Nubeva TLS Decrypt Enables AWS Security and Visibility

Now with Full Support of Amazon VPC Traffic Mirroring 

Recently announced Amazon VPC Traffic Mirroring responds to a top industry objection of lack of visibility and security in the cloud. This AWS solution provides access to infrastructure-level data and the ability to send that encrypted mirrored traffic to monitoring tools for inspection. With 70% of cloud traffic being encrypted and new decryption standards such as TLS 1.3, organizations not only need a way to acquire, process and distribute cloud traffic but also need a secure decryption solution for deep analysis and inspection of cloud packets. 

Combined with Nubeva TLS Decrypt, Nubeva and Amazon Web Services enable enterprises to easily access and decrypt all cloud network traffic for enhanced security, support and operations of critical applications and resources in Amazon Virtual Private Clouds.

 

How to Solve Decrypted Visibility in AWS? 

image (2)

 

The ability to inspect cloud packet traffic stretches across the IT organization. DevOps teams need access to complete cloud traffic for debugging, troubleshooting, support and application performance monitoring. Cybersecurity teams need packet inspection to perform threat hunting, advanced intrusion detection, breach response and forensics. Whether your organization uses Amazon VPC traffic mirroring or another packet brokering solution to acquire, process and distribute packet level traffic, Nubeva TLS Decrypt solution provides universal TLS 1.3 visibility in AWS.

 

What is Nubeva TLS Decrypt?

Nubeva TLS Decryption is a cloud solution to a cloud problem providing a universal TLS decryption solution to enable Security and DevOps teams to see their AWS traffic.

  • The solution handles Perfect Forward Secrecy and extract keys from all TLS ciphers used today including TLS 1.2, TLS 1.3, Elliptic-curve Diffie-Hellman (ECDH), AES-GCM and CHACHA20 (AEAD) and supports both TLS Server and Client side sessions. 
  • Nubeva TLS Decrypt is built on new, AI-based agent technology that discovers the final TLS keys negotiated by session out of memory and eliminates the need for certificate management or man-in-the-middle architectures. 
  • Nubeva provides convenient Cloud Formation Templates (CFTs) to stand-up a client-owned AWS DynamoDB symmetric key database. The encrypted KeyDB sits in your AWS subscription and is managed by your team meaning traffic and keys never leave your account. 
  • State-of-the-art key-matching and decryption techniques synchronize keys to PCAPs and mirrored traffic streams for effective high-speed decryption.
  • Born in the cloud, secure SaaS solution was architected around cloud components, enables vertical and horizontal scaling and works with restocking/rehydrating operating models. 
  • Nubeva TLS Decrypt is universal – it works with any cloud, with any packet brokering system and decrypts on any tool of your choice.
  • Customers benefit from the native aspects of Amazon VPC traffic mirroring when sending encrypted traffic from cloud workloads to tools where it meets with Nubeva TLS Decrypt solution. 

 

What is Amazon VPC Traffic Mirroring? 

  • Allows customers copy network traffic from the ENI of their Amazon EC2 instances in their Amazon VPCs
  • Enables organizations to send the mirrored traffic to their security and monitoring appliances.
  • Whether homegrown or third-party - Tools receiving traffic can deployed as individual instances or as a fleet of instances behind a Network Load Balancer (NLB).
  • VPC traffic mirroring allows customers to extract traffic of interest from any workload in a VPC and send it to the right tools and destinations of their choosing to detect and respond faster to attacks often missed by traditional log-centric tools. 

 

How It Works! 

Nubeva integrates with Amazon VPC traffic mirroring enabling customers to decrypt mirrored traffic on their monitoring tools of their choice.

 

  1. A Nubeva TLS Key Discovery agent is a container that rests on any cloud workload including containers and VMs, where it detects and extracts symmetric keys during the TLS handshake with minimal impact on CPU and memory.

  2. Nubeva provides convenient Cloud Formation Templates (CFTs) to stand-ups a client-owned AWS DynamoDB symmetric key database where detected keys are securely sent where the keys remain encrypted and stored. The key database retains keys for security and monitoring tools and enables them to perform parallel, decentralized and scalable decryption when and where needed; whether on-demand or in real-time. 

  3. Decryption of AWS’ VPC mirrored traffic happens on the tool workload through the Nubeva Decryptor Agent. The Nubeva Decryptor retrieves the appropriate session keys from the DynamoDB table and synchronizes incoming encrypted packet traffic with extracted keys. The receiver agent handles all the decryption with blisteringly fast speed and almost no impact on CPU and memory.

Nubeva’s breakthrough is our unique and patent-pending method for encrypted key detection and extraction from either end of the TLS handshake. Cloud workloads in AWS are at times both TLS clients and TLS servers and this method recognizes the distributed and decentralized nature of the cloud to deliver decrypted visibility regardless of where the encrypted communications start. Extracted keys are securely stored and made available for secure, real-time or any-time decryption on tool workloads in the cloud. This method preserves original, end-to-end encryption while maintaining original encryption headers – important for some monitoring and inspection tools – and also delivering complete decrypted packet streams to cloud-based security, monitoring and compliance tools.

Did we mention that Nubeva TLS is priced disruptively low and has unmatched speed and performance? See it for yourself and request a demo

 

How Nubeva helps solve visibility in AWS?

Nubeva enables any organization to adopt aggressive encryption in AWS.

  • Amazon VPC traffic mirroring makes acquiring packet traffic easy by allowing customers to natively mirror their VPC traffic, without using additional packet-forwarding agents.
  • Cloud DevOps teams can decrypt SSL / TLS traffic inside their AWS subscriptions to enable security, performance, and diagnostic systems and processes.
  • Nubeva TLS Decrypt is modular, easy to deploy and scales to meet any traffic load without any configuration overhead or architectural constraints.
  • Learn more about Amazon VPC Traffic Mirroring and Nubeva Here! 

 



 

Amazon Web Services Partner

See Nubeva TLS Decrypt

 

See Nubeva TLS Decrypt with Amazon VPS Traffic Mirroring

Request a Demo
Try Prisms TLS Decrypt

Try For Free

Start Free

Video: Nubeva Cloud Tools Overview

This video is a quick overview of the Nubeva Cloud Tools solution. Nubeva Cloud Tools takes an infrastructure-as-code approach to enable organizations to gain decrypted visibility with Open Source Tools.These tools include Wireshark, Moloch ,...

Product Brochure: Nubeva Cloud Tools

Nubeva Cloud Tools takes an infrastructure-as-code approach to enable organizations to gain decrypted visibility with Open Source Tools. Nubeva developed dynamic cloud formation templates that are resilient, scalable and secure, allowing you to...

Video: How to Get Started with Nubeva Cloud Tools

Nubeva Cloud Tools takes an infrastructure-as-code approach to enable organizations to gain decrypted visibility with Open Source Tools.

Decrypting with Amazon VPC Traffic Mirroring 101

Derived from our AWS Partner Network blog covers how to get decrypted visibility using Nubeva’s TLS Decrypt solution with Amazon VPC traffic mirroring.

Nubeva Achieves Advanced Technology Partner Status in the Amazon Web Services Partner Network

Amazon Web Services Recognizes Nubeva for Proven Technical and Market Validation SAN JOSE, Calif., June 6, 2019 – Nubeva Technologies Ltd. (TSX-V: NBVA, OTC: NBVAF), a cloud visibility Software-as-a-Service (SaaS) software developer for enterprises...

 

Have a question about something?

Let us help you design and deploy your own AWS packet security, monitoring and compliance solution with Nubeva.

Contact Us