According to Cisco, encrypted traffic nearly doubled from 21 percent in 2015 to 40 percent in 2016. Cisco: The percentage of encrypted internal enterprise traffic is growing rapidly, as enterprise products, such as Microsoft Exchange, are increasingly configured by default to encrypt all traffic. You can learn a lot just from network traffic metadata, the information in the headers that tell the network where the packet came from and where it is supposed to go to. Its not just the use of unusual ports, but use of ports for unusual applications such as plain text traffic on port 443.”]