INFRA
INFRA
INFRA
Cisco’s new machine learning tech can spot threats lurking in encrypted traffic
Security-conscious enterprises and consumers aren’t the only ones who rely on encryption to protect their information from prying eyes. Hackers are increasingly applying cryptography as well to conceal malicious traffic, a threat that Cisco Systems Inc. is taking on.
The networking giant on Wednesday released a new technology that it says can spot attack attempts within the vast volumes of encrypted data that flow through the average company’s infrastructure. Known as Encrypted Traffic Analytics, or ETA for short, the software is based on a research paper that a team of Cisco engineers published in 2016. They found that it’s possible to determine if encrypted traffic may be malicious without unscrambling it to see the contents.
ETA pulls that off by examining various contextual details. First, the technology inspects the initial unencrypted packets used to establish a connection for obvious red flags, such as if they originate from a blacklisted address. A “multilayer” machine learning engine then looks for patterns in the flow of traffic to identify more subtle threat indicators.
According to Cisco, ETA examines the length of individual packet sequences, the time period that passes between certain events and other circumstantial clues. Its algorithms scan this information for potential deviations from regular traffic that might indicate the presence of an attacker. To ensure accuracy, the machine learning engine continuously adjusts detection criteria as customer environments change over time.
Cisco said ETA thus provides the ability to more easily detect malicious activity within the rapidly rising amount of encrypted traffic that passes through enterprise networks. Plus, the technology could improve user privacy in the process.
Letting companies identify the specific streams of encrypted data that require special attention should allow them help to become more selective with their security efforts. This in turn could reduce the amount of legitimate traffic that needs to be decrypted and inspected. The resulting privacy benefits have the potential to add up in a big way, since nearly 50,000 organizations currently use Cisco hardware that support ETA.
As an added benefit, Cisco said, the technology provides visibility into how encryption is applied throughout an organization. The insights from ETA can help companies identify sensitive traffic that isn’t protected by cryptography and make the necessary changes.
Image: Prayitano
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
