Precryption™
License: Requires SecureVUE Plus license.
Gigamon Precryption™ technology1 redefines security for virtual, cloud, and containerized applications, delivering plain text visibility of encrypted communications to the full security stack, without the traditional cost and complexity of decryption.
This section explains about:
How Gigamon Precryption Technology Works |
Why Gigamon Precryption |
Key Features |
Key Benefits |
Precryption Technology on Single Node |
Precryption Technology on Multi-Node |
Supported Platforms |
Prerequisites |
How Gigamon Precryption Technology Works
Precryption technology leverages native Linux functionality to tap, or copy, communications between the application and the encryption library, such as OpenSSL.
In this way, Precryption captures network traffic in plaintext, either before it has been encrypted, or after it has been decrypted. Precryption functionality doesn’t interfere with the actual encryption of the message nor its transmission across the network. There’s no proxy, no retransmissions, no break-and-inspect. Instead, this plaintext copy is forwarded to the Gigamon Deep Observability Pipeline for further optimization, transformation, replication, and delivery to tools.
Precryption technology is built on GigaVUE® Universal Cloud Tap (UCT) and works across hybrid and multi-cloud environments, including on-prem and virtual platforms. As a bonus, UCT with Precryption technology runs independent of the application, and doesn’t have to be baked into the application development life cycle.
Why Gigamon Precryption
GigaVUE Universal Cloud Tap with Precryption technology is a lightweight, friction-free solution that eliminates blind spots present in modern hybrid cloud infrastructure, providing East-West visibility into virtual, cloud, and container platforms. It delivers unobscured visibility into all encryption types including TLS 1.3, without managing and maintaining decryption keys. IT organizations can now manage compliance, keep private communications private, architect the necessary foundation for Zero Trust, and boost security tool effectiveness by a factor of 5x or more.
Key Features
The following are the key features of this technology:
Plain text visibility into communications with modern encryption (TLS 1.3, mTLS, and TLS 1.2 with Perfect Forward Secrecy). |
Plain text visibility into communications with legacy encryption (TLS 1.2 and earlier). |
Non intrusive traffic access without agents running inside container workloads. |
Elimination of expensive resource consumption associated with traditional traffic decryption. |
Elimination of key management required by traditional traffic decryption. |
Zero performance impact based on cipher type, strength, or version. |
Support across hybrid and multi-cloud environments, including on-prem, virtual, and container platforms. |
Keep private communications private across the network with plaintext threat activity delivered to security tools. |
Integration with Gigamon Deep Observability Pipeline for the full suite of optimization, transformation, and brokering capabilities. |
Key Benefits
The following are the key benefits of this technology:
Eliminate blind spots for encrypted East-West (lateral) and North-South communications, including traffic that may not cross firewalls. |
Monitor application communications with an independent approach that enhances development team velocity. |
Extend security tools’ visibility to all communications, regardless of encryption type. |
Achieve maximum traffic tapping efficiency across virtual environments. |
Leverage a 5–7x performance boost for security tools by consuming unencrypted data. |
Support a Zero Trust architecture founded on deep observability. |
Maintain privacy and compliance adherence associated with decrypted traffic management. |
How Gigamon Precryption Technology Works
This section explains about how Precryption technology works on single node and multiple node in the following sections:
Precryption Technology on Single Node |
Precryption Technology on Multi-Node |
Precryption Technology on Single Node
1. | When any application needs to encrypt a message, it uses an encryption library, such as OpenSSL, to perform the actual encryption. |
2. | GigaVUE Universal Cloud Tap (UCT), enabled with Precryption technology, gets a copy of this message before it’s encrypted on the network. |
3. | The encrypted message is sent to the receiving application, with unmodified encryption. No proxy, no re- encryption, no retransmissions. |
4. | GigaVUE UCT creates packet headers as needed, encapsulates in a tunnel, and forwards to GigaVUE V Series in the deep observability pipeline. Gigamon further optimizes, transforms, and delivers data to tools, without need for further decryption |
Precryption Technology on Multi-Node
1. | When any application needs to encrypt a message, it uses an encryption library, such as OpenSSL, to perform the actual encryption. |
2. | GigaVUE Universal Cloud Tap (UCT), enabled with Precryption, gets a copy of this message before it’s encrypted on the network. |
3. | Optionally, GigaVUE UCT enabled with Precryption can also acquire a copy of the message from the server end, after the decryption. |
4. | GigaVUE UCT creates packet headers as needed, encapsulates in a tunnel, and forwards to V Series in the deep observability pipeline where it is further enriched, transformed, and delivered to tools, without further decryption. |
Supported Platforms
VM environments: Precryption™ is supported on the following VM platforms where UCT-V is supported:
Platform Type | Platform | |||||||||
Public Cloud |
| |||||||||
Private Cloud |
|
Container environments: Precryption™ is supported on the following container platforms where UCT-C is supported:
Platform Type | Platform | ||||||
Public Cloud |
| ||||||
Private Cloud |
|
Prerequisites
Deployment Prerequisites
OpenSSL version 1.0.2, version 1.1.0, version 1.1.1, and version 3.x |
For GigaVUE-FM, to capture the statistics, you must add the port 5671 in the security group |
Port 9900 should be enabled in security group settings on the UCT-V controller to receive the statistics information from UCT-V agent |
For UCT-C, you must add the port 42042 and port 5671 in the security group |
License Prerequisite
Precryption™ requires SecureVUE Plus license. |
Supported Kernel Version
Precryption is supported for Kernel Version 5.4 and above for all Linux and Ubuntu Operating Systems. For the Kernel versions below 5.4, refer to the following table:
Kernel Version | Operating System |
4.18.0-193.el8.x86_64 | RHEL release 8.2 (Ootpa) |
4.18.0-240.el8.x86_64 | RHEL release 8.3 (Ootpa) |
4.18.0-305.76.1.el8_4.x86_64 | RHEL release 8.4 (Ootpa) |
4.18.0-348.12.2.el8_5.x86_64 | RHEL release 8.5 (Ootpa) |
4.18.0-372.9.1.el8.x86_64 | RHEL release 8.6 (Ootpa) |
4.18.0-423.el8.x86_64 | RHEL release 8.7 Beta (Ootpa) |
4.18.0-477.15.1.el8_8.x86_64 | RHEL release 8.8 (Ootpa) |
5.3.0-1024-kvm | ubuntu19.10 |
4.18.0-305.3.1 | Rocky Linux 8.4 |
4.18.0-348 | Rocky Linux 8.5 |
4.18.0-372.9.1 | Rocky Linux 8.6 |
4.18.0-425.10.1 | Rocky Linux 8.7 |
4.18.0-477.10.1 | Rocky Linux 8.8 |
4.18.0-80.el8.x86_64 | centos 8.2 |
4.18.0-240.1.1.el8_3.x86_64 | centos 8.3 |
4.18.0-305.3.1.el8_4.x86_64 | centos 8.4 |
4.18.0-408.el8.x86_64 | centos 8.5 |
Note
See the Configure Precryption in UCT-V section for details on how to enable Precryption™ in VM environments.
See the Configure in UCT-C section in the Universal Cloud TAP - Container Deployment Guide for details on how to enable Precryption™ in container environments.
See how Secure Tunnels feature can enable secure delivery of precrypted data.