Many organizations spend a lot of money on IPS technologies and they feel that offers a decent level of protection. Unfortunately, SSL communications occurring from inside your network to the outside are not being hit by the IPS engine unless you’re actually performing the inspection.
SSL inspection is important as without it the bad guys have access in and out of your network without being detected.
“Ultimately, we have a device, software, application ... for all intents and purposes, performing a man in the middle attack that allows us to inspect that traffic,” said Matt Corney, Nuspire Network’s CTO.
Corney said we’re seeing more attacks that utilize SSL to be able to “phone home” to command and control networks to acquire keys, encrypt data, and leak that data. The IPS can’t see attacks without some form of SSL inspection occurring.
It’s important to be mindful of legal and privacy issues if you plan to implement SSL inspection. Also, improper deployment can cause certificate errors within browsers.
“The process of deploying certificates, especially against networks that have various operating systems beyond just Windows … it becomes very difficult to get this stuff rolled out,” said Corney.
Corney explained we’re also fighting an up-hill battle with manufacturers like Apple and Dropbox that don’t trust any certificate stores other than their own. We’re seeing more attacks that utilize these public services that are then capable of providing command and control instructions back to their applications so they can hide in these data streams.
To learn more about SSL inspection and how to better protect your network, view Nuspire’s webinar here: https://www.youtube.com/watch?v=aDgNqt_xpVs