cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
231
Views
5
Helpful
2
Replies
Highlighted
Beginner

ETA Analytics

If a infrastructure device (router, switch) is capable and enabled for Encrypted Traffic Analysis - will east/west traffic within an environment be reported on?

 

It was my understanding that ETA was specifically for traffic between the Inside and Outside host groups - and would not alert on east/west traffic within the Inside host group.

 

Thanks in advance for your response

 

B

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: ETA Analytics

The information has to be sent first to Stealthwatch, from Stealthwatch you can control which Group you want to report (logical groups based on IP addresses and ranges). 

 

When a Group is selected under a specific configuration tab, the ETA telemetry related to outside connection is only sent by default, You can turn off/on the telemetry sending for any group. 

 

In Stealthwatch version 7.2, you will have the ability to send Telemetry report on East/West traffic not only Inside to Outside. The ability will give the option to select either turning off sending the telemetry sending inside to outside telemetry or sending even Eat West associated with that group only, 

 

 

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: ETA Analytics

ETA has mainly 2 functions.

One is for TLS audit and the other is cognitive analytics.

1st one, you can see TLS audit report for your internal server/client.(from this point, the answer is yes)

2nd one, cognitive uses external IP/domain information with ETA telemetry data(IDP/SPLT) for analysis. So current ETA can't analyze East/West traffic. But in the future ETA maybe expand the function to East/West analysis by enhancing cognitive system.

 

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf

Highlighted
Cisco Employee

Re: ETA Analytics

The information has to be sent first to Stealthwatch, from Stealthwatch you can control which Group you want to report (logical groups based on IP addresses and ranges). 

 

When a Group is selected under a specific configuration tab, the ETA telemetry related to outside connection is only sent by default, You can turn off/on the telemetry sending for any group. 

 

In Stealthwatch version 7.2, you will have the ability to send Telemetry report on East/West traffic not only Inside to Outside. The ability will give the option to select either turning off sending the telemetry sending inside to outside telemetry or sending even Eat West associated with that group only, 

 

 

View solution in original post

This widget could not be displayed.