<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
Skip to content

Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

3 Benefits of a TAP Fabric in OT Networks

Every week, I hear from industrial companies about their cybersecurity tools needing access to the data flowing through their OT networks.

In a previous post, I shared why companies are constantly looking to improve their OT network visibility. That article is a great foundation for this one. Here, we’ll dig into the benefits that come from using a TAP fabric, which is some combination of Network TAPs and Packet Brokers, in your OT environment.

Companies favor
TAPs over SPAN ports for OT traffic access because of these 3 primary benefits: 

  1. Guaranteed unidirectional traffic
  2. No impact on the production environment
  3. A recognized cost savings

Guarantee Unidirectional Traffic

Unidirectional, or one-way data flows, are often required in OT networks. These safeguard the network from external threats while also providing the out-of-band data necessary to monitor the network for cybersecurity purposes.

Many of Garland’s Network TAPs have built-in Data Diode functionality. This sends unidirectional copies of the traffic to out-of-band tools for monitoring purposes, without any effect on the link between the two network elements.

Since there is no physical connection between a Data Diode TAP’s monitoring and network ports, there’s no possibility of intrusion from the destination. These TAPs physically do not send traffic back onto the network, providing “no injection” TAP visibility for 10/100/1000M networks.

 

Garland-Dragos-Webinar-CTA


No Impact on Production

For industrial companies, it’s critically important to keep the manufacturing lines running, power plants generating power, water treatment facilities providing clean drinking water, etc. Anything that would impact production has serious consequences.

One benefit of using a TAP fabric is the lack of impact on production, which otherwise could be the biggest potential business disruptor. Since Network TAPs are typically passive and deployed out-of-band, they don’t have to be certified by whoever runs the plant, approved by whoever makes the control system decisions or endorsed by whoever certifies the changes to new hardware put in place. Customers are simply putting in a TAP, which is passive and out-of-band. It doesn’t have any impact on the live production network!

A TAP also improves an organization’s resiliency. Should a TAP go down for some reason, or if any of the devices connected to the TAP were to lose power, there wouldn’t be any impact on the organization's operations. But if a switch goes down, that does potentially impact operations.


Cost Savings

Many industrial environments are physically large, often geographically dispersed, and outdated in terms of IT infrastructure. If a company is looking to deploy cybersecurity tools to prevent threats, ransomware attacks, and breaches, there is often a struggle to gain access to the network traffic.

Legacy switching fabrics often lack the ability to configure SPAN ports, or they are running at capacity and there are no available ports to configure. Rather than upgrading the entire switching fabric and enduring the business cost of interrupting operations, organizations are finding another way.

Companies are adding a TAP fabric with passive network TAPs (sometimes also paired with smaller packet brokers) at each location. It is a much more cost-effective solution. A TAP fabric allows you to deploy cybersecurity tools today, while also providing permanent access for more tools in the future.


Want to learn more?

Watch our latest roundtable webinar with Dragos where we discuss tactics and strategies for strengthening your ICS/OT visibility.

 

Written by Neil Wilkins

Neil is a Systems Engineer at Garland Technology focusing on customer challenges with network visibility such as resilience, interoperability, and integration into data center topology. Wilkins is a seasoned network professional with 30 years of experience globally within the computing industry, in product marketing and technical support, for both the commercial and public sectors

Authors

Topics

Sign Up for Blog Updates