It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS and its underlying TLS authentication and encryption protocol.

Related: Why Googles HTTPS push is a good thing

At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.

There is no question that TLS is essential, going forward. TLS is the glue that holds together not just routine website data exchanges, but also each of the billions of machine-to-machine handshakes occurring daily to enable DevOps, cloud computing and IoT systems. Without TLS, digital transformation would come apart at the seams.

However, the sudden, super-saturation of TLS, especially over the past two years, has had an unintended security consequence. Threat actors are manipulating TLS to obscure their attack footprints from enterprise network defenses. The bad guys know full well that legacy security systems were designed mainly to filter unencrypted traffic. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

TLS functions as the confidentiality and authenticity cornerstone of digital commerce. It authenticates connections that take place between a smartphone and a mobile app, for instance, as well as between an IoT device and a control server, and even between a microservice and a software container. It does this by verifying that the server involved is who it claims to be, based on the digital certificate issued to the server. It then also encrypts the data transferred between the two digital assets.

TLS gap

At this moment, threat actors are taking full advantage of a TLS encryption gap. The level of sophistication and scope of harm in play is vividly illustrated by criminal activity at the leading edge. For instance, the Russian Turla hacking ring was recently spotted spreading an innovative Trojan, called Reductor, designed to alter the way Chrome and Firefox browsers handle HTTPS connections. The Turla ring has been able to compromise TLS handshakes so as to give themselves the ability to identify, intercept, and decrypt TLS traffic from any computer they infect.

But its not just the elite hackers causing concern. The TLS gap is so wide open that threat actors of average skill are also having a field day; they are using tried-and-true tools and techniques to steal, spoof and otherwise abuse digital certificates.

Wisniewski

Criminals have been known to simply hack into a website that is already configured to use TLS and simply piggyback on their infrastructure, says Chester Wisniewski, principal research scientist at Sophos, a longstanding supplier of network security systems, based in Oxford, England. Certificates are now being made freely available from Lets Encrypt, so there is less reason than in the past for threat actors to buy or steal certificates. Still, sometimes impersonating a legitimate, known certificate can assist with blending into the environment the threat actor wants to hide in.

Surge of encrypted attacks

The good news is that the cybersecurity community has begun to respond. Sophos moved into the advance guard today by launching a new version of its XG Firewall with Xstream architecture that is specifically designed to efficiently reduce a companys exposure to malicious encrypted network traffic. The new firewall is capable of inspecting encrypted traffic and detecting encrypted attacks, on the fly, without onerous performance penalties, Sophos says.

Were at an early stage of mitigating TLS-facilitated attacks. History tells us that the TLS gap will eventually narrow. But thats obviously going to take some time. This is a vast new tier of exposures, and legacy systems never get changed overnight. Sophos new XG Firewall is a good start to the improved technologies that are needed. But its going to take more than tech advances. Shifts in processes and security culture must be brought to bear, as well. In the meantime, we very well may be in for a long run of major network breaches aided and abetted, if not directly carried out, by encrypted attacks.

I had a terrific discussion about this with Sophos Wisniewski. Here are a few excerpts of that interview, edited for clarity and length:

LW: For context, can you outline the major moves and counter moves made by threat actors vs. companies over the past, say, 15 years?

Wisniewski: Early on, companies had basic perimeter firewalls blocking traffic from known bad IP addresses. To subvert those early firewalls, threat actors began distributing malware that caused an infected computer to call home to centralized command and control infrastructure. Then came next-gen firewalls, which were designed to inspect the content of traffic; the bad guys countered by employing high degrees of polymorphism. Then came real time sandbox inspection to detonate potential threats, which was countered by elaborate schemes to test and confirm that the delivered malware landed on a real computer, not a test bed.

LW: What were the key drivers behind the sharp overall rise in encrypted traffic in the past few years?

Wisniewski: I believe it was mostly driven by Edward Snowdens disclosures about the secret NSA PRISM project designed to spy on Internet communications, at scale. This drove privacy-concerned companies to take encryption more seriously, and it drove Google and others to more aggressively use their muscle to force the world to come along with what they wanted to do.

LW: To what extent do legacy TLS inspection tools fall short?

Wisniewski: Simply having a capability is very different from being able to effectively deploy it. Most solutions today are too slow and complicated for enterprises to seriously consider enabling. Quality solutions need to have as little impact as possible, as well as the flexibility to only inspect what is necessary.

LW: Whats going to happen over the next couple of years?

Wisniewski: Clearly criminals will continue to use and abuse encryption to attempt to cover their tracks, conceal their thefts and hold our data hostage. While many companies have the technology to inspect TLS traffic, they often dont bother, as most products are complicated to deploy, seamlessly, in complex environments. With certificates being available at little to no cost, I imagine we will see a steady increase in TLS adoption by criminals, similar to what we saw for legitimate purposes in the years following Snowdens leaks.

Q: Assuming it remains true that there is no silver bullet, what does the way forward look like?

Wisniewski: As attacks continue to increase in sophistication, it is critical to have layers of defense and to compartmentalize information. This requires combining prevention with an eagle eye for detecting anything you might have missed. The ability to respond quickly and decisively is crucial. As always, this balancing act is forever changing, so having simple, reliable tools allows for the flexibility necessary to stay on top of the latest threats.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/my-take-why-new-tools-tactics-are-needed-to-mitigate-risks-introduced-by-widespread-encryption/

See the original post here:
MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption - Security Boulevard

In this day and age, cybersecurity and privacy on the internet are becoming more and more prominent. A messaging app, called Signal, was only for the cybersecurity nerds and some activists once, as it offered end-to-end encryption and improved privacy protection with very limited number of features. It is considered one of the worlds most secure messaging apps for Android and iOS. Now, its aiming for its audience to change - it is trying to reach the masses.Cryptographer Moxie Marlinspike, Signals creator, is working with WhatsApp cofounder, Brian Acton, who left WhatsApp soon after the app was bought by Facebook. Acton has invested $50 million into Marlinspikes project in order to develop it more. Its important to note that WhatsApp used Signals open-source encryption protocol for the end-to-end encryption of its messages.

In the beginning, Signal was a simple messaging app that relied on its security reputation to attract users - it had only a couple of simple features, such as messages and calls, but nothing more interesting. However, Signal Foundations plans seem to change now as they are bringing more mainstream features such as group messaging, stickers, support for iPad, and working on an option for encrypted contacts to be stored in the cloud, inaccessible to Signals servers and thus only available to the user they belong to.

Brian Acton is actually the one responsible for Signals ambitious growth plan. He says that he has the confidence that the app can reach a bigger audience (it has now been downloaded 10 million times on Google Play and additionally, another 40% of the apps users are on iOS) in the next five years. "Id like for Signal to reach billions of users. I know what it takes to do that. I did that," says Acton to Wired magazine.

Overall, Signals owners expect the secure messaging app to reach more users and become more user-friendly, so its great security and privacy protecting features can be used by more people. After all, who wouldnt want to have whats private remain private while experiencing all the features modern technology has to offer?

Read more:
Encrypted messaging app Signals ambition to become as famous as WhatsApp - PhoneArena

Sophos,a global leader in next-generation cybersecurity, today introduced a new Xstream architecture forSophos XG Firewall with high-performance Transport Layer Security (TLS) traffic decryption capabilities.

This enables it eliminate significant security risks associated withencrypted network traffic, which is often overlooked by security teams due to performance and complexity concerns.

XG Firewall now also featuresAI-enhanced threat analysis fromSophosLabsand accelerated application performance.

Sophos today also published the SophosLabs Uncut article, Nearly a Quarter of Malware now Communicates Using TLS, which explains how23%of malware families use encrypted communication for Command and Control (C2) or installation.

The article details,for example, threecommon and ever-present Trojans Trickbot, IcedID and Dridex that leverage TLS during the course of their attacks.Cybercriminals also use TLS to hide their exploits, payloads and stolen content and to avoid detection.

In fact, 44% of prevalent information stealers use encryption to sneak hijacked data, including bank and financial account passwords and other sensitive credentials, out from under organizations.

AsSophosLabsresearch demonstrates,cybercriminalsare boldlyembracingencryptionin anattempt to bypass security products.Unfortunately, most firewalls lack scalable TLS crypto capabilities and are unable to inspect encrypted traffic without causing applications to break or degrade network performance

With the new Xstream architecture in XG Firewall, Sophos isproviding critical visibility into an enormous blind spot while eliminating frustrating latency and compatibility issues with full support for the latest TLS 1.3 standard. Sophos internal benchmark tests have clocked a two-fold performance boost in the new XG TLS inspection engine as compared to previous XG versions. This is a game-changer.

Latency too often deters IT admins from using decryption, as seen in an independent Sophos survey of 3,100 IT managers in 12 countries. The survey white paper,The Achilles Heel of Next-Gen Firewalls, reports that while 82% of respondents agreed TLS inspection is necessary, only 3.5% of organizations are decrypting their traffic to properly inspect it.

Inspection of TLS 1.3 to detect cloaked malware:New port-agnostic TLS engine doubles crypto operation performance over previous XG versions

Optimized critical application performance:New FastPath policy controls accelerate the performance of SD-WAN applications and traffic, including Voice over IP, SaaS and others, to up to wire speed

Adaptivetraffic scanning: The newly enhancedDeep Packet Inspection (DPI)engine dynamically risk-assesses traffic streams and matches them to the appropriate threat scanning level, enhancing throughput by up to 33% across most network environments

Threat analysis with SophosLabs intelligence: Provides network administrators with the SophosLabs AI-enhanced threat analysis needed to understand and adjust defences to protect against a constantly changing threat landscape

Comprehensive cloud management and reporting in Sophos Central: Centralized management and reporting capabilities in Sophos Central provide customers with group firewall management and flexible cloud reporting across an entire estate without additional charge

Integration withSophos Managed Threat Response (MTR)service: Customers of XG Firewall who also subscribe to the Sophos MTR Advanced service will have deeper actionable intelligence to prevent, detect and respond to threats, as a result of the integration

Sophos new XG Firewall offers a wide array of enterprise-calibre features, with a growing installed base that is now one of the industrys most widely deployed next-generation firewalls, Eric Parizo, senior analyst for enterprise IT strategy, (according to Omdia, Enterprise Decision Maker, January 2020.

Results are not an endorsement of Sophos or SophosLabs. Any reliance on these results is at the third-partys own risk. XG Firewall can win against industry competitors in large part because of Sophos Central, its SaaS-based, single-pane-of-glass management system for overseeing the deployment, management, policy, updates, and response, with optional log management and analytics.

This cloud management platform with the Firewall Management and Reporting feature, plus the TLS inspection, position Sophos XG Firewall as a compelling option for a wide variety of organizations.

At Convergent Information Security Solutions, we are engaged in the management and monitoring of both perimeter and internal cybersecurity for our customers, and until now we were somewhat limited in ourability to monitor SSL/TLS encrypted data streams. Sophos XG Firewallhelps us solve this problem efficiently and affordably with thenew accelerated DPI engine in thelatestversion.

This,combined with new automatically-managed custom IPS rule sets, gives us much more visibility into encrypted traffic going through the network than we ever had before. This feature will immensely improve our customers security and we consider this to be critical, based how broadly cybercriminals are capitalizing on TLS encryption to cover-up and carry out their attacks, Bruce Kneece concludes.

Were also aware of how fast cyberattacks are morphing. With the ability to scan for potentially dangerous files transported inside of SSL/TLS tunnels, in addition to thezero-day detection engine of Sandstorm, we can provide better, faster customer protection, detection and service.

Sophos XG Firewall is available in the cloud-basedSophos Centralplatformalongside Sophos entire portfolio of next-generation cybersecurity solutions. Sophos uniqueSynchronized Securityapproach empowers these solutions to work together for real-time information sharing and threat response.

SUBSCRIBE

Get latest Technology news, reviews, business-related content with a deliberate emphasis on the African narrative and insightful analysis in Nigeria straight to your inbox.

More here:
Cybersecurity Company, Sophos Unveils Xstream Version of its XG Firewall to Secure Encrypted Network Traffic - Technext

If youre a regular Naked Security reader, youll know that weve been fans of HTTPS for years.

In fact, its nearly nine years since we published an open letter to Facebook urging the social networking giant to adopt HTTPS everywhere.

HTTPS is short for HTTP-with-Security, and it means that your browser, which uses HTTP (hypertext transport prototol) for fetching web pages, doesnt simply hook up directly to a web server to exchange data.

Instead, the HTTP information that flows between your browser and the server is wrapped inside a data stream that is encrypted using TLS, which stands for Transport Layer Security.

In other words, your browser first sets up a secure connection to-and-from the server, and only then starts sending requests and receiving replies inside this secure data tunnel.

As a result, anyone in a position to snoop on your connection another user in the coffee shop, for example, or the Wi-Fi router in the coffee shop, or the ISP that the coffee shop is connected to, or indeed almost anyone in the network path between you and the other end just sees shredded cabbage instead of the information youre sending and receiving.

But why HTTPS everywhere?

Nine years ago, Facebook was already using HTTPS at the point where you logged in, thus keeping your username and password unsnoopable, and so were many other online services.

The theory was that it would be too slow to encrypt everything, because HTTPS adds a layer of encryption and decryption at each end, and therefore just encrypting the important stuff would be good enough.

We disagreed.

Even if you didnt have an account on the service you were visiting, and therefore never needed to login, eavesdroppers could track what you looked at, and when.

As a result, theyd end up knowing an awful lot about you just the sort of stuff, in fact, that makes phishing attacks more convincing and identity theft easier.

Even worse, without any encryption, eavesdroppers can not only see what youre looking at, but also tamper with some or all of your traffic, both outbound and inbound.

If you were downloading a new app, for example, they could sneakily modify the download in transit, and thereby infect you with malware.

Anyway, all those years ago, we were pleasantly surprised to find that many of the giant cloud companies of the day including Facebook, and others such as Google seemed to agree with our disagreement.

The big players ended up switching all their web traffic from HTTP to HTTPS, even when you were uploading content that you intended to publish for the whole world to see anyway.

Fast forward to 2020, and youll hardly see any HTTP websites left at all.

Search engines now rate unencrypted sites lower than encrypted equivalents, and browsers do their best to warn you away from sites that wont talk HTTP.

Even the modest costs associated with acquiring the cryptographic certificates needed to convert your webserver from HTTP to HTTPS have dwindled to nothing.

These days, many hosting providers will set up encryption at no extra charge, and services such as Lets Encrypt will issue web certificates for free for web servers youve set up yourself.

HTTP is no longer a good look, even for simple websites that dont have user accounts, logins, passwords or any important secrets to keep.

Of course, HTTPS only applies to the network traffic it doesnt provide any sort of warranty for the truth, accuracy or correctness of what you ultimately see or download. An HTTPS server with malware on it, or with phishing pages, wont be prevented from committing cybercrimes by the presence of HTTPS. Nevertheless, we urge you to avoid websites that dont do HTTPS, if only to reduce the number of danger-points between the server and you. In an HTTP world, any and all downloads could be poisoned after they leave an otherwise safe site, a risk that HTTPS helps to minimise.

Sadly, whats good for the goose is good for the gander.

As you can probably imagine, the crooks are following where Google and Facebook led, by adopting HTTPS for their cybercriminality, too.

In fact, SophosLabs set out to measure just how much the crooks are adopting it, and over the past six months have kept track of the extent to which malware uses HTTPS.

Well, the results are out, and it makes for interesting and useful! reading.

In the this paper, we didnt look at how many download sites or phishing pages are now using HTTPS, but instead at how widely malware itself is using HTTPS encryption.

Ironically, perhaps, as fewer and fewer legitimate sites are left behind to talk plain old HTTP (usually done on TCP port 80), the more and more suspicious that traffic starts to look.

Indeed, the time might not be far off where blocking plain HTTP entirely at your firewall will be a reliable and unexceptionable way of improving cybersecurity.

