reference deployment

Nubeva TLS Decrypt on the AWS Cloud

Deploy Nubeva TLS Decrypt for visibility into modern encryption

View deployment guide

This Quick Start deploys the Nubeva Transport Layer Security (TLS) Decrypt platform on the Amazon Web Services (AWS) Cloud. It includes the following open-source tools:

  • Arkime is a large-scale, open-source, indexed packet-capture-and-search system.
  • Suricata is a high-performance engine that comprises a network intrusion detection system (IDS), an intrusion prevention system (IPS), and network security monitoring (NSM).
  • Wireshark is a free, open-source packet analyzer for network troubleshooting.
  • Zeek is a powerful network analysis framework used for intrusion detection by looking at anomalous network activity to find suspicious data flows.  

This Quick Start is for users who want to identify malicious activity, insider threats, and data leakage within their virtual private cloud (VPC) and Amazon Elastic Compute Cloud (Amazon EC2) instances.

This Quick Start was created by Nubeva in collaboration with AWS. Nubeva is an AWS Partner.

Contact partner

AWS Service Catalog administrators can add this architecture to their own catalog.  

Use in AWS Service Catalog
  •  What you'll build

  • The Quick Start sets up the following Nubeva environment on AWS:

    • A highly available architecture that spans two Availability Zones.*
    • A VPC configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
    • Elastic Load Balancing (ELB) for each open-source tool, to provide scaling for the tool operation itself and for inbound packet mirroring using Amazon VPC traffic mirrors or internal replication.
    • In the public subnets:
      • A bastion host for all inbound connectivity.*
      • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the subnets.*
    • In the private subnets:
      • Arkime packet capture in an Auto Scaling group (size 2).
      • Suricata signature detection in an Auto Scaling group (size 2).
      • Wireshark packet analysis in an Auto Scaling group (size 2).
      • Zeek anomaly detection in an Auto Scaling group (size 2)
      • Amazon VPC Traffic Mirroring targets connected to each open-source load balancer.
      • A sample source instance in an Auto Scaling group (size 2) for monitoring TLS traffic.
    • Amazon DynamoDB for key storage.
    • Amazon Elasticsearch Service (Amazon ES) for managing the logs of Zeek and Suricata.
    • An Amazon Simple Storage Service (Amazon S3) bucket for Arkime packet capture (PCAP) storage.

    * The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy

  • To deploy the Nubeva TLS Decrypt environment, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. Sign in to your AWS account. If you don't have an AWS account, sign up at https://aws.amazon.com.
    2. Prepare your Nubeva account.
    3. Launch the Quick Start. Before you create the stack, choose the AWS Region from the top toolbar.
    4. Test the deployment.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

    View deployment guide for details
  •  Cost and licenses

  • The deployment requires an account on the Nubeva SaaS console, as described in the deployment guide.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will use. Prices are subject to change.

    Tip   After you deploy the Quick Start, create AWS Cost and Usage Reports to track costs associated with the Quick Start. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, see What are AWS Cost and Usage Reports?