Organizations that have not implemented controls for detecting malware hidden in encrypted network traffic are at risk of having a vast majority of malicious tools being distributed in the wild, hitting their endpoint devices.
A study of threat activity conducted by WatchGuard Technologies using anonymized data gathered from customer networks showed 91.5% of malware detections in the second quarter of 2021 involved malware arriving over HTTPS-encrypted connections. Only 20% of organizations currently have mechanisms for decrypting and scanning HTTPS traffic for malware, meaning the remaining 80% are at risk of missing nine-tenths of the malware hitting their networks daily, WatchGuard said.
Corey Nachreiner, chief security officer at WatchGuard, says one reason why more organizations have not enabled network-based HTTPS decryption controls is because of both the perceived and somewhat real complexity of this setup.
“[For] man-in-the-middle decryption to work without messing up the sanctity of the HTTPS certificates that secure that traffic, you have to set up an intermediate
Read the article