On the cybersecurity website ThirdCertainty.com, Byron Acohido makes some very important points about the use of encryption by hackers to avoid detection tools and the need to detect these attacks. This is a water cooler discussion at Vectra headquarters. Encrypted traffic is an easy hiding place for attackers and difficult for organizations to deal with.
However, trying to monitor this traffic by decrypting first, performing deep-packet inspection, and then encrypting again at line-rate speeds is problematic, even with dedicated SSL decryption, especially in the long term. There are several factors at play here.
With an increasing global desire for privacy, more traffic is encrypted by default. It is becoming a standard for cloud applications. The Sandvine Internet Phenomena Report states that encryption doubled last year in North America.
This is actually great news, especially for consumer privacy. Enterprises have a strategy to encrypt everything. With this encryption however, attempts to perform SSL decryption mean there will be large volumes of encrypted data to process.