TECH WATCH: Cisco Trial New Software to Counter Encrypted Malware Threats
As cybercrime evolves, machine learning comes to the rescue
As the number of businesses moving to the cloud continues to increase, the amount of services and applications that now use encryption to secure information and ward off threats increases with it – but is it enough?
When looking at a recent Gartner report that claims as much as 80% of web traffic will be encrypted by 2019, it’s clear that many businesses feel this is the best path to take in order to protect their data from malicious activity.
However, for all the benefits encryption brings to help increase security for enterprises that communicate over the Internet, the fact that malware is incredibly difficult to detect in files that have been encrypted means that the criminals who specialise in this type of cyber theft stand to benefit immensely from it, too.
In that same report, Gartner goes on to state how it believes that half of the malware campaigns in 2019 will use some form of encryption to disguise malware delivery, command and control activity, or data exfiltration.
In addition to this statement, the fact that many organisations active today do not have a strategy in place to detect or prevent malware within encrypted traffic is highly concerning and the demand for solution is higher than ever before.
Fortunately, since June 2017 Cisco has been carrying out trials for their Encrypted Traffic Analytics (ETA) with various customers around the globe and have recently confirmed that they have extended those trials to most Cisco enterprise routing platforms.
The goal of ETA is to detect malicious content buried within encrypted traffic simply by scanning it, rather than having to decrypt it.
With this tool, users can benefit from:
Security visibility: Gain insight into threats in encrypted traffic using network analytics. Obtain contextual threat intelligence with real-time analysis correlated with user and device information.
Cryptographic assessment: Ensure enterprise compliance with cryptographic protocols and visibility into and knowledge of what is being encrypted and what is not being encrypted on your network.
Faster time to response: Quickly contain infected devices and users.
Time and cost savings: Use the network as the foundation for the security posture, capitalizing on security investments in the network.
Commenting on the technique and purpose of ETA, Scott Harrell, SVP and GM, enterprise networking at Cisco, states
“ETA uses network visibility and multi-layer machine learning to look for observable differences between benign and malware traffic. How? First, ETA examines the initial data packet of the connection. This by itself may contain valuable data about the rest of the content. Then there is the sequence of packet lengths and times, which offers vital clues into traffic contents beyond the beginning of the encrypted flow. Since this network-based detection process is aided by machine learning, it adapts to change and its efficacy is maintained over time.”
What’s interesting about this, then, is that as a new threat emerges within the communications world, once again the use of Machine Learning AI has come to the rescue and further demonstrated how it will have a key role to play in the future of business.
What is Tech Watch?
Each week our John takes a look into the future and tells us what we can expect to see from the world of technology. You can see all Tech Watch articles here!
Join in, comment and share.