A Discussion on Cisco Encrypted Traffic Analytics (ETA) with the Experts
Kevin Klous, Technical Leader, Cisco
David White Jr., Principal Engineer, Cisco Matt Robertson, Principal Technical Marketing Engineer, Cisco Darrin Miller. Distinguished Technical Marketing Engineer, Cisco
In the Cisco Live US 2018 speaker room: The podcast team steals a few minutes from Cisco ETA and Stealthwatch experts Matt Robertson and Darrin Miller to discuss the basics of the technology and how it is helping organizations in detecting malicious content in network traffic as it increasingly goes dark (becomes encrypted).
Subscribe to the Podcast in iTunes by clicking the image below:
Quotes from the Pros:
"The reality is that the networks are encrypted and threats are actually happening in those environments. We need to be able to detect threats inside of encrypted traffic. It's not really scalable to do inline decryption on everything. That's what the ETA solution was designed to do--[answer] how do we detect threats without decrypting traffic?" - Matt Robertson, Principal Technical Marketing Engineer, Cisco
"Every security architect I deal with is always saying, 'How do I turn something into an actionable event?'. That is what I really think ETA inside of Stealthwatch does...it allows us to turn all this data into actionable events." - Darrin Miller, Distinguished Technical Marketing Engineer, Cisco
How ETA works: 3 Major Components
1. Netflow Enhancements to carry additional markers to aid in malicious traffic detection 2. Cisco Stealthwatch Enterprise - Collector, aggregator, and analyzer of network telemetry (Netflow data) 3. Cloud-hosted analytics engine. Multi-layer machine learning engine that leverages the global risk map and correlates with your organization and how it interacts with those risks.
For the last two days days, I've been getting this email from our ESA appliance. The Warning message is:The updater has been unable to communicate with the update server for at least 1h.Last message occurred 8 times between Thu May 28 21:25:22 2020 a...
HelloWe want to purchase firepower P/N:FPR9K-FTD-BUN with P/N:FPR9K-SM-56= as security module. I could find information about one and three security module in the firepower9300 data sheet but there isn’t information about two security modules.Do we have t...
Hi All,I have failover configured between two ASA 5515. I am a bit rusty with ASA..years since I played with one.Anyways, failover seems to be working ok. The only problem I have is that the failover unit keeps changing the name everytime I reboot the sec...
We are ESP and a little over two weeks ago we started seeing a sudden change in our ratings of several of our IPs at Talos. Some messages started to be returned with smtp;554 Your access to this mail system has been rejected due to the sending MTA's...
I would like to create guest users using Python script.
I have installed 3.8.3 Python and saved the .py file and run the execution using ERS SDK guide for ISE
However getting an error:-
GAGSING3-M-93JT:Desktop gagsing3$ python...