How can we detect and mitigate a kill chain in encrypted traffic without breaking users privacy and same time with minimal false positives? Cisco Catalyst 9k is the newest platform with this capability which is called Encrypted Traffic Analysis (ETS). Machine Learning & metadata seems to be the right ingredients to make the wheel work.
Read here for more detail.