SSL/TLS encrypted internet traffic grew 90% year over year from July 2015 to July 2016.
AUSTIN, Texas – November 9, 2016 – NSS Labs, Inc., the world’s leading cyber security product research, testing, and advisory company, today released new research examining the usage of Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption. SSL/TLS enables secure transmissions of private data over the internet, including credit card details, passwords and sensitive personal information. Enterprises use SSL/TLS to encrypt their traffic in order to address multiple issues including controlling access, confidentiality and reducing exposure to protocol–specific attacks (e.g. Heartbleed).
As part of on-going research and analysis, NSS Labs found that HTTPS (SSL/TLS encrypted) internet traffic grew over 90% year over year, with more than 40.5% of websites encrypting traffic by default in July 2016 vs. 21.3% in July 2015. Unsurprisingly, 97% of surveyed enterprises are seeing an increase in encrypted web traffic. NSS predicts this trend to continue with 75% of all web traffic to be encrypted by 2019.
Key findings include:
- More non-enterprise traffic is encrypted than enterprise traffic, depending on region, type of content, etc.
- Over 40% of the most visited websites are encrypted by default; less than 10% have HTTPS properly applied (source: Trustworthy Internet Movement).
- Encryption does not protect us against all threats.
- Many organizations do not have the capability to scan all inbound encrypted content.
- In order for encryption to be truly effective, it should be baked into an architecture—rather than “bolted on.”
- Multiple technical, financial, and social events are accelerating the adoption of encryption.
- Governments have taken differing approaches to regulate the use of foreign-made encryption products.
This is good news for privacy but introduces a challenge for cybersecurity products that prevent malicious attacks by intercepting them as they traverse corporate networks. NSS Labs has seen a rise in the number of attacks that utilize encryption to bypass security controls, underlining the need for solutions. A security product cannot protect against an attack that it cannot see.
“The increase in secure web transactions is encouraging since this means sensitive information is being protected”, said Jason Pappalexis, NSS Labs research director. “However, encryption also creates a false sense of security since threats can be missed because they are now hidden within the packet payload that is encrypted. It is imperative that security solutions are validated so that they are addressing this,” adds Pappalexis.
In order to help Enterprises understand encryption drivers, impact, and potential security solutions, NSS Labs is conducting an SSL/TLS test to determine leading security products’ encryption/decryption capabilities as well as publishing a series of Technical Briefs:
- Part 1: What is driving adoption of encryption technology? Will the trend continue? Do I need to worry about it?
- Part 2: The use of encryption for malicious purpose.
- Part 3: The mechanics of encryption and the modern technologies used to decrypt and inspect encrypted traffic.
- Part 4: How to ensure privacy while maintaining security.
- NSS Labs Test Methodology: SSL/TLS
- NSS Labs Test Reports: SSL/TLS Capabilities & Performance
SSL/TLS vendors are encouraged to submit their products at no cost. Vendors with major market share, as well as challengers with new technology, will be included.