READ TIME: ~ 6 minutes 30 seconds
Recently announced Amazon VPC Traffic Mirroring responds to top industry objection of lack of visibility and security in the cloud. This AWS solution provides access to infrastructure-level data and the ability to send that encrypted mirrored traffic to monitoring tools for inspection. With 70% of cloud traffic being encrypted and new decryption standards such as TLS 1.3, organizations not only need a way to acquire, process and distribute cloud traffic but also need a secure decryption solution for deep analysis and inspection of cloud packets.
Combined with Nubeva Prisms TLS Decrypt, Nubeva and Amazon Web Services enable enterprises to easily access and decrypt all cloud network traffic for enhanced security, support and operations of critical applications and resources in Amazon Virtual Private Clouds.
The ability to inspect cloud packet traffic stretches across the IT organization. DevOps teams need access to complete cloud traffic for debugging, troubleshooting, support and application performance monitoring. Cybersecurity teams need packet inspection to perform threat hunting, advanced intrusion detection, breach response and forensics. Whether your organization uses Amazon VPC traffic mirroring or another packet brokering solution to acquire, process and distribute packet level traffic, Nubeva Prisms TLS Decrypt solution provides universal TLS 1.3 visibility in AWS.
Nubeva Prisms TLS Decryption is a cloud solution to a cloud problem providing a universal TLS decryption solution to enable Security and DevOps teams to see their AWS traffic.
Nubeva Prisms integrates with Amazon VPC traffic mirroring enabling customers to decrypt mirrored traffic on their monitoring tools of their choice.
A Nubeva Prisms TLS Key Discovery agent is a container that rests on any cloud workload including containers and VMs, where it detects and extracts symmetric keys during the TLS handshake with minimal impact on CPU and memory.
Nubeva provides convenient Cloud Formation Templates (CFTs) to stand-ups a client-owned AWS DynamoDB symmetric key database where detected keys are securely sent where the keys remain encrypted and stored. The key database retains keys for security and monitoring tools and enables them to perform parallel, decentralized and scalable decryption when and where needed; whether on-demand or in real-time.
Decryption of AWS’ VPC mirrored traffic happens on the tool workload through the Nubeva Decryptor Agent. The Nubeva Decryptor retrieves the appropriate session keys from the DynamoDB table and synchronizes incoming encrypted packet traffic with extracted keys. The receiver agent handles all the decryption with blisteringly fast speed and almost no impact on CPU and memory.
Nubeva’s breakthrough is our unique and patent-pending method for encrypted key detection and extraction from either end of the TLS handshake. Cloud workloads in AWS are at times both TLS clients and TLS servers and this method recognizes the distributed and decentralized nature of the cloud to deliver decrypted visibility regardless of where the encrypted communications start. Extracted keys are securely stored and made available for secure, real-time or any-time decryption on tool workloads in the cloud. This method preserves original, end-to-end encryption while maintaining original encryption headers – important for some monitoring and inspection tools – and also delivering complete decrypted packet streams to cloud-based security, monitoring and compliance tools.
Did we mention that Nubeva Prisms TLS is priced disruptively low and has unmatch speed and performance? See it for yourself and request a demo.
Nubeva Prisms enables any organization to adopt aggressive encryption in AWS.
Forward Secrecy in TLS 1.3 makes network communications more secure but also renders traditional out-of-band, man-in-the-middle and decryption at cloud-scale untenable. The intent of the new TLS 1.3 standard is that, if you want to inspect and...
Enterprises Using Amazon Web Services Can Now Acquire Keys and Decrypt Mirrored Traffic in Their Amazon Virtual Private Cloud SAN JOSE, Calif., June 25, 2019 – Nubeva Technologies Ltd. (TSX-V: NBVA), a cloud visibility Software-as-a-Service (SaaS)...
More than 70% of network traffic is encrypted. Previously, SSL decryption of cloud traffic was attainable only through complex and costly man-in-the-middle architectures, until now. With Nubeva Prisms TLS Decryption solution, your IT team does not...
Amazon Web Services Recognizes Nubeva for Proven Technical and Market Validation SAN JOSE, Calif., June 6, 2019 – Nubeva Technologies Ltd. (TSX-V: NBVA, OTC: NBVAF), a cloud visibility Software-as-a-Service (SaaS) software developer for enterprises...