ETA Analytics. New and updated algorithms that use ETA features in StealthWatch-flows to detect: Malware families Cryptowall, Sality, and Ramnit, Malicious file download, Phishing, DNS sinkhole, Vulnerability scanning, Typo-squatting, Unicode typo-squatting. Note that CTA support for ETA works specifically for customers providing StealthWatch-flow telemetry. For customers providing ProxyLog telemetry CTA now provides HTTPS-based detection capability (see next item)
Detection from HTTPS telemetry without decryption. From now on CTA provides industry-unique technology allowing to detect multiple infection types in HTTPS channel without decryption. The technology is the result of year-long research effort motivated by the fact that the increasing adoption of encryption across the Internet may diminish capabilities of industry-standard detection techniques. CTA makes the most of combining and correlating multiple very weak indicators available in HTTPS telemetry.
Example 1: Here the HTTPS classifier attributed the https communication to the ad injector activity. Connection to server is not shown as successful to cause harm, nevertheless the client node is clearly infected.
Example 2: Note the https flows in the bottom, that in this case proved sufficient to trigger the incident.
Possibility for customers and field to generate on-demand test incidents in their lab
Dear Cisco ISE Community,
I’m looking for a suggestion, or a best practice, to effectively combine the redirection to ISE Captive Portal with the usage of a web proxy, on a non-standard port.
Are you aware of any indication on this topic?
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Working on an IBNS 2.0 setup and I have the VLAN ID being sent to ISE. I added the following command to the switch to get the VLAN information to show up in the authentication request:
mab request format attribute 32 vlan access-vlan
im shifting a new fmc+ftd instead of an old asa firewall , i was wondering after i shift the new fmc+ftd with the same inside and outside ip addresses if i need to clear arp my layer 3 core switch and my isp router?
We have upgraded our ASA's to 9.12(2) with ASDM 7.12(2). When two users try to access the same firewall their ASDMs start to hang and don't finish their current activity. If one user is connected then all is well. When a second user tries to connect ...