Skip to main content
banner image
venafi logo

Encrypted Attacks: When Security Is Turned Back on Itself

Encrypted Attacks: When Security Is Turned Back on Itself

November 7, 2016 | Scott Carter

HTTPS is supposed to be a good thing, right? It secures web traffic. It flags unsafe sites. And it safeguards privacy. But can relying solely on these benefits leave us with a false sense of security? Adam Levin explores questions such as this in a recent article on Inc.com, where he advises businesses that “hackers have discovered that HTTPS is tailor-made for cloaking their cyber attacks.” He goes on to point out that they can misuse HTTPS to bypass security controls such as firewalls, sandboxes, and behavior analytics—all tools that are “designed to detect and neutralize malicious traffic.”

How widespread is this type of problem? A recent study, published by the Ponemon Institute and A10 Networks, revealed that 51% of the organizations surveyed expect network attackers to increase their use of encryption over the coming year. 41% of those who had already experienced an attack in the past year said that attackers had used encryption to evade detection and steal data.

In the Inc.com article, Kevin Bocek, chief security strategist at Venafi, comments on the overall lack of preparedness. "Sadly enterprise spending on sexy security systems is completely ineffective to detect this kind of malicious activity," He goes on to highlight the serious consequences, noting that "a cyber criminal using encrypted traffic is given a free pass by a wide range of sophisticated, state-of-the-art security controls."

Read the rest of the Inc.com article to learn more about technologies that can help your organization prepare to defend against attacks that hide in encrypted traffic.

 

Like this blog? We think you will love this.
old ciphertext mechanism on a desk with an hourglass
Featured Blog

Traditional Cryptographic Attacks: What History Can Teach Us

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat