SlideShare uma empresa Scribd logo

TechWiseTV Workshop: Encrypted Traffic Analytics

Robb Boyd
Robb Boyd

The document discusses Cisco's Encrypted Traffic Analytics (ETA) solution. ETA uses machine learning techniques to analyze metadata from encrypted network traffic and detect malware without decrypting traffic. It can identify malware signatures and anomalous behavior in encrypted web, cloud, and internal traffic. ETA extracts features from packet lengths, times, and byte distributions to build detectors that can find known malware in encrypted traffic with high accuracy. The solution provides visibility, compliance monitoring, and threat detection across an organization's entire network, including campus, branch offices, and the cloud.

Tecnologia
1 de 22
Baixar para ler offline
Hands on Encrypted Traffic Analytics January 17,2018
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Networks are becoming more and more opaque
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential New threat landscape 38% 62% Organizations are at risk Decrypt Do not decrypt New attack vectors • Employees browsing over HTTPS: Malware infection, covert channel with command and control server, data exfiltration • Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats cannot detect malicious content in encrypted traffic of attackers used encryption to evade detection of organizations have been victims of a cyber attack 41%81% 64% Source: Ponemon Report, 2016
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Web Traffic A growing problem: malware in encrypted traffic 2019 >80% encrypted >55% encrypted May 2017
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Users HQ Data Center Admin Branch RECORD every conversation Understand what is NORMAL Be alerted to CHANGE KNOW every host Respond to THREATS quickly Effective security depends on total visibility Roaming Users Cloud
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Privacy AND Security Now Available: Cisco Encrypted Traffic Analytics Industry’s first network with the ability to find threats in encrypted traffic without decryption Avoid, stop, or mitigate threats faster then ever before | Real-time flow analysis for better visibility Encrypted traffic Non-encrypted traffic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Malware Detection Known Malware Traffic Known Benign Traffic Extract Observable Features in the Data Employ Machine Learning techniques to build detectors Known Malware sessions detected in encrypted traffic with high accuracy “Identifying Encrypted Malware Traffic with Contextual Flow Data” AISec ’16 | Blake Anderson, David McGrew (Cisco Fellow ) Cisco Research
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Finding malicious activity in encrypted traffic Cisco Stealthwatch® Machine Learning M alware de tection and cryptographi c compliance Telemetry Exporter* Ne tFlow Enhanced Ne tFlow Te lemetry for e ncrypted malware detection and cryptographic compliance * Catalyst, ISR, ASR, CSR are supported Enhanced analytics and machine learning Global-to-local knowledge correlation Enhanced NetFlow from Cisco’s newest switches and routers Continuous Enterprise-wide compliance Leveraged network Faster investigation Higher precision Stronger protection M etadata
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Make the most of the unencrypted fields Identify the content type through the size and timing of packets Initial data packet Sequence of packet lengths and times How can we inspect encrypted traffic? Self-Signed certificate Data exfiltration C2 message Who’s who of the Internet’s dark side Global Risk Map Broad behavioral information about the servers on the Internet.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Threat discrimination thru correlation Global Risk MapInitial Data Packet Sequence of Packet Lengths and Times Multi-layer Machine Learning
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Campu s Branch Cloud Extended Enterprise Network Visibility News: ETA expands into the cloud and branch office ISR & ASR NEW CSR 1000V NEW Catalyst 9000
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Encrypted Traffic Analytics Telemetry
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Encrypted Traffic Analytics Overview ETA Data Features Outcomes Routers/Switches Packet Capture Devices Other Exporters Exporters of Netflow SPLT BD*IDP ETA Enhanced Analytics Cryptographic Compliance Malware Detection Analytics srcIP, dstIP, srcPort, dstPort, prot, startTime, stopTime, numBytes, numPackets, IDP, SPLT, BD Sequence of Packet Lengths and Times The SPLT field gives us visibility beyond the first packet of the encrypted flows. Byte Distribution The BD keeps a count for each byte value encountered in the payloads of the packets of the flow being analyzed Initial Data Packet The first packets of any connection contain valuable data about the content. *BD in fast follow release
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HTTPS header contains several information-rich fields • Server name provides domain information • Crypto information educates us on client and server behavior and application identity • Certificate information is similar to whois information for a domain • And much more can be understood when we combine the information with global data Initial Data Packet
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SPLT shows TLS Metadata differences Client Server Sent Packets Received Packets Google search Page Download Exfiltration & Keylogging Initiate Command & Control Model Packet lengths, arrival times and durations tend to be inherently different for malware than benign traffic.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Behavioral Patterns w.r.t. SPLT (Packet Lengths/Times) BestaferaFirefoxSelf-RepairGoogle Search Self-Signed Certificate Data Exfiltration Red = Unencrypted Handshake Messages C2 Message Initial Page Load FirefoxReal- Time Feedback Page Refresh Autocomplete
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Anomaly detection Trust modeling Event classification Entity modeling Relationship modeling Global risk map Threat correlation Internet scrapers Encrypted Traffic Analytics Threat Grid Anomalous Requests Processed NetFlow + Proxy (weblog) Threat Incidents (aggregated events) Malicious Events (telemetry sequences) Power of multi-layer machine learning Threat Analytics at Scale 50,000 incidents per day 10B requests per day Incidents Threat context Telemetry Features Layer 1 Layer 2 Layer 3
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cryptographic Compliance 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 Encryption TLS/SSL Version TLS 1.2 Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e Encryption TLS/SSL Version NONE Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demonstration
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What do you buy? Licensing, packaging… Solution element Software version License Enterprise switches (Cisco® Catalyst® 9000 Series)* Cisco IOS® XE 16.6.1+ Included in Cisco DNA™ Advantage license/ Cisco ONE™ Advanced Branch routers (ASR 1000 Series, 4000 Series ISR, CSR, ISRv, 1100 Series ISR)** Cisco IOS XE 16.6.2+ Included in SEC/k9 license Cisco ONE foundation Stealthwatch Enterprise v6.9.2+ Management Console, Flow Collector, Flow Rate License *C9300 series with 16.6.1, C9400 series available with 16.6.2 **Available for Proof of Concept (PoC) with 16.6.1, General availability in 16.6.2
C97-739122-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Next Steps Learn more about ETA http://www.cisco.com/go/eta
Thank you for watching!

