Cisco Plugs Encryption Hole in Network Security

Mitch Wagner
1/10/2018
50%
50%

Cisco on Wednesday introduced analytics services designed to solve a growing problem with network security – detecting threats that are hidden in encrypted traffic.

Concerns over privacy, compliance and security are driving users to encrypt more and more network traffic, Cisco Systems Inc. (Nasdaq: CSCO) notes. Some 80% of network traffic will be encrypted by next year, according to a Gartner estimate that Cisco cites. And yet encrypted traffic makes it easier for attackers to conceal threats -- next year, half of malware campaigns will use encryption, Cisco says.

"While encryption is the right trend for privacy and regulatory compliance, IT teams will face a massive influx of traffic that they cannot see without decryption technology. This makes encrypted malware one of the industry's biggest emerging threats," according to a post on the Cisco Blogs Wednesday morning.

Cisco believes it can break that Catch-22 by analyzing typical network traffic and flagging anomalies that might indicate a threat, without decrypting traffic. The company outlined that strategy in its big "network intuitive" launch in June. (See Cisco's 'Network Intuitive': A Risky Transition.)


Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.


On Wednesday, the company is announcing availability of its Encrypted Traffic Analytics (ETA) (Editor's Note: Cute name) for the company's branch-office Integrated Services Router (ISR); the Aggregation Services Routers (ASR 1k) for enterprise edge networks and services providers; virtualized Integrated Services Virtual Router (ISRv), and Cloud Services Routers (CSR), for extending enterprise networks to clouds. ETA is also integrated with Cisco's Stealthwatch security platform.

ETA provides "security while maintaining privacy. You can have your cake and eat it too," Prashanth Shenoy, Cisco vice president of enterprise network marketing, tells Enterprise Cloud News. (Editor's Note: Mmmmm.... cake.)

ETA "extends state of the art security detection and visibility close to the user in the branch, where 80 percent of employees and customers are served," Harrell says.

These users are often underserved by security because of the difficulty of rolling out sophisticated sensors to hundreds or thousands of branch officers, Harrell says.

Also, the security technology can be rolled out easily with software upgrades to Cisco's customers, Harrell says.

ETA fits with Cisco's strategy to transition its strategy from selling networking products to software and services paid for on a recurring basis. (See Cisco: Enterprises Will 'Spend Differently'.)

Cisco needs the boost – revenue has declined eight consecutive quarters. (See Cisco's Q1 Beats Wall Street Expectations.)

Last week, security researchers disclosed details about two serious vulnerabilities, "Spectre" and "Meltdown," effecting billions of Intel, AMD and ARM chips manufactured since 1995, including servers, desktops and mobile devices. Cisco says most of its products are "closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. Cisco products that can be deployed as virtual machines or containers are vulnerable, and users should install patches to secure the underlying infrastructure, the company says. (See 'Spectre' & 'Meltdown' – What Cloud Users Need to Know.)

ETA would not protect against Spectre and Meltdown, which enable attackers to steal information from device memory, rather than the network. However, ETA should be able to detect attempts to exfiltrate that information over the network.

Related:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Light Sabre
1/22/2018 | 9:48:27 PM
Re: Cake
@Phil: On this note, I recently interviewed a CenturyLink exec who indicated that the company actively strives to secure networks and endpoints as much as possible without sacrificing speed/latency/bandwidth/quality/accessibility. He stressed this point a lot when I asked him about it outright.

Whether or not they're successful? Well, I'm not a CL customer, so I couldn't tell you firsthand or not one way or the other.
Phil_Britt
50%
50%
Phil_Britt,
User Rank: Light Sabre
1/19/2018 | 7:00:04 PM
Re: Cake
You make a good point (not sure how good of a cake maker you are). Total security would mean no one could access the information, but then the content is useless. It's a never ending battle to balance strong seccurity while still permitting access to authorized users.
kq4ym
50%
50%
kq4ym,
User Rank: Light Sabre
1/14/2018 | 6:02:57 PM
Re: What happens in the future..?
Yes, all interesting questions. Just how do they know how much is encrypted and that "80% of network traffic will be encrypted by next year," makes for some interesting speculation and just how best to resolve the issues in that apparent trend now moving forward.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
1/11/2018 | 4:55:50 PM
Re: Cake
Now I really want cake. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Light Sabre
1/11/2018 | 12:08:42 PM
Cake
To me, having security + privacy isn't having your cake and eating it too. It's more like having frosting on your cake.

Having your cake and eating it too in the classic sense would probably run more along the lines of enhanced accessibility WITH enhanced security (something that is, logically, impractical if not impossible).

But, then again, what's the point of having cake if you're not going to eat it?
mhhfive
50%
50%
mhhfive,
User Rank: Light Sabre
1/11/2018 | 11:36:10 AM
What happens in the future..?
> "half of malware campaigns will use encryption, Cisco says"

Hmm. I wonder what happens when more and more traffic is encrypted -- and when nearly all traffic is encrypted, what happens then? How will malware campaigns be detected? Just by metadata about where traffic is going and coming from? This seems like a losing battle to me. But maybe I'm missing some key point about how this all works. 

I also would like to know how Cisco arrives at its estimates for how much encrypted malware traffic exists..? 
More Blogs from Wagner’s Ring
VMware's been shopping this summer, buying three cloud and networking startups that will bolster its telco strategy.
Service providers rank in fifth place for vertical markets served by the switch powerhouse. Number one? The hypercloud guys.
IBM reveals details of how it's using Red Hat software as the foundation for its multicloud strategy, following its $34 billion Red Hat acquisition.
AT&T recently cut a big cloud deal with IBM. Then AT&T cut a big cloud deal with Microsoft the next day. That doesn't mean we're caught in a timeloop – the deals are different, and have plenty of unanswered questions.
Equinix is initially testing virtual router and firewall in the US and Europe, with plans to extend into Asia soon, to help make network connections more agile and responsive for enterprise customers.
Featured Video
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events