SSL tunnels create ‘invisible' backdoors into corporate networks
Encrypted Secure Socket Layer (SSL) communications between internal corporate employees and external internet applications is "invisible" to companies and so comprises a "risk to the enterprise," new research has claimed.
According to a poll of over 300 enterprise security and networking professionals recently questioned by security vendor Blue Coat, 90 percent of respondents identified SSL traffic as a security worry.
Nearly 64 percent believed that not having control or visibility over this SSL traffic makes it difficult for the enterprise to comply with laws, regulations and policies over privacy and confidentiality. The survey participants were attendees of Blue Coat seminars in various U.S. locations during the past several weeks.
The same survey in major European countries showed similar results, with 97 percent of respondents viewing uncontrolled SSL traffic as a risk to the organization and 82 percent admitting that they had no visibility into SSL connections between internal users and external applications. Over half claimed that lack of such visibility made it difficult or impossible to fully comply with laws, regulations and policies governing privacy and confidentiality.
"Enterprises have been completely blind to their users' SSL traffic, and until now, have been unable to do anything about it," said Steve Mullaney, vice president of marketing for Blue Coat.
He added that SSL communications now represent a significant and growing percentage of corporate internet traffic. According to Blue Coat, recognizing the growing use of SSL, phishers are now increasingly deploying sophisticated attacks that utilize SSL explicitly as a cloaking mechanism. The firm also notes that employee use of rogue applications or anonymous websurfing encrypted in an SSL session is a growing problem, together with encrypted malware, including viruses and spyware, which can influtrate corporate networks via SSL encrypted tunnels.
Blue Coat argues that firms must take control over these unmonitored SSL "backdoors" into corporate networks. The firm advocates using proxy appliances which can terminate application protocols, and so can have a comprehensive understanding of the user-to-application interaction and its context. As a result, such proxies can provide IT managers with the power to define, enforce and audit intelligent policy controls over user/application interactions.