Simon Mullis - CTO of Venari Security and Hiten Mistry - CRO of Venari
When one door closes, another opens. Many of us have used this phrase to encourage someone who has faced a disappointment, but it takes a completely different meaning in the world of cybercrime.
Each time new defences are introduced to prevent cyber criminals from taking one route, they inevitably find another. Sometimes even hijacking the defences we put in place to use them for their own purposes. And this is certainly true of the adoption of end-to-end encryption.
The move towards encryption hasn’t been overnight; even 10 years ago, many already saw it as an important means of protecting the security and privacy of data. But there has been a recent and significant shift towards end-to-end encryption as a result of increased pressure from privacy-centric advocacy groups and regulators alike. This means that data is no longer just encrypted when it’s at rest, but also when in transit.
This is undoubtedly an important move for organisations to ensure that all potentially sensitive data is processed compliantly and securely. But the premise of encryption – converting the original representation of information – in turn makes it harder for security professionals to understand what data is flowing through their networks. New forms of encryption – such as TLS (Transport Layer Security) 1.3 – make it harder still. Decryption of TLS 1.3 is more difficult and expensive, which makes it nigh impossible to effectively monitor for potentially nefarious activity.
Because cyber criminals are using encrypted traffic in their attacks. In May, the Colonial Pipeline, which provides roughly 45% of the East Coast's fuel, reported that a cyberattack had forced the company to close operations. The Ransomware-as-a-Service used – DarkSide – leverages self-encryption to stay under the radar on its victims’ networks while it gets organised. And it’s no rare instance; in 2020, Cisco estimated that up to 70% of all malware campaigns would use encryption to conceal malware delivery.
A fit-for-purpose solution
We're looking forward. And we believe that this is the only way you can do it
The only way that organisations can hope to keep up in this environment is if they can monitor for malicious activity in their traffic without relying on decryption. This requires a novel solution that moves away from traditional detection methods.
It is a solution that Venari Security is bringing to market. CEO, Tom Millar, uncovered a research project exploring how Encrypted Traffic Analysis (ETA) could help overcome this challenge in 2019. Its potential to completely reshape how organisations tackle this issue was evidenced by the support and investment he quickly secured from some of the best known and most influential figures in the cybersecurity industry, including Paddy McGuinness, the UK’s former Deputy National Security Adviser for Intelligence, Security and Resilience; Lane Bess, former President and Chief Executive Officer of Palo Alto Networks; and Cris Conde, former Chief Executive Officer of Sungard.
Venari Security is able to detect and highlight threats and compliance issues in encrypted traffic without the need for decryption. Using machine learning, encryption traffic analysis (ETA) monitors the behaviour of traffic across a network and provides a precise risk score in the moment. It significantly increases the rate and speed at which malicious encrypted traffic can be detected. Providing an alert in real time, security teams can react immediately to contain threats, rather than responding after the fact.
“We are at the intersection of encryption and data science,” commented Simon Mullis, CTO at Venari Security. “We can apply our machine learning models to understand a great deal of information about an encrypted session: identifying malware infections, communications instructing the malware on what to do next, and attempts to exfiltrate information. It can also understand when a legitimate user might be engaging in unscrupulous behaviour.”
Finding a better solution
There are a lot of players in the network security space that are attempting to shoehorn in traditional security applications to solve the new problem that encrypted traffic poses. This is why Venari Security stands out. It is completely redefining what it means to understand and defend encrypted networks. To quote the Chief Revenue Officer, Hiten Mistry “We're looking forward. And we believe that this is the only way you can do it.”