Cisco encrypted traffic analytics detects malware in encrypted traffic

Cisco has now made its product, Encrypted Traffic Analytics (ETA) generally available for all of its customers across multiple switch and routing platforms. Announced in June 2017, the Encrypted Traffic Analytics solves one of the biggest cybersecurity problems, i.e., monitoring network packet metadata to detect malware in encrypted traffic. According to Cisco, this extends the technology to about 50,000 additional customers.

ETA has also been extended to branch platforms that run IOS XE, including platforms like Cisco’s Integrated Services Routers (ISR), branch office router, Aggregation Services Routers (ASR 1k), and Cloud Services Routers (CSR). “This will allow companies to extend threat detection across the entire enterprise”, said Cisco’s TK Keanini, principle engineer in the company’s advanced threat group. “We are now making a new type of threat telemetry available to a big community of users. In addition to being able to detect risks, ETA can also help to enable cryptographic compliance. Customers will be able to understand how much of their digital business is in the clear and how much is encrypted.”

ETA’s monitoring system is called StealthWatch and the cloud-based data store is named Talos. Meanwhile, after examining the initial data packet of the connection, if traffic is identified as malicious, ETA can report it to Cisco’s DNA Center network management software. The traffic is then blocked throughout the entire network. Cisco says that it relies on machine learning algorithms to train ETA to examine the sequence of packet lengths and times, as well as search for new vulnerabilities and adapt to changing ones.