Below is our recent interview with Billy Cripe from Nubeva:
Q: Can you tell us something more about the company and what you do?
A: Nubeva continues to innovate and provide solutions that enable enterprise organizations to maximize security in their cloud and data center environments.
Q: Nubeva changed its focus in June – what made you go this way, and what’s changed?
A: In June 2019, Nubeva launched its newest SaaS-based solution called Nubeva TLS Decrypt. This cloud-native solution enables security and DevOps teams to maximize cloud security by using the newest encryption protocols including TLS 1.3, TLS 1.2 with Perfect Forward Secrecy (PFS) and the latest ciphers like Elliptic-curve Diffie-Hellman (ECDH) AES-GCM and ChaCha20 (AEAD).
TLS Decrypt supports Windows Schannel and expanded Linux flavors. In addition it works in any cloud environment – public, private and hybrid. With Nubeva’s cloud-native TLS Decrypt solution, security, and information technology teams gain access to a complete and secure solution for advanced inspection, monitoring, and compliance in their cloud environments.
This breakthrough, out-of-band architecture starts with a lightweight TLS Sensor – a read-only microservice that is deployed on any computing workload. It is easy to set up, consumes minimal resources, and works with any TLS protocol and session type — including Perfect Forward Secrecy and pinned certificates as well as sessions to databases, and API calls to cloud providers and other third parties.
Once in place, the sensor identifies final symmetric encryption keys (ephemeral keys) after the initial TLS handshake. These keys are then transmitted on a key plane and placed in a hosted or private controller where they can be accessed as needed. A Nubeva Decryptor is then deployed on monitoring and inspection tools where the ephemeral keys are decrypted to ensure data is never exposed to risk.
The Perfect Forward Secrecy enhancement to TLS encryption and the Nubeva innovation that uses final ephemeral keys dramatically enhances security over traditional decryption systems.
Nubeva TLS Decrypt, with its proven architecture, supports the following:
● Linux and Windows operating systems
● Virtually all TLS protocols and ciphers including TLS 1.3, 1.2 with ECDHE, AES-GCM, ChaCha20-Poly1305 and more
● Client and server TLS sessions in VMs, containers and Kubernetes environments
● Public clouds including AWS, Azure and Google Cloud Platform as well as private and hybrid clouds using VMWare, KVM and Xen
● Any packet capture or mirroring solution
● Any packet-based inspection and monitoring tools
With the continued migration of resources to the cloud, along with an increase in cybercrime, the enterprise IT market needs new solutions that provide total visibility of cloud traffic. Nubeva enables IT teams to run top-tier security technologies and services in the cloud and get the visibility needed to effectively monitor traffic.
Q: What are the benefits of TLS decryption capability?
A: First, it’s important to understand that with new TLS 1.3 encryption protocols, legacy out-of-band decryption is no longer a solution.
TLS 1.3 became the official encryption-in-motion standard in March of 2018. TLS 1.3 and its precursor, TLS 1.2 with Perfect Forward Secrecy (PFS), Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) ciphers and pinned certificates were designed to enforce the idea that encryption should be more robust, keys should be prolific and temporary, and decryption should only be possible by the owner of the traffic.
The impact is that TLS 1.3 makes legacy out-of-band decryption obsolete. Certificates are no longer available for decryption key derivation and old solutions do not work. In the past, all the session traffic between two points could be decrypted once the encryption key was provided or derived. Now keys are ephemeral; they work only for a single session. Legacy, out-of-band solutions that relied on RSA key exchange or certificate access for decryption do not work in the new TLS 1.3 world.
As more of the world’s application infrastructure moves to the cloud – whether public, private or hybrid – security, DevOps and IT teams are coming to grips with the reality that they do not control the infrastructure upon which their businesses depend. Hardware and networking infrastructure belong to the cloud providers. Intra cloud and intra workload and third party API networking standards are defined by the cloud and API providers. The business consumer and application developer can accept them or not use them. The opportunity-cost of the speed and agility of the cloud is a loss of visibility and control.
Nubeva’s new Symmetric Key Intercept architecture ensures decrypted traffic is
never exposed to potential threats if it gets intercepted. Instead of decrypting traffic in storage then sending it to monitoring tools for inspection, Symmetric Key Intercept allows users to send encrypted traffic to tools, databases or storage and then decrypt right at the tool. The architecture is easy to deploy, and scales to meet any traffic load without any configuration overhead or architectural constraints.
With Symmetric Key Intercept in place, cloud DevOps and security teams can, with confidence, decrypt TLS traffic inside their cloud environments – enabling security, performance, and diagnostic systems and processes.
Q: You’ve recently received the 2019 Stratus Award from the Business Intelligence Group; could you tell us something more?
A: In September and October 2019, Nubeva was honored with two technology awards. The company received the Firestarter award from 451 Research, a leading information technology research and advisory company focusing on technology innovation and market disruption. In addition, Nubeva received the Stratus Award in the Cloud Disruptor category for its innovative TLS Decrypt solution.
These awards are important milestones for Nubeva as the company solidifies its position as an innovator in the cloud marketplace. Enabling enterprise IT teams to maximize security in their cloud and data center networks is Nubeva’s day-to-day objective. Under the leadership of CEO Randy Chou, Nubeva engineers and architects will continue to create SaaS solutions that help IT teams do the important work they are tasked with to secure their systems.
Q: Looking ahead for the next year. What is the strategy for Nubeva Technologies?
A: As more and more businesses move mission critical resources to the cloud and create hybrid cloud environments to support day-to-day operations it becomes even more important to create a flexible and efficient way to work. IT organizations will create and manage workloads that flex up or down depending on business needs. These workloads will likely span across several public clouds, seamlessly, and will be managed with a single set of controls.
Organizations will have the best-of-breed infrastructure, software, encryption, authentication, data integrity, visibility, access and control of their data they they’ve never been able to create in a traditional data center (because of continual upgrades, maintenance and cost issues). Global enterprises will function with an IT infrastructure that is responsive and truly moves at the speed of business.
As this unfolds next year and beyond, Nubeva will provide SaaS solutions designed to help enterprise IT teams maximize their cloud and data center networks. By enabling security and DevOps to “see” the massive amounts of data flowing inside their network – when and where they need to examine the packets in detail – Nubeva will help enterprises avoid external threats and keep bad actors at bay. At the same time, these decryption solutions will provide the access, visibility and control of data needed to keep resources and apps running smoothly.