Encrypted traffic is a problem for analytics, firewall inspection and other security measures that need to look inside the packet to see if there is malicious intent.
The workaround in traditional networks is to use a proxy to act as a man in the middle decrypting, inspecting and then re-encrypting which allows firewall inspection while the traffic is in a non-encrypted state. This has privacy, application compatibility and scaling issues.
ETA is designed to give visibility and malware detection but without decrypting traffic.
ETA is a suite of hardware and software which includes: Stealthwatch, ISE and certain CAT9k switches.
Data gets collected by Stealthwatch and is uploaded to the cloud (“CI” – cognative intelligence CI) which runs the traffic through machine learning including – anomaly detection, malicious events (what the traffic is and what it has done) and threat analysis (how to deal with the threat).
CI feeds the analysis back to DNA Centre which then gives the traffic a rating between one and ten. The closer the rating is to ten, the more likely the traffic is malicious.
The NCP component of ISE can then take action against the traffic. The rating also provides visibility into the traffic as it will modify the rating in real time.