Are your managed security strategies staying ahead of encrypted attacks?

Part 1: Understanding the rise and impact of malicious, encrypted network traffic

Digital innovation holds multiple advantages for small and mid-size businesses (SMBs) — it’s also creating a threat landscape like nothing we’ve experienced in the past.

For cybercriminals, this changing threat surface offers plenty of opportunities for attack — the cloud-enabled global workforce is part of an active Internet population of 4.5 billion and growing. 

In fact, even before COVID-19 drove a daily reliance on cloud apps and remote access technologies, web-based attacks were climbing. New data from Verizon’s 2020 Data Breach Investigations Report reveals that in 2019, more than 43% of breaches were caused by attacks on web applications — more than double the results from last year.

While the growing volume of Internet traffic requires robust data protection, encryption technologies like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) — key tools for securing web traffic and enabling secure Internet usage — are also being leveraged by cybercriminals to stage malicious, web-based attacks. 

In our new What’s Hiding in SSL/TLS Traffic? white paper, we provide key insights to help managed service providers (MSPs) and managed security service providers (MSSPs) understand the growing risks of encrypted network traffic and discover how cloud-based security strategies can better defend against these new threats.

Let’s take a look at both the trends driving malicious, encrypted traffic and the challenges for MSPs and MSSPs.

Trends driving the growth of encrypted traffic

First, consider just a few workplace trends creating new challenges when it comes to cybersecurity: 

  • 42% of U.S. workers are working from home since the COVID-19 pandemic started — accessing apps and data outside the walls of the company network.
  • 87% of businesses rely on their employees’ ability to access business apps from their smartphones — using, most likely, a mix of personal and business devices to access and share apps and data.
  • Bring your own device (BYOD) policies reportedly generate $350 each year per employee, and two extra hours of productivity — justifying, most likely, a company’s investment in BYOD.

Now let’s look at a few issues that still exist for MSPs and MSSPs as these trends unfold:

  • Outdated equipment: Legacy appliances are creating real barriers to securing the networks of modern workforces.
  • Properly functioning and integrated security tools: As the tech stack grows to accommodate today’s web threats, all elements of a layered security strategy — the antivirus, sandbox capabilities, SSL inspection tools, and more —must work effectively. 
  • Challenging customer requests: The rush to provide fast protection may leave less-than-ideal results for the customer, fueling service requests or worse, impacting customer retention.
  • Unnecessary, rising costs: With shrinking margins and more time than expected going to servicing today’s customer, overpaying for security tools is the last thing MSPs and MSSPs want to do. The reality is that traditional security appliances represent a significant, ongoing expense.

Understanding the risks, building an advanced defense

If you’re an MSP or MSSP, visibility to the trends and issues driving encrypted attacks and the ways cybercriminals can penetrate networks are critical to creating a solid web defense for your customers.

Today’s IT service providers must have a thorough understanding of the factors driving the rise in encrypted attacks and access to security strategies to create a proactive, advanced defense for their SMB customers. 

To provide these insights, we created our What’s Hiding in SSL/TLS Traffic? white paper.  Download a complimentary issue today and stay ahead of malicious, encrypted traffic.

--> -->