22 April 2020

Nubeva TLS Decrypt for Complete Visibility on AWS 

A Technical Brown Bag to break down the new AWS Quick Start


resources banner desktop

See Decrypted Visibility In Action

Request a Demo

Interested? Get free AWS Credits to launch your Quick Start

Request Credits

Nubeva gives security teams the full decrypted packet visibility required to dig deep into network traffic. Identify malicious activity, insider threats and catch data leakage within virtual private clouds (VPC) and Amazon Elastic Compute Cloud (Amazon EC2) instances.

Working closely with Amazon Web Services (AWS), Nubeva has introduced a new breakthrough way to monitor and inspect traffic in the public cloud. Nubeva's decrypted visibility solution enables organizations to see full-packet payloads to detect and respond to threats by providing three key components:

  1. Decrypted TLS Visibility. Securely decrypt all TLS traffic including packets encrypted with Perfect Forward Secrecy such as TLS 1.2 – TLS 1.3 and do it completely out-of-band. Others claim it is not possible, but Nubeva has made it possible with our breakthrough technology.
  2. Advanced Traffic Mirroring. Supplement native Amazon VPC Traffic Mirroring to capture traffic from hard to reach places including non-nitro compute instances, containers, VMs and Kubernetes environments.
  3. Open-Source Tool Kit. The AWS well-architected Nubeva TLS Decrypt on AWS Cloud Quick Start allows teams to deploy leading open source tools to get started with advanced visibility in AWS in about 30 minutes. 


Product Overview



Nubeva TLS Decrypt


Nubeva’s symmetric key intercept approach is the only solution to out-of-band decryption in AWS. The state-of-the-art Nubeva sensor is deployed on any workload where it discovers the final session keys, completely bypassing the resource-intensive TLS handshake. The containerized Nubeva Decryptor pairs the final session keys with mirrored traffic to decrypt. The Nubeva Decryptor is software-based and can deploy directly on your security and monitoring tools or run as a stand-alone decryption appliance securely supplying decrypted traffic to your security tools

Nubeva Traffic Mirroring

Before you can inspect traffic, you have to acquire it. Nubeva recommends using Amazon’s infrastructure mirroring solution, Amazon VPC Traffic Mirroring, when possible. For areas where VPC traffic mirroring isn't available - like non-Nitro compute instances, inter- and intra-Kubernetes traffic, container to container traffic etc., Nubeva can provide packet mirroring and unlock full East/West, North/South and elastic traffic visibility.

What is Amazon VPC Traffic Mirroring?

Traffic Mirroring is an Amazon VPC feature you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for content inspection, threat monitoring and troubleshooting. 

The security and monitoring appliances can be deployed as individual instances, or as a fleet of instances behind a Network Load Balancer with a UDP listener. Traffic Mirroring supports filters and packet truncation, so you only extract the traffic of interest to monitor by using monitoring tools of your choice.


Quick Start

Nubeva’s official AWS Quick Start allows organizations to deploy the Nubeva TLS Decrypt solution for visibility into all modern TLS encrypted traffic in your AWS Cloud. Built with AWS well-architected framework, the Quick Start provides step-by-step instructions to deploy the Nubeva Transport Layer Security (TLS) Decrypt platform in approximately 30 minutes. It includes leading open source monitoring tools like Moloch, ntopng, Suricata, Wireshark, and Zeek, providing a complete visibility tool kit. This Quick Start is for users who want to identify malicious activity, insider threats and data leakage within their virtual private cloud (VPC) and Amazon Elastic Compute Cloud (Amazon EC2) instances.

Learn More

Our Certifications


Key Advantages

Unmatched Decryption

Supports all TLS ciphers including TLS 1.3 and TLS 1.2 with PFS and ECDH; and supports both TLS client and TLS server side connections from VMs and containers.

Passive Solution

The cloud demands out-of-band solutions. Nubeva requires no app or library changes, no network or architecture restrictions and no inline interruptions.

Unrivaled Packet

The highest performing packet mirroring solution on the market to capture traffic when and where you need it including Kubernetes and container traffic.


With enterprise grade security, scale from micro to massive to fit the needs of an individual team or the requirements of large enterprises.


Our universal solution works with any tap, mirror, packet broker system, with any monitoring tool, in all public and private cloud environments.

Low Total Cost of

Nubeva is offered at <1/5th the cost of traditional solutions. It is easy to get started and use, thereby unlocking modern network visibility for everyone, anywhere.

Don't Have the Tools?

Learn more about Nubeva Cloud Tools -
Network Visibility with Open Source Tools

Watch now

resources banner desktop

See Nubeva TLS Decrypt with Amazon VPS Traffic Mirroring

Request a Demo

Request Free AWS Credits to Launch Your Quick Start

Request Credits

Have a question about something?

Let us help you apply and deploy your own advanced packet security
and monitoring solution with Nubeva.

Schedule a Demo