A Discussion on Cisco Encrypted Traffic Analytics (ETA) with the Experts
Kevin Klous, Technical Leader, Cisco
David White Jr., Principal Engineer, Cisco Matt Robertson, Principal Technical Marketing Engineer, Cisco Darrin Miller. Distinguished Technical Marketing Engineer, Cisco
In the Cisco Live US 2018 speaker room: The podcast team steals a few minutes from Cisco ETA and Stealthwatch experts Matt Robertson and Darrin Miller to discuss the basics of the technology and how it is helping organizations in detecting malicious content in network traffic as it increasingly goes dark (becomes encrypted).
Subscribe to the Podcast in iTunes by clicking the image below:
Quotes from the Pros:
"The reality is that the networks are encrypted and threats are actually happening in those environments. We need to be able to detect threats inside of encrypted traffic. It's not really scalable to do inline decryption on everything. That's what the ETA solution was designed to do--[answer] how do we detect threats without decrypting traffic?" - Matt Robertson, Principal Technical Marketing Engineer, Cisco
"Every security architect I deal with is always saying, 'How do I turn something into an actionable event?'. That is what I really think ETA inside of Stealthwatch does...it allows us to turn all this data into actionable events." - Darrin Miller, Distinguished Technical Marketing Engineer, Cisco
How ETA works: 3 Major Components
1. Netflow Enhancements to carry additional markers to aid in malicious traffic detection 2. Cisco Stealthwatch Enterprise - Collector, aggregator, and analyzer of network telemetry (Netflow data) 3. Cloud-hosted analytics engine. Multi-layer machine learning engine that leverages the global risk map and correlates with your organization and how it interacts with those risks.
Hello everyone,I'm facing a strange problem with ISE 2.7 policy, I'm building Wireless Dynamic Vlan based on Active Directory users from specific OU and it works just fine I'm getting the right VLAN and IP, but unfortunately, it's not enough and I want to...
In 2018 the user dongill asked "Is it possible to do a email validation for “Known Guest” account creation in the sponsor portal? We have a need to prevent sponsors creating guest accounts with their corporate email addresses?"https://community.cisco.com/...
We have a Cisco ASA5545 running IOS 9.1. ASA currently has over 500 active ikev1 tunnels to different partners. We will like to enable ikev2 on the box while keeping all our ikev1 tunnels active with no service disruption. kindly assist with steps to take...
Hi,I have a ASA setup with 2 IPSEC VTI tunnels to the same remote site. I like to check if it may be possible to perform ECMP for outgoing and incoming traffic thru the VTI tunnels? The setup is a single ASA to a ios router on 2 x IPSEC VTI tunnels ...
I have a setup with 4 HA pairs of FTD's in the FMC Global domain all running 6.6.4.x. We intend to deploy many more, so have decided we need to segregate access based on geo-location of the FTD's. So I need to create new subdomains for the new FTD's aroun...