Photo Credit: ccarlstead via Compfight cc
According to Greek mythology, a few thousand years ago the Trojan War waged between the city of Troy and Greece. The Greeks were able to defeat and destroy the city of Troy after invading it for many years. The city of Troy was fortified against attacks and was designed in a way to protect the people inside the thick walls from the outside enemy. After many unsuccessful attempts to get behind the gate, the Greek army appeared to give up and sail away back to Greece. As a peace offering, they left a large wooden horse at the city’s gate.
The Trojans discussed what to do about the wooden horse and finally decided to bring it in within the city. What Trojans did not know is that Greek soldiers were hiding inside the wooden horse. Later that night after everyone was asleep, the hidden soldiers came out and opened the city’s gate to let the Greek army come in. That was the beginning of the end for the city of Troy.
Most security professionals associate this story with Trojan horse malware, a malicious program that hides itself inside another program and tricks the user to download it. However, we should look at this story from another perspective as it relates to information security.
So, what can we, as security professionals, learn from Troy’s fatal mistake? Typically, organisations (the city of Troy) implement a layered security approach to protect their assets. Solutions such as firewalls (tall and thick walls), IDS (soldiers on the walls to look out), IPS (soldiers with bow and arrows on the walls to look out), and DMZ (a moat) are implemented for better security posture.
These security controls are designed to detect and protect assets from visible threats. If data is encrypted (Trojan horse) and contains a malicious payload (soldiers hidden inside the horse) then it is very likely that the above security controls will be bypassed (the Trojan horse was brought inside the city walls without being checked) because they simply do not have visibility into this type of traffic.
Once the malicious payload makes it inside our organisation and bypasses our security controls, it might be too late to save the sensitive data that we are hoping to protect. We can clearly see how the city of Troy was destroyed once the wooden horse was allowed to enter the city. If Trojan soldiers checked what was inside the horse before bringing it in, their city could have been saved. Our organisation must have visibility into encrypted traffic that enters inside our environment. Obtaining visibility into encrypted traffic and finding hidden threats by decrypting it can save our organisation from potential disaster and data breach.
Just like the Greek army, hackers are realising that direct and visible attacks are no longer efficient and so they develop new creative ways to get a foothold within our environment. Security professionals cannot afford to have a blindfold over their eyes when it comes to encrypted traffic entering their networks. They must have the visibility into it in order to apply a comprehensive and holistic security approach, one that is much needed in this cyber era to protect the data treasury within the network. The hackers will hide more and more of their attacks in encrypted data; we have to be one step ahead of them by inspecting it at our perimeter.
The bottom line is that encryption really became a double-edged sword. It helps us protect our data from hackers, and at the same time it allows hackers to hide their malicious payload from us. Hackers will leverage SSL encryption even more as our security monitoring tools do not have the ability to inspect it. The good news is that there are more tools on the market that now include features to conduct SSL decryption, allowing our security team to have visibility into encrypted tunnels in and out from our organization. There will be tribulations and challenges along the way that we must be prepared to overcome, such as performance impact and latency when the solution is configured inline.
This analogy will also be available in Serbian, Croatian, and Serbian Cyrillic:
