Introducing the World’s First Dedicated Virtual Decryption Appliance for Enterprises
TLS Decryption in Virtualized Environments
Mira now offers the world’s first dedicated virtual decryption appliance, vETO (virtual ETO).
The Mira vETO has the same functionality of the ETO physical appliance, allowing for all TLS traffic, including TLS1.3, to be decrypted. The vETO and ETO are deployed as a transparent “bump in the wire” or “bump in the tunnel,” enabling decryption of traffic within VXLAN and GRE tunnels without requiring tunnel termination. The Mira vETO comes with two network interfaces and two appliance interface ports operating in either inline or passive mode.
The Mira vETO also supports up to four mirror interface ports for passive sensors. This allows for up to 6 passive security tools to gain visibility into encrypted flows. Many of these security sensors and firewalls can also be virtualized, allowing for an entirely virtual security environment. The vETO is capable of decrypting 8000 connections per second and up to 5Gbps of TLS traffic, and is initially available for VMware ESXi and KVM hypervisors including Proxmox.
Visibility into Encrypted Traffic for Existing Enterprise Security Tools
At Mira Security, our main purpose is to provide visibility into encrypted traffic for existing enterprise security tools, ensuring that they can detect and mitigate any security threats. Our existing network decryption ETO physical appliances target medium to large bandwidth deployments, supporting up to 100Gbps of TLS decryption. Our new virtual decryption ETO appliances offer up to 5Gbps of TLS decryption.
The ETO can be configured using policies, allowing for traffic only to be decrypted based on network or TLS parameter fields, or on the category of website being accessed. Full policy match capabilities are described in this product brief. If the flow does not match a decryption policy, then only the encrypted TLS packets are sent to the attached security tools. The ETO logs all TLS flow details, enabling visibility into what traffic is present within the network.
Advantages of the Mira vETO Virtual Decryption Appliance
The Mira vETO system performance is scalable by providing more CPU cores and memory, as required. The vETO operates under a subscription license supporting between 0.5Gbps and 5Gbps of decryption. Licenses can be upgraded at any point, allowing for deployments to easily scale over time.
Data center operating costs are minimized, as no additional rack space, cooling or network switches are necessary. Virtualization improves business continuity, since vETO systems can be easily backed up and migrated to new environments, as needed.
For larger offices requiring over 5Gbps of decrypt, hybrid cloud deployment is possible by using physical ETO appliances supporting up to 100Gbps at these higher-bandwidth locations, while utilizing 5Gbps vETOs within the remote offices. Unified management allows for the same decryption policies, and CA certificates to be easily shared and deployed between sites.
What is HTTPS and TLS, and What Risks do They Pose to Network Inspection Tools?
HTTPS is a secure way to send traffic from a web browser to a web server using the TLS protocol. It was originally used for the most-sensitive of applications, but now the majority of web traffic is accessed via HTTPS, including malware and insider threats. Unfortunately, that allows these attacks to hide and become undetectable by network malware protection and intrusion/extrusion detection/prevention systems.
How is Network Infrastructure, TLS Decryption and Security Evolving?
Historically, IT infrastructure was located on-site with dedicated physical hardware. But in the last 15 years, servers have gradually migrated over to virtualized environments mainly running on VMware ESXi or KVM-based hypervisors, such as proxmox, located either on-site or in a hosted private cloud. On-site network security infrastructure has been more difficult to migrate to virtualized environments as dedicated hardware outperformed standard server CPUs. However, modern servers are now more capable of performing network transmission and inspection for medium-sized offices.
Due to these advances in technology, combined with businesses trying to minimize travel to remote offices, there has been a move to virtualize the network, including network security using private cloud. However, there have been no dedicated virtual decryption appliances available until now.
Mira vETO Software Subscription Options
Mira vETO software is licensed as a subscription model for either KVM or ESXi. Subscriptions can be for 12 months or 36 months and can be upgraded during the subscription period. The license purchased determines the amount of encrypted traffic that can be decrypted to provide visibility for security tools. The Mira vETO software will run on KVM or ESXi systems using Intel Haswell or equivalent CPU(s).
Performance numbers shown here are measured on a system using Intel® Cascade Lake CPUs (Xeon® Gold 6248) running vETO v1.9. Performance is likely to be lower on systems with older CPUs. Currently the maximum licensed capacity is throttled to 5 Gbps.
Mira ETO Demo
In this video we see how Mira Security Encrypted Traffic Orchestration can enable your network security systems to properly monitor traffic and detect threats that they would otherwise miss due to encryption.
Interested in Learning More?
Mira Security removes enterprise network “blind spots” by providing visibility into unencrypted connection for the full range of security and analytic tools.
Learn more about Mira vETO Virtual Decryption Appliance, visit our Resources page to download the product brief and whitepaper, or watch videos.
Sign Up for Your Exclusive Mira vETO Virtual Decryption Appliance Trial Today.
Mira vETO trials are available on request, allowing for testing to be quickly and easily deployed on-site.