Pioneering cybersecurity start-up, Barac, today announced it has extended the capabilities of its Encrypted Traffic Visibility Platform to support version 1.3 of the Transport Layer Security (TLS) specification. Using the Barac platform, enterprises can detect and block malware hidden inside encrypted traffic without the need for decryption. This new capability plugs a critical and emerging gap in enterprise defences. With TLS 1.3, it will become technically impossible for enterprises to ensure the privacy of their internet communications if they are relying on security appliances that need to decrypt traffic in order to scan for malware.
TLS 1.3, which was ratified in 2018 and will replace the commonly used 1.2 specification, includes stronger encryption protocols and streamlined authentication processes in order to strengthen the privacy and improve the performance of internet communications. While this makes it harder for external threat actors to snoop on encrypted traffic, it also makes it more difficult for enterprises to analyse the data traversing their own networks. While under TLS 1.2 it was possible for security appliances to exchange keys with clients and servers – enabling them to decrypt and scan traffic for malware – the newer version’s stricter rules around the key exchange mean this ‘passive mode’ encryption is no longer possible.
Ian Levy, technical director at the UK National Cyber Security Centre, discussed the security challenges that enterprises relying on legacy appliances and decryption will need to address as they adopt TLS 1.3 in his blog from March 2018: “What this means is that enterprises will have to proxy each and every TLS 1.3 connection – whether they need to or not – and for the entire duration of the connection. This reduces the privacy of the employees in that enterprise, massively increases equipment and power costs, and probably increases overall technical risk for the enterprise and its employees. Clearly, that’s not a great outcome.”
Barac’s Encrypted Traffic Visibility platform, which now includes TLS 1.3 support, uses artificial intelligence and behavioural analytics to detects malware hidden within encrypted traffic without the need for decryption. Rather than decrypting traffic in order to scan for malware, it analyses the metadata of the encrypted traffic, characterising it as good or bad with a 99.997 percent level of accuracy. This enables organisations to protect themselves from the rising threat of encrypted malware without compromising user privacy or compliance regulations.
“TLS 1.3 is a giant leap forward when it comes to internet privacy but it also represents a major headache for enterprises relying on traditional security appliances and decryption techniques to identify and stop malicious code hidden inside encrypted traffic. Indeed, under the new protocol, this approach to anti-malware protection will be rendered completely obsolete,” said Omar Yaacoubi, CEO and founder of Barac. “By scanning encrypted traffic metadata rather than the actual contents of the encrypted traffic, Barac stops organisations from having to compromise their own network security in order to meet stringent new privacy protocols.”
The release of Barac’s support for TLS 1.3 follows rigorous testing in a live enterprise environment.