Network Visibility Products
Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Visibility Solutions
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Resources
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
Blog
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Company
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
Contact
Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!
3 Visibility Tips to Improve your Monitoring and Security Tools
Even though every environment is different — existing or legacy equipment and tools, deploying new equipment, growing speeds, and access options, many people face similar challenges in making their existing tools perform better and longer, while easily deploying and managing new tools.
I recently spoke with a customer whose team had run into latency issues on their VoIP transmissions. They were deploying a mix of Network and NetFlow Analyzers to their existing Network Performance Monitor (NPM) to monitor traffic, bandwidth, disk usage, IoT devices, and their cloud services.
They were running into a few challenges — their NPM tool was lower speed than their new analyzer tools and were trying to remedy oversubscription issues. They didn’t have it in their budget to upgrade the NPM. Their security team was using many of the available SPAN ports on key segments to monitor network threats, so they had an access retention issue. As well as a challenge we hear about all the time, that teams have limited to no access to packets in the cloud.
With budgets being squeezed, optimizing your visibility fabric has become a best practice to utilize your lower speed tools and help the performance of your existing tools. Visibility devices like network TAPs and packet brokers are a relatively smaller investment that can improve the ROI on the overall solution.
We wanted to share 3 tips to optimize your visibility fabric to ensure your monitoring and security deployments are seeing every bit, byte and packet to perform the way they are intended.
1. Visibility Improves Tool Performance
Monitoring tools thrive off the data they are given. We are all familiar with the phrase — you cannot protect or troubleshoot what you cannot see.
Proper data access or visibility is critical. Many times this is pushed to the last step in the deployment process. Some assume there is an available SPAN port that will power the analyzer, threat detection or performance monitoring tools being incorporated. Instead of an afterthought, don’t forget the base — visibility is the foundation of your solution.
As you may know, there are two basic visibility choices for delivering packet data to out-of-band tools. Either accessing that data directly from a switch-port analyzer (SPAN) or through a network TAP.
Network TAPs are purpose-built for visibility. That’s what they do. Widely considered best practice, TAPs offer important advantages over SPAN — they are more reliable, don’t impact the performance of the network device, and do not drop packets. But the bottom line is they provide complete packet visibility. Tools can’t function properly if they aren’t receiving all the physical layer errors, supporting jumbo frames, the complete header and payload that network TAPs provide.
Virtual environments are trying to catch up but the concept is the same. Your tools need that packet level data to ensure the latency and performance issues are not passed on to the end user experience. Luckily, tapping virtual environments are even easier to add than you may think.
Download: TAP vs SPAN [Free whitepaper]
2. Reduce the Traffic Burden On Your Tools
Oversubscribed tools are costing you money, either dropped packets are missing potential threats or by having to purchase more tools to compensate for the high traffic demands. Determining which data is needed comes into play here, allowing you to filter out the traffic you do not need to monitor or duplicated traffic that is burning unneeded processing power — allowing you to focus on high value traffic.
TAP Filtering
Filtering out irrelevant network traffic that tools don’t need to inspect is commonplace for network packet brokers. Did you know you can filter layers 2-4 from a TAP? The customer I was referring to earlier who was having VoIP latency issues installed filtering TAPs that copied only VoIP traffic directly to their monitoring tools. This cut down on additional processing and oversubscription issues they were experiencing to properly monitor.
This is also very useful in troubleshooting high bandwidth critical 1G or 10G links that may be running at 50-60% utilization. Just TAP into the link, and filter out what you don’t need. If you are incorporating network packet brokers (NPB), this further reduces ports usage, further extending the life of your NPB.
Deduplication
Adding a purpose-built deduplication solution reduces the processing load to security or monitoring tools by removing duplicate packets, and extends the life of the tools by reducing traffic volume which can typically make up over 50% of network traffic.
3. Optimizing Traffic Connectivity to Your Tools
Network TAPs and packet brokers have many advantages over SPAN as far as packet quality but there are even more network architecture options to help reduce complexity and provide the speeds and feeds your tools need to get the job done right.
TAP Regeneration
In certain network segments where network access or SPAN retention is an issue, network TAPs can create 1:3, and 1:5 copies of tapped traffic and 1:3, 1:4, 1:5, and 1:7 SPAN port copies to various tools. TAP regeneration allows you to extend your visibility reach.
TAP Aggregation
Similar to packet broker aggregation, consolidating on the TAP level can streamline smaller networks as well as feeding into a packet broker for even further traffic aggregation. Taking in 2:1, 4:1 TAP links and 8:1 SPAN aggregation links, reduces the ports needed on your monitoring tool or packet brokers.
Packet Broker Aggregation and Load Balancing
Feeding your TAP links into packet brokers for traffic aggregation and load balancing improves ROI by reducing administrative overhead, improving performance, while improving tool collaboration and data sharing, reducing the cost of the overall visibility solution by utilizing those lower speed tools.
Better Visibility and Optimization Improves MTTR and Troubleshooting
Now that you have instrumented the proper visibility fabric of TAPs and packet brokers, ensuring no dropped packets or blindspots. Optimized the speeds and feeds that are grooming the traffic for your monitoring and security tools. Now you are able to focus on what the initial goal is — securing and monitoring your network.
This improved visibility and higher tools performance leads to lowering mean time to resolution (MTTR) and Troubleshooting, enabling better:
- Awareness: Identify the fact that a problem exists in your network.
- Root-cause: Determine the underlying cause of the issue.
- Resolution: Carry out the necessary processes to solve the problem.
- Monitoring: Test to see if the problem is truly fixed and monitor for ongoing issues.
IT teams rely on tool performance to ensure the network is running properly through security and performance analytics, ultimately leading to a good end user experience. Scenario’s like our VoIP latency customer are all too common. So keeping in mind these 3 visibility tips will not only provide complete packet level data, leading to improved monitoring and security tool analytics, but also save budget through extended reach and usage of lower speed tools.
Looking to get more out of your existing tools, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
Written by Chris Bihary
Chris Bihary, CEO and Co-founder of Garland Technology, has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance and security through the integration of network TAP visibility.
Authors
Topics
- IT Security (200)
- Network TAPs (138)
- Network Monitoring (133)
- Hacks and Breaches (87)
- Network Management (79)
- Network Design (73)
- Industrial OT (70)
- Technology Partners (63)
- Network Infrastructure (57)
- Inline Security (49)
- TAPs vs SPAN (47)
- Network Packet Brokers (40)
- Data Center (37)
- Cloud Solutions (33)
- Software Defined Networking (SDN) (24)
- Events & News (21)
- The 101 Series (19)
- Federal (17)
- Cisco Solutions (16)
- Wireshark (14)
- DesignIT (13)
- Healthcare (11)
- MSP/MSSP (9)
- Palo Alto Networks (8)
- Finance (7)
- Troubleshooting (5)