SECURITY
SECURITY
SECURITY
Cryptic answer: Network analytics catch hacks that encryption hides
The cybersecurity threat landscape shifts with blink-and-you’ll-miss-it frequency. Heard of cryptojacking? It’s one relatively new offender on the block. Security pros are fighting it and other threats with telemetry data from network devices like switches.
The network increasingly provides a wide window through which to spy on hackers, according to TK Keanini (pictured), distinguished engineer and product line chief technology officer of analytics at Cisco Systems Inc. The reason is that pretty much everything is connected these days.
“Probably your tea kettle is crossing a network somewhere,” Keanini said. Encryption is what keeps it from falling into the wrong hands. Direct inspection is no longer possible, which is good for security but ironically good for hackers, who use the network to infiltrate companies.
Keanini’s team developed Encrypted Traffic Analytics, or ETA, to infer malicious activity through behavior. It’s a feature in IOS XE, a train of Cisco’s Internetworking Operating System.
Keanini spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Cisco Live event in Barcelona, Spain. They discussed how network analytics and pure economics can thwart certain types of malware attacks. (* Disclosure below.)
Telemetry tattles on hackers
ETA analyzes new telemetry data elements independent of protocol details to detect malware communications. These elements might include the lengths and arrival times of packets within a flow. It leverages passive monitoring, extraction of relevant data elements, and machine learning.
“The network as a sensor, the routers, the switches — all of those things are sending me this rich, rich telemetry by which I can infer this malicious activity without doing any decryption,” Keanini said.
New attack formats ripe for this type of analytics include cryptojacking, Keanini pointed out. It uses ransomware-like tactics to get computers to mine cryptocurrencies.
“We can’t see the actual payloads, because it’s all encrypted. But we have techniques now — advanced analytics — by which we can now call out this unique behavior very distinctly,” Keanini concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the Cisco Live event. (* Disclosure: Cisco Systems Inc. sponsored this segment of theCUBE. Neither Cisco nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
