Schedule Demo

Full Packet Inspection with Amazon VPC Traffic Mirroring

March 10, 2021

How to Gain Decrypted Visibility for Modern Network Monitoring and Application Assurance on AWS 

With business and applications exploding on AWS, it becomes more and more important to have visibility into application performance, the ability to dig into unusual traffic patterns that could signify a network intrusion, a compromised instance, or some other anomaly. VPC Traffic Mirroring enables a deeper understanding than what was previously available with Amazon VPC flow logs and reduces the cost and complexity of traditional monitoring options.  

Launched in 2019, Amazon VPC Traffic Mirroring was a vital feature release to enable enhanced visibility for consumers operating on AWS. The initial launch focused on AWS Nitro System-based instances. On March 3, 2020, AWS announced support for non-Nitro compute instances that use the Xen-based hypervisor. This expands the applicability of VPC Traffic Mirroring to twelve additional instance types eliminating the need to use agents to mirror traffic from these instances.


TLS 1.3 Visibility with Amazon VPC Traffic Mirroring

Enterprises need to monitor their applications across Amazon VPCs for both security, compliance, application performance, and diagnostics reasons. Security across these networks continues to grow, with more than 85% percent of all network traffic is encrypted and growing. 


Legacy decryption methods that cannot decrypt TLS 1.3 or TLS 1.2 with PFS limit the effectiveness of application assurance and security inspection systems. Paired with VPC Traffic Mirroring, Nubeva’s Session Key Intercept, a next-generation TLS decryption solution, allows organizations to regain full TLS visibility - enabling security and application teams to inspect and monitor their data in motion.


Nubeva SKI enables full packet inspection of inbound, outbound, inline, out-of-band, and east-west traffic monitoring on firewalls, secure web gateways, IDS, IPS, APT, SSL visibility appliances, open-source monitoring tools, and other inline systems. Nubeva SKI solution discovers and delivers the final symmetric session encryption keys from TLS endpoint memory in EC2 cloud instances without altering the application or modifying protocols, production traffic, code, or libraries. When discovered session secrets are matched with traffic from AWS VPC Traffic Mirroring, decryption is secure, simple, and efficient. 


Better Together: Amazon VPC Traffic Mirroring and Nubeva Session Key Intercept

Decryption with Amazon VPC Traffic Mirrors

Nubeva SKI offers a superior alternative to the proxy termination methods, helping full visibility while maintaining end-to-end session integrity. Nubeva SKI enables wire-speed deep packet inspection with no discernable latency by providing symmetric encryption keys before mirrored encrypted data arrives. The combination of SKI and AWS VPC Traffic Mirroring assures that clear text is never sent across the network. 


For customers that need the ability to execute an even deeper inspection of Amazon VPC network traffic, Nubeva’s TLS decryption works great with Amazon VPC Traffic Mirroring to decrypt mirrored traffic on the destination for deeper analysis. Together, this combined solution, enables customers to adopt modern, end-to-end encryption in their environment, while also enabling IT teams to have the right level of visibility into their cloud network traffic. 


See it in action? : Nubeva TLS Decrypt Quick Start deploys Nubeva Transport Layer Security (TLS) Decrypt on the Amazon Web Services (AWS) Cloud in about 10 minutes. 


Share this post

Subscribe to our newsletter