Nubeva Prisms TLS Decrypt Enables AWS Security and Visibility

Now with Full Support of Amazon VPC Traffic Mirroring 

Recently announced Amazon VPC Traffic Mirroring responds to top industry objection of lack of visibility and security in the cloud. This AWS solution provides access to infrastructure-level data and the ability to send that encrypted mirrored traffic to monitoring tools for inspection. With 70% of cloud traffic being encrypted and new decryption standards such as TLS 1.3, organizations not only need a way to acquire, process and distribute cloud traffic but also need a secure decryption solution for deep analysis and inspection of cloud packets. 

Combined with Nubeva Prisms TLS Decrypt, Nubeva and Amazon Web Services enable enterprises to easily access and decrypt all cloud network traffic for enhanced security, support and operations of critical applications and resources in Amazon Virtual Private Clouds.

 

How to Solve Decrypted Visibility in AWS? 

TLS Decryption Solution

 

The ability to inspect cloud packet traffic stretches across the IT organization. DevOps teams need access to complete cloud traffic for debugging, troubleshooting, support and application performance monitoring. Cybersecurity teams need packet inspection to perform threat hunting, advanced intrusion detection, breach response and forensics. Whether your organization uses Amazon VPC traffic mirroring or another packet brokering solution to acquire, process and distribute packet level traffic, Nubeva Prisms TLS Decrypt solution provides universal TLS 1.3 visibility in AWS.

 

What is Nubeva TLS Decrypt?

Nubeva Prisms TLS Decryption is a cloud solution to a cloud problem providing a universal TLS decryption solution to enable Security and DevOps teams to see their AWS traffic.

  • The solution handles Perfect Forward Secrecy and extract keys from all TLS ciphers used today including TLS 1.2, TLS 1.3, Elliptic-curve Diffie-Hellman (ECDH), AES-GCM and CHACHA20 (AEAD) and supports both TLS Server and Client side sessions. 
  • Nubeva Prisms TLS Decrypt is built on new, AI-based agent technology that discovers the final TLS keys negotiated by session out of memory and eliminates the need for certificate management or man-in-the-middle architectures. 
  • Nubeva provides convenient Cloud Formation Templates (CFTs) to stand-up a client-owned AWS DynamoDB symmetric key database. The encrypted KeyDB sits in your AWS subscription and is managed by your team meaning traffic and keys never leave your account. 
  • State-of-the-art key-matching and decryption techniques synchronize keys to PCAPs and mirrored traffic streams for effective high-speed decryption.
  • Born in the cloud, secure SaaS solution was architected around cloud components, enables vertical and horizontal scaling and works with restocking/rehydrating operating models. 
  • Nubeva Prisms TLS Decrypt is universal – it works with any cloud, with any packet brokering system and decrypts on any tool of your choice.
  • Customers benefit from the native aspects of Amazon VPC traffic mirroring when sending encrypted traffic from cloud workloads to tools where it meets with Nubeva Prisms TLS Decrypt solution. 

 

What is Amazon VPC Traffic Mirroring? 

  • Allows customers copy network traffic from the ENI of their Amazon EC2 instances in their Amazon VPCs
  • Enables organizations to send the mirrored traffic to their security and monitoring appliances.
  • Whether homegrown or third-party - Tools receiving traffic can deployed as individual instances or as a fleet of instances behind a Network Load Balancer (NLB).
  • VPC traffic mirroring allows customers to extract traffic of interest from any workload in a VPC and send it to the right tools and destinations of their choosing to detect and respond faster to attacks often missed by traditional log-centric tools. 

 

How It Works! 

Nubeva Prisms integrates with Amazon VPC traffic mirroring enabling customers to decrypt mirrored traffic on their monitoring tools of their choice.

 

  1. A Nubeva Prisms TLS Key Discovery agent is a container that rests on any cloud workload including containers and VMs, where it detects and extracts symmetric keys during the TLS handshake with minimal impact on CPU and memory.

