CHANNELS

Subscribe to the InfoTech eNewsletter

infoTECH Feature

August 22, 2014

Will Your Encrypted Data End Up on the Lost Highway?

By TMCnet Special Guest
Joe Scaff, director of global customer services, SSH Communications Security

The 2014 Cost of Data Breach Study: Global Analysis revealed that the average cost of a data breach to a company was $3.5 million – a 15 percent increase over what it cost last year. And that’s just the financial cost; the damage to your brand could be even more costly.

In response, organizations are beefing up their security strategy with encryption throughout their network environments. Google (News - Alert) is increasing rankings for websites that are encrypted in an effort to encourage organizations to take this step. Yahoo is working to provide end-to-end email encryption for its users next year.

These are moves in the right direction, but if you’ve installed encryption and now assume you’re protected, you are putting your organization at risk. If you don’t manage your encrypted channels, you could be in for a world of data breach hurt.

No Lifeguard on Encryption Duty

Most organizations have adopted encryption as one element of their overall data security plan. This is a great first step, but if your organization lacks sufficient access controls, continuous monitoring, DLP or forensics capabilities into your encrypted channels, how can you really know what’s going on in your network?

When encryption is used, it’s often because the data is comprised of high-value information such as credit card numbers and personally-identifiable information. However, without visibility or monitoring capabilities, the encryption used to protect this data inevitably blinds operations and forensics teams.

Hackers can have unlimited access to your confidential data once your network’s encrypted channels are compromised – and they will use your privileged access and secured channels to transport high-value assets right under your nose and out of your network. By the time a data breach is discovered, the damage has already been done. In many cases, you are left in the dark as to what was taken, and by whom, all while your company’s name is being printed across the top of every news outlet.

Who’s That Knocking at Your Door?

Should you be concerned about malicious insiders, external threats, or both? Privileged users, like system and application administrators, have access to your most sensitive business information and systems, and while most trusted insiders are just that—trusted—it only takes one bad actor to cause permanent damage to your organization. However, threats come from without as well as within. Once access is gained, it doesn’t make a difference. The insider may already have those privileges. The outsider has to obtain them first but, once obtained, the outsider is effectively an insider.

Wherever the threat may originate, the perpetrators know that secured channels go unmonitored. In fact, a simple online search reveals a plethora of hacking “how-to’s” for using encryption protocols to bypass corporate firewalls.

Are you dealing with an external threat using stolen credentials or a malicious insider with has access to secured channels and privileged identities? If your encrypted sessions are not continuously monitored, it’s irrelevant. Either way, your encrypted channels could become a highway for malicious activity. The good news is that you can defend your company against these attacks by controlling what a privileged identity can do, which will limit the size and scope of a potential exploit.

Recipe for Avoiding Disaster

Encryption is recognized as a valuable and necessary element of data security, but merely implementing an encryption solution is not enough. For reasons mentioned above, your organization needs to employ an encrypted channel monitoring solution that will give you access controls, monitoring capabilities and proactive data loss prevention. Here’s what you’ll need:

  • Real-time detection - Send session traffic to your DLP, IPS and SIEM systems, enabling real-time detection and extending the value of your DLP deployment
  • Monitor transactions in real time by enforcing policy-based access controls and, if necessary, shut them down
  • Easily find and investigate sessions of interest with search and video replays enabled by full session visibility and recording
  • Use a centralized vault to capture traffic, providing unified, transparent system management without any changes to the end user experience
  • Deep Protocol Inspection of SSH, SFTP, RDP, and sub-protocols
  • Forensics capabilities if a breach does occur, to find out which identity was involved, what was taken and where it was taken

Are You Running a Risky Business?

The Center for Strategic and International Studies estimates the yearly global cost of cybercrime to be $445 billion – a staggering figure. This type of crime is now more profitable than drug-related crime, which means hackers have become even more relentless and ingenious. With new attacks making headlines every week, trying to outwit them can seem overwhelming.

Merely having an encryption solution in place is not enough. Today’s threats require a solution that provides visibility into SSH, SFTP and RDP traffic moving across your encrypted networks. With this approach, you retain total transparency of your critical data while preventing it from being stolen. Don’t engage in the risky business of an incomplete encryption strategy. Take the proactive step of monitoring your encrypted channels so that your data doesn’t end up on the lost highway.

About the author:Scaff serves as director of global customer services and is responsible for managing of global technical sales, support, professional services teams and customer projects. He brings over 10 years of experience in information technology, including seven years in the information security technology and network communications industry. He has a strong technical background enabling him to deliver strategic solutions to Fortune 500 customers. As director of global customer services he manages a global high performance and advanced technical team providing large organizations with solutions that meet their security and regulatory needs. Earlier, he served as a project technical lead and developer for Harvard Pilgrim and Perot Systems focusing on the healthcare industry. Joe received his Bachelor of Computer Science from Wentworth Institute Of Technology in Boston, MA.




Edited by Maurice Nagle
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter