Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@[email protected]...
Transcript of Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@[email protected]...
![Page 1: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/1.jpg)
2‹#›
Moloch & Amazon VPC Traffic MIrroring
![Page 2: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/2.jpg)
What Am I Presenting?
• Complete cloudformation template for AWS installation of Moloch• Preview of official AWS Quickstart
• Core Requirements:• Cloud native components that can all autoscale independently• Decouple Elasticsearch from capture & viewer• Centralize all packet storage on S3• Allow for multi-viewer support• Allow for installation into new & existing VPCs
![Page 3: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/3.jpg)
Who Am I?
• Erik Freeland • @ejfreeland [email protected]
• 25+ years in computing, networking, & security.• Working on Banyan Vines to AWS
• Currently Director of Customer Success for Nubeva• Nubeva has solved OOB TLS Decryption in the “cloud”
![Page 4: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/4.jpg)
Why Should I Care?
• https://medium.com/wardleymaps
![Page 5: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/5.jpg)
![Page 6: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/6.jpg)
Actual Demo Diagram
![Page 7: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/7.jpg)
Availability
• Now• www.nubeva.com
• New VPC -https://nubevalabs.s3.amazonaws.com/quickstart/templates/nubeva-master.template.yaml
• Existing VPC -https://nubevalabs.s3.amazonaws.com/quickstart/templates/nubeva.template.yaml
![Page 8: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/8.jpg)
But Wait There’s More
![Page 9: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/9.jpg)
![Page 10: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/10.jpg)
But Wait There’s More
![Page 11: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/11.jpg)
Nubeva TLS Decryption
Unencrypted Traffic
Encrypted Traffic
Application cluster
Clients
AppNubeva TLS SensorsDiscover Individual
Session Final Secrets from Memory in Realtime
Universal Software Decryptor (Container)
Decrypt Anywhere, Anytime,To Any Tool or Files
Using Any Packet Source
Copies of PacketsRealtime Streams
and Historical PCAPs
Encrypted Key Plane
![Page 12: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to](https://reader034.fdocuments.net/reader034/viewer/2022042105/5e83bc6d8e64f236cd2c18b3/html5/thumbnails/12.jpg)
13
‹#›
Thanks