{"id":3830,"date":"2018-04-26T17:20:48","date_gmt":"2018-04-26T21:20:48","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/?p=3830"},"modified":"2018-04-26T17:20:48","modified_gmt":"2018-04-26T21:20:48","slug":"encryption-growing-in-importance-for-enterprises-as-well-as-malware-developers","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/2018\/04\/26\/encryption-growing-in-importance-for-enterprises-as-well-as-malware-developers\/","title":{"rendered":"Encryption Growing in Importance for Enterprises AS WELL AS Malware Developers!"},"content":{"rendered":"<p><strong>This was originally taken from an article (below) on a product that Cisco had introduced that can determine if traffic is malware even if it is encrypted with over 90% accuracy.<br \/>\n<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>The thing that I found interesting about the article is that &#8211; according to Cisco, today 55% of web traffic and Gartner sees that growing to 80% by 2019 &#8211; next year!\u00a0 Cisco also claims that up to 41% of hackers are now encrypting their malware traffic as well.<\/p>\n<p>Cisco\u2019s Encrypted Traffic Analytics (ETA), which monitors network packet metadata to detect malicious traffic even if its encrypted, is now generally available.<\/p>\n<p>&nbsp;<\/p>\n<p>https:\/\/www.networkworld.com\/article\/3246195\/lan-wan\/how-cisco-s-newest-security-tool-can-detect-malware-in-encrypted-traffic.html<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Cisco\u2019s Encrypted Traffic Analytics (ETA), a software platform that monitors network packet metadata to detect malicious traffic, even if its encrypted, is now generally available.<\/p>\n<p>The company initially launched ETA in June, 2017 during the launch of its intent-based network strategy and it\u2019s been in a private preview since then. Today Cisco rolled ETA out beyond just the enterprises switches it was originally designed for and made it available on current and previous generation data center network hardware too.<\/p>\n<p>Cisco<\/p>\n<p>Cisco&#8217;s Encrypted Traffic Analytics uses a software named Stealthwatch to compare the metadata of benign and malicious network packets to identified malicious traffic, even if its encrypted.<\/p>\n<p><strong>What ETA is<\/strong><\/p>\n<p>Encrypted Traffic Analytics is a product deployed on customers\u2019 premises that monitors their network and collects information about traffic flows. It uses a series of sensors placed throughout the network to screen all traffic traversing through it. ETA uses a combination of local analysis engines combined with a cloud-based platform that analyzes anonymized metadata about network traffic to search for and block malicious traffic, even if it&#8217;s encrypted.<\/p>\n<p>Cisco launched ETA during its intent based networking (IBN) strategy rollout because it uses some of the advanced software the company developed for IBN, including machine learning components that evolve to protect against changing vulnerabilities.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>How ETA works<\/strong><\/p>\n<p>ETA collects metadata about traffic flows using a modified version of NetFlow and searches for characteristics that indicate the traffic could be malicious. It inspects the initial data packet, which is translated in the clear, even in encrypted traffic. It also records the size, shape and sequence of packets, how long they take to traverse the network, and it monitors for other suspicious characteristics such as a self-signed certificate, or whether it has command-and-control identifiers on it.<\/p>\n<p>All of this data can be collected on traffic, even if its encrypted. \u201cETA uses network visibility and multi-layer machine learning to look for observable differences between benign and malware traffic,\u201d Cisco explains in a blog post announcing ETA.<\/p>\n<p>If characteristics of malicious traffic are identified in any packets, they are flagged for further ianalysis through deep packet inspection and potential blocking by an existing security appliance like a firewall.<\/p>\n<p>&nbsp;<\/p>\n<p>ETA\u2019s monitoring system is named StealthWatch and the cloud-based data store is named Talos. Meanwhile, if traffic is identified as malicious, ETA can report it to Cisco\u2019s DNA Center network management software to ensure that traffic is blocked throughout the entire network. Cisco says its using machine learning algorithms to train ETA to search for new vulnerabilities and adapt to changing ones.<\/p>\n<p>\u201cWhen you\u2019re doing security, the more visibility the better,\u201d explains Scott Harrell, Cisco senior vice president and general manager of enterprise networking. \u201cYou want to have a huge wealth of data, not just about what\u2019s happening in real-time, but what\u2019s happened historically. A lot of times in security, there is smoke before you know there is fire.\u201d<\/p>\n<p>If potentially malicious traffic has been identified, information such as which host initiated the conversation and what information was exchanged are important to determine the scope of a problem, Harrell says.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Why ETA could be a big deal<\/strong><\/p>\n<p>More and more traffic is encrypted. Cisco estimates 55% of traffic on the web is encrypted now, a figure that Gartner predicts will grow to 80% by 2019. Meanwhile, up to 41% of hackers use encryption to evade detection, Cisco says.<\/p>\n<p>Organizations use a range of options for ensuring the security of encrypted traffic in their networks. Most of these approaches use next-generation firewalls, deep packet inspection (DPI) or Secure Socket Layer (SSL) inspection. Harrell says these tools require some sort of tradeoff though. SSL inspection, for example, intercepts and decrypts traffic to determine if it is malicious and only after it&#8217;s confirmed to be safe will complete the connection. Malware can infect that SSL inspection, leaving it vulnerable. Harell argues that its inefficient to decrypt all traffic, then re-encrypt it before allowing users to access it. Cisco says it is the first company to have developed a way to monitor encrypted traffic for vulnerabilities.<\/p>\n<p><strong>IoT security\u00a0<\/strong><\/p>\n<p>Harell says ETA could be important in the world of IoT, too. ETA\u2019s ability to monitor encrypted traffic\u2019s metadata means it could analyze all IoT traffic without necessarily needing to put security tools like firewalls on each of the small-form-factor IoT devices.<\/p>\n<p>Cisco says ETA has another benefit: cryptographic compliance. Some organizations are required to use certain levels of encryption for regulatory reasons. ETA, through its use of analysis metadata, can provide proof of certain levels and types of encryption being used.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This was originally taken from an article (below) on a product that Cisco had introduced that can determine if traffic is malware even if it is encrypted with over 90% accuracy. &nbsp; The thing that I found interesting about the article is that &#8211; according to Cisco, today 55% of web traffic and Gartner sees [&hellip;]<\/p>\n","protected":false},"author":17437,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-3830","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/posts\/3830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/users\/17437"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/comments?post=3830"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/posts\/3830\/revisions"}],"predecessor-version":[{"id":3831,"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/posts\/3830\/revisions\/3831"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/media?parent=3830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/categories?post=3830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5212sec001sec701sp2018\/wp-json\/wp\/v2\/tags?post=3830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}