How Bypass TAP Filtering Can Improve Inline Cybersecurity Tools

When architecting inline security tools like IPS, WAF, and Firewalls into your network, incorporating network bypass technology is a fundamental best practice to avoid costly network downtime. Simply put, a Bypass TAP, also referred to as a ‘bypass switch’, provides the ability to manage the availability of your inline tools any time without having to take down the network or impact business availability for maintenance or upgrades.

According to a recent Imperva report, DDoS Attacks in the Time of COVID “Network DDoS traffic volumes increased by 24% with attack duration rising by 21%.” These attacks also saw the number of specific ‘DDoS packets’ grow by 41%. The same time period saw application DDoS attacks grow by 79%, meaning these attacks have almost doubled in intensity during the pandemic period.

How are IT security teams battling the rising attacks on a network and the overwhelming amount of traffic security tools must process to properly protect the network? Some advanced inline bypass packet broker solutions like the EdgeLens^® from Garland Technology have filtering capabilities to tackle this issue. But for external bypass architectures, Bypass TAPs like Garland’s EdgeSafe now provide advanced filtering capabilities to allow engineers to focus on specific data streams to actively block with their inline tools – reducing the traffic burden.

How Filtering Bypass TAPs Improves Inline Tool Performance

One of our customers had a specific use case that standard bypass TAPs or switches in the industry could not accomplish – filtering the traffic that needed to be monitored. A Bypass TAP is placed in a network segment, between a router and switch on a critical link at the edge of the network connecting the inline tools that need to protect the network. The Bypass TAP is used to manage the availability of the inline security tools, ensuring they are functioning 24/7/365 and ensuring network uptime in the event there is a tool failure.

This exclusive filtering capability from Garland Technology, allows SecOp teams to easily manage the availability of inline security tools while only passing filtered traffic, like specific IP addresses, to actively secure only what you want to see.

Another use case for this feature is to relieve the processing burden for an inline tool. Instead of relying on a decryption tool to filter traffic and decrypt and encrypt traffic, only send specific encrypted traffic to be inspected using a filtering Bypass TAP.

HOW IT WORKS

1. 1. Blue, orange, yellow, green and purple traffic Ingress in Network Port 1 from the network
   2. A filter is created to pass the orange and green traffic to the inline tool through monitor port 3
   3. The blue, yellow and purple traffic is passed on to network port 2 and egressed, without going through the inline tool
   4. Pink and magenta traffic Ingress in network port 2 from the network
   5. A filter is created to pass the pink traffic to the inline tool through monitor port 4
   6. The magenta traffic is passed to network port 1 and egressed, without going through the inline tool
   7. Heartbeat packets (darker pink) are passed between port 3 and port 4 and the inline tool to check the connectivity health of the tool

Result: The inline tool is actively monitoring the orange and green traffic from port 1 and the pink from port 2

The EdgeSafe Bypass allows you to not only manage and filter the availability of inline tools as a Bypass TAP but also provides the ability as a Network TAP to tap full-duplex links (e.g., between a router and switch) and send filtered traffic to out-of-band listen-only monitoring tools. Only send what you want to see.

HOW IT WORKS

1. Blue, orange, and green traffic Ingress in Network Port 1 from the network
2. A filter is created to pass a copy of the orange traffic to the monitor tool through Monitor Port 3 and Port 4
3. The blue, orange, and green traffic is passed to Network Port 2 and egressed, without blue and green traffic going to the tool
4. Pink and magenta traffic Ingress in Network Port 2 from the network
5. A filter is created to pass a copy of the pink traffic to the monitor tool through Port 4
6. The pink and magenta traffic is passed to Network Port 1 and egressed, without magenta going to the tool

Result (7): The out-of-band tool is monitoring the orange traffic from Port 1 and the pink traffic from Port 2

Garland Technology’s industry-leading Bypass product line has a solution for any environment. EdgeSafe^TM Bypass TAPs from 1G to 100G and the innovative EdgeLens^® hybrid inline packet brokers combine the resiliency and reliability of a bypass tap with the functionality of a packet broker with advanced filtering, out-of-band tools and provide High Availability [HA] architecture from one device. All designed to simplify the modern security stack.

As security threats and traffic continue to grow, inline security tools will rely on external Bypass TAPs to reduce downtime by ensuring their availability. Now with bypass filtering from Garland Technology, reducing the processing burden and improving the lives of those tools, just got better.

Looking to add a bypass solution to your inline security tool deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.