No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, NetStream, sFlow, TWAMP Light, NETCONF, ECA, Intelligent Video O&M, eMDI, and Network Deception.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of ECA

Overview of ECA

Definition

Encrypted Communication Analytics (ECA) is a traffic identification and detection technology for identifying encrypted and non-encrypted traffic on the network, extracting encrypted traffic characteristics, and sending them to the Cybersecurity Intelligence System (CIS) for malicious traffic detection.

Usage Scenario

Live networks have both encrypted and unencrypted traffic, with a growing amount of traffic being encrypted for communication. This ensures communication security to a certain extent, but also brings many problems. There is an increasing number of malware attacks on networks and viruses are spreading through encrypted traffic. However, malicious communications in encrypted traffic cannot be identified using traditional detection methods, and the man-in-the-middle decryption and detection method may damage the encryption integrity.

To resolve this issue, Huawei provides a complete set of security collaboration solutions. Specifically, deploying ECA on switches can help detect internal and external encrypted traffic, identify and extract encrypted traffic features without decrypting the traffic, and distinguish between malicious communications and normal communications in the encrypted traffic using big data analytics and machine learning of the CIS server to cope with risks that encrypted traffic attacks may bring to the network.

As shown in Figure 14-1, ECA is deployed on SwitchA to identify and extract encrypted traffic features and send the features as metadata to the CIS server. On the live network, ECA can be deployed on the egress or access side based on different requirements for detecting south-north traffic and east-west traffic.

Figure 14-1  Usage scenario of ECA
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065680

Views: 59191

Downloads: 516

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next