Nubeva Expands TLS Decryption Capabilities for Use in the Cloud
Breakthrough Symmetric Key Intercept Architecture Enables Visibility to Encrypted Traffic in Public, Private and Hybrid Clouds; Supports Windows and Linux OS
Nubeva Technologies Ltd., a cloud visibility SaaS software developer for enterprises, announced the company’s expansion of its next-generation TLS Decryption solution. Nubeva now supports Windows Schannel as well as expanded Linux flavors and supports private and hybrid cloud deployments in addition to public cloud. With Nubeva’s cloud-native TLS 1.3 Decryption solution, security, and information technology teams gain access to a complete and secure solution for advanced inspection, monitoring, and compliance in their cloud environments.
“Encryption is widely regarded as the first and most important security measure in cloud computing. Today, more than 70 percent of cloud network traffic is encrypted with modern protocols including TLS 1.3 with Perfect Forward Secrecy. While encryption offers cloud users more security, it also inhibits the ability to monitor and inspect network traffic, a critical function for cybersecurity, compliance, and DevOps,” said Randy Chou, Nubeva co-founder, and CEO.
“Our TLS Decryption solution enables users to easily decrypt data when and where it’s needed and supports the latest encryption protocols and ciphers. And now, with our expanded support for hybrid and private clouds, Windows and all major variants of Linux, the market for our technology expands significantly to fill gaps in visibility,” Chou added. “Nubeva enables enterprise IT and security teams to aggressively embrace the latest encryptions for enhanced protection and privacy without sacrificing visibility, governance, and control.”
Nubeva’s breakthrough Symmetric Key Intercept architecture starts with a lightweight agent deployed on critical computing workloads. It is easy to set up, consumes minimal resources, and works with any TLS protocol and session type — including Perfect Forward Secrecy and pinned certificates as well as sessions to databases, and API calls to cloud providers and other third parties.
Once in place, final symmetric encryption keys (session keys) are identified after the initial TLS handshake. These keys are extracted and securely stored in the user’s key database where they can be accessed when needed. Decryption agents are deployed on the monitoring and inspection tools themselves, so decrypted data is never exposed to risk.
The Perfect Forward Secrecy enhancement to TLS encryption and the Nubeva innovation that uses final secret/symmetric keys dramatically enhances security over traditional decryption systems. Unlike all other systems when an application’s private keys are compromised and anyone can decrypt the traffic, the symmetric key that is intercepted is only useful for a single, short-lived session.
Nubeva TLS Decrypt, with its Symmetric Key Intercept architecture, supports the following:
- Linux and Windows operating systems
- Virtually all TLS protocols and ciphers including TLS 1.3, 1.2 with ECDHE, AES-GCM, ChaCha20-Poly1305 and more
- Client and server TLS sessions in VMs, containers and Kubernetes environments
- Public clouds including AWS, Azure and Google Cloud Platform as well as private and hybrid clouds using VMWare, KVM and Xen
- Any packet capture or mirroring solution
- Any packet-based inspection and monitoring tools
With the continued migration of resources to the cloud, along with an increase in cybercrime, the enterprise IT market needs new solutions that provide total visibility of cloud traffic. Nubeva enables IT teams to run top-tier security technologies and services in the cloud and get the visibility needed to effectively monitor traffic.
Nubeva first announced its TLS Decrypt solution in June 2019. The first-of-its-kind technology enables SecOps and DevOps teams to maximize cloud security, application troubleshooting, and network monitoring tools so they can obtain the insights needed to detect and respond to potential security threats. Users can start and stop the decryption service, rehydrate or restock running VMs, and use Symmetric Key Intercept for key extraction and decryption as a service all using cloud infrastructu