How Cisco DNA Thwarts Encrypted Malware

Organizations around the globe are steadily increasing the use of strong encryption to keep their data confidential. Unfortunately, cybercriminals are also using the technology to mask their activities.

At issue is the fact that encryption not only hides data from would-be hackers, but also from common security tools. Gartner analysts predict that nearly three-quarters of malware campaigns in 2019 will use some type of encryption to conceal malware delivery, command-and-control activity or data exfiltration.

Until recently, there were no good options for detecting malicious content in encrypted traffic. Cisco is changing that with its Digital Network Architecture (DNA), a software-driven network solution that uses analytics and machine learning to find threats in encrypted traffic.

Drawbacks of Traditional Approaches

Identifying threats contained within encrypted network traffic poses a unique set of challenges. For years, the common approach has been to decrypt the traffic, analyze it using devices such as next-generation firewalls (NGFWs), and then re-encrypt it. However, that approach isn’t always practical for a variety of reasons.

Privacy is a major consideration. The whole point of encryption is to protect sensitive data — decryption increases the risk that the data will be exposed. The process of decrypting, analysis and re-encryption can also seriously impact network performance. An NSS Labs study found that this overhead caused an 81 percent performance degradation for NGFWs.

Even with decryption, traditional security tools are ineffective at detecting threats in encrypted traffic. According to Cisco, it takes companies between 100 and 200 days, on average, to detect an attack because 80 percent of security systems do not recognize or prevent threats within encrypted traffic. And the problem is only going to get worse —Gartner believes that more than 80 percent of enterprise web traffic will be encrypted by the end of 2019.

 

Identify, Analyze and Report

Cisco takes a different approach with the security features built into DNA. Cisco Encrypted Traffic Analytics (ETA) uses a combination of local analysis engines combined with a cloud-based platform to analyze encrypted traffic without requiring decryption.

Network traffic has certain characteristics, known as metadata, that can be extracted without decrypting the data packets. Cisco focuses on four elements — the length in bytes of the packets, the elapsed time between the arrival of the packets, the distribution of bytes, and data such as a hostname or URL that might point to a command-and-control server. Application-specific integrated circuits extract the metadata without impacting network performance.

Any traffic that seems suspicious is flagged for additional evaluation by Cisco’s StealthWatch monitoring solution, which applies machine learning and statistical modeling for deeper analysis. Traffic that’s identified as malicious is reported to the Cisco’s DNA Center network management software to ensure that it’s blocked throughout the entire network. Additionally, Cisco uses machine learning algorithms to train ETA to search for new vulnerabilities and adapt to changing ones.

The security features within Cisco DNA offer a compelling new approach to identifying encrypted malware without compromising privacy or degrading network performance. As a Cisco Gold Certified Master Security Specialized Partner, Cerium is recognized as having the highest level of expertise with Cisco security solutions. Give us a call to learn more about protecting your organization from attacks hiding in encrypted traffic.

Stop encrypted threats

Gain insight into threats in encrypted traffic without the need for decryption, using network analytics and machine learning features in Cisco’s Digital Network Architecture. Call us to learn how.

Contact Us

Related Articles

A sampling of other articles you may enjoy if you liked this one.

How the IoT Helps Law Enforcement & Justice Agencies Work Smarter and Safer
Aug 16, 2019

Continued budget cuts has resulted in staff reductions in many law enforcement and justice agencies,...

Read More
Data Visualization for Emergency Services
Aug 5, 2019

How Data Visualization Helps First Responders Prepare and Take Action On the surface, emergencies s...

Read More
Edge Computing for State & Local Governments
Jul 16, 2019

Edge Computing Is the Key to Deriving Value from IoT Data State and local governments are rapidly d...

Read More
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!