News Stay informed about the latest enterprise technology news and product updates.

Cisco ETA security integrated into Catalyst, ASR, ISR

Cisco has integrated Encrypted Traffic Analytics into Catalyst switches and ASR and ISR routers. Cisco ETA searches encrypted traffic for malware activity.

Cisco boosted its IOS network operating system, integrating technology designed to spot malware activity in encrypted...

traffic. The company has incorporated the capability in the version of IOS that runs on Catalyst 9000 switches and ASR and ISR routers.

The integration makes it possible for companies using the hardware to subscribe to Cisco's Encrypted Traffic Analytics (ETA), which the vendor made available for testing in June 2017. Cisco ETA is scheduled to be generally available Jan. 10.

The hardware support for Cisco ETA puts "meat on the bones of the initial announcement," said Brad Casemore, an analyst at IDC. Cisco chose the right products for ETA because they are designed for enhanced security capabilities.

How Cisco ETA works

The Cisco ETA technology incorporated in IOS XE makes it possible for the hardware to generate ETA metadata and export it with additional telemetry to the vendor's Stealthwatch Enterprise Edition Flow Collector, Brian Ford, technical marketing engineer in the Cisco security business group, said this week in a blog post. Stealthwatch collects flow records about network events, so they can be analyzed for malware activity.

Stealthwatch sends the ETA metadata and telemetry to Cisco's cloud-based Cognitive Threat Analytics service, which examines the data, formulates risk scores for events and sends them to the customer's Stealthwatch Management Console.

ETA gathers metadata from traffic without decrypting the packet flow. The nondecryption technique, which involves Cisco-developed machine learning, is meant to preserve a company's data privacy, Ford said.

ETA looks for signs of malware in three features of encrypted data, according to Cisco. They include the first data packet from a new network connection, the sequence of packet lengths and times, and the byte distribution across the payloads of the packets.

Attackers expected to adapt

Some security experts have told TechTarget searching for malware activity in encrypted traffic can lead to a cat-and-mouse game with cybercriminals. As attackers become familiar with detection methods, "they will likely try to modify their encrypted traffic to blend in and remove the features that machine learning models rely on for detection," said Nick Bilogorskiy, senior director of threat operations at Cyphort Inc.

Security is a significant piece of Cisco's strategy to generate half its revenue from software and services by the fiscal year 2020. Cisco's fiscal year runs from August to the following July.

In the first quarter of the current fiscal year, which ended Oct. 28, Cisco reported security revenue rose 8% year over year. The company expects security and software-based networking initiatives to help drive a projected revenue increase of 1% to 3% in the current quarter. The growth would end an eight-quarter streak of revenue declines.

Dig Deeper on Network Security Monitoring and Analysis

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you see as potential problems with searching encrypted traffic for malware activity?
Cancel
Would this impact the speed at which data is processed by this devices? to analyze the encrypted data will involve some delay in the switching process and therefore delay in the whole process.
Cancel
Unfortunately, it's unclear. Cisco says no, but I haven't received independent confirmation from users of the technology.
Cancel

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close