cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2114
Views
5
Helpful
2
Replies

ETA Analytics

reheindel
Level 1
Level 1

If a infrastructure device (router, switch) is capable and enabled for Encrypted Traffic Analysis - will east/west traffic within an environment be reported on?

 

It was my understanding that ETA was specifically for traffic between the Inside and Outside host groups - and would not alert on east/west traffic within the Inside host group.

 

Thanks in advance for your response

 

B

1 Accepted Solution

Accepted Solutions

hanjabbo
Cisco Employee
Cisco Employee

The information has to be sent first to Stealthwatch, from Stealthwatch you can control which Group you want to report (logical groups based on IP addresses and ranges). 

 

When a Group is selected under a specific configuration tab, the ETA telemetry related to outside connection is only sent by default, You can turn off/on the telemetry sending for any group. 

 

In Stealthwatch version 7.2, you will have the ability to send Telemetry report on East/West traffic not only Inside to Outside. The ability will give the option to select either turning off sending the telemetry sending inside to outside telemetry or sending even Eat West associated with that group only, 

 

 

View solution in original post

2 Replies 2

kyoshiik
Cisco Employee
Cisco Employee

ETA has mainly 2 functions.

One is for TLS audit and the other is cognitive analytics.

1st one, you can see TLS audit report for your internal server/client.(from this point, the answer is yes)

2nd one, cognitive uses external IP/domain information with ETA telemetry data(IDP/SPLT) for analysis. So current ETA can't analyze East/West traffic. But in the future ETA maybe expand the function to East/West analysis by enhancing cognitive system.

 

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf

hanjabbo
Cisco Employee
Cisco Employee

The information has to be sent first to Stealthwatch, from Stealthwatch you can control which Group you want to report (logical groups based on IP addresses and ranges). 

 

When a Group is selected under a specific configuration tab, the ETA telemetry related to outside connection is only sent by default, You can turn off/on the telemetry sending for any group. 

 

In Stealthwatch version 7.2, you will have the ability to send Telemetry report on East/West traffic not only Inside to Outside. The ability will give the option to select either turning off sending the telemetry sending inside to outside telemetry or sending even Eat West associated with that group only,