• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 17th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Cisco’s new tool will detect malware in encrypted traffic

January 13th, 2018 Waqas Security, Malware 0 comments
Cisco’s new tool will detect malware in encrypted traffic
Share on FacebookShare on Twitter

On January 10, Cisco’s officially released its software platform Encrypted Traffic Analytics (ETA) that can keep a check on network packet metadata so as to detect malicious traffic. The software was previously launched in June 2017 but it has remained in private preview ever since because only enterprises were able to use it.

Now, Cisco has released its general version, which is available on current and former generation data center network hardware and most of Cisco’s enterprise routing platforms such as Cloud Services Routers, Integrated Services Router, and its branch office router are compatible with it.

More: IXmaps Map reveals if your Internet traffic is being monitored by the NSA

The revamped ETA can now aid enterprises in inspecting encrypted malicious traffic as well without needing to decrypt it. In simple words, ETA is able to perform passive monitoring to infer content from encrypted traffic instead of opening and inspecting the content.

The software would make it easier to detect malicious traffic since cybercriminals have reached such a high level of skills where they can use encryption to hide C&C communications, payloads, data exfiltration and similar other activities from being detected.

Conventional malware detection software is unable to detect encrypted malicious traffic without decrypting it first, which is a not only complicated task but also compromises the privacy of non-malicious encrypted traffic. Given that organizations need to comply with certain data regulations (such as US-CERT prohibits organizations from implementing traffic interception software that compromises TLS security). Therefore, detection of encrypted malicious traffic became a grave issue for companies.

According to the blog post by Scott Harrell, Senior Vice President and General Manager at Cisco “ETA uses network visibility and multi-layer machine learning to look for observable differences between benign and malware traffic.”

With ETA’s arrival organizations can breathe a sigh of relief since the software provides a reliable way to detect and block such threats primarily because it doesn’t need to decrypt for inspecting traffic. It does so by inspecting three features of encrypted data; first is the initial data packet of the network, which stores important data regarding the rest of the encrypted content.

Secondly, it searches for the sequence of packet times and lengths to find clues into traffic content beyond what was identified in the initial packet. The third feature that ETA inspects is the byte distribution process across the packet payloads in the encrypted traffic flow. ETA uses StealthWatch software to compare the metadata of malicious and benign network packets in order to detect encrypted malicious traffic.

ETA can spot malware in encrypted traffic through the research conducted by Cisco to understand the salient difference between the way malicious and benign traffic uses DNS, TLS, and HTTP. Since Cisco offers telemetry services for security, therefore, the administrative and operational costs are fairly low.

More: Shodan’ Malware Hunter to Expose Command & Control Centers of Botnets

Top, featured image via DepositPhotos/FireFix

  • Tags
  • Cisco
  • Encryption
  • internet
  • Malware
  • RTA
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Lenovo removes backdoor present in networking switches since 2004
Next article Hacker demands ransom in Bitcoin after taking over hospital servers
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Warning as hackers breach MFA to target cloud services

Warning as hackers breach MFA to target cloud services

Google reveals high-profile attack targeting Android, Windows users

Google reveals high-profile attack targeting Android, Windows users

Owner forgets password to digital wallet with $240m of Bitcoin inside

Owner forgets password to digital wallet with $240m of Bitcoin inside

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
UK Police mistakenly deleted 150,000 arrest records in software glitch
Technology News

UK Police mistakenly deleted 150,000 arrest records in software glitch

2116
Facebook sues developer of data scraping extensions for Chrome
Cyber Crime

Facebook sues developer of data scraping extensions for Chrome

3227
Warning as hackers breach MFA to target cloud services
Cyber Attacks

Warning as hackers breach MFA to target cloud services

5067

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us