Cisco uses machine learning to Detect Malware in Encrypted Traffic

Encrypted Traffic Analysis

On January 10, 2018, Cisco officially released its Encrypted Traffic Analysis (ETA) software platform to examine network metadata and discover malware-delivered network traffic packets as early as possible. As early as June 2017, Cisco added ETA software capabilities to enterprise-class production equipment, piloting it on a small scale. Now that the official release, the ETA system can be used on all major data centers and platforms like Cisco Cloud Services Routers, Integrated Routers and branch offices, all using Cisco Enterprise Routing Services.

Cisco’s ETA system helps businesses monitor encrypted, malformed network traffic without requiring decryption, preventing malware from spreading until users open malicious Web pages or software. Traditional monitoring software can not analyze encrypted data traffic and therefore can not meet the monitoring requirements under encrypted network conditions. If some enterprises need to encrypt all the network data for some special reasons, the traditional traffic monitoring software cannot meet the needs of enterprise security. ETA systems use multi-tier machine learning to distinguish between “good” and “bad” network traffic.

ETA system according to the order of the original data packet, time, length to find out whether the data content is abnormal, but also in the encrypted data packets in the network load, the implementation of the data packet monitoring process. The entire process required the use of StealthWatch software to compare the difference between the metadata in the malicious traffic and the normal traffic data to determine if it was malicious network traffic. This can be a seamless link for organizations that use Cisco equipment over their existing network infrastructure.

Reference &Image source: Cisco