We are working like crazy trying to get Trisul 3.0 out the door by mid-April. We are so excited by the advanced SSL/TLS analysis features in 3.0, we cant wait that long to share some details.
Here are the main ones.
Full text search
All certificates seen by Trisul are not only stored but they are full text indexed. We’ve built a powerful faceted searching to group by all supported attributes in the X.509 certificate format.
(Multilevel faceted FTS in action)
Until now SSL traffic has been somewhat of a black box, we could meter by Source/Destination but couldnt do much beyond that.
In 3.0, we’ve added some useful traffic meters.
- CA metering – sessions underwritten by CAs (1) as root (2) as intermediate
- SSL metering – how much Facebook/Dropbox/Gmail/Whatnot traffic
- Cipher – how much traffic by ciphersuite (eg how much traffic by RC4/AES)
Bulk search for hashes
The Mandiant APT-1 report really got us thinking hard about making searches for certificate hashes easy. The current method which involves sifting through packets, was too slow. With Trisul 3.0 you can just copy/paste a list of cert hashes to search for matches instantaneously
And we will also have a brand new UI with dramatically enhanced drill/pivot abilities.
In the coming days, we will explain and document more of these features. Stay tuned !