  2. Nubeva provides convenient Cloud Formation Templates (CFTs) to stand-ups a client-owned AWS DynamoDB symmetric key database where detected keys are securely sent where the keys remain encrypted and stored. The key database retains keys for security and monitoring tools and enables them to perform parallel, decentralized and scalable decryption when and where needed; whether on-demand or in real-time. 

  3. Decryption of AWS’ VPC mirrored traffic happens on the tool workload through the Nubeva Decryptor Agent. The Nubeva Decryptor retrieves the appropriate session keys from the DynamoDB table and synchronizes incoming encrypted packet traffic with extracted keys. The receiver agent handles all the decryption with blisteringly fast speed and almost no impact on CPU and memory.

Nubeva’s breakthrough is our unique and patent-pending method for encrypted key detection and extraction from either end of the TLS handshake. Cloud workloads in AWS are at times both TLS clients and TLS servers and this method recognizes the distributed and decentralized nature of the cloud to deliver decrypted visibility regardless of where the encrypted communications start. Extracted keys are securely stored and made available for secure, real-time or any-time decryption on tool workloads in the cloud. This method preserves original, end-to-end encryption while maintaining original encryption headers – important for some monitoring and inspection tools – and also delivering complete decrypted packet streams to cloud-based security, monitoring and compliance tools.

Did we mention that Nubeva Prisms TLS is priced disruptively low and has unmatch speed and performance? See it for yourself and request a demo

 

How Nubeva helps solve visibility in AWS?

Nubeva Prisms enables any organization to adopt aggressive encryption in AWS.

  • Amazon VPC traffic mirroring makes acquiring packet traffic easy by allowing customers to natively mirror their VPC traffic, without using additional packet-forwarding agents.
  • Cloud DevOps teams can decrypt SSL / TLS traffic inside their AWS subscriptions to enable security, performance, and diagnostic systems and processes.
  • Nubeva Prisms TLS Decrypt is modular, easy to deploy and scales to meet any traffic load without any configuration overhead or architectural constraints.
  • Nubeva Prisms enhances Amazon VPC traffic mirroring with our Elastic Packet Processor, which provides advanced filtering, unlimited replication and NetFlow / IPFIX cloud flow generation, all while keeping everything encrypted, which means the cloud resources stay secure.


 

Amazon Web Services Partner

See Prisms TLS Decrypt

 

See Prisms TLS Decrypt in Action!

Request a Demo
Try Prisms TLS Decrypt

Try Prisms TLS Decrypt Today

Start Free

Ebook: Out of Decryption in TLS 1.3

Forward Secrecy in TLS 1.3 makes network communications more secure but also renders traditional out-of-band, man-in-the-middle and decryption at cloud-scale untenable. The intent of the new TLS 1.3 standard is that, if you want to inspect and...

Nubeva Prisms TLS (SSL) Decrypt Solution Now Supports New Amazon Virtual Private Cloud Traffic Mirroring

Enterprises Using Amazon Web Services Can Now Acquire Keys and Decrypt Mirrored Traffic in Their Amazon Virtual Private Cloud   SAN JOSE, Calif., June 25, 2019 – Nubeva Technologies Ltd. (TSX-V: NBVA), a cloud visibility Software-as-a-Service (SaaS)...

Product Brief: TLS Decryption Brochure

More than 70% of network traffic is encrypted. Previously, SSL decryption of cloud traffic was attainable only through complex and costly man-in-the-middle architectures, until now. With Nubeva Prisms TLS Decryption solution, your IT team does not...

Nubeva Achieves Advanced Technology Partner Status in the Amazon Web Services Partner Network

Amazon Web Services Recognizes Nubeva for Proven Technical and Market Validation SAN JOSE, Calif., June 6, 2019 – Nubeva Technologies Ltd. (TSX-V: NBVA, OTC: NBVAF), a cloud visibility Software-as-a-Service (SaaS) software developer for enterprises...

 

Have a question about something?

Let us help you design and deploy your own AWS packet security, monitoring and compliance solution with Nubeva Prisms.

Contact Us