Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Can Now Sniff Out Malware Inside Encrypted Traffic (theregister.co.uk)

Posted by msmash on from the next-up dept.

Simon Sharwood, writing for The Register: Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic. Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service -- now known as Encrypted Traffic Analytics (ETA) -- available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V. Those devices can't do the job alone: users need to sign up for Cisco's StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

4 of 97 comments (clear)

  1. kind of like... by supernova87a · · Score: 4, Insightful

    I suppose this the the banks (hubs of the financial world) being made to detect money laundering by the pattern and size / frequency of money transfers. They don't know about the source or nature of the transaction underlying the money, just that when it obeys certain flows, they're supposed to flag it.

  2. Re:Not analyzing payload by 110010001000 · · Score: 4, Insightful

    "users need to sign up for Cisco's StealthWatch service and let traffic from their kit "

    "Sign up for" means "pay monthly for". It sounds like they are analyzing forwarded flow data and looking for flows to/from a particular port/IPs. It would catch malware that uses C&C to known rogue IPs, etc.

  3. Other surveillance? by mi · · Score: 3, Insightful

    Cisco researchers found that malware leaves recognisable traces even in encrypted traffic.

    "Malware" can't be the only thing... Can the same algorithms not be used to detect bomb-making instructions, racism, and counter-revolutionary activities?

    --
    In Soviet Washington the swamp drains you.
  4. Re:Not analyzing payload by ugen · · Score: 4, Insightful

    The amount of bycatch will be nontrivial. This will inevitably result either in a lot of valid traffic being blocked, or no meaningful blocking of malware.

    Except this time they slapped AI label on the service, so it's very modern and cool and costs more money.

    We've seen this before.