TLS Exposed

Gartner predicts that by 2019, 80 percent of web traffic will  be encrypted. They also believe half of malware campaigns in 2019 will use some type of encryption to conceal malware delivery, command and control activity, or data exfiltration. The use of TLS by malware poses new challenges to network threat detection since pattern matching techniques on the payload can no longer be used. There are however observable data points for encrypted flows such as packet length sequence, byte distribution, and TLS options that can be used with supervised machine learning to train classifiers to identify this malware communication. This talk will provide an overview of the approach and share some detection accuracy results from Cisco’s Advanced Security Research and Government team who analysed millions of TLS encrypted flows.

Speaker: Matt Carling
Matt has worked at Cisco since the last millennium in a number of roles across a range of sectors and technology domains. He is currently has a busy life as a member of Cisco’s Security and Trust Organisation

AISA members: Please sign in to register for this event

Many thanks to our sponsors

AISA also thanks ACTewAGL for sponsoring the venue for this meeting