Dallin Warne

Clarifying Technical Obfuscation

Tag: cybersecurity

Is Network Security Monitoring Dead in the Age of Encryption?

Over the last several years we have seen encryption become more pervasive. Does it now make sense for security teams to invest in network security monitoring solutions?

With the strong push for encryption on everything from websites to hard drives, encryption is becoming a standard practice for most organizations. Reviewing the graph below from Google’s Transparency Report, we see that a majority of web traffic is now HTTPS.

Percentage of pages loaded over HTTPS in Chrome by country according to Google’s Transparency Report

Encryption is permeating other protocols. In September 2018, CloudFlare announced a new protocol that hides the server name during the SSL handshake. RFC 7858 (DNS-over-TLS) and RFC 8484 (DNS-over-HTTPS) both were proposed this decade and are already implemented by some organizations. (Note that DNSSEC doesn’t encrypt dns queries, but ensures they are authenticated.) SMB and SNMP in their third versions also include cryptographic capabilities. Microsoft’s Remote Desktop protocol now incorporates SSL, and SSH has always been encrypted.

It seems that just about all data transmitted over a network is encrypted or is moving in that direction. It is these reasons that some vendors push to move security monitoring to the endpoint where the machine decrypts the information anyways. Is network security monitoring dead in the coming age of encryption? Continue reading

Cyberdefense Philosophy and the Nature of the Internet

Every organization with an Internet presence is battling for survival. State-sponsored hackers and organized crime groups continue to gather power and are more dangerous than ever before. We have approached the day when organizations must combine forces and reallocate resources to effectively defend against these formidable adversaries.

Continue reading

© 2019 Dallin Warne

Theme by Anders NorenUp ↑

css.php