Skip to main content
banner image
venafi logo

Asking the Right Questions About Encryption

Asking the Right Questions About Encryption

Security professionals need to ask the right questions to prevent the transmission of malware and the exfiltration of sensitive data through encrypted traffic.
November 18, 2016 | Scott Carter

When does it pay to think like a criminal? When your cybersecurity doesn’t. For example, Gartner expects 50% of network attacks to come over encrypted traffic in 2017. This happens because systems or devices blindly trust keys and certificates regardless of whether they are valid or compromised. Bad humans can insert rogue keys or certificates which fool the systems and voila, the balance is upset. It’s going to take some good humans asking the right questions to set things straight. 

Computers can give you an alarming amount of data. But they simply can’t get into the mind of criminals. Only humans can ask the questions to solicit the answers they need to track down human invaders in their networks.

In a recent article, Financial Times explores the human element of cyber security. Venafi Chief Strategy Officer, Kevin Bocek weighs in on the human dilemma, “The human brain can’t process the gigabytes of data but it can ask the right questions and it knows what doesn’t look right and how the machine can be fooled.”

The first question you should ask yourself is about the safety of your encrypted traffic. Are your keys and certificates  available for security technology that does  SSL inspection? “You have growing complexity and the bad guys are getting better and better at hiding their tracks,” said Bocek. “You need to make sure your encrypted traffic is not a safe haven for sophisticated cybercriminals.”

You need to make sure that you can see anything unusual that may be happening in your encrypted traffic. You can then begin asking more detailed questions about the behavior of your keys and certificates. How many do I have? Where are they located? Who has access to them? Are they behaving normally? The answers will help you close in on potential human invaders and lock then out of your network.

This will become a greater challenge as your network boundaries become less defined. With mobile workers and cloud computing, you’re going to have to rely more on authentication and authorization than on firewalls and intrusion detection. Respect your keys and certificates and they will help you control the encrypted traffic that leads to your valuable data.

Do you know where all of your keys and certificates are and how they are being used?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Prepare this presentation and send it to me, once approved you can teach entire team.

Overheard at Machine Identity Protection Global Summit 2019

machine identity protection

Leaders Underscore the Critical Nature of Machine Identity Protection at Inaugural Global Summit

About the author

Scott Carter
Scott Carter

Scott Carter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat