Overview
Encrypted TLS traffic has become ubiquitous in networks today, delivering privacy and protecting users data. However, encrypting data also creates a new set of security issues for enterprises, as existing security mechanisms are "blind" to any threats carried by encrypted connections.
The Mira ETO software enables an enterprise to remove this "blind spot" by providing visibility into the unencrypted connection for the full range of security and analytic tools being used.
Enabling the enterprise security stack to detect and mitigate threats while providing features to enable privacy and ensure compliance requirements can be met is central to Mira ETO software.
Mira ETO automatically detects SSL, TLS and SSH traffic and can decrypt this traffic in order to send the unencrypted data to one or more security tools. The decrypted flows may be sent to a passive security tool using GENEVE or VXLAN tunnels. Decrypted data is sent to security tools with the same packet header details as the original encrypted flow encapsulated within the tunnel. Optionally, the decrypted flow can be marked allowing the tool to determine that the flow was originally encrypted. The decrypted traffic can be sent to existing IDS tools on AWS such as Suricata, Zeek, Corelight, Stamus, and Trellix NX.
Sign up for a Demo at https://mirasecurity.com/how-mira-works/eto-demo-sign-up/
Bring Your Own License (BYOL) requires an externally purchased license, visit https://mirasecurity.com/how-mira-works/eto-aws/ for purchasing information and trials.
Highlights
- Compatible with AWS Gateway Load Balancer, enabling easy deployment and automatic scaling within a centralized security architecture.
- Capable of decrypting SSL v3, TLS 1.0, 1.1, 1.2 and 1.3, as well as SSHv2, automatically detect all SSL/TLS and SSH traffic in the network, no matter what ports are being used. Policy control over which encrypted traffic is made visible allows compliance with industry requirements and enterprise policies on data privacy
- Decrypt outbound and inbound TLS flows using Certificate Authority resign or using existing server certificates and keys.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
Can be cancelled anytime. Currently there is no refund policy offered by Mira Security.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Maintenance release with updated CAs, CRLs, and open source packages
Additional details
Usage instructions
Follow the Virtual ETO Getting Started Guide documentation available at https://srv.mirasecurity.com/lnk/eto-vm-gsg-2.1.0 This EC2 requires 2 network interfaces, first interface for GWLB datapath/plaintext output, second interface for management (https/ssh). Default WebUI login- Username:admin, Password:[instance-id] Console/SSH- Username:mira, Password:[instance-id]. Passwords must be changed on first login. GWLB health checks must be set to TCP port 80. CloudFormation templates available at https://github.com/mirasecurity/aws
Resources
Vendor resources
Support
Vendor support
Support and additional documentation may be obtained at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
