The Fast Mode spoke to Ivan Shefrin, Executive Director of Comcast Business Managed Security Services on new encryption technologies and their impact on today's networks. Ivan joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.
Tara: How important is encryption for today’s applications?
- Ivan: Almost all application traffic is now encrypted. In 2013, the Google Transparency Report shows just 48% of worldwide web traffic was encrypted. Today, 95% of web traffic tracked by Google is encrypted, which helps ensure the integrity, confidentiality, and privacy of IT communications.
- Over 80% of cyber-attacks use encryption today to hide malicious activity, which reduces the efficacy of network security detection unless it decrypts the traffic. Network decryption is power intensive and difficult to implement. This has raised the profile of technologies like Endpoint Detection and Response (EDR). Local systems already hold the keys for traffic decryption, so it's much easier to inspect decrypted application traffic on workstations and servers than across the network.
- The growing emphasis of EDR for cybersecurity threat detection puts the emphasis on detecting attacks later in the cyber kill chain cycle.
- EDR should be a last line of defense instead of the first place we detect an attack. Network security detection remains a critical element of stopping command and control activity and lateral movement before threats can land and expand.
Tara: What are some of the benefits of encryption?
Ivan: Encryption is no longer considered an optional, nice-to-have feature. It's absolutely mandatory in order to ensure the integrity, confidentiality, and privacy of IT communications.
Tara: What are the biggest challenges you see from new encryption technologies such as TLS 3.1?
Ivan: Encryption and decryption are processor intensive. Modern hardware architecture uses a dedicated processor for the task. TLS 1.3 is twice as fast as the older TLS 1.2 and reduces processor compute time by half by cutting an entire round trip from the TCP connection handshake.
Tara: How does encryption affect telecom operators in managing their networks?
- Ivan: Communication Service Providers (CSPs) generally try to keep costs down on the customer premises equipment we ship. After all, price-performance is important to business and residential customers alike.
- However, in order to maintain performance, the trend in the past 10 years is to use dedicated ASIC chips to perform encryption, which frees up the main CPU for user applications tasks. Dedicated ASICs cost a little more, so it's a constant battle for CSPs to find the right price-performance balance. CSPs have to keep costs down but also deliver security and privacy for our customers.
Tara: What are some of the means telecom operators can adopt to gain visibility into encrypted traffic?
Ivan: When customers ask CSPs to decrypt their traffic for security inspection, it is necessary to hold those customers cryptographic keys. They are literally the keys to the kingdom, so it is critical for CSPs to implement strong key management platforms and protections. Technologies like split-key encryption and hardware security modules (HSMs) are important to run as a shared service to protect CSP customer keys.
This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.
