Google Chrome already flag every site that doesn’t use HTTPS encryption. Starting today, even if a website does use SSL but the certificate was not logged, Chrome will show a full-page warning.
The Web is Moving to HTTPS
Google played a significant role and put pressure on websites to adopt HTTPS, and this change is part of Chromium Certificate Transparency Policy that was announced back in 2016 and implemented starting May 1st. Google is also promoting Jigsaw, supporting anyone to set up and run their own ‘homebrew’ VPN. The change will be completed on Google release of Chrome 68 (July 2018), where the “not secured” marking will appear.
Mozilla also intent is to make HTTPS the new minimum with their HTTPS Everywhere movement. Starting January 2017, Firefox implemented a policy that began marking form elements on HTTP sites as insecure, and they warn users that any login information could become compromised.
As a result, most of the network traffic is encrypted.
How Security Solutions Provide Visibility?
Most can not. Encryption does improve privacy, but it eliminates the option for security products to see the traffic. Privacy requirements provide a simple trick for attackers to hide their threats and communications channels. Encryption also makes life easier for advertisers to apply phishing and to successfully achieve data exfiltration.
How this Affects Enterprises?
This trend affects the enterprise too. According to Gartner, “Through 2019, more than 80% of enterprises’ web traffic will be encrypted.” (Gartner, Magic Quadrant for Enterprise Network Firewalls, 10 July 2017).
Despite being one of the oldest tricks on the web, phishing continues to be a significant problem for organizations. Your users are your assets, but also part of the security problem.
As per our study of 500 business leaders uncovered how Ransomware effects their business we can see several trends:
- 66% of the enterprises experienced ransomware originating from either a phishing, email or social networks.
- 44% of the undertakings experienced from Drive-by-download caused by clicking on a compromised website.
Phishing sites are trying to trick users into entering credentials, personal information, and so on. For this, they want to avoid the “not secured” indication.
SentinelOne Deep Visibility solves this problem
Keeping your business safe in today’s world means protecting your endpoints. SentinelOne automatically mitigates evolving threat attempts, incident by incident, while Deep Visibility provides the look into the encrypted traffic, and the chain of events leading to the compromise attempts are revealed. This way, Deep Visibility protects your company and your workforce from data loss, data breach, monitor phishing attempts, and identity data leakage.
What to see it in action? Leave your details and our team will show you how it works.