Hidden malware: exposed

Johannesburg, 27 Mar 2019
Read time 3min 30sec

Cyber security continues to climb the priority list for organisations of all sizes and, with things changing as quickly as they do and new threats being introduced daily, not to mention attackers continuously evolving their approaches, it's difficult to keep up.

The latest threat under debate is that of hidden malware. "It's a sneaky one," says Simon McCoullough, F5 Networks' major channel account manager. "Whereas threats like ransomware are really scary exhibitionists that strive to be acknowledged and feared, hidden malware would actually prefer to never be found.

"That way, it can lie in the dark collecting personal and business data with absolutely nobody being the wiser."

With a large percentage of businesses now encrypting their Web traffic using SSL/TLS, it's good to note that many have increased their use of data encryption in an effort to stall hacks and threats. But, these encryption measures come with their own, brand new set of issues.

"Overall, this is a positive trend," says Anton Jacobsz, managing director at Networks Unlimited. "However, as they do, hackers have quickly evolved their approaches and found a way to introduce hidden and malicious code, with SSL/TLS encryption basically serving as a tunnel, allowing it smooth and hidden passage as it breezes through firewalls and into the business network, undetected."

This reality is forcing businesses to build or adopt efficient solutions that allow their network and apps to respond to the increased demands of ubiquitous encryption.

There are a few routes these businesses can take, says McCoullough, but only one of them is worthwhile, he adds.

1. Do nothing: "We can hold our breath and pray they don't find us, but it's not likely or smart," he says. "Attackers are increasingly concealing their code in traffic that security devices cannot see, the 'do nothing' option is a recipe for disaster."

2. Deploy a decryption air gap: Decryption air gaps are where security teams decrypt inbound and outbound traffic before passing it through a daisy chain of security inspection devices and then re-encrypting it. "This approach may uncover the hidden malware so that it is at least seen, but it also creates a red zone, where user passwords are transmitted into the open," says McCoullough.

3. Orchestrate: When applying policy-based decryption and traffic steering to both inbound and outbound traffic, companies can conduct their "orchestra" of security devices. A high-performing SSL/TLS orchestration solution can improve visibility and protect apps while increasing the security, efficiency and resilience of the security stack.

Jacobsz explains how it works: "Outbound traffic flows into the SSL/TLS orchestration device, which decrypts it. Then, based on a set of customisable rules, the encryption traffic passes directly to the associated chain of security devices.

"Traffic is scanned and cleared by the security devices and it goes back to the SSL/TLS orchestration device, which re-encrypts it and sends it on its way."

Visibility into encrypted traffic is key to protecting applications and securing data and an SSL/TLS orchestration solution can provide high-performance decryption and encryption of outbound TLS traffic, without slowing down your traffic, he adds.

"The current growth of hidden malware within encrypted traffic is cause for concern," says McCoullough. "Without visibility into SSL/TLS traffic, you're going to be facing some serious blind spots in your security, which could lead to data breaches, financial losses and damage to the corporate brand."

And so it is essential to regain visibility into this traffic, allowing malware-scanning and prevention devices to protect apps and the network.

Much like a conductor who needs to see every musician in the orchestra, enjoying better visibility means increased performance and less risk, he concludes.

Click to read the F5 report: Increase visibility to boost security.


F5 makes apps operate faster, smarter and safer for the world's largest businesses, service providers, governments and consumer brands. F5 delivers cloud and security solutions that enable organisations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com.

Networks Unlimited

Networks Unlimited is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Attivo Networks, Cofense, Carbon Black, Fortinet, F5, Hypergrid, Mellanox Technologies, NETSCOUT, NETSCOUT Arbor, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Thales, Tintri and Uplogix. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, WiFi, mobile and networking security, load balancing, data centre in a box, and storage for virtual machines.

Since its formation in 1994, Networks Unlimited has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the sub-Saharan Africa market.

Editorial contacts
icomm Vivienne Fouche (+27) 082 602 1635 vivienne@pr.co.za
Networks Unlimited Siyandiswa Mthanti (+27) 011 202 8400 siyandiswa.mthanti@nu.co.za