Cisco solution prevents malware from hiding in encrypted traffic
As businesses increasingly turn to cloud solutions they rely more on encryption to protect their data. Gartner predicts by 2019, 80 percent of web traffic will be encrypted, but that leads to a problem as it can allow malware to travel undetected.
Detecting malicious content in encrypted traffic is difficult without decrypting it, forcing network operators to choose between privacy and security. A new solution from network specialist Cisco solves this conundrum by allowing traffic to be scanned without decrypting it.
Encrypted Traffic Analytics (ETA) has been in early field trials with customers around the world since June last year and is now being extended to most Cisco enterprise routing platforms. These include Integrated Services Router (ISR), branch office router, Aggregation Services Routers (ASR 1k), ISRv, and Cloud Services Routers (CSR) routers, making ETA available to around 50,000 customers. It makes use of Cisco's modular operating system, IOS-XE, across its entire enterprise networking portfolio making it easy to roll out new features.
"ETA uses network visibility and multi-layer machine learning to look for observable differences between benign and malware traffic," explains Scott Harrell, SVP and GM, enterprise networking at Cisco. "How? First, ETA examines the initial data packet of the connection. This by itself may contain valuable data about the rest of the content. Then there is the sequence of packet lengths and times, which offers vital clues into traffic contents beyond the beginning of the encrypted flow. Since this network-based detection process is aided by machine learning, it adapts to change and its efficacy is maintained over time."
Following analysis, suspicious flows can then be selectively decrypted or blocked using Cisco's intent based networking. ETA is also able to identify encryption quality instantly from every network conversation, providing visibility to ensure compliance with cryptographic protocols.
"We're excited to bring these much-needed security innovations to our customers and we will be rolling out additional capabilities in the months to come," adds Harrell. "As the industry leader in networking and security, we are in a unique position to offer customers a deeper level of end-to-end visibility and protection. The network is already one of the most powerful tools in a security practitioner's arsenal. Encrypted Traffic Analytics makes the network even more powerful, detecting threats in a way that no one else in the industry can -- preserving user privacy, distributing security as close to the user or device as possible, and detecting malware."
More information about ETA is available on the Cisco website.