Using Encryption to Bypass Online Security

SSL has improved online security for businesses and individuals. Although encryption has reduced your data’s exposure to casual observation, it has also created new ways for hackers and state actors surreptitiously to gain access to your systems. Cybercriminals have been using encryption to bypass online security controls.

Two of the most popular methods of encryption, SSL and TLS, have both helped and hurt business and personal internet users.

Recommended resource (Get it on Amazon): Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications (Affiliate Link).

Using encryption to bypass online security

Cloud-based applications and services have boosted the use of SSL/TLS encryption. Knowing that most Secure Web Gateways never decrypt traffic, hackers can often enter and exit networks and devices undetected.

Even companies equipped with Unified Threat Management systems are vulnerable for the same reason: They don’t encrypt inbound and outbound SSL/TLS traffic.

Social media apps exasperate the problem because they typically use encryption to secure data transmitted between their apps and servers.

File storage services and search engines also complicate the security landscape.

Encrypted Traffic Analytics

Combatting the exploitation of SSL/TLS requires the implementation of Encrypted Traffic Analytics. ETA attempts to identify malware and other dangerous communications via

  • Passive monitoring.
  • Extraction of metadata.
  • Supervised machine learning.

ETA considers four primary aspects of your data:

  • Packet sequence, length, and duration.
  • Byte distribution.
  • TLS characteristics.
  • Initial data packet.

By choosing architecture, such as CISCO Application Specific Integrated Circuit, you can extract relevant data elements without negatively impacting network speed.

Cisco ecosystem

A simple way to implement ETA involves one or more of the following network products alongside Secure Network Analytics:

  • Catalyst 9000 switches. Built-in end-to-end security for IoT, mobile apps and users, and cloud services.
  • ISR 1000 series. A single device that provides internet access, security, and wireless.
  • ISR 4000 series (for branch sites).
  • CSR 1000V. Acommodate multiple tenants while securely routing data across public and private clouds.
  • ASR 1000 series. Secure network edges to protect against vulnerabilities with your service providers.
  • Catalyst 9800. Wireless controllers with built-in capabilities such as runtime defenses, secure boot, integrity verification, hardware authentication, and image signing.

More about SSL/TLS exploits

Individuals, small businesses, and enterprises all depend on SSL/TLS to protect their data from prying eyes.

Normally, SSL is good. When you visit an SSL-equipped website (using HTTPS rather than HTTP), encryption protects all the data exchanged between your web browser or app and the host server.

Seeing that SSL makes data unreadable, hackers and government agencies use it to disguise malicious payloads. Since they use SSL/TLS encryption, normal online security devices, such as routers, scanners, and switches cannot recognize them.

In other words, businesses depend on SSL/TLS for operational security, but they must also defend against SSL/TLS attacks.

Responsible SSL/TLS implementation requires both offensive and defensive measures to prevent unauthorized people and systems from using encryption to bypass online security.

Next steps

Besides reading additional resources hosted here at, we recommend the following resource to learn more about hacking and how to defend against it.

Hacking: The Art of Exploitation, 2nd Edition 2nd Edition
by Jon Erickson (Amazon affiliate link)