Security-conscious enterprises and consumers aren’t the only ones who rely on encryption to protect their information from prying eyes. Hackers are increasingly applying cryptography as well to conceal malicious traffic, a threat that Cisco Systems Inc. is taking on.

The networking giant on Wednesday released a new technology that it says can spot attack attempts within the vast volumes of encrypted data that flow through the average company’s infrastructure. Known as Encrypted Traffic Analytics, or ETA for short, the software is based on a research paper that a team of Cisco engineers published in 2016. They found that it’s possible to determine if encrypted traffic may be malicious without unscrambling it to see the contents.

ETA pulls that off by examining various contextual details. First, the technology inspects the initial unencrypted packets used to establish a connection for obvious red flags, such as if they originate from a blacklisted address. A “multilayer” machine learning engine then looks for patterns in the flow of traffic to identify more subtle threat indicators.

According to Cisco, ETA examines the length of individual packet sequences, the time period that passes between certain events and other circumstantial clues. Its algorithms scan this information for potential deviations from regular traffic that might indicate the presence of an attacker. To ensure accuracy, the machine learning engine continuously adjusts detection criteria as customer environments change over time.

Cisco said ETA thus provides the ability to more easily detect malicious activity within the rapidly rising amount of encrypted traffic that passes through enterprise networks. Plus, the technology could improve user privacy in the process.

Letting companies identify the specific streams of encrypted data that require special attention should allow them help to become more selective with their security efforts. This in turn could reduce the amount of legitimate traffic that needs to be decrypted and inspected. The resulting privacy benefits have the potential to add up in a big way, since nearly 50,000 organizations currently use Cisco hardware that support ETA.

As an added benefit, Cisco said, the technology provides visibility into how encryption is applied throughout an organization. The insights from ETA can help companies identify sensitive traffic that isn’t protected by cryptography and make the necessary changes.  

Image: Prayitano