Cryptographic Visibility: Quality Encryption at Your Fingertips

There is only one thing more important than the right answer, and that is asking the right question. I have spent my entire career doing security analytics and all of the useful analytics I have ever delivered to the market have been grounded in asking the right questions. With that in mind, I’d like to start this blog by asking you this:

How much of your digital business is transmitted in the clear versus encrypted and how would you assess the quality of that encryption?

I’ve spoken on Encrypted Traffic Analytics where most of the storyline is about detecting malicious traffic without having to perform decryption. However, that same telemetry used for malware detection can also be leveraged to answer those questions I posed to you above. With the release of Stealthwatch 7.0 and the new Cryptographic Audit App, I’m excited to take this opportunity to talk about features that can provide you near real-time visibility on the state of your network encryption.

Twenty years ago, you needed to be a network expert to bring up a cryptographic tunnel between endpoints or between networks. Today, most people don’t even know they are safely transmitting over strong cryptographic tunnels. Every time you type in https:// or the browser defaults to this, you make use of the Transport Layer Security (TLS) protocol, which makes your conversation safe and secure over even the most hostile networks. The ability to do something that once required deep knowledge and a thorough understanding of network architectures is now something most of us do on a daily basis without giving it so much as a second thought. It is truly amazing to me how far we have come since the birth of the Internet.

When network telemetry was first invented, the analytical outcomes were focused on questions like “Can host-A reach server-B?” Availability and network performance were the key objectives of the time, so telemetry like Netflow and IPFIX were the appropriate metadata needed to achieve these goals. Fast forward to today, where the digital business would also like to know “Is the connection between host-A and server-B secure?” In order to achieve this, Cisco had to innovate and developed an extension to NetFlow known as Encrypted Traffic Analytics telemetry, which Stealthwatch can analyze for you to give you the cryptographic visibility you need to govern your network security policies.

While it might not be obvious at first glance, the Cisco routers and switches are delivering telemetry, shown in the Sample Cryptographic Audit above, reporting critical metadata like the version of Transport Layer Security (TLS) being used, the Cipher Suites, and Key Lengths, all of which show what is happening across your digital business. For those of you who fall under PCI Compliance, you now have a way to provide evidence that for your PCI assets, you are running TLS version 1.1 or higher, as running TLS 1.0 would be a violation as of June 2018. Better still, after you clean things up, you can also setup alerts anytime something within PCI scope violates this policy – how awesome is that!

Let’s face it, TLS is the new TCP (Transmission Control Protocol). Having been at this for more than 25 years, I celebrate the fact that more than 90% of all network traffic these days is safely secured by cryptography. New versions of TLS get better, faster, and stronger which is awesome. While we throw a party for this achievement, lets also make sure we have systems in place to help us be vigilant and verify that what we intend to have happen is actually happening.

So, when it comes to the question of “How much of your digital business is transmitted in the clear versus encrypted and how would you assess the quality of that encryption,” Stealthwatch can provide you with an answer. With Stealthwatch 7.0, when your network tells you all this useful metadata, you can have a minute-by-minute status on your network visibility along with telemetry reports on critical metadata which now includes cryptographic details!