The Fast Mode spoke to Sudhir Patamsetti, Director of Product Management of F5’s Distributed Cloud WAAP Offerings on new encryption technologies and their impact on today's networks. Sudhir joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.
Tara: What are the biggest challenges you see from new encryption technologies such as TLS 1.3?
Sudhir: From our own experience, as well as a research study that we sponsored involving more than 200 companies, F5 has found these to be some of the most significant challenges of implementing new encryption technologies like TLS 1.3:
- Loss of visibility for security monitoring and troubleshooting: TLS 1.3 encryption is known to potentially shield the ability to detect some attacks, diagnose application connection problems, and detect traffic bottlenecks. This loss of visibility and the resulting security concerns (when so many companies have remote workers) has been a big reason many companies are delaying the implementation of TLS 1.3 indefinitely. In a recent F5-sponsored study, 96% of the surveyed companies said they postponed implementing TLS 1.3 and cited lack of visibility as a reason. This lack of visibility increases the potential for security breaches or attacks. Mitigating attacks become increasingly difficult without the ability to identify the source which would require increased funding of human and physical resources.
- Significant implementation and resource costs: We are finding that implementing TLS 1.3 requires some level of change in network/security architecture – in some cases, a complete overhaul. Larger companies with more IT staff and resources can accommodate this better than others. In the previously mentioned study, almost half of the 204 companies polled said they did not have the on-staff talent and/or related security resources to successfully install advanced encryption.
Tara: How has encryption impacted network and traffic visibility?
Sudhir: Many companies today apply a “break and inspect” method of monitoring network security. Traffic and data encrypted with TLS 1.3 makes this method difficult. The “break and inspect” approach involves decrypting network data to inspect it for threats and malicious traffic. But, for half-proxy and other TLS “man-in-the-middle” solutions, TLS 1.3 can effectively block decryption (i.e., the “break” process). This can stifle the ability for anything less than full proxy solutions to detect attacks, diagnose application connection problems, measure application performance, find traffic bottlenecks, and so on. Also, traditional Data Loss Prevention and Intelligent Document Processing tools can be blinded by TLS 1.3 encryption.
Most organizations have controls or requirements from regulators or vendors that mandate a certain level of visibility and security surrounding data transmitted over networks, and TLS 1.3 can render many existing solutions less effective at addressing these controls.
Among the companies that have implemented TLS 1.3, some had to roll back the implementation (in some instances more than once) because of a perceived security threat. In the previously mentioned study, 26 percent of the companies implementing TLS 1.3 said they believe they suffered a security breach because of the lack of visibility due to the implementation.
The irony is that these new forms of encryption were developed to protect data. But we find that many organizations either don’t have the existing network infrastructure in place that would allow them to easily support these implementations and the increasing security risks are becoming more prevalent, limiting their willingness to either upgrade or rip and replace their existing network infrastructure.
This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.
