Decrypt Perfect Forward Secrecy with F5 BIG-IP + ExtraHop

Decrypt Perfect Forward Secrecy with F5 BIG-IP and ExtraHop

November 15, 2018

Decrypt Perfect Forward Secrecy with F5 BIG-IP and ExtraHop

How F5 and ExtraHop work together for passive visibility

Earlier this year, the IETF finalized the TLS 1.3 specification which introduces performance enhancements as well as mandates perfect forward secrecy (PFS). This came as an unpleasant surprise to many enterprise IT organizations who need to passively decrypt and analyze network traffic for a variety of reasons, but they were too late to the party to change things.

ExtraHop's customers had already asked us to develop a solution for passively decrypting PFS traffic that wouldn't require an expensive man-in-the-middle appliance. That solution involves deploying a session key forwarding agent (we like to call it a "secret agent") on the customer-controlled servers that you want to analyze traffic to and from. An alternative is to use an F5 BIG-IP application delivery controller to extract those session keys and then forward them to the ExtraHop appliance.

Our friends at F5's DevCentral put together a lightboard video and blog post detailing how to implement this solution. Give it a watch!

Discover more

CybersecurityTechRevealXDecryption

Tyson Supasatit

Sr. Product Marketing Manager

Tyson helps to educate the IT Operations Management community about what is possible with real-time analysis of wire data. Prior to ExtraHop, Tyson worked as a technical marketing writer for Microsoft, Seagate, and the Association of Computing Machinery, where he wrote for and edited the TechNews e-mail newsletter from 2000 to 2005. You can find him on Twitter under @tsupasat.

Explore related articles

Secret, Secret, I've Got a Secret...

May 16, 2018

Now that PFS is required by TLS 1.3, what happens if you can't install session forwarding software? Don't worry! Check this guide to learn how to forward session keys from F5 Local Traffic Managers (LTM) to ExtraHop.

CybersecurityTechPerformanceDecryption

Read article

TLS 1.3: Will Your Network Monitoring Go Blind?

May 11, 2018

Learn how to maintain IT and security visibility with the required TLS 1.3 perfect forward secrecy encryption. Watch this webinar to learn more.

PerformanceCybersecurityTechRevealXTLS 1.3Decryption

Read article

Experience RevealX NDR for Yourself

Schedule a demo

What is NDR

RevealX Platform

Integrations

Deployment

Intrusion Detection System

Forensics

Integrations

Deployment

Forensics

Solutions

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution

Cloud Migration

Cloud Workload Monitoring

Network Forensics

Zero Trust

Multicloud & Hybrid Cloud Security

XDR Strategy

SOC Modernization

Digital Transformation

Financial Services

Education

Public Sector

Federal Civilian Agencies

Defense and Intelligence

State and Local Government

Customer Stories

News

Technology Partners

Channel Partners

Managed Service Providers

Service Credits

Resident Experts

Deployments

Customer Community

Technical Support

Education Services

Leadership Team

Careers

About

C-Level

Zero Trust

Company

Products

How-To

Security Threats

NPM

Ransomware

Zero Trust

Reports

Demos & Videos

Webinars

Briefs

At-a-glance

Papers & E-books

Datasheets

Events

Attack Types

Network Protocols

What is NDR

RevealX Platform

Integrations

Deployment

Intrusion Detection System

Forensics

Integrations

Deployment

Forensics

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security