Network security teams have the daunting task to monitor and inspect any traffic, at any time, without impacting production, including the need to see actual payloads to detect and respond to threats. With the rapid adoption of public cloud, the ability to inspect network traffic becomes a new gap for security teams. The problem is threefold:
Public clouds have made strides by introducing cloud-native solutions to tap and mirror traffic; however, gaps and limitations remain including access to container-to-container traffic inside Kubernetes.
Modern SSL blocks visibility into actual data and therefore, threats. Nearly all traffic is SSL encrypted with TLS 1.3 or TLS1.2 with ECDHE. DevOps cannot reduce protocol levels of all cloud and third party services to reinstate out-of-band solutions rendered useless with new ciphers and protocols.
The only option left for decryption, is dropping appliances inline, such as firewalls or load balancers, to terminate sessions as a man-in-the middle. This is only practical at the ingress point of an environment, leaving interior, east-west traffic in the dark. DevOps and cloud scale will not tolerate the choke points and appliances everywhere.
With these complications, network security tools and teams are blind to critical cloud traffic, leaving enterprises exposed to advanced threats within their cloud subscriptions.
Nubeva enables full visibility in public cloud with a suite of simple yet powerful software solutions: Nubeva TLS Decrypt and Nubeva Traffic Mirroring. Our mirroring solution allows teams to fill the gaps where native cloud tapping is not available. Independent of the capture method, Nubeva TLS Decrypt unlocks modern SSL traffic enabling security tools to see more to better detect and respond to advanced threats.
Nubeva traffic mirroring fills gaps in the most basic function of network security - packet access. Traditionally, access to packets for inspection has been trivial. But containers, and especially container-to-container traffic in Kubernetes, represents a new challenge. Nubeva sensors run as DaemonSets and mirrors inter- and intra- Kubernetes pod traffic to one or many tools. Filtering and slicing are supported as well. We offer the industry's only high performance, native Kubernetes solution. The simple, drop-in solution creates the visibility you need for full packet inspection and monitoring.
Nubeva’s symmetric key discovery re-enables out-of-band decryption. The state of the art Nubeva sensor is deployed on any workload and discovers the session keys from memory. The containerized Nubeva decryptor pairs the final session keys with the mirrored traffic. Historic pcap volumes can also be decrypted. The Nubeva decryptor is software-based and can deploy directly on your security and monitoring tools or run as a stand-alone decryption appliance that forwards traffic to your security tools.
The Nubeva TLS Decrypt solution paired with Nubeva Traffic Mirroring is the perfect combination for secure decrypted visibility in public clouds, private clouds and in your data center. Here is how it works:
Access to more traffic with decrypted payload visibility improves core monitoring functions in any cloud:
Supports all TLS ciphers including TLS 1.3 and TLS 1.2 with PFS and ECDH; and supports both TLS client and TLS server side connections from VMs and containers.
The cloud demands out-of-band solutions. Nubeva requires no app or library changes, no network or architecture restrictions and no inline interruptions.
The highest performing packet mirroring solution on the market to capture traffic when and where you need it including Kubernetes and container traffic.
With enterprise grade security, scale from micro to massive to fit the needs of an individual team or the requirements of large enterprises.
Our universal solution works with any tap, mirror, packet broker system, with any monitoring tool, in all public and private cloud environments.
Nubeva is offered at <1/5th the cost of traditional solutions. It is easy to get started and use, thereby unlocking modern network visibility for everyone, anywhere.