Encryption Visibility tells you how much of your network is encrypted, whose certificates are being used, and what your risk exposure is automatically, without agents or instrumentation.

Simple dashboards and powerful search and trace capabilities detail every session, encrypted or not, and every digital certificate actually in use. Easily see where high risk digital certificates are and which certificate authorities are behind every encrypted session. With deep analysis of digital certificate chains, you can pinpoint weak ciphers, deprecated TLS versions, self-signed, expired, and wildcard certificates to respond to your organization's policies. From this data, you can create and enforce environment specific trust control to validate only trusted roots are used in your VPC.

Encryption visibility works on raw network traffic, so you can see the state of encryption across your entire network, not a subset from an aging scan. By using AWS native port mirroring, combined with other network traffic sources, all VPC traffic can be inspected and monitored. Continuous analysis means new sessions and threats are identified in real time, reducing bad-actor dwell time. Combined with native alerting integrations, encryption visibility can now fit easily into your security posture.

Do not assume encryption policy, verify it!