Common Misunderstandings about SSL Encryption: Separating Fact from Fiction

By: Mohammed Al-Moneer, Regional Director, MENA at A10 Networks

The amount of Internet traffic secured via SSL encryption is surging to new heights every day – it’s estimated that nearly 70 percent of all web traffic uses SSL encryption and 86 percent of that uses advanced encryption methods like Elliptical Curve Cryptography (ECC) and Perfect Forward Secrecy (PFS).

On top of that, when you consider the massive growth in Internet of Things (IoT) devices coming onto the network that are beginning to also require fast processing of encrypted traffic, it’s no wonder businesses are concerned about a potential “encryption crisis” that vendors are struggling to address. To this point, research and analyst firm IHS Technology estimates that the number of IoT devices could spike to 30.7 billion in the next three years, and cautions that those devices should leverage secure communication methods such as encryption.

Despite the potential blind spots introduced by encrypted traffic, which makes it harder to detect malware and other cyber threats, some companies elect to go without the ability to inspect this encrypted SSL traffic at all. Why? Because there are a host of misperceptions regarding SSL-encrypted traffic.

Here, we separate fact from fiction and share a few common SSL misperceptions and the reality.

SSL is complicated, slow, requires many resources to inspect and introduces new risks for networks. Actually, these days, it’s possible for SSL processors to reach speeds as fast as 44,000 SSL connections per second (CPS) for 128B file sizes. And by using application delivery and server load balancing technology, you can offload the compute-intensive SSL/TLS processing from web servers for faster processing of SSL traffic.

We don’t expect any increases in overall SSL traffic. Some customers claim that as they’re transitioning to using traffic-heavy applications such as Office 365, their SSL traffic nearly doubled. Introducing new business tools requires a better understanding of new demands on your network – and an even greater need to inspect the traffic that’s coming into your network. And when you consider the need to address the swell of traffic generated by IoT devices that comes in close proximity of your business, you add an even greater need to swiftly and securely process this traffic.

I already know what’s happening with our network traffic. In reality, many IT professionals don’t realize how much encrypted traffic is on their network until they actually install SSL/TLS encryption solutions – especially those that support protocols other than HTTPS and can detect SSL/TLS on non-standard ports. SSL/TLS encryption in high-throughput, high-connection-rate scenarios can give enterprises assurance with their email platforms that can effectively become a “ransomware killer.”

I already have an encryption solution, so don’t need a dedicated appliance. While it’s true that many all-in-one solutions can process encrypted traffic, there is often an SSL performance tax associated. Can you sacrifice security for performance, or vice versa? Having a dedicated appliance for SSL encryption takes the processing demands off your other appliances, meaning you don’t suffer the SSL performance hit.

All we have to do is block access to unsavory websites and we’re safe: There are numerous examples of legitimate websites being exploited, cross site scripting and malware – in the form of adware. All of this is prevalent in websites that employees visit during normal daily activity. On top of that, you also have to factor in all the added risks mobile workers bring into secured perimeters – or simply office employees with mobile devices that include apps with weak security – that can introduce malware to the corporate network. Bad traffic doesn’t come from unsavory websites alone. It’s important to have an encryption solution protects your network from all angles.