In essence, Cisco Stealthwatch drastically enhances threat defence by giving detailed network visibility and security analytics. It helps you know every host, record every conversation, understand what is normal, it alerts you to change, and enables you to respond to threats quickly.
In 2016, Cisco researchers discovered that malware leaves recognisable traces even in encrypted traffic. Now they are using this discovery to release a new technology known as Encrypted Traffic Analytics (ETA). Encryption is important in security. But although you may use encryption to protect data and privacy, attackers use it to conceal malware and evade detection by network security products.
Currently, around 55% of traffic through networks is encrypted, this is expected to rise to around 75% by 2019 (NSS). 70% of cyber attacks will use encryption in 2019 according to Gartner. Clearly a tool to monitor all this traffic is vital as the volume of cyber crime every year is increasing exponentially.
With Cisco Stealthwatch and its enhanced analytics capabilities, you can better understand whether encrypted traffic on the network is malicious. The enhanced network telemetry from the latest Cisco routers and switches is collected by Cisco Stealthwatch Enterprise. It uses advanced entity modeling and multilayered machine learning, constantly identifying who is on the network and what they are doing, and can detect anomalous behavior in real time to identify threats.
It also uses a global threat map to identify and correlate known global threats to the local environment. This considerably improves the fidelity of malware detection in encrypted traffic, and at the same time provides end-to-end confidentiality and maintains channel integrity because there is no decryption—an industry first.
Here is a short video that explains ETA.