創新及科技解決方案

解決方案編號

S-0154

解決方案名稱

Cisco Stealthwatch Encrypted Traffic Analytics

解決方案描述

Traditional flow monitoring provides a high-level view of network communications by reporting the addresses, ports, and byte and packet counts of a flow. In addition, intraflow metadata, or information about events that occur inside of a flow, can be collected, stored, and analyzed within a flow monitoring framework. This data is especially valuable when traffic is encrypted, because deep-packet inspection is no longer viable. This enhanced intraflow metadata is derived by using new types of data elements or telemetry that are independent of protocol details, such as the lengths and arrival times of messages within a flow. These data elements have the attractive property of applying equally well to both encrypted and unencrypted flows. Using these data elements or enhanced intraflow telemetry to identify malware communication in encrypted traffic means Cisco® Encrypted Traffic Analytics can maintain the integrity of the encrypted flow without the need for bulk decryption.


Encrypted Traffic Analytics focuses on identifying malware communications in encrypted traffic through passive monitoring, the extraction of relevant data elements, and a combination of behavioral modeling and machine learning with cloud-based global visibility.


Transport Layer Security (TLS) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or Simple Mail Transfer Protocol (SMTP) for email. HTTPS is the use of TLS over HTTP. This is the most popular way of securing communication between a web server and client and is supported by most major web servers. Encrypted Traffic Analytics extracts four main data elements: The initial data packet, the sequence of packet lengths and times, the byte distribution, and TLS-specific features. Cisco’s unique Application-Specific Integrated Circuit (ASIC) architecture provides the ability to extract these data elements without slowing down the data network.

應用領域

廣播

城市管理

氣象

工商業

發展

教育

就業及勞工

環境

財經

食物

衛生

房屋

基礎設施

法律及保安

人口

康樂及文化

社會福利

運輸

使用的技術

人工智能

雲端運算

數據分析

機器學習

使用例子

1. All industries

● Continuously monitor the extended network

● Detect threats in real time

● Speed incident response and forensics

● Simplify network segmentation

● Meet regulatory compliance requirements

● Improve network performance and capacity planning

2. Government

● Continuously monitor across networks for advanced attacks

● Protect confidential information

● Maintain compliance with stringent security regulations

● Detect insider threats

3. Higher education

● Safeguard mobile devices

● Detect Peer-to-Peer (P2P) file sharing

● Protect sensitive information

● Prevent network misuse and abuse

● Maintain high levels of availability and performance

● Streamline security workflows

● Meet regulatory compliance demands

4. Financial services

● Detect both outsider and insider threats

● Protect customer data

● Uphold strict compliance requirements

● Maintain 24-hour access to critical financial information

● Find and fix threats and performance issues before they become crises

5. Healthcare

● Protect patient records

● Thwart cyber attacks on life-saving medical equipment

● Maintain HIPAA compliance

● Safeguard intellectual property

● Maintain high levels of performance

● Quickly discover and safeguard new network devices

6. Retail

● Remotely monitor hundreds of systems for security and performance issues

● Safeguard point-of-sale (POS) terminals

● Maintain PCI compliance

若政府部門欲對創科方案進行PoC試驗或技術測試,請聯絡Smart LAB。