Skip to main content
banner image
venafi logo

Could Your Security Actually Make You Less Safe?

Could Your Security Actually Make You Less Safe?

February 14, 2017 | Scott Carter

Whenever a new exploit vector surfaces, security companies scramble to develop new approaches to stop cyber criminals from abusing it. Hmmm. Attacks that leverage encryption aren’t all that new. But internet security solutions still haven’t figured out the best ways to detect them. Granted, inspecting encrypted traffic is difficult because the tools that do SSL inspection don’t have key and certificate intelligence. But even that doesn’t explain why a new study found that many internet security solutions can actually make SSL/TLS connections less secure.

“As HTTPS deployment grows, middlebox and antivirus products are increasingly intercepting TLS connections to retain visibility into network traffic,” notes the report conducted by researchers from Google, Mozilla, and Cloudflare along with those from four U.S. Universities. This team of researchers tested major middlebox and antivirus products to determine the prevalence and impact of HTTPS interception. And the results were somewhat disheartening.

All but one middlebox solution “weakened connection security and introduced TLS vulnerabilities such as Logjam, weak export and RC4 ciphers, or didn't validate digital certificates properly,” reports Of the 29 antivirus solutions tested, about half would intercept TLS connections. Sadly, only one of these did not reduce TLS connection security.

How do security solutions which attempt to detect and block harmful traffic actually end up reducing connection security? First, to look for malicious or disallowed content, the security solutions must intercept TLS connections before they can decrypt traffic. After their analysis is complete, the security solutions must then re-initiate the TLS connection. This process involves injecting their own certificates into web browsers or devices on an organization’s network.

The new certificates that security solutions inject may not adhere to the same stringent  standards that most organization impose on their own certificates. "Many of the vulnerabilities we find in anti-virus products and corporate middleboxes — such as failing to validate certificates and advertising broken ciphers — are negligent and another data point in a worrying trend of security products worsening security rather than improving it," the study concludes.

Given their lackluster performance, it’s fairly apparent that security vendors are still scrambling to catchup with the growth in attacks using SSL/TLS. “This new research shows security vendors are struggling, at best, and in the process they are introducing new vulnerabilities,” notes Kevin Bocek, VP of security strategy at Venafi. But it’s critical that security vendors get it right sooner rather than later. Analysts estimate that between 50-70% of network attacks will use seemingly trusted SSL to infiltrate, expand, and exfiltrate in the very near future.

How did we get into such a pickle? Bocek observes, “Almost all security systems were architected in the days when encrypted SSL/TLS made up small portions of network traffic. At that time SSL/TLS wasn’t being abused by attackers.” They simply were not engineered to inspect encrypted traffic. As a result, many of these solutions suffer from the inability to safely access an enterprise’s keys and certificates to inspect traffic safely. According to Bocek, “This must be a high priority for the entire security industry. Right now, our adversaries continue to win.”

Do you have enough visibility and control over your organization’s keys and certificates to make them safely available for decryption and inspection? 

Like this blog? We think you will love this.
Featured Blog

How DoS/DDoS Attacks Impact Machine Identity, Digital Certificates

For safe and secure utilization of machine identities such as SSL/TLS cer

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more