The True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Arrow pointing leftBlog

Decrypt Perfect Forward Secrecy with F5 BIG-IP and ExtraHop

How F5 and ExtraHop work together for passive visibility

Tyson Supasatit

November 15, 2018

Earlier this year, the IETF finalized the TLS 1.3 specification which introduces performance enhancements as well as mandates perfect forward secrecy (PFS). This came as an unpleasant surprise to many enterprise IT organizations who need to passively decrypt and analyze network traffic for a variety of reasons, but they were too late to the party to change things.

ExtraHop's customers had already asked us to develop a solution for passively decrypting PFS traffic that wouldn't require an expensive man-in-the-middle appliance. That solution involves deploying a session key forwarding agent (we like to call it a "secret agent") on the customer-controlled servers that you want to analyze traffic to and from. An alternative is to use an F5 BIG-IP application delivery controller to extract those session keys and then forward them to the ExtraHop appliance.

Our friends at F5's DevCentral put together a lightboard video and blog post detailing how to implement this solution. Give it a watch!

Explore related articles

Experience RevealX NDR for Yourself

Schedule a demo