The good news is that by comparing malware traffic via port 80 (usually allowed through firewalls and almost entirely used for HTTP connections) and port 443 (the TCP port thats commonly used for HTTPS traffic), SophosLabs found that the crooks are still behind the curve when it comes to HTTPS adoption

but the bad news is theyre already using HTTPS for nearly one-fourth of their malware-related traffic.

Malware often uses standard-looking web connections for many reasons, including:

See the original post here:
Malware and HTTPS a growing love affair - Naked Security

Section 230 of the Communications Decency Act is widely criticized, widely praised, and widely misunderstood. The policy allows basically every major website from YouTube to Wikipedia to exist in its current form. Depending on who you ask, this is either a wonderful development or a complete disaster. Thats made Section 230 a fixture of recent internet policy debates, particularly at the US Department of Justice, where there is a growing interest in changing the law.

The Justice Department publicly kicked off that process today, assembling three panels of experts to lay out reasons for changing or preserving Section 230. Attorney General Bill Barr emphasized that this wasnt a policy-making workshop, but the panels still hinted at which arguments the US government finds most compelling. And while this might sound like a low bar, they were actually arguments about the law not the weird fantasy rules that dominate similar debates in Congress and mainstream press. That made it an unusually vivid window into the way prosecutors and lawmakers think about the 230 and how to change it.

Here are the five points that stood out the most.

Section 230 has been invoked for a lot of bad content libel, shady gun sales, even defective dog collars. But todays workshop workshop centered three particularly ugly issues: non-consensual pornography, harassment, and child sexual abuse material.

The Justice Department panelists included lawyer Carrie Goldberg, who started a high-profile fight with Grindr over a horrific harassment campaign; University of Miami professor Mary Anne Franks, who helped draft the first revenge porn law; and Yiota Souras of the National Center for Missing and Exploited Children. All laid out sometimes in graphic detail ways that abusive partners and sexual predators have weaponized the web.

Some of the wonkier and less dramatic cases got short shrift. Panelists only briefly mentioned a brewing fight over how Section 230 covers online marketplaces, for instance although it has huge implications for sites like Amazon and Airbnb.

The tight focus helped ground an abstract legal debate in human terms. At one point Souras objected to a flippant mention of death by ten thousand duck-bites a reference to websites being inundated with legal complaints under a weakened law. We need to be careful with this terminology, she argued. I know there is a business cost to that, but there is a person who has been harmed online behind every single one of those duck bites.

But weve seen heart-wrenching issues get cynically coopted to pass bad laws before. The FOSTA-SESTA rule, which cut Section 230 protections for prostitution-related material, was billed as a fight against human trafficking while glossing over its very real collateral damage among sex workers. Interestingly, FOSTA-SESTAs impact didnt get discussed extensively during the panels although Souras said its passage has roughly correlated with a drop in child abuse material.

In a short opening speech, Attorney General Bill Barr called the Section 230 workshop an outgrowth of antitrust investigations into big tech companies. Not all of the concerns raised about online platforms clearly fall within antitrust, he explained so Section 230 changes might fill in some regulatory gaps.

Panelists largely echoed that framing, focusing on how giants like Google or Facebook were failing at moderation. But they also periodically referenced the other end of the spectrum: small sites devoted to noxious content like revenge porn. These sites test the limits of Section 230. At best, theyre encouraging abuse with a wink and nod. At worst, theyre actively participating in the abuse Hunter Moore, who founded the infamous website Is Anyone Up, was convicted of hiring a hacker to get nude photos. As industry group Tech:NYCs founder Julie Samuels noted in one panel, these fall outside the normal Big Tech debate lines: just because youre small doesnt mean youre automatically good.

But beyond periodic complaints from Samuels and a few others, critics didnt really address the potential challenges for medium-sized sites like Reddit or Craigslist which dont have the financial resources or lobbying power of Facebook or Google. Section 230 is not just for Big Tech, argued Patrick Carome, who has defended a long list of Section 230 cases. If sites can only operate with armies of moderators or sophisticated automation, thats functionally an advantage for the biggest and wealthiest companies.

The Justice Department has tentatively supported a bill called the EARN IT Act, which many see as a Trojan horse for encryption bans. Todays workshop didnt allay that concern. Barr referenced how Section 230 might hurt efforts to combat lawless spaces online, warning that platforms could use the policy to lock out law enforcement. And Assistant Attorney General Beth Williams, who moderated a panel, specifically asked how encryption could hurt efforts to find child sexual abuse material. There simply has to be a compromise in how encryption gets rolled out, responded Souras.

But the Justice Department has been asking for concessions on encryption for years, and its still not clear what such a compromise might look like. In response to the same question, CCIA president Matt Schruers broadly expounded on balancing encryption with law enforcement access, but more as a general principle than a legal doctrine.

The vagueness isnt exactly surprising. The EARN IT Act doesnt even mention encryption, and even without the issue, theres plenty of disagreement on how to change Section 230.

A lot of big tech policy fights can be summarized as one big, clear demand. Pass a net neutrality law. Repeal mass surveillance rules. Stop a bad intellectual property bill.

But the Section 230 debate is harder to pin down. Should anybody be able to sue a website for hosting illegal content? Should state prosecutors just have more power? Do only certain kinds of website get protections?

Neil Chilson, a fellow at the Charles Koch Institute, grouped reform proposals into two categories. One is a carveout approach that strips protection from certain categories of content like FOSTA-SESTA did for sex work-related material. The other is a bargaining chip system that ties liability protection to meeting certain standards like the EARN IT Act, which (as its name suggests) makes sites prove theyre fighting child sex abuse.

