Dell Warns of Encrypted Traffic Risk

There was an increase in global HTTPS traffic in 2014, but Dell warns that an increase in the use of HTTPS isn't necessarily a good thing.

threat landscape

The 2015 Dell Security Annual Threat Report was officially released on April 13, and one of the surprising findings in the report was an increase in encrypted Web traffic and what that might mean for security overall.

"Though the industry pundits have been predicting a healthy increase in HTTPS traffic in general, the 109 percent increase in global HTTPS traffic was something that was a surprise to us," Swarup Selvaraman, senior manager, product management at Dell Security, told eWEEK. "We didn't expect it to grow that fast."

HTTPS is encrypted Web traffic that makes use of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol to secure data in motion across a network. While an increase in HTTPS usage on the surface might seem to be a positive indicator for security, that's not necessarily the case, according to Dell's report, which provides insight into the threat landscape over the course of 2014.

"It should be noted that HTTPS was not built to protect users from malware, botnets and exploits," Selvaraman said. "Instead, it specifically addresses the privacy between users and the Websites to which they are trying to connect."

The Dell report points to the risk of attacks that use HTTPS as a transport to hide malware. Dell warned that many typical network defenses today are unable to detect encrypted malware that uses HTTPS. To prevent encrypted HTTPS malware attacks, an organization would need to inspect the encrypted data packets. At a broad level, Selvaraman said, it is a debate about protection versus privacy.

"At a corporate level, organizations should pick a solution which gives them the flexibility to configure those sites and apps that need SSL/TLS encryption and those that don't," he said. "For example, an organization can decide to exclude banking Websites from being SSL-inspected."

The Dell report also calls out the rise in point-of-sale (POS) malware over the course of 2014. Retail malware was a significant concern in 2014, with multiple high-profile breaches occurring, including ones at Staples and Home Depot. Dell noted that in 2014 the Dell SonicWALL Threat Research Team created 13 POS malware signatures, up from only three in 2013.

"The 13 signatures mentioned in the report refer to a family of signatures that can block multiple malware variants," Selvaraman explained. "In addition to on-device signatures—currently at 20,000—we have another 20 million cloud-based malware signatures."

Looking beyond just POS, overall Dell reported that in 2014, 4.2 billion malware attacks were blocked by its security systems, and of those 37 million were unique.

One of the primary recommendations that Dell makes in its report is broader use of two-factor authentication (2FA). With 2FA, a second password or token is needed in addition to the user's primary password in order to gain access to a site or service.

"Users and companies have not widely adopted 2FA primarily due to a lack of convenience," Selvaraman said. "As breaches become more common, we expect organizations with sensitive information will make it mandatory, and we expect the adoption to go up."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.