The Fast Mode spoke to Amit Dhingra, Executive Vice President, Network Services at NTT Ltd. on new encryption technologies and their impact on today's networks. Amit joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.
Tara: How has encryption impacted network and traffic visibility?
Amit: Encryption is a way of transforming the data into a coded format so that only authorized parties can understand the information with the appropriate pre-shared keys and decryption algorithm. This is performed to ensure the confidentiality, integrity, and authenticity of the data being transmitted over the network.
Encryption can have a significant impact on the visibility of network traffic, as it makes it difficult for the network visibility tools to analyze the network. Network administrators rely on the tool's ability to see and understand the content of network traffic to monitor potential issues and gain insights into the overall performance and security of the network. There are several types of network visibility tools, including:
- Network sniffers and packet analyzers: These tools capture and analyze network traffic by capturing the packets and analyzing the payload. They can be used for troubleshooting network issues.
- Network flow analyzers: These tools capture and analyze network flow data to provide visibility into the volume and types of traffic, as well as the performance of network devices.
- Network performance management tools: These tools monitor and analyze network performance to identify and resolve issues that can affect the overall performance of the network. They can be used to detect and diagnose issues such as high latency, dropped connections, and poor performance.
In specific, Network flow analyzers' work is impacted by encryption since they use the flow data to enrich network visibility with application data. With the packet payload being encrypted, tools cannot analyze the network packet payloads to provide visibility. This is where SSL/TLS decryption or fetching the HTTP header from encryption certificates is used to determine the flow and provide better network visibility to the administrators.
In conclusion, encryption has greatly impacted network and traffic visibility by making it difficult for network administrators and security professionals to monitor and analyze network traffic for potential threats or issues. However, the use of encryption is also critical for protecting sensitive data and communications. Network administrators must find a balance between protecting data and maintaining visibility into network traffic.
Tara: How does encryption affect network security?
Amit: Encryption can greatly enhance network security by protecting sensitive data and communications from unauthorized access or tampering. However, encryption can also have a significant impact on network security in other ways.
- Encryption can make it more difficult for network administrators and security professionals to monitor and analyze network traffic for potential threats or issues. When data is encrypted, it becomes difficult to read the payload, which can make it more challenging to detect and prevent security threats.
- Encryption can also affect the performance of network security tools, as the tools may need to spend more resources to process and decrypt the traffic, which can lead to increased latency and reduced performance.
Security devices employ multiple methods to analyze and report security threats of encrypted packets. Deep Packet Inspection (DPI) is a method to analyze the packet for security threats. There are several ways to perform DPI for encrypted data:
- SSL/TLS decryption: One way to perform DPI for encrypted data is to first decrypt the traffic using the appropriate key or decryption algorithm.
- Encrypted DPI: Technique that allows DPI to be performed on encrypted data without the need to first decrypt the traffic. These techniques use pattern matching and machine learning algorithms to identify and analyze network traffic.
- SSL/TLS Proxies: The proxy establishes an SSL/TLS connection with the client, decrypts the traffic, and then forwards it to the intended recipient after DPI
- Cloud-based DPI: Cloud-based DPI services that allow organizations to offload the processing required to decrypt and analyze encrypted traffic to the cloud
In conclusion, encryption can greatly enhance network security by protecting sensitive data and communications from unauthorized access or tampering. However, encryption can also make it more difficult to monitor and analyze network traffic for potential threats or issues, affecting the performance of network security tools. It's important for network administrators and security professionals to carefully consider the impact of encryption on their network security strategy.
This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.
