What's New in the NetSec Platform
TLS 1.3 and Pub/Sub Support for Traffic Replication
Table of Contents
TLS 1.3 and Pub/Sub Support for Traffic Replication
Prisma® Access supports Pub/Sub notifications and TLSv1.3 decryption to improve how
you manage traffic replication.
If you use Traffic Replication, Prisma® Access can
minimize the challenges you encounter when you deploy third-party tools to deploy
and use it:
- Tools that consume the packet capture (PCAP) files require frequent queries of the buckets to cope with a large number of PCAP files. The tools might create overhead on the buckets and their use might be limited by the cloud providers.
- When using the PCAP files for forensic analysis, accessing SSL decrypted traffic provides better efficacy. A significant amount of the traffic is TLS 1.3 encrypted and requires decryption.
To solve these challenges, Prisma Access offers these enhancements for efficiency and
scalability:
- Pub/Sub Notifications—Prisma Access proactively sends a publisher and subscriber (Pub/Sub) notification when the storage bucket receives a new PCAP file. Using Pub/Sub notifications for new PCAP files eliminates the need to develop tools that notify you when there are new files in the buckets.
- TLS 1.3 Decryption Support—Prisma Access uses TLSv1.3 to decrypt PCAP files, which provides deeper visibility into your network traffic. However, this support applies only to remote network deployments where you have enabled the use of SSL/TLS decryption policy rules on PCAP files.
