TLS 1.3 and Pub/Sub Support for Traffic Replication
Prisma® Access supports Pub/Sub notifications and TLSv1.3 decryption to improve how
you manage traffic replication.
If you use Traffic Replication, Prisma® Access can
minimize the challenges you encounter when you deploy third-party tools to deploy
and use it:
Tools that consume the packet capture (PCAP) files require frequent queries
of the buckets to cope with a large number of PCAP files. The tools might
create overhead on the buckets and their use might be limited by the cloud
providers.
When using the PCAP files for forensic analysis, accessing SSL decrypted
traffic provides better efficacy. A significant amount of the traffic is TLS
1.3 encrypted and requires decryption.
To solve these challenges, Prisma Access offers these enhancements for efficiency and
scalability:
Pub/Sub Notifications—Prisma Access proactively sends a publisher and
subscriber (Pub/Sub) notification when the storage bucket receives a new PCAP
file. Using Pub/Sub notifications for new PCAP files eliminates the need to
develop tools that notify you when there are new files in the buckets.
TLS 1.3 Decryption Support—Prisma Access uses TLSv1.3 to decrypt PCAP
files, which provides deeper visibility into your network traffic. However, this
support applies only to remote network deployments where you have enabled the
use of SSL/TLS decryption policy rules on PCAP files.