![](https://d15shllkswkct0.cloudfront.net/wp-content/blogs.dir/1/files/2019/02/DSC02769.jpg)
![](https://d15shllkswkct0.cloudfront.net/wp-content/blogs.dir/1/files/2019/02/DSC02769.jpg)
The cybersecurity threat landscape shifts with blink-and-you’ll-miss-it frequency. Heard of cryptojacking? It’s one relatively new offender on the block. Security pros are fighting it and other threats with telemetry data from network devices like switches.
The network increasingly provides a wide window through which to spy on hackers, according to TK Keanini (pictured), distinguished engineer and product line chief technology officer of analytics at Cisco Systems Inc. The reason is that pretty much everything is connected these days.
“Probably your tea kettle is crossing a network somewhere,” Keanini said. Encryption is what keeps it from falling into the wrong hands. Direct inspection is no longer possible, which is good for security but ironically good for hackers, who use the network to infiltrate companies.
Keanini’s team developed Encrypted Traffic Analytics, or ETA, to infer malicious activity through behavior. It’s a feature in IOS XE, a train of Cisco’s Internetworking Operating System.
Keanini spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Cisco Live event in Barcelona, Spain. They discussed how network analytics and pure economics can thwart certain types of malware attacks. (* Disclosure below.)
ETA analyzes new telemetry data elements independent of protocol details to detect malware communications. These elements might include the lengths and arrival times of packets within a flow. It leverages passive monitoring, extraction of relevant data elements, and machine learning.
“The network as a sensor, the routers, the switches — all of those things are sending me this rich, rich telemetry by which I can infer this malicious activity without doing any decryption,” Keanini said.
New attack formats ripe for this type of analytics include cryptojacking, Keanini pointed out. It uses ransomware-like tactics to get computers to mine cryptocurrencies.
“We can’t see the actual payloads, because it’s all encrypted. But we have techniques now — advanced analytics — by which we can now call out this unique behavior very distinctly,” Keanini concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the Cisco Live event. (* Disclosure: Cisco Systems Inc. sponsored this segment of theCUBE. Neither Cisco nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
THANK YOU