It doesn't sound logical, but it's true. As the world moves toward increasing use of network encryption to protect the privacy of network communication, the usefulness of many of our network security tools decreases. This is true because many of these tools depend on the ability to "look inside" network conversations to determine if there is malware present. Unfortunately, encryption makes this impossible.
This general approach to network security is referred to as deep packet inspection (DPI), and it's an important part of many IPS/IDS, next-generation firewall, and payload-analysis tools. Using DPI, security tools scan network packets for recognizable information that provides clues related to the purpose of the communication, who is communicating, and other important indications of validity or threat.
Encrypted communication is invisible to these tools, and is able to pass through them without appropriate scrutiny and analysis.
Some companies are already facing these challenges with DPI-based tools today; many others will need to anticipate the day when network communications become encrypted. When it does, all tools that attempt any form of network-based DPI will be rendered useless.
It's time to anticipate the need for new, non-conventional security methods that offer new levels of threat detection capabilities, smarter and more efficient security actions, and operational durability.
In future posts, I will present other modern security trends and the associated operational realities to highlight where we will all need to make specific changes in our conventional security approaches.
Detect Threats Faster – Start Your Free, No-Risk Trial