Blue Coat

Endorsed by Network. Trusted by Security. Empowered by Cloud.

Caution: That SSL Blind Spot is Growing

The use of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is growing fast, and that’s a good thing for protecting user privacy and business communications. But it’s also a good thing for hackers and cybercriminals—because SSL provides a great hiding place for malware. In fact, 50% of all network attacks will hide in encrypted traffic by 2017, according to Gartner.[1]

Security professionals know about the “SSL blind spot” and most have taken action. They’ve bought tools to inspect SSL-encrypted traffic. They’re using those tools at the critical junctions: at ingress and egress points in the network and near web and cloud gateways. They’ve succeeded in identifying and thwarting attacks. And that has created a new phenomenon in the battle against SSL-borne malware attacks:


New data shows two troubling trends: a massive increase in malware hiding in SSL, coupled with a false sense of security on the part of security professionals. Consider:

  • Blue Coat Labs found dramatic increases in malware using SSL in the last two years*.
  • 85% of security professionals believe their organizations have this issue covered, according to the 2016 Cyberthreat Defense Report from CyberEdge.
  • A large percentage of advanced persistent threats (APTs) that use SSL still go undetected.

The reality is that it’s harder than ever to get a handle on the magnitude of the risk of encrypted traffic traveling through an enterprise. Take a look at this infographic for more details. Then take a second look at how well you’re really equipped to battle SSL-based malware. Because when you’re fighting the SSL blind spot, it’s good to have both eyes wide open.

* To be specific, between January 2014 and September 2015, a little more than 500 samples of malware families were seen to be using SSL each month. In the remaining three months of 2015 this figure soared to nearly 29,000 samples. A similar trend was observed in C&C servers: in Q3 2014, Blue Coat observed approximately 1,000 C&C servers using SSL, shooting up to over 200,000 observed in Q3 2015.

[1] Gartner, Security Leaders Must Address Threats from Rising SSL Traffic, Jeremy D’Hoinne and Adam Hills. Published: 9 December 2013

Show Comments