Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

3 Visibility Tips to Improve your Monitoring and Security Tools

We have been speaking with more and more IT teams looking to stretch their budgets to meet tomorrow’s monitoring and security challenges. Speed and network complexity are outpacing tools they bought as recently as 5 years ago. On top of that, more security and performance tools are being added to analyze various segments of the network.

Even though every environment is different — existing or legacy equipment and tools, deploying new equipment, growing speeds, and access options, many people face similar challenges in making their existing tools perform better and longer, while easily deploying and managing new tools.

I recently spoke with a customer whose team had run into latency issues on their VoIP transmissions. They were deploying a mix of Network and NetFlow Analyzers to their existing Network Performance Monitor (NPM) to monitor traffic, bandwidth, disk usage, IoT devices, and their cloud services. 

They were running into a few challenges — their NPM tool was lower speed than their new analyzer tools and were trying to remedy oversubscription issues. They didn’t have it in their budget to upgrade the NPM. Their security team was using many of the available SPAN ports on key segments to monitor network threats, so they had an access retention issue. As well as a challenge we hear about all the time, that teams have limited to no access to packets in the cloud.

With budgets being squeezed, optimizing your visibility fabric has become a best practice to utilize your lower speed tools and help the performance of your existing tools. Visibility devices like network TAPs and packet brokers are a relatively smaller investment that can improve the ROI on the overall solution.

We wanted to share 3 tips to optimize your visibility fabric to ensure your monitoring and security deployments are seeing every bit, byte and packet to perform the way they are intended.

1. Visibility Improves Tool Performance

Monitoring tools thrive off the data they are given. We are all familiar with the phrase — you cannot protect or troubleshoot what you cannot see. 

Proper data access or visibility is critical. Many times this is pushed to the last step in the deployment process. Some assume there is an available SPAN port that will power the analyzer, threat detection or performance monitoring tools being incorporated. Instead of an afterthought, don’t forget the base — visibility is the foundation of your solution.

As you may know, there are two basic visibility choices for delivering packet data to out-of-band tools. Either accessing that data directly from a switch-port analyzer (SPAN) or through a network TAP. 

Network TAPs are purpose-built for visibility. That’s what they do. Widely considered best practice, TAPs offer important advantages over SPAN — they are more reliable, don’t impact the performance of the network device, and do not drop packets. But the bottom line is they provide complete packet visibility. Tools can’t function properly if they aren’t receiving all the physical layer errors, supporting jumbo frames, the complete header and payload that network TAPs provide.

Virtual environments are trying to catch up but the concept is the same. Your tools need that packet level data to ensure the latency and performance issues are not passed on to the end user experience. Luckily, tapping virtual environments are even easier to add than you may think.

Download: TAP vs SPAN [Free whitepaper]

2. Reduce the Traffic Burden On Your Tools

Oversubscribed tools are costing you money, either dropped packets are missing potential threats or by having to purchase more tools to compensate for the high traffic demands. Determining which data is needed comes into play here, allowing you to filter out the traffic you do not need to monitor or duplicated traffic that is burning unneeded processing power — allowing you to focus on high value traffic.

TAP Filtering

Filtering out irrelevant network traffic that tools don’t need to inspect is commonplace for network packet brokers. Did you know you can filter layers 2-4 from a TAP? The customer I was referring to earlier who was having VoIP latency issues installed filtering TAPs that copied only VoIP traffic directly to their monitoring tools. This cut down on additional processing and oversubscription issues they were experiencing to properly monitor.

FilterTap-Usecase
This is also very useful in troubleshooting high bandwidth critical 1G or 10G links that may be running at 50-60% utilization. Just TAP into the link, and filter out what you don’t need. If you are incorporating network packet brokers (NPB), this further reduces ports usage, further extending the life of your NPB.

Deduplication

Adding a purpose-built deduplication solution reduces the processing load to security or monitoring tools by removing duplicate packets, and extends the life of the tools by reducing traffic volume which can typically make up over 50% of network traffic.

Deduplication

3. Optimizing Traffic Connectivity to Your Tools

Network TAPs and packet brokers have many advantages over SPAN as far as packet quality but there are even more network architecture options to help reduce complexity and provide the speeds and feeds your tools need to get the job done right.

TAP Regeneration

In certain network segments where network access or SPAN retention is an issue, network TAPs can create 1:3, and 1:5 copies of tapped traffic and 1:3, 1:4, 1:5, and 1:7 SPAN port copies to various tools. TAP regeneration allows you to extend your visibility reach.

Modes-SPANRegen1-1

TAP Aggregation

Similar to packet broker aggregation, consolidating on the TAP level can streamline smaller networks as well as feeding into a packet broker for even further traffic aggregation. Taking in 2:1, 4:1 TAP links and 8:1 SPAN aggregation links, reduces the ports needed on your monitoring tool or packet brokers.

Modes-Aggregation2

Packet Broker Aggregation and Load Balancing

Feeding your TAP links into packet brokers for traffic aggregation and load balancing improves ROI by reducing administrative overhead, improving performance, while improving tool collaboration and data sharing, reducing the cost of the overall visibility solution by utilizing those lower speed tools.

TAP to AGG -SIEM-Analayzer2
Better Visibility and Optimization Improves MTTR and Troubleshooting

Now that you have instrumented the proper visibility fabric of TAPs and packet brokers, ensuring no dropped packets or blindspots. Optimized the speeds and feeds that are grooming the traffic for your monitoring and security tools. Now you are able to focus on what the initial goal is — securing and monitoring your network.

This improved visibility and higher tools performance leads to lowering mean time to resolution (MTTR) and Troubleshooting, enabling better:

  • Awareness: Identify the fact that a problem exists in your network.
  • Root-cause: Determine the underlying cause of the issue.
  • Resolution: Carry out the necessary processes to solve the problem.
  • Monitoring: Test to see if the problem is truly fixed and monitor for ongoing issues.

IT teams rely on tool performance to ensure the network is running properly through security and performance analytics, ultimately leading to a good end user experience. Scenario’s like our VoIP latency customer are all too common. So keeping in mind these 3 visibility tips will not only provide complete packet level data, leading to improved monitoring and security tool analytics, but also save budget through extended reach and usage of lower speed tools.

Looking to get more out of your existing tools, but not sure where to start?  Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.

TAP versus SPAN, ways to improve your tool performance and data quality

Written by Chris Bihary

Chris Bihary has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance through the integration of network test access points. Previously, Bihary was Managing Partner at Network Critical.