×
Ransomware Reversal

TLS Decryption for Network Packet Brokers

Nubeva SKI Increases Product Value and Improves Sales for NPB and Other Decryption Systems for Modern TLS.

Icon 3 White

PROBLEM: Visibility infrastructure provided by network packet brokers (NPB) and dedicated decryption platforms is vital for security and computing operations.  The core functionality of these systems, whether installed inline or receiving traffic out-of-band via passive tap, is the ability to process and distribute decrypted network traffic to monitoring systems. As most network traffic is encrypted with TLS 1.3 and TLS 1.2 with PFS, decryption systems are experiencing growing product limitations, regardless of the technique employed. Some limitations include : 

  1. Legacy passive-based TLS decryption is obsolete with the adoption of perfect-forward-secrecy-based traffic.

  2. Man-in-the-middle decryption cannot decrypt TLS sessions authenticated with pinned certificates or use client certificates for mutual authentication.

  3. Certificate management required with a reverse-proxy architecture is becoming more complicated in the growing world of micro-services. Plus, the price-performance ratio of decryption systems is very expensive to deploy and scale to meet cloud-scale performance. 

BUSINESS IMPLICATIONS: Whether currently offering legacy decryption or not, the reality for product manufacturers is that TLS is limiting decryption capabilities across the industry. End-users are searching for ways to close growing product gaps or redirect resources to solve the problem elsewhere. NBP’s and other decryption platforms can answer the call with an evolved universal solution and, as a result, capture a significant market opportunity and reduce sales friction.

Fact: With the adoption of Modern TLS and growing complications of modern networks, legacy decryption capabilities are failing

Nubeva SKI for NPB's and Decryption Systems

The Nubeva SKI solution is breakthrough TLS decryption technology. SKI provides a simple, modular suite of software components that can easily be integrated into any system or service, delivering high-speed, low-cost decryption of any TLS encrypted traffic source: taps, mirrors, SPANs, or PCAP files. The solution works in any environment - physical or virtual, on-prem or cloud. Use SKI to reenable lost decryption capabilities on your systems or as net new decryption capability, and ultimately, increase value and addressable markets, accelerate sales, and decrease support and project interdependencies.

Learn About SKI
Inspect More Traffic

(re)Enable Out-of-Band Decryption

Technical Advantage

Nubeva’s advanced technology provides state-of-the-art advanced capabilities to both passive and inline applications:

Decrypt PFS Traffic

TLS 1.3, 1.2 with PFS along with legacy TLS, traffic authenticated with pinned certificates, as well as MTLS/client cert authentication.

Decrypt 3rd Party Traffic

Traffic to the internet and 3rd party servers and services, including cloud platforms, something never before possible.

Decrypt Pinned and Client Cert Traffic

Decrypt all pinned traffic, including traffic from MS365, G-Suite, Dropbox, Mobile, and MTLS/client-cert authenticated sessions.

High-Speed, Low Cost 

Achieve throughput > 80% of wire speed. SKI enables simple, secure, symmetric bulk decryption with very low resources for breakthrough price performance.

Easier Operations and Security

Reduce operational headache with no server keypairs to load, maintain, or secure.  SKI is a lower-risk architecture with an independent and secure, fast ephemeral key management plane. 

Deliver More Value to Your Customers

Business Advantages

Expanded Value to Customer

 With expanded decryption capabilities, provide a complete DPI solution to customers.

Expand Markets and Sales Acceleration

Increased market opportunity allows sales teams to sell more products, close bigger deals, and create lasting customer success. 

Lower Support Complexities 

Empower your sales engineers and product teams by reducing product gaps and increasing evaluation success while lowering post-sales complexities.

deliver-more-value

Integrate Nubeva SKI into Your Product Suite

Integrating Nubeva SKI into your products is fast and easy, allowing you to get to market quickly with low barriers to entry. The core concept of SKI is to capture session keys from TLS servers and clients and forward them to authorized decryption engines for use. With session keys available, simple, high speed, and low-cost bulk decryption is available for any traffic.  Simply match traffic with discovered keys based on sessions’ client-random values and decrypt.

