Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
Bricata and Garland recently announced a partnership to deliver a joint solution that accelerates network threat detection and response. We recently spoke with Andre Ludwig, Chief Product Officer of Bricata about the solution.
The partnership allows customers to get full-spectrum network visibility and quickly detect more threats than they could before. Garland Technology captures and filters 100% of the customer’s network traffic and efficiently delivers it to Bricata sensors. Bricata enables customers to answer simple and complex questions about the data for faster threat detection and more robust threat hunting. Overall, the partnership eliminates network blind spots and reduces security risks.
First and foremost, they need visibility into their on-premises and cloud-based network traffic. This means being able to easily capture data and quickly transform it into useful information for immediate analysis and investigation. Security teams need to have a complete understanding of their network architecture and business processes to ensure all of their critical traffic is captured. As data is captured, it needs to be instantly contextualized, enriched, and analyzed, so threats can be rapidly detected and stopped.
In the past, most of the emphasis has been on keeping enterprise boundaries secure by monitoring north-south, or ingress-egress, traffic. Obviously, this is important, but it isn’t foolproof. Every organization will have some bad actors gain access to their network, which is when east-west traffic visibility becomes critical. East-west traffic data helps identify attackers who are moving laterally and accessing key resources and capabilities.
Organizations that are still funneling remote traffic over a virtual private network (VPN) need to inspect all of the traffic into and out of the VPN. This includes north-south and east-west traffic. Many enterprises weren’t doing this before, even though they should have been, but it is even more critical now. Most of the activities of remote workers aren’t easily visible like they were when workers were accessing data over their corporate network. Monitoring east-west traffic of remote workers is critical to ensuring today’s networks are protected.
They should be able to analyze and enrich data in real-time or near real-time as it is generated. That’s why robust traffic distribution and mirroring capabilities are needed. But, it’s not just about rapid access to information. It’s also about the types of information available for review and how that information helps you get to a conclusion. In other words, can you validate or invalidate information when it is given to you in an alert? And, once you’ve seen the supporting data, how easily does it help inform your next set of actions?
Incident response teams require extensive context and understanding. They need to not only understand the ins and outs of their network and the business their company is engaged in but, more importantly, they also need systems and platforms in place to provide a range of data and insights. Ideally, teams should be able to access everything from high-level analytics, summaries and aggregations to raw PCAP data and in-depth metadata. When comprehensive context and data are readily available, teams can easily answer important questions and more effectively respond to threats.
Bricata instruments and produces metadata from all of the raw network data Garland provides. The platform automatically performs Suricata-based signature analytics, Zeek-based behavioral analytics, file carving, ML-based malware detection, and other analytics on the metadata and raw data to identify known attacks and anomalous behavior. End users can then perform further investigation and exploration by interrogating and reviewing all of the full spectrum high-fidelity and low-fidelity data from within a single pane of glass.
Garland allows you to easily capture and distribute higher volumes of east-west traffic. Since Bricata sensors are software-based and licensed based on volume, instead of per sensor, they can be quickly and cost-effectively deployed as needed to instrument, enrich and analyze the traffic Garland provides. The combination of Garland and Bricata allows organizations to eliminate network blind spots and deliver full-spectrum network visibility.
Looking to add a visibility and threat detection solution? Learn more about the Garland Technology and Bricata Joint Solution.
Andre is chief product officer at Bricata where he leads strategic direction and development of the company’s network security platform. He has spent more than 20 years working in cybersecurity technical roles and over 10 years in executive positions in product management and development. Previously Andre founded and ran Capital One’s Cyber Security ML practice (CyberML) and served as CEO of the Honeynet Project and CTO of the Global Cyber Alliance.