HITS
NSS Labs Predicts 75% of Web Traffic Will be Encrypted by 2019 (HITS)
Story Highlights
NSS Labs released new research examining the usage of Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption. SSL/TLS enables secure transmissions of private data over the internet, including credit card details, passwords and sensitive personal information. Enterprises use SSL/TLS to encrypt their traffic in order to address multiple issues including controlling access, confidentiality and reducing exposure to protocol-specific attacks (e.g. Heartbleed).
As part of on-going research and analysis, NSS Labs found that HTTPS (SSL/TLS encrypted) internet traffic grew over 90% year over year, with more than 40.5% of websites encrypting traffic by default in July 2016 vs. 21.3% in July 2015. Unsurprisingly, 97% of surveyed enterprises are seeing an increase in encrypted web traffic. NSS predicts this trend to continue with 75% of all web traffic to be encrypted by 2019.
This is good news for privacy but introduces a challenge for cybersecurity products that prevent malicious attacks by intercepting them as they traverse corporate networks. NSS Labs has seen a rise in the number of attacks that utilize encryption to bypass security controls, underlining the need for solutions. A security product cannot protect against an attack that it cannot see.
“The increase in secure web transactions is encouraging since this means sensitive information is being protected,” said Jason Pappalexis, NSS Labs research director. “However, encryption also creates a false sense of security since threats can be missed because they are now hidden within the packet payload that is encrypted. It is imperative that security solutions are validated so that they are addressing this,” adds Pappalexis.
In order to help Enterprises understand encryption drivers, impact, and potential security solutions, NSS Labs is conducting an SSL/TLS test to determine leading security products’ encryption/decryption capabilities as well as publishing a series of Technical Briefs:
