Encrypted Network Traffic

Contents

    What is Encrypted Network Traffic?

    Encryption is a data security practice that converts normal, readable information into an unintelligible cypher. Once network traffic is encrypted, it can only be accessed by authorized users with a key, or by advanced encryption practices that can decode cyphertext. This process allows organizations to safely move confidential and sensitive information around without exposing it to bad actors.

    What are the benefits of Encrypted Network Traffic?

    Strong encryption is critical to protecting sensitive business and personal data. Encrypted network traffic cannot be accessed by attackers and provides no benefit to them.

    Encrypting data as it moves over a network is only part of a comprehensive network data encryption strategy. Organizations should consider risks to information at its origin (before data is sent over a network) and when it reaches its destination.

    The secure sockets layer (SSL) standard technology (i.e., the “padlock symbol” in the browser also referred to as the transport layer security [TLS]) is the default form of network data protection for internet communications. It provides customers with peace of mind and security-conscious companies will increase its level of security by protecting its internal networks, corporate backbone networks, and virtual private networks (VPNs) with network level encryption.

    Organizations can also perform encrypted traffic analysis. This allows network defenders to identify malware communications and threat actors hiding activity in secure encrypted traffic. There are three levels / categories, methodology, and technology of encrypted traffic analysis:

    Level 1: Simple

    • Traffic Analysis – Information available in the network transaction (IP address, ports, protocol, and timing).
    • This technology is network transaction monitoring.

    Level 2: Enhanced

    • Certificate Analysis – Looking at the particulars of the encryption used (cipher suites and extensions, etc.)
    • This technology is deep packet inspection.

    Level 3: Advanced

    • Cryptanalysis – Looking at network traffic characteristics and traits, such as patterns in the sequence of packet lengths and times.
    • This technology is deep packet dynamics.
    • Here are how some organizations are improving their encryption:
      • Encrypted server name indication (ESNI) is an essential feature for ensuring a user’s browsing data is private. ESNI encrypts a previously unencrypted part of the TLS handshake that can reveal which websites a user is visiting.
      • Encrypted Client Hello (ECH), an extension of TLS, enhances the privacy of internet protocol. ECH encrypts the full handshake so that metadata is kept secret. ECH also lays the groundwork for adding future security features and performance enhancements to TLS while minimizing its impact on the end user’s privacy.

    Related Products

    LiveNX

    Network Performance
    Management Software

    LiveWire

    Extend Network
    Monitoring

    LiveCapture

    Packet Capture
    and Analysis

    Related Glossary Terms

    QoS, or quality of service, is key to ensuring the performance of critical applications on a network. Learn how QoS works and its benefits.

    A protocol analyzer is an essential tool for network operations. Protocol analyzers act as a vital intermediary between devices within a network, allowing administrators to gain valuable insights into the active communication between these devices.

    By encrypting “stolen” files and demanding a ransom payment for the decryption key, bad actors force organizations to pay a ransom because it is sometimes the easiest and most cost-effective way to regain access to the files.

    Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time.

    Packet loss causes reduced throughput, diminished security, and other issues in your network. Learn about causes and effects and how you can mitigate its impact. 

    Threat hunting is the practice of an organization’s security operations center (SOC) to proactively search for cyber threats that are lurking undetected in an organization’s network.