Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 2369 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inspect SSL traffic without decrypting?

Greg Rogers

So uh....


"

Cisco took an innovative approach to identify threats inside encrypted traffic with its latest network security innovation –Encrypted Traffic Analytics (ETA). ETA can be enabled with Cisco’s Catalyst 9000 switches and Cisco Stealthwatch.

ETA classifies & mitigates threats inside encrypted traffic without decrypting the packets, ensuring data privacy. Encrypted Traffic Analytics technology is enabled by the Catalyst 9000 switches and Cisco Stealthwatch, which uses the power of multi-layer machine learning to detect threats in encrypted traffic without any decryption."

 

 

 

.....is Sophos working on something just like this or better? :) Just curious from the folks who know.



This thread was automatically locked due to age.
  • 0

    I know sometimes I am a little thick, but how do you look through solid brick wall and see what is on the other side without removing a brick or putting a window in it?

    So, you are saying that Cisco can now look inside a bank vault without opening it. The Australian Government will be very pleased with this as it compliments their new encryption laws?

    I know maths and AI are very good, but......

    Ian

  • 0 in reply to rfcat_vk

    I don't know but the Cisco tech's have figured it out apparently.

  • 0

    If it would be possible to know the content of encrypted traffic whitout encrypting it, then Encryption would be useless. So what cisco does is kind of clairvoyance.

     

    From my point of view, cisco does some kind of analysis to predict with a certain likelyhood to say whether traffic is good or bad. This is done almost by Meta data (who is Communicating with each other, what Protocols are used, what ciphers are used, how and how much is traffic sent etc. etc.). I'm sure with this technology, cisco is able to recognize kind of Botnet Traffic.

    I'm also quite sure, a targeted attack can not be recognized that way.