ExtraHop Decryption Suite

Maintain privacy and visibility at the same time.

As enterprises adopt stronger SSL encryption for more of their application traffic, especially now that Perfect Forward Secrecy is required by TLS 1.3, they struggle to monitor network and application performance in secure areas of their environment.

NSS Labs predict that 75% of web traffic will be encrypted by 2019—but with real-time network traffic analytics backed by a robust Decryption Suite, you won't have to choose between security and visibility.

The ExtraHop Decryption Suite

The Decryption Suite is an add-on module to the ExtraHop platform that provides real-time decryption so that you can keep your communications secure without losing visibility. ExtraHop handles TLS decryption better than any other vendor for the following reasons:

  • Scale - ExtraHop leads the industry in speed, meaning that you need to purchase less gear than if you purchased from competitors. We love to make things go fast, including our TLS decryption. The ExtraHop Decryption Suite uses cryptographic acceleration hardware to perform bulk decryption at line-rate, up to a sustained 100 Gbps, and achieve up to 64,000 handshakes per second with 2,048-bit RSA keys.
  • Forward-secret cipher suite support - ExtraHop supports the leading cipher suites, including RSA cipher suites and cipher suites using Diffie-Hellman ephemeral key exchange for Perfect Forward Secrecy. No other network traffic analysis vendor offers support for PFS encryption, which is now required by the TLS v1.3 standard.
  • Less risk and cost - The ExtraHop Decryption Suite does not require any additional in-line appliances, which not only add cost but introduce another dependency and potential point of failure in the application delivery chain.

In addition to decryption capabilities, the ExtraHop platform also analyzes the TLS envelope to provide a continuous audit of ciphers, key lengths, and certificates. Notably, this covers all certificates in use in your environment, not just the ones that you have loaded in your key management software.

Interested in learning more about how you can use the Decryption Suite to keep your data safe without sacrificing visibility? Contact us and we'll be in touch!

Additional Resources

What Is Perfect Forward Secrecy … and Why Should You Care?

ExtraHop Decrypts Perfect Forward Secrecy