February 1, 2017

Google Chrome 56 and What It Means for Enterprise Security

Last week, Google announced that a stable update to their browser, Chrome, is now available. Chrome 56 is notable for the labeling of unsecured HTTP sites, having HTML5 enabled by default, and automatically blocking Adobe Flash player. However, it still presents uncertainty as to how it will affect website performance, search rating, browsing experience, and enterprise security.

One critical update that comes with Chrome 56 is the ability to label websites as SECURE and NOT SECURE, based on whether or not the website uses SSL encryption for its communications. If the website employs a secure connection (i.e. using HTTPS vs. the insecure HTTP), it will be labeled as SECURE. Consequently, if the website is not secure and handles sensitive information, such as credit card data, then Google will mark the site as NOT SECURE. 

Picture1

To remain competitive, websites will be forced to use SSL encryption. In fact, Google already prioritizes sites with https:// over http:// in their search rankings. That being said, the Chrome 56 release will likely result in an increase in the amount of HTTPS traffic on the Internet.

At Herjavec Group, our Network Security Architects have been investigating how Chrome 56 will impact enterprise security, specifically perimeter network technologies (e.g. firewalls, URL filtering, sandboxing, and Advance Persistent Threats) and detection technologies (e.g. SIEM, Security Analytics, DLP, etc.)

“The majority of attacks that Herjavec Group investigated in 2016 involved the use of encrypted channels to communicate with the control server on the Internet,” states Evgeniy Kharam, Director of Network Security Architecture at Herjavec Group. “By utilizing SSL inspection, an organization is able to monitor this encrypted traffic, gaining the ability to report malicious network communications, and better defend themselves.”

Without SSL inspection and visibility your organization’s risks include:

  • Increased utilization of network security device capacity without proportional security benefits
  • Blocking on the basis of URLs or Application protocols on the inline devices will be harder
  • Unauthorized transfer of intellectual property from the enterprise network
  • SOC operators will miss attacks
  • Evidence of compromise will be encrypted
  • Overall risk of a security breach will increase

In short, inspection devices will become crucial with the expected increase of SSL encrypted websites and the elongation of encryption keys. Monitoring SSL inspection/visibility devices will become highly important in the future, to ensure that the network security architecture is optimal for performance and visibility.

SSL inspection requires a significant process. There are a number of important steps that need to be followed to ensure that user experience is not disturbed, network degradation does not occur, web browsing and HR policies are not violated, and that all the tools needed to inspect/see traffic are working as designed.

For this reason, many enterprises use the following technologies to decrypt SSL traffic:

  • Next Gen Firewalls: Palo Alto Networks, Checkpoint
  • URL Filtering: McAfee by Intel, Blue Coat, Forcepoint
  • Load Balancers: F5, A10, NetScaler
  • SSL Visibility Appliances: BlueCoat

Although there are many sophisticated designs used for SSL inspection, typically the following design is seen:

Picture2

Herjavec Group recommends validating your SSL inspection design to better intercept and decrypt corporate traffic. Additionally, consider more sophisticated endpoint security technologies to spot malicious communications before the network is compromised.

To validate your SSL inspection design, or to start an SSL inspection/visibility project for your organization, please contact a Herjavec Group security specialist today.


About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across Canada, the United States, and the United Kingdom. For more information, visit www.herjavecgroup.com.

Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group
 sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.