Cisco logo

Yesterday, Cisco rolled out Encrypted Traffic Analytics (ETA), a breakthrough technology that identifies malware in encrypted traffic without the need of intercepting and decrypting data streams.

The solution, one of a kind, has been in field trials with selected customers since June last year.

Now Cisco says it will expand ETA support from campus traffic switching products to the company's enterprise routing platforms, such as office router line (the ISR and ASR) and virtual cloud services routers (CSR).

ETA uses machine learning to analyze HTTPS traffic

Cisco says the new ETA technology works by employing a multi-layer machine-learning-based system to read encrypted data and spot the tiny differences between benign and malware traffic. The company explains:

First, ETA examines the initial data packet of the connection. This by itself may contain valuable data about the rest of the content. Then there is the sequence of packet lengths and times, which offers vital clues into traffic contents beyond the beginning of the encrypted flow. Since this network-based detection process is aided by machine learning, it adapts to change and its efficacy is maintained over time.

Cisco says ETA's main advantage is that it preserves privacy without compromising local security or breaking the numerous compliance protocols many enterprises must adhere to.

Customers need the latest Cisco gear

Because of the way the new ETA technology works, Cisco says only customers with the latest hardware will be able to take advantage.

"ETA, which was initially available only on our new family of campus switches, the Catalyst 9300 and 9400 series, has now been extended to routing platforms spanning the branch, WAN and cloud," says Scott Harrell, Senior Vice President and General Manager of Cisco's Enterprise Networking Business.

Product lines such as the ones below will be able to receive ETA support in the form of an additional component for Cisco's IOS XE operating system:

  • Integrated Services Router (ISR): 4000 Series, the new 1000 Series, ISRv on ENCS 5000 series
  • Aggregation Services Router (ASR) 1000 series
  • Cloud Services Router (CSR) 1000V

A report released by Phish Labs last month reveals that one in four phishing sites currently loads via HTTPS. A Gartner report predicted that by 2019 80% of all Internet traffic will be encrypted and around 50% of new malware campaigns will also switch to using encryption and various obfuscation techniques.

Below is Cisco's overly-dramatic video introducing its new ETA tech:

Related Articles:

Attackers Use Zero-Day That Can Restart Cisco Security Appliances

Unusual Remote Execution Bug in Cisco WebEx Discovered by Researchers

TLS 1.0 and TLS 1.1 Being Retired in 2020 by All Major Browsers

Get 96% off The Cisco Networking & Cloud Computing Certification Bundle Deal

New VirusTotal Enterprise Offers Private Graphs, Faster Searches