These are vastly different visions for the internet, even before you define what the categories and standards are. Its easy to articulate a flat opposition to changes. But even some of Section 230s biggest proponents, like panelist and legal scholar Jeff Kosseff, are open to tweaking its language. The clearest rhetorical strategy might focus on what kind of terrible thing you want to scrub off the internet however thats accomplished.

A handful of conservative politicians have promoted the notion that Section 230 should (or already does) require websites to be politically neutral platforms. Last year, Sen. Josh Hawley (R-MO) sponsored a proposal for making sites earn the approval of a government committee before getting liability protections effectively turning tech policy into a cudgel to punish companies with opposing political views.

Thankfully, the Justice Department seems to have another approach in mind. This proposal earned one brief, slightly mocking aside during the nearly four-hour workshop. Barr complained that decreasing competition was hurting the diversity of political discourse, but he didnt tie that to Section 230 changes. Neither did panel moderators from the Justice Department. Policing Facebooks political slant might be a crowd-pleasing goal for politicians and pundits, but it simply wasnt a serious conversation topic. Neither was the popular misconception that Section 230 defines websites as publishers or platforms and polices them differently.

This created space to address more nuanced points. Barr, for example, tried to explain why the Justice Department cares so much about Section 230 reform despite the existing exemption for federal criminal prosecutions. (Federal criminal prosecution is powerful, but necessarily, its a limited tool that addresses only the most serious conduct, and civil liability can work hand in hand with it to offer more recourse for victims.) Several panelists asked for more evidence that Section 230 had actually incentivized good moderation or whether, in Souras words, that goal is kind of aspirational.

You can reasonably disagree with these claims. But unlike a lot of the broadsides against Section 230, theyre arguments that can be actually disputed not just debunked as nonsense.

Read the original here:
Five lessons from the Justice Departments big debate over Section 230 - The Verge

New Jersey, United States, The report titled, Encryption Software Market Size and Forecast 2026 in Verified Market Research offers its latest report on the global Encryption Software market that includes comprehensive analysis on a range of subjects like competition, segmentation, regional expansion, and market dynamics. The report sheds light on future trends, key opportunities, top regions, leading segments, the competitive landscape, and several other aspects of the Encryption Software market. Get access to crucial market information. Market players can use the report back to peep into the longer term of the worldwide Encryption Software market and convey important changes to their operating style and marketing tactics to realize sustained growth.

Global Encryption Software Market was valued at USD 3.32 billion in 2016 and is projected to reach USD 30.54 billion by 2025, growing at a CAGR of 27.96% from 2017 to 2025.

Get | Download Sample Copy @https://www.verifiedmarketresearch.com/download-sample/?rid=1826&utm_source=ITN&utm_medium=002

Top 10 Companies in the Global Encryption Software Market Research Report:

Global Encryption Software Market: Competitive Landscape

Competitive landscape of a market explains strategies incorporated by key players of the market. Key developments and shift in management in the recent years by players has been explained through company profiling. This helps readers to understand the trends that will accelerate the growth of market. It also includes investment strategies, marketing strategies, and product development plans adopted by major players of the market. The market forecast will help readers make better investments.

Global Encryption Software Market: Drivers and Restrains

This section of the report discusses various drivers and restrains that have shaped the global market. The detailed study of numerous drivers of the market enable readers to get a clear perspective of the market, which includes market environment, government policies, product innovations, breakthroughs, and market risks.

The research report also points out the myriad opportunities, challenges, and market barriers present in the Global Encryption Software Market. The comprehensive nature of the information will help the reader determine and plan strategies to benefit from. Restrains, challenges, and market barriers also help the reader to understand how the company can prevent itself from facing downfall.

Global Encryption Software Market: Segment Analysis

This section of the report includes segmentation such as application, product type, and end user. These segmentations aid in determining parts of market that will progress more than others. The segmentation analysis provides information about the key elements that are thriving the specific segments better than others. It helps readers to understand strategies to make sound investments. The Global Encryption Software Market is segmented on the basis of product type, applications, and its end users.

Global Encryption Software Market: Regional Analysis

This part of the report includes detailed information of the market in different regions. Each region offers different scope to the market as each region has different government policy and other factors. The regions included in the report are North America, South America, Europe, Asia Pacific, and the Middle East. Information about different region helps the reader to understand global market better.

Ask for Discount @ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=1826&utm_source=ITN&utm_medium=002

Table of Content

1 Introduction of Encryption Software Market

1.1 Overview of the Market 1.2 Scope of Report 1.3 Assumptions

2 Executive Summary

3 Research Methodology of Verified Market Research

3.1 Data Mining 3.2 Validation 3.3 Primary Interviews 3.4 List of Data Sources

4 Encryption Software Market Outlook

4.1 Overview 4.2 Market Dynamics 4.2.1 Drivers 4.2.2 Restraints 4.2.3 Opportunities 4.3 Porters Five Force Model 4.4 Value Chain Analysis

5 Encryption Software Market, By Deployment Model

5.1 Overview

6 Encryption Software Market, By Solution

6.1 Overview

7 Encryption Software Market, By Vertical

7.1 Overview

8 Encryption Software Market, By Geography

8.1 Overview 8.2 North America 8.2.1 U.S. 8.2.2 Canada 8.2.3 Mexico 8.3 Europe 8.3.1 Germany 8.3.2 U.K. 8.3.3 France 8.3.4 Rest of Europe 8.4 Asia Pacific 8.4.1 China 8.4.2 Japan 8.4.3 India 8.4.4 Rest of Asia Pacific 8.5 Rest of the World 8.5.1 Latin America 8.5.2 Middle East

9 Encryption Software Market Competitive Landscape

9.1 Overview 9.2 Company Market Ranking 9.3 Key Development Strategies

10 Company Profiles

10.1.1 Overview 10.1.2 Financial Performance 10.1.3 Product Outlook 10.1.4 Key Developments

11 Appendix

11.1 Related Research

Request Customization of Report Complete Report is Available @ https://www.verifiedmarketresearch.com/product/global-encryption-software-market-size-and-forecast-to-2025/?utm_source=ITN&utm_medium=002

Highlights of Report

About Us:

Verified market research partners with clients to provide insight into strategic and growth analytics; data that help achieve business goals and targets. Our core values include trust, integrity, and authenticity for our clients.

Analysts with high expertise in data gathering and governance utilize industry techniques to collate and examine data at all stages. Our analysts are trained to combine modern data collection techniques, superior research methodology, subject expertise and years of collective experience to produce informative and accurate research reports.

Contact Us:

Mr. Edwyne Fernandes Call: +1 (650) 781 4080 Email: [emailprotected]

TAGS: Encryption Software Market Size, Encryption Software Market Growth, Encryption Software Market Forecast, Encryption Software Market Analysis, Encryption Software Market Trends, Encryption Software Market

The rest is here:
Encryption Software Market 2020 Booming by Size, Revenue, Trend and Top Companies 2026 - Instant Tech News

Concerns that quantum computing could place current encryption techniques at risk have been around for some time.

But now cybersecurity startup Active Cypher has built a password-hacking quantum computer to demonstrate that the dangers are very real.

Using easily available parts costing just $600, Active Cyphers founder and CTO, Dan Gleason, created a portable quantum computer dubbed QUBY (named after qubits, the basic unit of quantum information). QUBY runs recently open-sourced quantum algorithms capable of executing within a quantum emulator that can perform cryptographic cracking algorithms. Calculations that would have otherwise taken years on conventional computers are now performed in seconds on QUBY.

Gleason explains, "After years of foreseeing this danger and trying to warn the cybersecurity community that current cybersecurity protocols were not up to par, I decided to take a week and move my theory to prototype. I hope that QUBY can increase awareness of how the cyberthreats of quantum computing are not reserved to billion-dollar state-sponsored projects, but can be seen on much a smaller, localized scale."

The concern is that quantum computing will lead to the sunset of AES-256 (the current encryption standard), meaning all encrypted files could one day be decrypted. "The disruption that will come about from that will be on an unprecedented, global scale. It's going to be massive," says Gleason. Modelled after the SADM, a man-portable nuclear weapon deployed in the 1960s, QUBY was downsized so that it fits in a backpack and is therefore untraceable. Low-level 'neighborhood hackers' have already been using portable devices that can surreptitiously swipe credit card information from an unsuspecting passerby. Quantum compute emulating devices will open the door for significantly more cyberthreats.

In response to the threat, Active Cypher has developed advanced dynamic cyphering encryption that is built to be quantum resilient. Gleason explains that, "Our encryption is not based on solving a mathematical problem. It's based on a very large, random key which is used in creating the obfuscated cyphertext, without any key information within the cyphertext, and is thus impossible to be derived through prime factorization -- traditional brute force attempts which use the cyphertext to extract key information from patterns derived from the key material."

Active Cypher's completely random cyphertext cannot be deciphered using even large quantum computers since the only solution to cracking the key is to try every possible combination of the key, which will produce every known possible output of the text, without knowledge of which version might be the correct one. "In other words, you'll find a greater chance of finding a specific grain of sand in a desert than cracking this open," says Gleason.

Active Cypher showcased QUBY in early February at Ready -- an internal Microsoft conference held in Seattle. The prototype will also be presented at RSA in San Francisco later this month.

See the article here:
The $600 quantum computer that could spell the end for conventional encryption - BetaNews

In the past decade, businesses started evaluating the pros and cons of moving to the cloud in order to meet the increased demand for the cost and IT efficiency benefits of cloud computing and Software as a Service (SaaS). Many businesses subsequently adopted a Platform as a Service (PaaS), Infrastructure as a Service (IaaS) or SaaS model, thus positioning the cloud as the foundation for digital transformation. In the process, however, they embraced a large number of connected devices and IoT platforms, which means that additional data and processes are now moving outside of the firewall and into the cloud. This presents a security risk to businesses.

The need for strong security in the cloud is a factor that can either slow or speed movement to the cloud, depending on workload and other needs. As such, security professionals need to tackle certain security challenges associated with the cloud head-on. In particular, they need to address the challenge of cloud key management.

Businesses oftentimes struggle to manage their use of multiple cloud vendors such as AWS, Google Cloud Platform and Microsoft Azure. When it comes to data security, more organizations are tempted to use cloud native encryption and key management services because its simple and easily available. This decision comes with many challenges.

One issue is that cloud native encryption and key management services provide just basic data security. Cloud services need to afford the same level of policy, control and visibility as the on-premises delivered services. Many organizations cant rely solely on the services offered by key management tools built in the cloud platforms. These tools are very good at provisioning keys for the development teams, but when it comes to policy compliance, particularly for sensitive data or data under the purview of the latest privacy mandates such as the California Consumer Privacy Act, there are many gaps that may jeopardize a seemingly simple key management strategy.

Furthermore, leaving key control and management to cloud providers presents potential security risks and data ownership issues. Its simply not a good idea to get locked into a single cloud vendor. Cloud computing has revolutionized the ways that companies do business. However, this increased reliance on cloud computing also comes with the risk of dependency. By making your company more flexible and adaptable, being cloud agnostic inoculates against the risk of vendor lock-in.

From an operational standpoint, the use of multiple cloud key management services translates to decentralized key management, which is a definite no-no when it comes to security best practices. Unfortunately, this rush to cloud native encryption and key management has put sensitive data at risk as evidenced by the multitude of data breaches we have witnessed over the past couple of years.

Finally, if your on-premises policies, methodology, controls and visibility are well-tested and well-implemented, why should you change them? Successful on-premises best practices will be just as successful when you extend them into the cloud.

The good news is that there are emerging options available for security professionals, but the trick is determining which one works best for their organization to ensure data is protected, brand trust is retained, and shareholders are appeased. Never before has maintaining access and control of keys been so important, especially given the financial implications (which may or may not include non-compliance fines) from a data breach.

During the upcoming RSA Conference 2020, I will be discussing the best practices for cloud key management to minimize risk. My objective for the audience is as follows: 1) understand the challenges and pitfalls associated with cloud key management, 2) learn about the various options available, 3) identify the right fit for your organization, and 4) evaluate how to adopt changes internally. To meet these objectives, I will be highlighting the four Cs: Challenges, Choices, Capabilities and Changes.

If you are attending RSA Conference in San Francisco next week, grab a cup of coffee and join me in this discussion on Wednesday, February 26 at 8:00 a.m. in the North Hall Briefing Center. Or stop by Thaless RSA Conference booth #N5445. Before the show, you can claim your free conference pass by clicking here and entering code XS0UTHALE.

The post RSAC 2020: Trust in the Cloud. What Should You Do with Your Encryption Keys? appeared first on Data Security Blog | Thales eSecurity.

*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Sol Cates. Read the original post at: https://blog.thalesesecurity.com/2020/02/17/rsac-2020-trust-in-the-cloud-what-should-you-do-with-your-encryption-keys/

Read more from the original source:
RSAC 2020: Trust in the Cloud. What Should You Do with Your Encryption Keys? - Security Boulevard

Worldwide Market Reports analysis report on Encryption Software Market provides an deep analysis on market-size, shares supply-demand analysis, sales worth and volume study of various industries combined with division study, with regard to necessary geographics regions. This report conjointly consists of the present evolution within the global industry and crucial components that affects the growth of the Encryption Software market. The Encryption Software market has additionally been categorised depending upon varied sections. The important sections are additional divided into Encryption Software sub-sections that provided the better understanding of the entire international market and assist to form a conclusive discernment on sensible workplace business.

Company provides detailed analysis of market and future aspects of Encryption Software Market. It focuses on vital and important information that makes the analysis a really important tool for specialists, analysts and managers to induce ready-to-access analysis. Report provides comprehensive analysis of Encryption Software market size development forecast from 2019-2026.

Download Free PDF Brochure or Sample of [emailprotected] https://www.worldwidemarketreports.com/sample/221411

The report covers market dynamics poignant the market throughout the forecast period. Moreover, the report analyses the competitive scenario, geographic trends, and opportunities inside the markets with relevancy all geographic regions. The report collectively includes the detailed company profiles of the key players within the market beside their market strategies. The report in addition provides persecutor analysis of all 5 regions along side the SWOT analysis for all company profiled within the report.

Regional Analysis For Encryption Software Market:

The report provides a detailed breakdown of the market region-wise and categorizes it at various levels. Regional segment analysis displaying regional production volume, consumption volume, revenue, and growth rate from 2019-2026 covers: Americas (United States, Canada, Mexico, Brazil), APAC (China, Japan, Korea, Southeast Asia, India, Australia), Europe (Germany, France, UK, Italy, Russia, Spain), Middle East & Africa (Egypt, South Africa, Israel, Turkey, GCC Countries)

What are the market factors that are explained in the report?

Key Strategic Developments: The study also includes the key strategic developments of the market, comprising R&D, new product launch, M&A, agreements, collaborations, partnerships, joint ventures, and regional growth of the leading competitors operating in the market on a global and regional scale.

Key Market Features: The report evaluated key market features, including revenue, price, capacity, capacity utilization rate, gross, production, production rate, consumption, import/export, supply/demand, cost, market share, CAGR, and gross margin. In addition, the study offers a comprehensive study of the key market dynamics and their latest trends, along with pertinent market segments and sub-segments.

Analytical Tools: The Global Encryption Software Market report includes the accurately studied and assessed data of the key industry players and their scope in the market by means of a number of analytical tools. The analytical tools such as Porters five forces analysis, SWOT analysis, feasibility study, and investment return analysis have been used to analyze the growth of the key players operating in the mark

Influence of the Encryption Software Market Report:

-Comprehensive assessment of all opportunities and risk in the Encryption Software market.

-Encryption Software market recent innovations and major events.

-Detailed study of business strategies for growth of the Encryption Software market-leading players.

-Conclusive study about the growth plot of Encryption Software market for forthcoming years.

-In-depth understanding of Encryption Software market-particular drivers, constraints and major micro markets.

-Favourable impression inside vital technological and market latest trends striking the Encryption Software market.

Inquire For Further Detailed Information Of Encryption Software Market Report At: https://www.worldwidemarketreports.com/quiry/221411

Encryption Software market will prove as a valuable source of guidance for professional clients like Tier 1, Tier 2, Tier 3 level managers, CEOs, CMOs, as well as interested individual readers across the world. Vendor Landscape provide acts as key development and focus of above professional with common aim to lead the way of Encryption Software market Worldwide.

If you need to Customization this report according to your industry prospect, Please let us know! we will offer you the report as per request.

Read more from the original source:
Encryption Software Market: Global Opportunities, Regional Overview, Top Leaders, Size, Revenue and Forecast up to 2025 by WMR - Instant Tech News

The story so far: After Facebook announced end-to-end encryption for Facebook Messenger and Instagram, a coalition of child protection organisations and experts from all over the world, anchored by the National Society for the Prevention of Cruelty to Children, U.K., sent an open letter to CEO Mark Zuckerberg, expressing significant concerns about the companys proposals. They were worried that this decision would reduce child safety online, because such a move will not allow the due process of monitoring for content that is not safe for children, including online grooming or uploading of child pornographic content. The petition said: We urge you to recognise and accept that an increased risk of child abuse being facilitated on or by Facebook is not a reasonable trade-off to make.

It is a system of locking messages wherein only those who are communicating can view them. Encryption kicks in the minute the message is sent, and only unravels for the intended recipient. No third party can decrypt the message, including platform administrators and law enforcement agencies. It can only be shared through screenshots. The advantage with this kind of encryption is that it ensures online privacy.

Last year, Mr. Zuckerberg revealed his intention to rejig the architecture to integrate three platforms: WhatsApp, Facebook Messenger and Instagram. He also announced his intention to write in default end-to-end encryption.

Child safety activists are aghast as they believe that as far as child safety goes, this could well be a misstep. The U.K.-based John Carr, who has anchored the campaign against such encryption, is a leading authority on the use of the Internet by children and young people. He has summed up the primary opposition, on his blog, thus: We are creating what are, for practical purposes, impregnable or unreachable spaces. These confer impunity on any and all manner of wrongdoing. Paedophiles and persons who wish to exchange child sex abuse material are permanently shielded, as are terrorists and an infinite variety of scam artists.

Limiting the ability of companies themselves to detect and prevent behaviour which contravenes their own terms of services is wrong and makes a mockery of the very idea of having terms of service in the first place, he records.

The evidence on the field, activists claim, makes their case a persuasive one. Mr. Carr outlines data from a series of Freedom of Information requests made to the police in England and Wales involving online grooming behaviour directed at a child, or the distribution of child sex abuse material on Facebook, Instagram and WhatsApp. From a total of 9,259 instances, over a year (2017-2018), police reported that 22% were on Instagram, 19% were on Facebook or Facebook Messenger, and 3% from WhatsApp. Since all three belong to one company that wants to encrypt everything, the petition takes on an urgent tone. Mr. Carr also clarifies: We are not talking about Facebooks main platform. Nothing will change there. So, yes, if an illegal image goes up, they will find it and delete it in minutes, maybe seconds But, this is all about their Messaging services. So thats Facebook Messenger and Instagram Direct where they are proposing to make themselves blind.

In 2018, Facebook made 16.8 million reports to the National Center for Missing and Exploited Children (NCMEC), leading to 2,500 arrests and 3,000 children being safeguarded in the U.K alone. As per reports on online child sexual abuse imagery (CSAI) collated between 2008 and 2017 by the NCMEC, India tops the list of 10 nations where CSAI originated. A total of 38,80,235 cases were reported from India, the report said, but added that distortions might occur if virtual private networks (VPNs) or proxy servers were used.

The Rajya Sabha ad-hoc committee that went into the issue of pornography on social media and its effect on children has called specifically to permit breaking of end-to-end encryption to trace distributors of child pornography. It has also suggested that Prime Minister Narendra Modi take the lead in building a global alliance to combat child pornography on social media.

The signatories, including three Indian organisations (Tulir, Arpan and Equations), have urged that Facebook put the brakes on end-to-end encryption until it is able to satisfactorily demonstrate that there will be no reduction in childrens safety.

The petition says: Strong encryption plays a hugely valuable role in keeping citizens and their data safe. We fully recognise that users of online services have a legitimate interest in ensuring their data is protected, and there seems to be a growing appetite for users to have greater control over how their data is used by tech companies... Facebook has a responsibility to work with law enforcement and to prevent the use of sites and services for sexual abuse, including grooming, the sharing of child abuse images, and children being coerced into sending self-generated images and videos. In fact, Mr. Zuckerberg has himself recorded such concerns in a blogpost: When billions of people use a service to connect, some of them are going to misuse it for truly terrible things like child exploitation, terrorism, and extortion. But we face an inherent trade-off because we will never find all of the potential harm we do today when our security systems can see the messages themselves.

The process of securing end-to-end encryption is not easy. Meanwhile, the coalition has also pledged its support to work with Facebook to embed safety mechanisms. Ultimately, the true test will be to pick that mode of encryption that will ensure privacy but address concerns of online safety too.

Read more:
Why do activists fear that Facebooks encryption plans will reduce child safety online? - The Hindu