By Russ Levanway, CEO
I recently returned from an HTG Peer Group conference where I met with a number of my colleagues from around the country to discuss trends in technology and business. Over the course of the conference, a very hot topic emerged: the benefits and liabilities of encryption.
Not that long ago, most traffic traveled across the internet unencrypted and relatively easy to intercept. Today, in order to secure traffic, the right side of the law has been using more and more encryption methods. For instance, when you visit a website and enter your credit card number, the page is always encrypted; when you enter a username and password, that’s also always encrypted. You will typically notice this via the yellow padlock next to the web URL in your internet browser.
But how does encryption work? During a transaction of data on the internet, both the originating location and the receiving location have to share something called a key or a token. Without getting too technical, these can be public or private keys, typically 128 or 256 bits long and are impossible to guess. (Guessing a 128-bit key would take a supercomputer about a billion years.) Being mostly hack-proof, keys provide a safe tunnel or channel for data across the internet.
Wolf in Sheep’s Clothing
But here’s where it gets interesting: Hackers have recently made use of secure channels for transmitting data on the internet, too. In other words, that which was meant to protect safe data is now used to protect malicious data, and also as a means to lock people out of their own files and hold them for ransom. This is exactly what happened last week with the massive ransomware attack called “WannaCry”.
Until recently, the conventional wisdom was always to deploy a firewall, which acts as a secure door into your network. The door would only be opened for certain types of traffic traveling on specific ports. In the old days, when most traffic went unencrypted, a firewall could look at packets of internet traffic and figure out if it was legitimate or not by analyzing the actual data. Today, about 70 percent of web traffic is encrypted, for both legitimate and illegal purposes. Because a firewall cannot decrypt this traffic, it doesn’t always know what is going through the doors.
Smartest Software in the Room
Don’t get me wrong: firewalls are still very valuable because they provide a secure gateway into your network. But they’re less and less valuable at protecting against certain kinds of attacks. As the online landscape changes, more layered levels of security are required for comprehensive protection. In addition to firewalls, we use advanced, journaling anti-virus software, spam and virus email filtering, and web umbrellas that scan your content to verify if it is safe or not.
As an example of how these tools work, our web umbrella OpenDNS might notice data being transmitted from your network to a network in China. If your company regularly does business in China, the software is smart enough to realize that your transaction is legitimate. But if you rarely share information with locations in China, the software will suspect something is wrong and block the traffic. This sounds simple in concept, but is actually quite complex and entails machine learning – software analyzes data to discover how your company works and what it does every day on the internet. In our industry, this is the cutting edge of information security: software that uses advanced machine learning to detect traffic patterns, even if it doesn’t know what is behind the encryption wall.
At TekTegrity, our current layers of protection (for clients and ourselves) are very good because we’re always adapting to stay ahead of the game as traditional security tools become less effective. We believe predictive software – which uses advanced learning to flag anomalies in normal traffic patterns – is the next frontier in network protection.