Skip to main content
banner image
venafi logo

Encrypted Attacks: When Security Is Turned Back on Itself

Encrypted Attacks: When Security Is Turned Back on Itself

November 7, 2016 | Scott Carter

HTTPS is supposed to be a good thing, right? It secures web traffic. It flags unsafe sites. And it safeguards privacy. But can relying solely on these benefits leave us with a false sense of security? Adam Levin explores questions such as this in a recent article on, where he advises businesses that “hackers have discovered that HTTPS is tailor-made for cloaking their cyber attacks.” He goes on to point out that they can misuse HTTPS to bypass security controls such as firewalls, sandboxes, and behavior analytics—all tools that are “designed to detect and neutralize malicious traffic.”

How widespread is this type of problem? A recent study, published by the Ponemon Institute and A10 Networks, revealed that 51% of the organizations surveyed expect network attackers to increase their use of encryption over the coming year. 41% of those who had already experienced an attack in the past year said that attackers had used encryption to evade detection and steal data.

In the article, Kevin Bocek, chief security strategist at Venafi, comments on the overall lack of preparedness. "Sadly enterprise spending on sexy security systems is completely ineffective to detect this kind of malicious activity," He goes on to highlight the serious consequences, noting that "a cyber criminal using encrypted traffic is given a free pass by a wide range of sophisticated, state-of-the-art security controls."

Read the rest of the article to learn more about technologies that can help your organization prepare to defend against attacks that hide in encrypted traffic.


Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Prepare this presentation and send it to me, once approved you can teach entire team.

Overheard at Machine Identity Protection Global Summit 2019

machine identity protection

Leaders Underscore the Critical Nature of Machine Identity Protection at Inaugural Global Summit

About the author

Scott Carter
Scott Carter

Scott Carter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more