7 Key Things to Know for Effective Decryption

Today more than 96 percent of web traffic is encrypted. As this amount has increased, attacks leveraging malware in encrypted traffic have gone up significantly. In fact, 90 percent of malware uses encryption. This results in data breaches, which cost an average of $9.5M each. Lack of visibility into encrypted traffic is a huge problem for organizations. You can't secure what you can't see.

So, how can you solve this challenge? You must decrypt encrypted traffic to protect your organization from these hidden threats. The NSA recommends controlling plaintext traffic, building policies around insider threats, following privacy requirements, and centralizing decryption. In addition to the NSA guidelines, below are seven key things to know for effective decryption.

1. Know Your Traffic

First, before deploying any TLS/SSL decryption solution, know the total volume of traffic in your network and the amount that is encrypted. A good free tool is NTOPNG, which can give you insights into your network.

2. Know the Direction

Second, know how and where your traffic is traversing the network. For a TLS/SSL solution to work flawlessly, it needs to see both directions of the traffic. Asymmetric traffic can cause incomplete TLS/SSL decryption if all traffic is not combined and fed to the solution.

It's important to know which traffic needs to be decrypted. Either you're hosting on-premises web applications that are accessed internally or externally, or you want to decrypt all the traffic leaving your network.

Each case requires different techniques for on-premises web applications. In the first scenario, you'll need a private key for decryption. For outbound traffic only, you'll need to use man-in-the-middle (MITM) decryption.

3. Know Your Limits

Different solutions offer different TLS/SSL decryption capacities for inbound or outbound traffic. It's important to know how much traffic can be decrypted by a solution based on the active number of connections and volume of TLS/SSL traffic.

4. Know Your Needs

For compliance purposes, it becomes essential to decrypt only certain traffic. For instance, decrypting financial and health data violates privacy laws. Hence, it is important to have the flexibility to decrypt selectively.

Once you have traffic decrypted, where do you need to steer that traffic? Does just one tool need to see decrypted traffic, or multiple tools?

5. Know Your Priorities

Many security tools and firewalls offer TLS/SSL decryption solution, but that sometimes impairs their primary function. In these cases, enabling TLS/SSL decryption can cause high CPU usage, degrading the tool's ability to inspect or block traffic.

6. Know Your Growth

TLS/SSL decryption may be easy to configure for your current setup, but what happens if your traffic volume grows? How easily could you scale your TLS/SSL decryption solution over time, and what would the cost impact be?

7. Know Your Solutions

Do your research when deploying TLS/SSL decryption solutions. Different solutions offer varied performance with different ciphers. Some solutions are easier to deploy or scale better than others. Thoroughly research available solutions and their pros and cons.

Gigamon TLS/SSL Decryption brings deep observability to encrypted traffic. Learn how Gigamon helps streamline and boost the effectiveness of security and monitoring tools with GigaSMART® TLS/SSL Decryption.