In the ever-evolving landscape of cybersecurity, one prevailing truth remains: you can’t secure what you can’t see. The rise of hybrid cloud environments has introduced a new set of challenges, with one significant concern being the exploitation of hidden vulnerabilities. Gigamon, a leader in network visibility and security solutions, recognizes the need for better visibility in an age where threats lurk inside encrypted channels. To address this challenge, Gigamon introduces its groundbreaking Precryption™ technology, which shines a bright light on the blind spots within the hybrid cloud, transforming how security teams can detect and respond to threats.
Encrypted Threats: A Double-Edged Sword
Encryption technology, which has become ubiquitous in modern networks, plays a vital role in safeguarding data confidentiality. Unfortunately, malicious actors have discovered how to exploit encryption to hide their actions. Attackers utilize encryption to mask their movements, making detection even more challenging. This includes encrypting their actions, manipulating ports, and mimicking normal traffic patterns, effectively eluding security and observability tools. These encrypted attacks are a significant reason why organizations are shifting towards Zero Trust architectures, which demand full network visibility, regardless of the location of assets. Encryption adds an extra layer of complexity to the equation, and it’s crucial to tackle this issue effectively.
The Challenge of Blind Spots in the Cloud
The rapid adoption of hybrid cloud environments has created unforeseen blind spots in IT and security landscapes. These blind spots often occur with lateral movement, or East-West traffic, which isn’t adequately captured by traditional logging mechanisms. As more workloads find homes in both public and private clouds, it becomes evident that IT and security professionals face vulnerabilities that were previously unknown. In fact, our own security survey revealed that a staggering 31 percent of attacks went undetected by security tools, signifying that the battle against cyber threats is far from over.
The Gigamon 2023 Hybrid Cloud Security Survey revealed a startling fact: over 70 percent of IT and security leaders are not inspecting the encrypted data traversing their hybrid cloud infrastructure. This lack of visibility leaves organizations vulnerable as malware threats often escape detection when hidden within encrypted data, regardless of whether it’s moving internally, externally, or laterally across an organization.
The Need for Observing Encrypted Traffic
Gigamon recognizes the importance of enhancing observability. While network traffic doesn’t lie, it relies on accurate, immutable sources for reliable insights. Traditionally, decryption solutions provided plaintext visibility at the network perimeter. However, with threat actors infiltrating networks and moving laterally inside encrypted channels, more is needed. Modern encryption standards, especially TLS 1.3, have complicated decryption within the cloud. Conventional approaches involving agents and runtime security tools or complex traffic routing aren’t practical. It’s no surprise that many organizations have shied away from tackling this challenge, but the pressure to adopt TLS 1.3, combined with attacker behavior, makes inaction increasingly costly.
Gigamon’s Precryption: A Game-Changer in Cloud Security
Enter Gigamon’s Precryption technology, a groundbreaking solution that delivers plaintext visibility without decryption. Precryption is all about achieving the benefits of decryption without the inherent complexities. By leveraging native Linux functionality, it captures traffic before encryption or after decryption, all without interfering with encryption keys.
Gigamon Precryption technology offers an innovative approach that leverages eBPF technology inside the Linux kernel to provide plaintext visibility. This method captures traffic both before encryption and after decryption, with no need to intercept keys or engage in costly decryption processes. Unlike traditional methods that rely on intercepting encryption keys or resource-intensive decryption processes, Precryption sidesteps these complexities. Precryption operates independently of the application, eliminating the complexities often associated with agent-based approaches.
Here’s how it works:
- Capturing Traffic: Precryption has the ability to capture network traffic at two critical stages. First, it can gather data before encryption occurs. This is advantageous as it provides a clear view of data in its unencrypted form, allowing for more effective monitoring and threat detection.
- Post-Decryption Monitoring: Additionally, Precryption can capture traffic after it has been decrypted. This is important because it allows organizations to maintain visibility into network data even after encryption has been removed.
- No Key Interception: The innovative aspect of Precryption is that it achieves these tasks without the need to intercept encryption keys. Intercepting keys can be challenging, potentially risky, and computationally intensive, adding overhead and complexity to network security processes.
- Independence from Applications: Perhaps one of the most significant advantages of Precryption is its independence from the applications running on the network. Traditional agent-based approaches often require extensive integration efforts, including managing agents across different application versions and upgrade schedules. Precryption avoids these complexities, ensuring that the network remains efficient and secure.
This revolutionary approach provides security tools with a plaintext copy of the traffic, exponentially boosting their threat detection capabilities, estimated to be a remarkable 5–7X improvement according to Zscaler. It eliminates blind spots and enhances threat detection efficiency, a critical aspect of achieving Zero Trust security. Precryption’s agility and independence from applications further simplify its integration into your infrastructure.
Gigamon Precryption technology reveals previously concealed threat activity, including lateral movement, malware distribution, and data exfiltration inside virtual, cloud, and container applications.
Precryption is built on Gigamon’s GigaVUE® Universal Cloud Tap (UCT), a versatile, independent software module compatible with various virtual, cloud, and container platforms. The architecture seamlessly integrates with all major environments, regardless of TLS version, network direction, or the type and strength of ciphers. The implementation is smooth, requiring no routing adjustments and allowing centralized control across your hybrid cloud ecosystem.
Among its key capabilities, Gigamon Precryption technology:
- Easily enables InfoSec, Network, and CloudOps teams to gain full visibility into encrypted traffic across VM or container workloads.
- Seamlessly works with modern encryption methods, including TLS 1.3 or TLS 1.2 with perfect forward secrecy (PFS) enabled, and legacy encryption methods, including TLS 1.2 without PFS.
- Provides full support for organizations with sensitive personal identifiable information (PII) by maintaining data security, compliance, and governance.
- Drastically reduces operational complexity related to decryption by eliminating private key management, thereby enhancing capacity and performance for cloud, security, and observability tools.
Bringing Deep Observability to Encrypted Traffic
As organizations aim for a Zero Trust security approach, the need for visibility into encrypted traffic has never been more critical. Gigamon Precryption technology offers a solution that has been long overdue, allowing organizations to achieve deep observability while meeting evolving standards, regulatory compliance, and securing their hybrid cloud infrastructure with confidence.
As Michael Trofi, founder and CISO at Trofi Security, states, Gigamon’s Precryption technology is a game-changer. It efficiently detects previously concealed threat activity, enabling organizations to shift towards more efficient, distributed security models without compromising performance. For enterprises, Precryption promises to reshape their security processes and significantly bolster their security posture.
In conclusion, Gigamon’s Precryption technology is set to redefine how we approach security in virtual, cloud, and container environments. It empowers security teams by providing the visibility they need to detect and respond to threats hidden within encrypted channels. As the digital landscape continues to evolve, solutions like Precryption are pivotal in maintaining a strong defense against the ever-persistent and increasingly sophisticated world of cyber threats.
References and Resources also include: