Encrypted Traffic Analytics (ETA) From Cisco
What Is Encrypted Traffic Analytics (ETA) ?
Cisco’s Encrypted Traffic Analytics (ETA), a software platform that monitors network packet metadata to detect malicious traffic, even if its encrypted .
Encrypted Traffic Analytics is a product deployed on customers’ premises that monitors their network and collects information about traffic flows. It uses a series of sensors placed throughout the network to screen all traffic traversing through it. ETA uses a combination of local analysis engines combined with a cloud-based platform that analyzes anonymized metadata about network traffic to search for and block malicious traffic, even if it’s encrypted.
Cisco launched ETA during its intent based networking (IBN) strategy rollout because it uses some of the advanced software the company developed for IBN, including machine learning components that evolve to protect against changing vulnerabilities.
How Encrypted Traffic Analytics Works ?
Encrypted Traffic Analytics collects metadata about traffic flows using a modified version of NetFlow and searches for characteristics that indicate the traffic could be malicious. It inspects the initial data packet, which is translated in the clear, even in encrypted traffic. It also records the size, shape and sequence of packets, how long they take to traverse the network, and it monitors for other suspicious characteristics such as a self-signed certificate, or whether it has command-and-control identifiers on it.
All of this data can be collected on traffic, even if its encrypted. “Encrypted Traffic Analytics uses network visibility and multi-layer machine learning to look for observable differences between usual and malware traffic.
If characteristics of malicious traffic are identified in any packets, they are flagged for further analysis through deep packet inspection and potential blocking by an existing security appliance like a firewall or report it to DNA Center network management software to ensure that traffic is blocked throughout the entire network.
Encrypted Traffic Analytics’s monitoring system is named StealthWatch and the cloud-based data store is named Talos.
How to buy Encrypted Traffic Analytics ?
ETA is available across data center, campus and branch office hardware, including the Catalyst 9000 switching line, Integrated Services Router (ISR), Aggregation Services Router (ASR) and the Cloud Services Router (CSR). ETA is included in purchases of these hardware devices along with a subscription to Cisco ONE software that includes Stealthwatch.
Why Encrypted Traffic Analytics Is Needed ?
More and more traffic is encrypted on the web is encrypted now, and up to 41% of hackers use encryption to evade detection.