The following diagrams represent two scenarios depending on the operation mode.  

 

Passive Implementation

Nubeva restores the passive decryption option. Nubeva learns and extracts session keys and delivers them to systems to decrypt. Because Nubeva SKI operates without any PKI  requirement, a passive inspection of traffic going to third-party servers and cloud platform services is possible for the first time.

Passive Network Packet Broker

Inline Implementation

Nubeva solution enables systems operating in inline mode. When keys are available from Nubeva’s system, the decryption system can work with greater simplicity, higher throughput, and lower latency than legacy decryption.  If keys are not available because sensors are not deployed, the system simply falls back to “business as usual” with the existing MITM or reverse proxy engine.

Inline-Network Packet Broker

Our comprehensive suite of software components, available in source or binary forms, enables fast and flexible SKI decryption implementation into most product sets. While there are many implementation models, here are the basics.

Get Session Keys

Nubeva has perfected the learning and exporting keys from application and TLS process memory as they are created during the TLS handshake. Simply deploy our session key learning software on any VM, node, or endpoint. 

Key learning software is delivered as a C library or turnkey agents and containers in binary or source code form. Key extraction is 100% reliable. This read-only micro-process is ultra-secure,  transparent, and non-disruptive to application code, does not impact applications, and operates with minute memory and CPU requirements.

 

Universal for inline and passive, SKI decrypts:

  • Any TLS 1.3, 1.2, and legacy. 

  • Any session N-S-E-W including pinned and client certificate sessions.

  • Traffic to internet, cloud, and other 3rd party servers and services

  • For metal, VM's, container hosts in datacenter or cloud and/or client endpoints.

  • From OS and commercial applications as well as malware communications 

 

Get Started: 

Have an agent?  - Add the ability to get session keys simply and easily using SKI Sensor C Library.

 

No agent today? - Add agents to your portfolio with Nubeva's off-the-shelf SKI Sensor Agents and Containers.


Don't want to have an agent? - Resell Nubeva labeled sensors. Or, simply add the ability to receive and decrypt using session keys to your system and let your customers provide the keys from a growing list of systems with Nubeva SKI Sensor Technology or any other key source.

Decrypt with Session Keys

Nubeva complements session key discovery with a suite of decryption support options enabling NPB and other decryption vendors to add the ability to receive session keys and decrypt. We offer a multitude of implementation options to meet virtually any architectural model and go-to-market packaging scenario. Inspection systems need only minor modifications to receive keys and to decrypt using them.

  • Enhance existing datapath or add net new

  • Any traffic and any session

  • Leverage crypto instruction set acceleration in standard CPUs

  • Achieve ultra high throughputs over 25Gb/s per core

  • Efficient use of  CPU and Memory resource

 

Get Started: 

Already have Decryption? – Add the ability to receive keys and decrypt by modifying your existing engine or utilizing Nubeva’s SKI Decrypt TLS C library and reference code.

Don't have Decryption?  Nubeva’s Decryptor Containers and Keyserver Container provide a fast and easy implementation to receive keys and decrypt traffic.


There are a myriad of implementation options spanning key acquisition, key transport, and handling, as well as decryption.

Nubeva works with our customers to develop the ideal architecture and craft highly customized licensing programs and support services to enable customer success.

Let's discuss how SKI can work with your systems.

Get a Demo

Resources

In this video, Erik Freeland, Head of Customer Engineering, demonstrates the Nubeva Sensor capturing keys from a variety of applications including Windows Browsers, DropBox, and Microsoft Office 365. ...
Tech Brownbag - Nubeva's Key Discovery is Evolving. First TLS. Now, Ransomware. Nubeva develops and licenses enterprise-class software for decryption to enable world-class application monitoring and n...
In this comprehensive paper entitled A Definitive Guide to Modern Network Decryption: A Case for Nubeva SKI in a TLS 1.3 World and Beyond we cover the following:  Part 1: The State of the Visibility o...