Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 2371 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inspect SSL traffic without decrypting?

Greg Rogers

So uh....


"

Cisco took an innovative approach to identify threats inside encrypted traffic with its latest network security innovation –Encrypted Traffic Analytics (ETA). ETA can be enabled with Cisco’s Catalyst 9000 switches and Cisco Stealthwatch.

ETA classifies & mitigates threats inside encrypted traffic without decrypting the packets, ensuring data privacy. Encrypted Traffic Analytics technology is enabled by the Catalyst 9000 switches and Cisco Stealthwatch, which uses the power of multi-layer machine learning to detect threats in encrypted traffic without any decryption."

 

 

 

.....is Sophos working on something just like this or better? :) Just curious from the folks who know.



This thread was automatically locked due to age.
Parents
  • 0

    If it would be possible to know the content of encrypted traffic whitout encrypting it, then Encryption would be useless. So what cisco does is kind of clairvoyance.

     

    From my point of view, cisco does some kind of analysis to predict with a certain likelyhood to say whether traffic is good or bad. This is done almost by Meta data (who is Communicating with each other, what Protocols are used, what ciphers are used, how and how much is traffic sent etc. etc.). I'm sure with this technology, cisco is able to recognize kind of Botnet Traffic.

    I'm also quite sure, a targeted attack can not be recognized that way.

Reply
  • 0

    If it would be possible to know the content of encrypted traffic whitout encrypting it, then Encryption would be useless. So what cisco does is kind of clairvoyance.

     

    From my point of view, cisco does some kind of analysis to predict with a certain likelyhood to say whether traffic is good or bad. This is done almost by Meta data (who is Communicating with each other, what Protocols are used, what ciphers are used, how and how much is traffic sent etc. etc.). I'm sure with this technology, cisco is able to recognize kind of Botnet Traffic.

    I'm also quite sure, a targeted attack can not be recognized that way.

Children
No Data