Overview of ECA
Definition
Encrypted Communication Analytics (ECA) is a traffic identification and detection technology for identifying encrypted and non-encrypted traffic on the network, extracting encrypted traffic characteristics, and sending them to the Cybersecurity Intelligence System (CIS) for malicious traffic detection.
Usage Scenario
Live networks have both encrypted and unencrypted traffic, with a growing amount of traffic being encrypted for communication. This ensures communication security to a certain extent, but also brings many problems. There is an increasing number of malware attacks on networks and viruses are spreading through encrypted traffic. However, malicious communications in encrypted traffic cannot be identified using traditional detection methods, and the man-in-the-middle decryption and detection method may damage the encryption integrity.
To resolve this issue, Huawei provides a complete set of security collaboration solutions. Specifically, deploying ECA on switches can help detect internal and external encrypted traffic, identify and extract encrypted traffic features without decrypting the traffic, and distinguish between malicious communications and normal communications in the encrypted traffic using big data analytics and machine learning of the CIS server to cope with risks that encrypted traffic attacks may bring to the network.
As shown in Figure 1, ECA is deployed on SwitchA to identify and extract encrypted traffic features and send the features as metadata to the CIS server. On the live network, ECA can be deployed on the egress or access side based on different requirements for detecting south-north traffic and east-west traffic.
Reference Document
For more information, visit https://e.huawei.com/en/material/materiallist and search for "Huawei CloudCampus Solution ECA Technology White Paper".