Does Your Bank’s Firewall Perform SSL/TLS Inspection?

Despite the significant advancements in technology and the sophistication of cyber threats, firewalls remain one of the most proven cyber deterrents. Network firewalls continue to serve as a cornerstone for a solid security strategy. However, some financial institutions have learned the hard way that a misconfigured or out-of-date firewall can leave their networks unprotected. For firewalls to be most effective, they must be able to deliver advanced security services to ensure that various threats are unable to disrupt the integrity of a network.

The Missing Link in Traditional Firewall Technology

Today, the industry standard for transmitting secure data over the internet is known as Secure Sockets Layer, or SSL. A more modern version of this SSL implementation is also known as Transport Layer Security, or TLS. For many companies and financial institutions, there has been a push to implement this technology to securely protect online traffic since it establishes an encrypted link between a web server and a browser. This ensures that all data passed between the server and browser remains private.
While SSL/TLS is effective in protecting the privacy of intercepted data that was transmitted between client and server, it also poses a problem for perimeter security. Legacy firewalls are unable to view the SSL traffic and cannot perform a proper analysis to determine if the encrypted traffic is safe or malicious. This increases the risk of a potential attack, because unsuspecting users can download malicious content and packages that bypass the institution’s perimeter defenses. This can lead to a malware infection or other nefarious activity on the network.

Importance of SSL Inspection

One key feature that all community banks and credit unions should have as a part of their firewall security strategy is SSL/TLS Inspection. Firewalls with the ability to scan encrypted SSL/TLS traffic have become increasingly important as malware and other cyber threats continue to grow and change. SSL/TLS inspection allows the firewall to decrypt traffic that is being transmitted to and from websites, email communications, and mobile applications. Once the traffic is decrypted, a proper analysis of the content can be performed. After the analysis is complete, the data is re-encrypted and transmitted to the client.

Without deploying this level of inspection, institutions run the risk of effectively introducing a “blind spot” in their traffic analysis mechanisms. This can cause major problems since, according to Cyren’s security researchers, some form of SSL is now being utilized in 37% of all malware. Researchers also substantiated that every major ransomware family since January 2016 has been distributed at some point via SSL/TLS. In addition, the average volume of encrypted internet traffic is now greater than the average volume of unencrypted internet traffic, making the need for SSL/TLS inspection in firewalls even more significant.

To adequately protect the network, financial institutions must implement a new approach to security that goes beyond traditional perimeter protection to safeguard the entire network. While firewalls are still critical to any security strategy, for them to be truly effective, they must evolve and become more sophisticated. Financial institutions must look for ways to better protect the network and identify other features to defend against attacks, and SSL/TLS inspection plays a key role in developing a stronger security ecosystem.