READ TIME: 2 min., 40 sec.
tl;dr: Has your cloud become a thick fog that’s impossible to navigate when you need to inspect traffic? New encryption protocols are making it more difficult to see all the details your monitoring tools are designed to view. To lift the fog, you need a new decryption solution that still allows you to maximize security.
When a thick fog impairs your ability to safely navigate the highway, you slow your speed and turn on the fog lights – or pull over and turn off the engine until the fog lifts. Likewise, in the cloud, when you suddenly find yourself flying blind with no visibility into the traffic traversing your cloud subscription, you need a visibility solution.
With the creation and implementation of new encryption protocols like TLS 1.3, and ciphers like Perfect Forward Secrecy, obtaining clear views into the packets in your cloud might seem impossible (or at a minimum, complex and costly). But it doesn’t have to be.
Securing a rapidly changing cloud environment needs to be at the top of your list. Thankfully, you have sight lines into each cloud network through tools provided by AWS, Azure and GCP. But the new protocols have an elevated level of security that is breaking the traditional ways you use to decrypt traffic and inspect packets. Also, application and cloud services are creating a new problem. Every server is becoming a client to a myriad of cloud services. Every cloud service now comes with elevated levels of decryption resulting in blind spots behind you, in front of you and throughout your cloud environment.
What options exist?
- Deploy a man-in-the-middle (MITM) solution. But those provide no backside connections, and MITM is a heavy architecture (and expensive over the long haul).
- Modify your applications and add shims to get traffic. But that plan is too resource heavy.
- Monitor packets at the macro level. However, this option doesn’t meet your threat hunting needs.
- Veer away from new encryption protocols. But wait. They’re already here and need to be embraced to optimize security.
What you need is a new approach to crack open the packets inspect the data and understand what’s happening and why.
Nubeva TLS Decrypt provides enterprise IT teams with a new way to see encrypted traffic in any public, private and hybrid cloud environment. Our Symmetric Key Intercept architecture discovers and extracts the final symmetric encryption keys after the TLS handshakes are completed. The keys are then securely stored in your key database where you access them for on demand use.
This innovative solution supports any TLS protocol and cipher. It works with any packet brokering source including Amazon VPC Traffic Mirroring, Azure VTAPs or legacy packet brokering solutions. What’s more, this solution is cloud agnostic and works with any tool destination that benefits from decrypted traffic. This cloud-native TLS decryption solution is fast, affordable, easy to deploy and manage, and uses minimal compute resources.
Companies want and need to inspect network traffic at the payload level. This includes the need to look at application data in-motion as well as APIs and system calls in motion – essentially everything going on under the water line that needs to be inspected.
You can read all the technology details here, https://www.nubeva.com/decryption. The important thing to remember, though, is this: You wouldn't drive your car with your kids and your dog with your eyes closed, so why would you trust your security tools to function as intended when the tools can’t see encrypted traffic? Decryption is the key to deep visibility. Visibility is the key to successful cybersecurity.