Encrypted Traffic Analytics
The fact that more and more network protocols are encrypted means it is harder and harder to analyze the traffic going through the network. Encrypted Traffic Analytics (ETA) is a solution from Cisco (its flow is illustrated in Figure 5-49) where network devices all report information from the network traffic to a Cisco Secure Network Analytics (formerly Stealthwatch) appliance that runs a machine learning algorithm to be able to identify threats and attacks, not based on the traffic content but on the traffic patterns. The Catalyst 9800 can be a part of this solution, leveraging the Flexible Netflow configuration directly on the C9800 (not on the FlexConnect APs themselves). You can find more information in the Encrypted Traffic Analytics White Paper and the configuration guide.
FIGURE 5-49 ETA workflow topology