The Fast Mode spoke to Andrea Di Pasquale, Product Manager for Operational Automation, Platforms and Mediation at Anritsu Service Assurance on new encryption technologies and their impact on today's networks. Andrea joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.
Tara: How important is encryption for today’s applications?
Andrea: Encryption is crucial for all applications today. Sensitive data like personal details and identity, economic and financial records, intellectual properties, and more, are the world’s most valuable and vulnerable resource.
The reality is that it could be vulnerable to attack from hackers, identity thieves, and other threat actors. To combat the associated threats, organizations and people must encrypt sensitive data on the Internet and inside private networks. Encryption ensures that sensitive data remain safe at rest and in transit and it makes one of the most important activities of today's applications. In fact, sensitive data stored and transferred on data centers, servers, computers, smartphones, smartwatches and so on, is often exposed to hacking attacks, so encryption protects all sensitive data from unauthorized users’ access and makes it harder for cybercriminals to intercept and manipulate them.
Tara: What technologies/techniques can potentially help in delivering visibility into encrypted traffic?
Andrea: Encryption is being used frequently by organizations and customers on the internet and inside private networks, driven by the shared knowledge that encryption is a sure-fire way to protect sensitive data. However, use of encryption has the effect of making monitoring and visibility into encrypted traffic more difficult.
This effect has led to a rise in real-time visibility for encrypted traffic via two technologies / techniques:
- Decrypt internal traffic for visibility of encrypted traffic by using appliances and software (SSL/TLS decryption).
- Analyse encrypted traffic and infer information based on analyses that can be done without decrypting the data, called Encrypted Traffic Analysis (ETA) by using Deep Packet Inspection (DPI) and Deep Packet Dynamics (DPD) software.
The SSL/TLS decrypting for visibility of encrypted traffic offers much richer information capabilities for full visibility of traffic but degrades the overall performance of the data in transit and increases network latency. The ETA technology, on the other hand, can uncover some encrypted traffic indicators and does not degrade the overall performance, but it is not adequate for analysing internal traffic.
This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.