Dell Warns of Encrypted Traffic Risk
There was an increase in global HTTPS traffic in 2014, but Dell warns that an increase in the use of HTTPS isn't necessarily a good thing.The 2015 Dell Security Annual Threat Report was officially released on April 13, and one of the surprising findings in the report was an increase in encrypted Web traffic and what that might mean for security overall. "Though the industry pundits have been predicting a healthy increase in HTTPS traffic in general, the 109 percent increase in global HTTPS traffic was something that was a surprise to us," Swarup Selvaraman, senior manager, product management at Dell Security, told eWEEK. "We didn't expect it to grow that fast." HTTPS is encrypted Web traffic that makes use of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol to secure data in motion across a network. While an increase in HTTPS usage on the surface might seem to be a positive indicator for security, that's not necessarily the case, according to Dell's report, which provides insight into the threat landscape over the course of 2014. "It should be noted that HTTPS was not built to protect users from malware, botnets and exploits," Selvaraman said. "Instead, it specifically addresses the privacy between users and the Websites to which they are trying to connect."
The Dell report points to the risk of attacks that use HTTPS as a transport to hide malware. Dell warned that many typical network defenses today are unable to detect encrypted malware that uses HTTPS. To prevent encrypted HTTPS malware attacks, an organization would need to inspect the encrypted data packets. At a broad level, Selvaraman said, it is a debate about protection versus privacy.