TAP into Technology | Garland Technology Blog

Fewer Surprises Make Better Deployments

Written by Jason Drewniak | 12/21/22 8:18 PM

I remember it clearly. Christmas 1982. I was 6 years old. I wanted only one gift from my parents that year: Masters of the Universe Castle Grayskull

As the big day grew closer, I knew exactly what was in that large box under the tree. I just knew it. It was the precise shape, size, and weight of the Castle Grayskull box.

Finally, Christmas morning came.

Tearing off the wrapping paper with the fury of Battle Cat’s roar, I was dismayed to find the exact opposite of Castle Grayskull.

That day, I became the unexcited owner of a new winter coat (the one with the furry hood that makes your neck itch nonstop). Sadly, the famous fortress on Eternia remained just a wish.

But, a winter coat wasn’t what I wanted. I wanted the most famous playset of all time! I spent the next couple of weeks disappointed. Even depressed.

Disappointment is tough, whether you're 6 or 60.

When managing an IT network, surprises are the last thing you want, especially when deploying a new IDS, SIEM, NDR, Lawful Intercept, or DLP on your network.

Tons of time and resources are invested into identifying and reviewing options before purchase. So when deployment goes awry, you’re left wondering, “why am I not getting what I wanted?”

Network switches are a common source of surprises.

If you’re using a SPAN port on a network switch to create and send copies of network data to your IDS, SIEM, or NDR, you may be in for a surprise ... just like I was in 1982.

Mirroring packets off a SPAN port can quickly turn a deployment into a disappointment. As the big day grows closer, you may uncover one of these scenarios:

  1. The existing switch is unmanaged.
  2. The existing switch is already configured and re-configuring it is not an option.
  3. The switch selected for the project is on back-order because of supply chain issues.

All three will delay an installation - some longer than others. We’ve heard horror stories about new deployments with switches on backorder for 6 months!

Even if existing switches are available or new ones are in stock and ready to ship, there’s a laundry list of issues with relying on SPAN ports to feed your tools:

  • They don’t receive all of the data - specifically jumbo frames and packets with errors.
  • They can cause network delays, latency, and timing issues.
  • They can alter the time relationships of frames, spacing, and response times.
  • They’re not court-approved for CALEA and lawful intercept cases.
  • Managed switches have an IP address, which makes them a potential point of vulnerability.

Network TAPs are a more reliable way to connect tools to an IT network. They can quickly get an installation back on track and help avoid disappointed stakeholders.

What is a TAP?

A TAP is a physical device that sits between two other network appliances (like a switch and router). Traffic flows full speed through the TAP while the device simultaneously copies the packets and sends the duplicates off to security and monitoring tools for further inspection.

Still shopping for a stocking stuffer?

Our ultra-portable Field TAP is about the same size as a deck of playing cards. We also offer larger TAPs (and packet brokers) that fit perfectly under Christmas trees, beneath Hanukkah bushes, and neatly within server racks.

Don’t disappoint your engineers this year with another well-intended winter coat.😀
View full post