Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2038
Views
5
Helpful
2
Replies

ETA Analytics

Go to solution
reheindel
Level 1
Level 1

‎05-14-2020 10:03 AM

If a infrastructure device (router, switch) is capable and enabled for Encrypted Traffic Analysis - will east/west traffic within an environment be reported on?

 

It was my understanding that ETA was specifically for traffic between the Inside and Outside host groups - and would not alert on east/west traffic within the Inside host group.

 

Thanks in advance for your response

 

B

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hanjabbo
Cisco Employee
Cisco Employee

‎05-16-2020 12:33 PM

The information has to be sent first to Stealthwatch, from Stealthwatch you can control which Group you want to report (logical groups based on IP addresses and ranges). 

 

When a Group is selected under a specific configuration tab, the ETA telemetry related to outside connection is only sent by default, You can turn off/on the telemetry sending for any group. 

 

In Stealthwatch version 7.2, you will have the ability to send Telemetry report on East/West traffic not only Inside to Outside. The ability will give the option to select either turning off sending the telemetry sending inside to outside telemetry or sending even Eat West associated with that group only, 

 

 

View solution in original post

2 Replies 2

Go to solution
kyoshiik
Cisco Employee
Cisco Employee

‎05-14-2020 07:39 PM - edited ‎05-14-2020 07:40 PM

ETA has mainly 2 functions.

One is for TLS audit and the other is cognitive analytics.

1st one, you can see TLS audit report for your internal server/client.(from this point, the answer is yes)

2nd one, cognitive uses external IP/domain information with ETA telemetry data(IDP/SPLT) for analysis. So current ETA can't analyze East/West traffic. But in the future ETA maybe expand the function to East/West analysis by enhancing cognitive system.

 

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf

0 Helpful

Go to solution
hanjabbo
Cisco Employee
Cisco Employee

‎05-16-2020 12:33 PM

The information has to be sent first to Stealthwatch, from Stealthwatch you can control which Group you want to report (logical groups based on IP addresses and ranges). 

 

When a Group is selected under a specific configuration tab, the ETA telemetry related to outside connection is only sent by default, You can turn off/on the telemetry sending for any group. 

 

In Stealthwatch version 7.2, you will have the ability to send Telemetry report on East/West traffic not only Inside to Outside. The ability will give the option to select either turning off sending the telemetry sending inside to outside telemetry or sending even Eat West associated with that group only, 

 

 

Customers Also Viewed These Support Documents