Expanded TLS 1.3 Decryption

    by Nubeva 26 August 2019

    READ TIME: 2 minute, 58 seconds

    tl;dr: Nubeva’s TLS 1.3 Decrypt Solution now supports Windows Schannel, Linux, private and hybrid clouds. Using our new Symmetric Key Intercept technology, enterprises in the cloud can now capture, store and access session keys for deep packet inspection.


    On Aug. 21, we announced expanded capabilities of our TLS 1.3 Decryption solution. You can read the news release here, but in short, we now support Windows Schannel, more Linux flavors, and we’ve added support for TLS 1.3 decryption forto both private and hybrid cloud users (in addition to AWS, Azure and Google Cloud).

    Nubeva is in the business of helping enterprises with their important cloud workloads. If your organization needs to inspect cloud traffic at the payload level (not header traffic, not flow logs, but opening packets to see data in motion) then TLS Decrypt is a perfect solution for you.

    TLS Decrypt with Symmetric Key Intercept technology creates a new way to see encrypted traffic in the cloud. This includes everything from application data, API calls, system calls and cloud calls. We help security teams with intrusion detection, threat hunting, DLP and incident response. And we help DevOps teams with their need to examine traffic on the wire so they can open and understand it to make application improvements.

    TLS Decrypt enables you to decrypt any TLS protocol and cipher, for any session type, from any packet source and any stream to any tool and any system. And, it can do all of this without disrupting your cloud architecture because this solution was born in the cloud and made for the cloud.

    Our architecture can scale from single node monitoring and decryption up to millions simultaneously – performing petabytes-per-second of decryption – with no choke points. It runs in complete parallel  operation to your cloud and uses barely four percent of compute resources.

    What’s driving our solution? 

    New encryption protocols like TLS 1.3, PFS, Diffie-Hellman and pinned certificates are all running and are designed to thwart bad actors from spying and infiltrating your clouds. As a result, they’ve made traditional decryption and out-of-band monitoring obsolete. In addition, cloud services are impacting application design. Today, every server is also a client and most everyone uses the highest levels of encryption. Because of the sheer nature of how your cloud functions, blind spots to data are inevitable. 

    With new encryption standards, To see your cloud traffic, You can't derive the symmetric key if you're not a part of the handshake and you need the symmetric session keys to decrypt.  – and every session has its own individual key. Different than the private keys of the past, the symmetric keys are only applicable to one session, but they're also not saved, they're not kept, they're not transmitted. There are millions of short-lived keys. This inhibits all traditional forms of monitoring. The new way provides  a much higher level of security, but ultimately without the ability to get the keys. You have no visibility. Ultimately, when you need to open packets to see what’s happening and then diagnose and troubleshoot, decryption becomes an issue.

    Our Symmetric Key Intercept happens after the handshake. A key discovery agent is deployed placed on the workload and discovers the symmetric key out of memory, in real time. This works for front side clients as well as back side clients. The keys are then securely tunneled to customer owned a private key database that you set up and run in your subscription. It’s encrypted, to, from and at rest when in the database. Lastly we have a decryption agent that you place on your tools. When it receives traffic, it queries the key database and feeds the decryptor agent, which decrypts the packet and provides clear text to your tools for analysis.

    By now, I hope you understand how our TLS 1.3 Decrypt solution can help you with your cloud visibility needs. To get started, or to learn more, visit nubeva.com/decryption. And, I encourage you to register for our webinar with the Cloud Security Alliance, “Gaining Decryption Visibility in the Cloud with Amazon VPC Traffic Mirroring,” featuring AWS’s cloud guru Anoop Dawani.


    Tags: public cloud visibility Packet Visibility cloud visibility public cloud cloud monitoring TLS
    resources banner desktop

    Want to learn more?

    Request a Demo

    Subscribe Here!

    View video