Nubeva gives security teams the full decrypted packet visibility required to dig deep into network traffic. Identify malicious activity, insider threats and catch data leakage within virtual private clouds (VPC) and Amazon Elastic Compute Cloud (Amazon EC2) instances.
Working closely with Amazon Web Services (AWS), Nubeva has introduced a new breakthrough way to monitor and inspect traffic in the public cloud. Nubeva's decrypted visibility solution enables organizations to see full-packet payloads to detect and respond to threats by providing three key components:
Nubeva’s symmetric key intercept approach is the only solution to out-of-band decryption in AWS. The state-of-the-art Nubeva sensor is deployed on any workload where it discovers the final session keys, completely bypassing the resource-intensive TLS handshake. The containerized Nubeva Decryptor pairs the final session keys with mirrored traffic to decrypt. The Nubeva Decryptor is software-based and can deploy directly on your security and monitoring tools or run as a stand-alone decryption appliance securely supplying decrypted traffic to your security tools
Before you can inspect traffic, you have to acquire it. Nubeva recommends using Amazon’s infrastructure mirroring solution, Amazon VPC Traffic Mirroring, when possible. For areas where VPC traffic mirroring isn't available - like non-Nitro compute instances, inter- and intra-Kubernetes traffic, container to container traffic etc., Nubeva can provide packet mirroring and unlock full East/West, North/South and elastic traffic visibility.
Traffic Mirroring is an Amazon VPC feature you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for content inspection, threat monitoring and troubleshooting.
The security and monitoring appliances can be deployed as individual instances, or as a fleet of instances behind a Network Load Balancer with a UDP listener. Traffic Mirroring supports filters and packet truncation, so you only extract the traffic of interest to monitor by using monitoring tools of your choice.
Nubeva’s official AWS Quick Start allows organizations to deploy the Nubeva TLS Decrypt solution for visibility into all modern TLS encrypted traffic in your AWS Cloud. Built with AWS well-architected framework, the Quick Start provides step-by-step instructions to deploy the Nubeva Transport Layer Security (TLS) Decrypt platform in approximately 30 minutes. It includes leading open source monitoring tools like Moloch, ntopng, Suricata, Wireshark, and Zeek, providing a complete visibility tool kit. This Quick Start is for users who want to identify malicious activity, insider threats and data leakage within their virtual private cloud (VPC) and Amazon Elastic Compute Cloud (Amazon EC2) instances.
Supports all TLS ciphers including TLS 1.3 and TLS 1.2 with PFS and ECDH; and supports both TLS client and TLS server side connections from VMs and containers.
The cloud demands out-of-band solutions. Nubeva requires no app or library changes, no network or architecture restrictions and no inline interruptions.
The highest performing packet mirroring solution on the market to capture traffic when and where you need it including Kubernetes and container traffic.
With enterprise grade security, scale from micro to massive to fit the needs of an individual team or the requirements of large enterprises.
Our universal solution works with any tap, mirror, packet broker system, with any monitoring tool, in all public and private cloud environments.
Nubeva is offered at <1/5th the cost of traditional solutions. It is easy to get started and use, thereby unlocking modern network visibility for everyone, anywhere.