TL;DR: Amazon releases Quick Start with Nubeva TLS Decrypt to deliver full decrypted visibility in the cloud. The Quick Start is a passive, out of band, software decryption solution that handles forward secrecy, TLS 1.3, pinned certificates and other encryption that legacy out of band decryption solutions cannot handle. Using configurable Cloud Formation Templates and an easy set up flow, users are able to set up a complete, scalable, cloud based solution that includes open source monitoring tools: Wireshark, Zeek, Suricata, Moloch and ntop. These tools can be deployed into a new VPC or into existing VPCs. Nubeva TLS Decrypt and Amazon VPC traffic mirroring create out of band, decrypted visibility for the Amazon cloud.
Time to Read: about 2 ½ minutes
Amazon AWS has just released a new Quick Start that deploys Nubeva’s software based, out-of-band SSL encryption solution on the AWS cloud. It includes a suite of open source tools and is ready in just 10 minutes. This Quick Start is for users who want to identify malicious activity, insider threats, and data leakage within their virtual private cloud (VPC) and Amazon Elastic Compute Cloud (Amazon EC2) instances.The Quick Start creates a highly available architecture with ELBs for each open source tool, independent scaling, S3 for pcap storage with Moloch indexing and use of Amazon VPC traffic mirroring for packet access.
Users can create either new VPCs or deploy into existing VPCs.
The Quick Start includes Wireshark, ntop, Moloch, Zeek and Suricata. These open source indexing, packet analysis, IDS and packet inspection tools are some of the most common and well understood tools that security, APM and SecDevOps professionals use for forensics, threat hunting, alert validation and general troubleshooting. Now they are available in the cloud for AWS cloud traffic.
The Quickstart requires a free Nubeva SaaS account and users are responsible for the cost of the AWS services such as S3 buckets and the size of the compute resources. The AWS CloudFormation template for the Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment and allow you to right-size your deployment whether you’re rolling it out for production or setting up a test lab.
So get started seeing into your East-West, North-South, API and control plane traffic. The Quick Start delivers full, decrypted visibility in the Amazon cloud for any TLS 1.3, 1.2 or earlier encryption.