When anyone mentions encryption most people think of privacy and security in the digital world, whether this is on your PC/Laptop or when browsing the web.
In most cases, you would be correct but there is another use for encryption which the criminal world rely on to their advantage. We have been educated that seeing the secure padlock in the address bar means security and safety…
…this may not always be the case.
In reality, what this means is the connection between you and the site is secure and encrypted, but what if the site you are visiting has been compromised or designed to trick you into believing it is secure? Cybercriminals have got wise to this and most sites designed to trick end users have the secure padlock as an extra level of assurance of their “authenticity”.
This is where you need the additional security features that ensure you can keep your end-users as safe as possible by using DPI-SSL (Deep Packet Inspection of SSL traffic)
Allow us to explain what SSL (Secure Sockets Layer) is. When information is passed between a server and your browser (Microsoft Edge, Mozilla Firefox or Google Chrome) SSL can be used to secure the information that you type or information that is presented to you.
A positive example of this is online banking. The information passed between your browser and your secure banks website will use SSL to encrypt the data and prevent people from getting to your personal details.
DPI-SSL on your firewall intercepts this secure traffic and decrypts it, analyses it, and re-encrypts it before passing it on to your browser if the data contained is safe. The data is not read or stored, instead it is analysed in near real-time for hidden malicious payloads.
A more simple way of thinking about this is to imagine the traffic travelling over the internet is like the post office sending and receiving parcels all around the world. You receive a parcel and you do not know what is in it until you open it. In computer terms, this could be too late.
Now imagine that DPI-SSL is like an MRI scanner that scans the contents of the parcel checking for dangerous, illegal or unwanted content. Only when the contents are deemed safe the parcel is delivered to you and you can open with the confidence that you are safe to do so.
Most traffic on the web is now encrypted published figures indicate that 95% of data on the Google platform is encrypted. Cisco report that 82% of web traffic is encrypted (LINK) which is a huge increase from around 50% only as recently as 2017.
With such a high percentage of web traffic being encrypted, there is so much you can no longer monitor or protect your employees and business from.
Should an employee access content on a compromised, but apparently secure site, the threat gets inside your business network and concerns such as ransomware become very real.
Another example could be an employee falling for a scam Office 365 / Google mail login screen where they enter their credentials in good faith, but in reality, they are simply giving criminals access to your network or emails.
A firewall without DPI-SSL does not have the capabilities to block such traffic.
A simple mistake could result in a data breach and possible GDPR / ICO penalties.
We can advise on the level of UTM (unified threat management) device best suited for your business and make sure DPI-SSL is configured correctly on it.
SonicWALL is an industry leader in Unified Threat Management solutions and we have certified SonicWALL engineers within our support team ensuring our customers get the best security advice and protection available.