19 de January de 2018

Cisco can now sniff out malware inside encrypted traffic

Cisco’s switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.

Switchzilla’s not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics – (ETA) – available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.

Those devices can’t do the job alone: users need to be signed up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

Some of the techniques used to spot malware’s activities aren’t super-sophisticated: Cisco looks at unencrypted handshake packets for known dodgy destinations, searches for things like self-signed certificates and other signs of either sloppiness or slippery intentions.

The cloud service does the heavier lifting, with over 400 “classifiers” hunting for signs of malware at work. All Cisco customers traffic’ can be fed into the cloud, to help it learn.

The new tool has applications beyond defence, as it can also detect the encryption applied to traffic. That’s a useful function for organisations that must encrypt traffic to stay on the right side of industry or government regulations. Cisco’s therefore geared up to sell ETA as a compliance tool as well as a malware-spotter.

ETA’s already present in IOS XE 16.6 and Cisco says 50,000 of its customers have hardware capable of accessing the service today. They’ll just need to turn it on and start sending telemetry to Cisco’s cloud.

The company’s also contemplated taking the tech beyond its hardware, with ETA as a service and ETA on fabrics already contemplated by Cisco suits. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: https://www.theregister.co.uk/2018/01/11/cisco_can_now_sniff_out_malware_inside_iencryptedi_traffic/

Speak Your Mind

*