

Nubeva TLS 1.3 Decrypt Solution Provides Visibility into Inter- and Intra-Container and Kubernetes Traffic Including Cloud Platform Variants

Nubeva Technologies Ltd. (TSX-V:NBVA), a cloud visibility SaaS software developer for enterprises with assets in public, private and hybrid clouds, today announced network decryption support of container and Kubernetes workloads hosting encrypted applications in any cloud.

This support extends to cloud platform variants of Kubernetes including Amazon Elastic Kubernetes Service (Amazon EKS) and Azure Kubernetes Service (AKS), Google Kubernetes Environment (GKE) and the generic form KOPS. With container and Kubernetes decryption capability, Nubeva provides the first and only complete visibility solution to work in and out of the container and Kubernetes environments enabling advanced inspection, monitoring and compliance in their cloud environments.

The Nubeva solution is the only 100% out-of-band solution that serves as an easy overlay option and requires no code changes, library modifications or changes to architecture or operations.

"Container and Kubernetes workloads are quickly becoming the standard for creating and running software and other applications in the cloud," said Randy Chou, Nubeva co-founder and CEO. "While efficient, this architecture creates blind spots as programs communicate with other applications in the cloud and to external networks. Nubeva TLS 1.3 Decrypt obtains the keys from any north/south or east/west session and provides total visibility to traffic running in and out of containers - enabling real-time monitoring as well as forensics on Kubernetes deployments for the first time."

Kubernetes, which was developed internally by Google prior to Google putting it into open source, has emerged as the de facto orchestration standard for the use of containers. AWS, Microsoft Azure and Google Cloud all provide cloud subscribers with proprietary Elastic Container Services (ECS). ECS enables organizations to scale their cloud workloads as needed, allowing the cloud provider to add the needed compute resources as users require it.

Nubeva makes use of the breakthrough Symmetric Key Intercept architecture to discover and extract the final, ephemeral session keys for each container running on a host, regardless of how quickly the containers spin up and spin down. Once the keys are stored users can decrypt the encrypted traffic when and where needed, at scale enabling security, DevOps and compliance teams with full visibility to the actual data in motion in and out of critical applications, workloads and even microservices.

Key Benefits for Nubeva Users

Deploy in any container environment. Nubeva's solution operates independently of container management systems and can be deployed in any Linux container environment - pure Docker environments, Kubernetes, Amazon EKS, AKS, and Google Cloud GKE.

Get visibility into packets from clusters, nodes, pods and microservices running in Kubernetes. Nubeva TLS 1.3 Decrypt works within any environment including those that run for a week or for mere milliseconds with no modifications to the cloud architecture.

Compatible with all modern and TLS protocols and ciphers: Including TLS 1.3, 1.2, 1.1 and 1.0; all Diffie Hellman variants (DH, ECDH, ECDHE) and Perfect Forward Secrecy (PFS); pinned certificates; AES, AES-GCM and ChaCha20-Poly1305.

Supports TLS client and server sessions. Supports sessions to clients as well as workload sessions to other services, cloud platform services such as API calls and PaaS, and to third party and external services that support and are part of the application architecture.

Discovers and extracts symmetric keys for all containers and pods running on an instance or node. Nubeva's Key Discovery Agent decouples workloads from key extraction functions, minimizes the load on the instance, and reduces deployment and maintenance overhead.

Delivers extreme performance. Operates with negligible CPU and memory overhead. This key extraction agent consumes ~1% of compute resources on a single CPU core for all the workloads on a node with a few megabytes of memory.

Supports any packet capture and broker system. In cloud, Nubeva works with AWS VPC traffic mirroring and Azure VTAPS. In private and hybrid clouds, the solution works with any tap, span, mirror or network packet broker system. And, it works with TCPdump and PCAP files as well as mass storage of PCAPs that need selective or bulk decryption.

Supports Windows Schannel, a variety of Linux flavors, and public, private and hybrid cloud environments.

Nubeva announced its cloud-native TLS 1.3 Decrypt solution in June 2019. This first-of-its-kind technology enables security and DevOps teams to maximize their cloud security, application troubleshooting, and network monitoring tools by delivering decrypted packet traffic to them so they can obtain the insights needed to detect and respond to potential security threats. Users can start and stop the decryption service, rehydrate or restock running VMs, and use Symmetric Key Intercept for key extraction and decryption as a service all using cloud infrastructure

About Nubeva Technologies Ltd.

Nubeva Technologies Ltd. develops Software-as-a-Service ("SaaS") solutions that enable enterprises to obtain visibility of encrypted cloud traffic. Nubeva's Symmetric Key Intercept architecture provides universal TLS decryption and works in any cloud platform. The service unlocks cloud traffic for best-of-breed security. The scalability and ease-of-use of Nubeva enable any organization to adopt aggressive encryption in the cloud needed for network monitoring and security tools. Visit nubeva.com for more information.

