.png?width=40&height=40&name=search%201%20(1).png){kind=small}
Why do I need TAPs? That's a question I hear a lot from the network and security teams I frequently talk to. Either there isn’t familiarity with TAPs or they may think there isn’t an application that makes sense for them.
We’ll I’m here to tell you that there is an application for Network TAPs for pretty much every network. Even if you have low utilization on your SPAN port, industry best practice is you should use a network TAP as the foundation of your visibility for today and for the future. The 6 most popular applications for TAPs we see from customers are:
Using a Network TAP, or test access point, provides complete visibility into your network, allowing you to see every packet of data flowing into and out of your network. With a visibility point in your network, you can analyze e-commerce and web server traffic, VoIP and real-time communication applications, and gain the insights you need to optimize network performance, among others.
With a Bypass TAP, you avoid network downtime as the TAP’s only functionality is to provide copies of traffic to the active, inline device. Because of the heartbeat packets included in Bypass TAPs, if you have any issues with your tools, you can easily take that active, inline device offline for testing, updates, and changes while the live network data still flows. A switch on the other hand has to focus on it's "production network" while combating anomalies like DDoS attacks, so if there is an issue with an inline device like a NGFW, you would have to take the network down.
With today’s upgraded networks, I’m starting to see 40G and 100G networks a lot more. The question that comes next is, what do you do with all of your old monitoring tools that were running at 10G? Rather than purchasing updated tools for these new network speeds, which can be very expensive or even unavailable on today’s market, utilizing network TAPs plus a purpose built packet broker at the access layer allows for any-to-any configuration of network speeds.
In the case that you need to prove evidentiary chain of custody for a court case, a Network TAP must be used to prove that no packets were dropped during the lawful intercept process. Network TAPs are CALEA approved because they ensure all data arrives at the monitoring or analyzer tool, and that it wasn’t hacked. SPAN ports can’t say that.
What happens when you have multiple monitoring devices you want to use to analyze your network? With an aggregator TAP, 100% full duplex traffic is captured in both directions from your network and sent out of 2 monitoring ports, so you can send your traffic from that point in your network to Wireshark AND an APM. More tools than that? No problem, we’ll just use a 1U/2U chassis populated with as many TAPs as you need to get the job done.
There are situations where the use of a SPAN Mirror Port on a Switch is needed to connect an out-of-band tool or sensor to the IT or OT network. In this instance, it is a best practice to use a Hardware Data Diode between the SPAN Mirror Port and the out-of-band tool or sensor. The Hardware Data Diode will pass copies of network traffic from the SPAN Mirror Port to the out-of-band tool or sensor and, most importantly, eliminate bidirectional traffic flow so no data is passed back into the Switch Mirror port from the tool or sensor.
Looking to add Network TAPs to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!
