I work at ValueFirst Digital Media Private Ltd. I am a Product Marketer in the Surbo Team. Surbo is Chatbot Generator Platform owned by Value First. ...Full Bio
I work at ValueFirst Digital Media Private Ltd. I am a Product Marketer in the Surbo Team. Surbo is Chatbot Generator Platform owned by Value First.
Success story of Haptik
286 days ago
Who is afraid of automation?
286 days ago
What's happening in AI, Blockchain & IoT
287 days ago
3 million at risk from the rise of robots
287 days ago
Cisco is using Machine Learning for Encrypted Traffic Analytics
Encrypted traffic does not always mean that it is secure, but is there any way for organizations to understand the encrypted data without decrypting it? That is what Cisco's Encrypted Traffic Analytics (ETA) plans to offer and it became available on Jan 10.
Cisco announced ETA as a preview technology back in June 2017. This was done as part of their wider intent-based networking initiative. ETA was earlier available for early trials at select Cisco campus switches. Cisco is now making it generally available for all of its customers.
"We're now making a new type of threat telemetry available to a big community of users," TK Keanini, principal engineer and product line CTO for analytics at Cisco.
Keanini explained that among the capabilities that ETA provides is the ability to detect malware hidden in encrypted traffic without the need to first decrypt the data traffic. In addition to being able to detect risks, ETA can also help to enable cryptographic compliance, he added.
"Customers will be able to understand how much of their digital business is in the clear and how much is encrypted," Keanini said.
Using encryption alone, however, is not enough for cryptographic compliance. There are multiple well-documented security issues with older encryption protocols, such as Secure Sockets Layer (SSL) version 3. To that end, Cisco ETA also provides information on what version of encryption protocols is being used, as well as cryptographic ciphers.
How It Works
Encrypted data, using SSL/TLS is just that it's encrypted, meaning that it can't be read without being decrypted. Cisco ETA works to understand the risk of an encrypted data stream without violating the encrypted trust boundary by using an innovative machine learning-based approach to finds threats.
Cisco ETA starts by inspecting the initial data packet (IDP) in an encrypted data stream, which is actually unencrypted, Keanini said. "We get the first data packet of every session and we get it in its entirety," he said. "The first packet includes all of the negotiation parameters for the actual application session, and it's all sent in the clear."
IDP is capable of providing a gold mine of metadata, as per Keanini. On top of the information received from IDP, Cisco plan to use a technique called Sequence of Packet Lengths (SPLT) to get further visibility.
"All of this data when fed into machine learning can be used to classify connections with really high fidelity," he said.
This Machine Learning classification is linked with Global Risk Map of Cisco, which can provide further co-relation into potential threats & also point out what might be going on with the given encrypted connection. Keanini & Cisco plan to continue to develop the ETA technology in order to provide more insights from encrypted traffic