ESG Research Report: The Evolving Role of NDR Download Here
Skip to Main Content

Encrypted Network Traffic

What is Encrypted Network Traffic? 

Encryption is a data security practice that converts normal, readable information into an unintelligible cypher. Once network traffic is encrypted, it can only be accessed by authorized users with a key, or by advanced encryption practices that can decode cyphertext. This process allows organizations to safely move confidential and sensitive information around without exposing it to bad actors. 

What are the benefits of Encrypted Network Traffic? 

Strong encryption is critical to protecting sensitive business and personal data. Encrypted network traffic cannot be accessed by attackers and provides no benefit to them. 

Encrypting data as it moves over a network is only part of a comprehensive network data encryption strategy. Organizations should consider risks to information at its origin (before data is sent over a network) and when it reaches its destination. 

The secure sockets layer (SSL) standard technology (i.e., the “padlock symbol” in the browser also referred to as the transport layer security [TLS]) is the default form of network data protection for internet communications. It provides customers with peace of mind and security-conscious companies will increase its level of security by protecting its internal networks, corporate backbone networks, and virtual private networks (VPNs) with network level encryption. 

Organizations can also perform encrypted traffic analysis. This allows network defenders to identify malware communications and threat actors hiding activity in secure encrypted traffic. There are three levels / categories, methodology, and technology of encrypted traffic analysis: 

Level 1: Simple 

  • Traffic Analysis – Information available in the network transaction (IP address, ports, protocol, and timing). 
  • This technology is network transaction monitoring. 

Level 2: Enhanced 

  • Certificate Analysis – Looking at the particulars of the encryption used (cipher suites and extensions, etc.)
  • This technology is deep packet inspection. 

Level 3: Advanced

  • Cryptanalysis – Looking at network traffic characteristics and traits, such as patterns in the sequence of packet lengths and times.
  • This technology is deep packet dynamics.
  • Here are how some organizations are improving their encryption:
    • Encrypted server name indication (ESNI) is an essential feature for ensuring a user’s browsing data is private. ESNI encrypts a previously unencrypted part of the TLS handshake that can reveal which websites a user is visiting.
    • Encrypted Client Hello (ECH), an extension of TLS, enhances the privacy of internet protocol. ECH encrypts the full handshake so that metadata is kept secret. ECH also lays the groundwork for adding future security features and performance enhancements to TLS while minimizing its impact on the end user’s privacy.