Encrypted Traffic Analytics
First, we are going to talk about two realities of today and tomorrow.
1.-Malware
What is
malware?
Malware is
just software, or some piece of code designed to damage, disrupt or gain access
to your systems/networks. And we don’t want it!
When we
think about malware the first words that come to our minds are: viruses, worms,
rootkits, ransomware (ex: the famous WannaCry) …
Malware is
bad for our business and it’s out there growing and growing every day. Hundreds
of Malware are being developed every day by different threat actors
(scriptkiddies, hactivists, criminals, nations…).
Cybercrime will continue rising and cost businesses globally more than 3,000,000,000,000€ each year.
-Ventures Cybersecurity (prediction 2021).
Malware is
a reality and we should keep various eyes on it, even more in the future.
2.- Encryption
What is
encryption?
Every time
you are buying something in Amazon you are sending your credit card data to
Amazon web servers through the Internet. But what’s going to happen is
someone is listening? Let’s call this person “man-in-the-middle”. If
man-in-the-middle is listening to your connection he is going to steal your
private data (in this example your credit card information), and that’s not
good for your and neither for Amazon.
That’s why
we brought encryption to the game board.
With encryption we use some algorithms and keys to encrypt our data. Encryption allows us to establish a secure connection, so none can steal our data :).
Encryption is fantastic, it protects our data, it allows us to secure our remote offices, is cost-effective...
Pedro, our employee, is visiting some non-ethical webpages at work. This webpages are sending malware to Pedro's computer. Network Anti-Malware is looking after these connections, analyzing its data. So at the moment some webpage tries to send malware to some system in our network, the NAM is going to block this data and the threat webpage. That's nice!
On the other hand, we have right now the encryption paradigm. Encryption is made system to system, your Network Anti-Malware can not analyze the data if Pedro is connecting to a webpage using encryption. That's not nice!
It's possible to decrypt encrypted data, but it's not always possible and incurs high costs. So some companies like Cisco are changing the gameboard with E.T.A. (Encrypted Traffic Analytics).
E.T.A. is not going to analyze the raw data (because is no longer practical!), E.T.A. is going to analyze metadata like:
With encryption we use some algorithms and keys to encrypt our data. Encryption allows us to establish a secure connection, so none can steal our data :).
Encryption is fantastic, it protects our data, it allows us to secure our remote offices, is cost-effective...
In 2018 near 58% of all the Web traffic has been encrypted. Predictions are about 80% in 2019._________________________________
-Gartner. Techcrunch.
The other side of Encryption
We are going to see how a Network Anti-Malware works: On the other hand, we have right now the encryption paradigm. Encryption is made system to system, your Network Anti-Malware can not analyze the data if Pedro is connecting to a webpage using encryption. That's not nice!
“Half of malware campaigns in 2019 will use some type of encryption to conceal malware delivery, command and control activity, or data exfiltration...”
-Gartner.
What can we do?
Encrypted Traffic Analytics.It's possible to decrypt encrypted data, but it's not always possible and incurs high costs. So some companies like Cisco are changing the gameboard with E.T.A. (Encrypted Traffic Analytics).
E.T.A. is not going to analyze the raw data (because is no longer practical!), E.T.A. is going to analyze metadata like:
- Sequence of Packet Lengths and Times (SPLT).
- Byte distribution.
- Initial Data Packet (IDP).
- TLS Records, TLS record times...
E.T.A. Machine Learning algorithms are going to analyze more than 60 characteristics of encrypted packets in real time. E.T.A. is the first step to fight against the threat of the near future.
So, why companies should invest in updated security systems?
Security
systems are one of the devices with the highest return of investment.