A New Approach That Restores Complete Decrypted Visibility

Nubeva created a breakthrough approach to decryption. Symmetric Key Intercept is host-based discovery and delivery of the symmetric encryption keys used by all modern encryption systems, ciphers and protocols. Symmetric Key Intercept Architecture has four core elements:

  1. Symmetric Key Discovery
  2. Symmetric Key Delivery
  3. Symmetric Decryption
  4. SaaS or Stand-Alone Management Console
Nubeva enables real-time, multi-destination, decentralized decryption of mirrored, captured or streaming traffic. Nubeva brokers the final, symmetric encryption keys to your own decryptors and tools or provides decrypted traffic output from our own software decryptor.

Symmetric Key Intercept

Symmetric Key Discovery - TLS hello triggers Nubeva’s advanced, signature-based hunt rules. These key signatures let Nubeva’s read-only sensor quickly discover each session’s symmetric encryption key.


Symmetric Key Delivery - Symmetric encryption keys and session secrets are encrypted and securely sent – over your own network – to a decryptor destination or a Key Depot. The session traffic and the keys are never sent together, creating additional protection.


Pure, Symmetric Decryption: With the symmetric encryption keys already at your disposal, there is no need for old, slow and costly decryption mechanisms like MITM, handshake replay or early TLS termination. Decryptors receive the symmetric keys and can perform bulk decryption at line rate.



Key Discovery Sensors
Automatically Learn and Extract
All Symmetric Keys Inter/Intra Host
Nubeva key discovery sensors are read-only, self-learning and self-configuring sensors that learn host environments to locate symmetric encryption keys from working memory.
Fast Key Delivery
Enables Scaling and
Multiple Destinations
Depot symmetric keys to extend their ephemerality and deliver them to multiple destinations, simultaneously. This decouples symmetric key management from decryption and enables massively parallel decryption, inspection and detection capabilities.
Pure Symmetric Decryption
Save Money, Improve
Functionality and Simplify
Decryption of mirrored traffic happens wherever it’s needed. Nubeva delivers final encryption keys to any tool or decryption appliance that can receive them. Nubeva also provides a software symmetric decryptor that anyone can deploy and use.
Management System
Simple Management
with Your Security Requirements
Available as either SaaS or as a private, air-gapped controller, the Nubeva management platform simplifies management, rule definition, elastic and automatic deployment of sensors.
Update Your Security and Monitoring Systems

Use Cases


Restore and Expand

Passive Systems

Nubeva restores visibility to out-of-band detection and inspection solutions. There is no need to be in the middle of a session. Instead, Symmetric Key Intercept discovers and delivers the final, symmetric encryption keys from the host to the passive tool enabling it to see all traffic including TLS 1.3, PFS and pinned certificates.


Enhance and Boost

Inline Systems

Nubeva augments and enhances inline systems by delivering the final symmetric encryption keys from the host to the inline system before the first packet even arrives. Inspect traffic you previously had to bypass. Restore peak performance of inline tools by eliminating the need for handshake replays and old decryption processes.


Create and Enable

New Visibility

Nubeva creates visibility where none existed before and enables security tools and teams to see into areas they’ve never seen before. Nubeva discovers symmetric encryption keys from Kubernetes and containers, Intra-zone/VPC, high-speed connections, and Cloud and 3rd party API calls/connections.

Why Nubeva? 

Key Benefits

Reduce Cost

Get decrypted visibility and eliminate legacy performance costs. Use existing tools to inspect and monitor all traffic at line speed.

Protect Investment

Extend the ROI of your existing solutions. Enable pure, fast symmetric decryption with Nubeva and continue to use the tools, teams and processes in place.

Future Proof Visibility

Regardless of encryption protocol or cipher suite,  the confidentiality of traffic and integrity of the session is preserved while legitimate availability is allowed and protected.

