Read Time: 2 min., 8 sec.
tl;dr: Our latest article found on the AWS Partner Network (APN) blog covers how to get decrypted visibility using Nubeva’s TLS Decrypt solution with Amazon VPC traffic mirroring. Now you can achieve deep packet inspection while maximizing the security advantages that TLS 1.3 encryption provides.
As an AWS Advanced Technology Partner, we recently worked with Miguel Cervantes and James Wenzel (both Partner Solutions Architects at AWS) to write an article for the AWS Partner Network. The article features details about how to use Nubeva with Amazon VPC traffic mirroring to get decrypted visibility of your network traffic. Click here to read the post.
In short, Amazon VPC traffic mirroring lets you capture and mirror network traffic for AWS Nitro System-based instances. The key benefit of Amazon VPC traffic mirroring is its relationship to the Elastic Network Interface (ENI) of the Amazon Elastic Compute Cloud (Amazon EC2) instance you want to enable a traffic mirroring session on.
As your cloud environment grows on AWS, it becomes more and more important to keep an eye on unusual traffic patterns or content that could signify a network intrusion, a compromised instance, or some other anomaly. Solutions for monitoring with AWS have been limited to anything that can be installed on an Amazon EC2 instance, usually in the form of a software agent, or is extracted from Amazon VPC flow logs. This impacts the adoption of packet-level monitoring in the cloud due to the cost and complexity of traditional solutions, specifically the need to deploy multiple host-based agents.
Amazon VPC traffic mirroring solves this problem. Now, you can simply enable a traffic mirroring session on an individual ENI without impacting the resources on the underlying workload.
The full blog post provides several use cases where this makes sense – including on-demand traffic monitoring, constant traffic monitoring and sampled traffic monitoring. You’ve likely experienced each of these (or you will in the near future!).
The question today, however, is how to see the traffic when nearly everything is encrypted with new TLS 1.3 protocols.
Nubeva’s TLS Decrypt is a new, out-of-band solution that decrypts SSL/TLS traffic, enabling security and application teams to inspect and monitor their data in motion.
Our born-in-the-cloud architecture works great for TLS 1.3, Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), perfect forward secrecy (PFS), and pinned certificates. This allows you to promote encryption in transit practices in your AWS environment while providing a solution to securely decrypt the mirrored traffic for additional visibility.
For those who need to execute an even deeper inspection of Amazon VPC network traffic, Nubeva’s TLS decryption works great with Amazon VPC traffic mirroring to decrypt mirrored traffic on the destination for deeper analysis.
Together, this solution enables you to adopt aggressive encryption, while also enabling IT teams to gain visibility into their cloud network traffic.