Recomendados

Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
Harry McLaren
 
Red + Blue, How Purple Are You
Red + Blue, How Purple Are YouRed + Blue, How Purple Are You
Red + Blue, How Purple Are You
Jared Atkinson
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
.NET DEVELOPER
.NET DEVELOPER.NET DEVELOPER
.NET DEVELOPER
vinaykeith
 
pradeep Network Engineer resume
pradeep Network Engineer resumepradeep Network Engineer resume
pradeep Network Engineer resume
pradeep s
 
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentCitrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
Huy Pham
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
iosrjce
 
Backup
BackupBackup
Backup
AboubacarAhamadaRouf
 

Recomendados

Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
Harry McLaren
 
Red + Blue, How Purple Are You
Red + Blue, How Purple Are YouRed + Blue, How Purple Are You
Red + Blue, How Purple Are You
Jared Atkinson
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
.NET DEVELOPER
.NET DEVELOPER.NET DEVELOPER
.NET DEVELOPER
vinaykeith
 
pradeep Network Engineer resume
pradeep Network Engineer resumepradeep Network Engineer resume
pradeep Network Engineer resume
pradeep s
 
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentCitrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
Huy Pham
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
iosrjce
 
Backup
BackupBackup
Backup
AboubacarAhamadaRouf
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
Marius Vorster
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answers
vivaankumar
 
Browser Security
Browser SecurityBrowser Security
Browser Security
Roberto Suggi Liverani
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
Manish Kumar
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Carol McDonald
 
online music store
online music storeonline music store
online music store
swatikandoi
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Citrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.XCitrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.X
Izaak Salman
 
Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6
Digicomp Academy AG
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
Resume_Rushikesh_Network Engineer
Resume_Rushikesh_Network EngineerResume_Rushikesh_Network Engineer
Resume_Rushikesh_Network Engineer
Rishikesh Waghmare
 
linux fresher resume
linux fresher resumelinux fresher resume
linux fresher resume
Prasad Babu
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login system
Akshay Surve
 
