside these tunnels to detect threats that may be hiding there.”   

This SC Magazine article outlines potential threats that leverage encryption, such as man-in-the-middle, ransomware, watering holes, and DDS attacks. Cyber criminals are taking note of these opportunities notes Bocek, “Cybercriminals from Chinese military units to Russian cyber gangs, have caught on to the fact that most organizations are unable to defend against attacks using encryption.”

While encryption is the right move to protect the privacy of communications, the way you manage it can impact the success of your efforts; poorly managed encryption can actually undermine your security.

Bocek warns that the root of this new problem is that the system that authenticates machines depends on the availability of cryptographic keys and digital certificates: “If your cyber defenses do not have access to the right keys and certificates, then they can’t look in encrypted tunnels, making them useless. Yet the industry is largely failing to wake up to this danger.”

Security vendors are scrambling to integrate encryption support into their security solutions. In the meantime, many organizations are worried about how to keep their expanding encryption environments safe. “Research has shown that 85% of CIOs are concerned that attackers are increasingly hiding in encrypted traffic, and they are right to be concerned. Security experts believe in short order 70% of attacks will use the encryption we’ve put in place to protect us,” Bocek cautions.

To prevent your encrypted tunnels from being misused in an attack, you’ll need to take a more active role in protecting and securing them. But first you need to understand the nuances of your encryption environment. Bocek advises, “The only way to safely implement encryption is to maintain control – you need to make sure security systems have access to the keys they require to inspect your traffic for threats. This requires automation that industry still must catch up on.” 

If your security solutions don’t have access to your keys and certificates, they may not be able to detect threats that travel through encrypted traffic. Do you have the automation you need to make your keys and certificates available to your security solutions? 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Prepare this presentation and send it to me, once approved you can teach entire team.

Overheard at Machine Identity Protection Global Summit 2019

machine identity protection

Leaders Underscore the Critical Nature of Machine Identity Protection at Inaugural Global Summit

About the author

Scott Carter
Scott Carter

Scott Carter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat