HTTPS Scanning – Uncovering Hidden Malware

By on

A colleague of mine recently recounted a conversation he had with two McAfee Web Gateway customers at an industry event, who complained that malware was still getting into their network. My colleague asked, “Are you using SSL scanning?” and the two customers gave each other that “deer in the headlights” look as they realized that was probably the primary source of their malware infestation.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols used primarily to encrypt communications between a browser and a web site in order to prevent interception by a third party. Every time you access a URL beginning with HTTPS (Hypertext Transfer Protocol Secure), you’re encrypting your interaction with the web site. Indeed, many popular sites, such as Yahoo!, Google, LinkedIn, and Twitter, use HTTPS by default, and the number is growing. Gartner estimates that encrypted web traffic now accounts for between 15 and 25% of all outbound web traffic. (Source: Gartner, Security Leaders Must Address Threats From Rising SSL Traffic, 12/9/2013). Unfortunately, Gartner also reports that “…less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.”

If your organization is one of the 80% that aren’t examining SSL packets as part of your security best practices, you may very well already be infected and not even know it. This is because, during the past few years, malware toolkits have emerged which also leverage HTTPS to hide malware from detection by various forms of network defenses. The bottom line is that if you want to protect your network from infection with malware, you need to aggressively examine all inbound and outbound web traffic, including encrypted traffic.

For more information on HTTPS scanning and other best practices, read the “HTTPS Considerations” section on the “MWG Best Practices and Common Scenarios” site (which, naturally, is encrypted).

Leave a Comment

Similar articles

You’re familiar with the cybercriminals that go after users’ credit card information and look to spread malicious links, but recently, one hacker decided to send a different message. According to Vice's Motherboard, a hacker accessed TOMS Shoes’ mailing list and sent an email encouraging users to log off and go enjoy the outdoors. The email ...
Read Blog
Let’s Reverse the Threat of Identity Theft!! Our online identities are critical. In fact, you could argue that they are our single most unique asset. Whether we are applying for a job, a mortgage or even starting a new relationship, keeping our online identity protected, secure and authentic is essential. This week is Stay Smart ...
Read Blog