Windows deployment on bare metal using ironic
Windows deployment on bare metal using ironicWindows deployment on bare metal using ironic
Windows deployment on bare metal using ironic
Srinivasa Acharya
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
DataWorks Summit
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Proxy
ProxyProxy
Proxy
Triad Square InfoSec
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
John Pollack
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
edwardstudyemai
 

Mais conteúdo relacionado

Mais procurados

Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
Manish Kumar
 
Resume_Rushikesh_Network Engineer
Resume_Rushikesh_Network EngineerResume_Rushikesh_Network Engineer
Resume_Rushikesh_Network Engineer
Rishikesh Waghmare
 
linux fresher resume
linux fresher resumelinux fresher resume
linux fresher resume
Prasad Babu
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login system
Akshay Surve
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 

Mais procurados (20)

Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answers
 
Browser Security
Browser SecurityBrowser Security
Browser Security
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
 
online music store
online music storeonline music store
online music store
 
Wireshark
WiresharkWireshark
Wireshark
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Citrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.XCitrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.X
 
Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Resume_Rushikesh_Network Engineer
Resume_Rushikesh_Network EngineerResume_Rushikesh_Network Engineer
Resume_Rushikesh_Network Engineer
 
linux fresher resume
linux fresher resumelinux fresher resume
linux fresher resume
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login system
 
Windows deployment on bare metal using ironic
Windows deployment on bare metal using ironicWindows deployment on bare metal using ironic
Windows deployment on bare metal using ironic
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Proxy
ProxyProxy
Proxy
 

Semelhante a TechWiseTV Workshop: Encrypted Traffic Analytics

Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
Harry Gunns
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
Force 3
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Amazon Web Services
 

Semelhante a TechWiseTV Workshop: Encrypted Traffic Analytics (20)

Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
 
How to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsHow to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted Threats
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 
SplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use Case
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
 

Mais de Robb Boyd

Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
Robb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
Robb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
Robb Boyd
 
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
Robb Boyd
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
Robb Boyd
 
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
Robb Boyd
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Robb Boyd
 
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
Robb Boyd
 

Mais de Robb Boyd (20)

Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
 
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
 
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
 
The Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformThe Enhanced Cisco Container Platform
The Enhanced Cisco Container Platform
 
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexTechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
 
TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200
 
TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200
 
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000
 
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

TechWiseTV Workshop: Encrypted Traffic Analytics

  • 1. Hands on Encrypted Traffic Analytics January 17,2018
  • 2. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Networks are becoming more and more opaque
  • 3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential New threat landscape 38% 62% Organizations are at risk Decrypt Do not decrypt New attack vectors • Employees browsing over HTTPS: Malware infection, covert channel with command and control server, data exfiltration • Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats cannot detect malicious content in encrypted traffic of attackers used encryption to evade detection of organizations have been victims of a cyber attack 41%81% 64% Source: Ponemon Report, 2016
  • 4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Web Traffic A growing problem: malware in encrypted traffic 2019 >80% encrypted >55% encrypted May 2017
  • 5. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Users HQ Data Center Admin Branch RECORD every conversation Understand what is NORMAL Be alerted to CHANGE KNOW every host Respond to THREATS quickly Effective security depends on total visibility Roaming Users Cloud
  • 6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Privacy AND Security Now Available: Cisco Encrypted Traffic Analytics Industry’s first network with the ability to find threats in encrypted traffic without decryption Avoid, stop, or mitigate threats faster then ever before | Real-time flow analysis for better visibility Encrypted traffic Non-encrypted traffic
  • 7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Malware Detection Known Malware Traffic Known Benign Traffic Extract Observable Features in the Data Employ Machine Learning techniques to build detectors Known Malware sessions detected in encrypted traffic with high accuracy “Identifying Encrypted Malware Traffic with Contextual Flow Data” AISec ’16 | Blake Anderson, David McGrew (Cisco Fellow ) Cisco Research
  • 8. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Finding malicious activity in encrypted traffic Cisco Stealthwatch® Machine Learning M alware de tection and cryptographi c compliance Telemetry Exporter* Ne tFlow Enhanced Ne tFlow Te lemetry for e ncrypted malware detection and cryptographic compliance * Catalyst, ISR, ASR, CSR are supported Enhanced analytics and machine learning Global-to-local knowledge correlation Enhanced NetFlow from Cisco’s newest switches and routers Continuous Enterprise-wide compliance Leveraged network Faster investigation Higher precision Stronger protection M etadata
  • 9. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Make the most of the unencrypted fields Identify the content type through the size and timing of packets Initial data packet Sequence of packet lengths and times How can we inspect encrypted traffic? Self-Signed certificate Data exfiltration C2 message Who’s who of the Internet’s dark side Global Risk Map Broad behavioral information about the servers on the Internet.
  • 10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Threat discrimination thru correlation Global Risk MapInitial Data Packet Sequence of Packet Lengths and Times Multi-layer Machine Learning
  • 11. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Campu s Branch Cloud Extended Enterprise Network Visibility News: ETA expands into the cloud and branch office ISR & ASR NEW CSR 1000V NEW Catalyst 9000
  • 12. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Encrypted Traffic Analytics Telemetry
  • 13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Encrypted Traffic Analytics Overview ETA Data Features Outcomes Routers/Switches Packet Capture Devices Other Exporters Exporters of Netflow SPLT BD*IDP ETA Enhanced Analytics Cryptographic Compliance Malware Detection Analytics srcIP, dstIP, srcPort, dstPort, prot, startTime, stopTime, numBytes, numPackets, IDP, SPLT, BD Sequence of Packet Lengths and Times The SPLT field gives us visibility beyond the first packet of the encrypted flows. Byte Distribution The BD keeps a count for each byte value encountered in the payloads of the packets of the flow being analyzed Initial Data Packet The first packets of any connection contain valuable data about the content. *BD in fast follow release
  • 14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HTTPS header contains several information-rich fields • Server name provides domain information • Crypto information educates us on client and server behavior and application identity • Certificate information is similar to whois information for a domain • And much more can be understood when we combine the information with global data Initial Data Packet
  • 15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SPLT shows TLS Metadata differences Client Server Sent Packets Received Packets Google search Page Download Exfiltration & Keylogging Initiate Command & Control Model Packet lengths, arrival times and durations tend to be inherently different for malware than benign traffic.
  • 16. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Behavioral Patterns w.r.t. SPLT (Packet Lengths/Times) BestaferaFirefoxSelf-RepairGoogle Search Self-Signed Certificate Data Exfiltration Red = Unencrypted Handshake Messages C2 Message Initial Page Load FirefoxReal- Time Feedback Page Refresh Autocomplete
  • 17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Anomaly detection Trust modeling Event classification Entity modeling Relationship modeling Global risk map Threat correlation Internet scrapers Encrypted Traffic Analytics Threat Grid Anomalous Requests Processed NetFlow + Proxy (weblog) Threat Incidents (aggregated events) Malicious Events (telemetry sequences) Power of multi-layer machine learning Threat Analytics at Scale 50,000 incidents per day 10B requests per day Incidents Threat context Telemetry Features Layer 1 Layer 2 Layer 3
  • 18. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cryptographic Compliance 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 Encryption TLS/SSL Version TLS 1.2 Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e Encryption TLS/SSL Version NONE Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128
  • 19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demonstration
  • 20. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What do you buy? Licensing, packaging… Solution element Software version License Enterprise switches (Cisco® Catalyst® 9000 Series)* Cisco IOS® XE 16.6.1+ Included in Cisco DNA™ Advantage license/ Cisco ONE™ Advanced Branch routers (ASR 1000 Series, 4000 Series ISR, CSR, ISRv, 1100 Series ISR)** Cisco IOS XE 16.6.2+ Included in SEC/k9 license Cisco ONE foundation Stealthwatch Enterprise v6.9.2+ Management Console, Flow Collector, Flow Rate License *C9300 series with 16.6.1, C9400 series available with 16.6.2 **Available for Proof of Concept (PoC) with 16.6.1, General availability in 16.6.2
  • 21. C97-739122-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Next Steps Learn more about ETA http://www.cisco.com/go/eta
  • 22. Thank you for watching!