In every draft – whether it's fantasy or pro – the first pick is the most important. Often, it’s the foundation upon which the entire rest of the team is built.
The same can be said for your security defense team. Firewalls, intrusion detection systems, web application filtering equipment, and other security appliances are all power players, but they need a strong foundation to function properly. That’s why a purpose-built network TAP should always be your first pick. Take a moment to review the stats and I’m sure you’ll agree too.
In short, a network TAP (Test Access Point) is a purpose-built hardware solution that is installed between two ends of a network. Live traffic flows through it without interruption, but it also sends a complete copy of that traffic out to an external monitoring port. Because network TAPs do not actively interfere with that traffic, they provide a clean stream of data that can be sent to any and all security appliances for analysis. They are the foundational element of best practice network design scenarios for security solutions.
Once installed, network TAPs provide your current firewalls with a stronger, more robust connection to the network. More importantly, when administrators need to add another appliance or upgrade equipment, the network connection is already available. They don’t have to go through the whole network design phase again or worse, connect to an inferior data collection point such as a SPAN (mirror) port or network element interface. Security administrators can just plug the new player into the network TAP port and automatically adhere to best practice network design principles from the start.
To gain full visibility into potentially harmful activity, administrators really need information from multiple points in the network. Being able to compare activity in front of our behind a firewall or before and after it hits a webserver is critical for both preventive and forensic security applications. Only a network TAP can provide session aware traffic data from multiple points for analysis.
With a bypass TAP, administrators can quickly and easily move individual appliances from Inline to out-of-band status. Now they can update and maintain appliances without network disruption. And, administrators can quickly troubleshoot problems and determine when and where firewalls are effecting traffic flows and impacting other applications.
Today’s cyber criminals often go after firewalls and other security solutions once they have gained a foothold into an organization, and start tampering with the systems to make it seem as if all is well. And then they can wreak havoc without alerting administrators. Because network TAPs are external, hardware only devices with no IP addresses, a hacker cannot access them remotely. He or she would have to physically go to its place of installation to tamper with it. And, a network TAP ensures that an enterprise will always have a clean source of information to review which will speed forensic analysis in the event a breach does occur.
If you still remain unconvinced, consider this last stat. Adding a network TAP to a typical next-gen firewall deployment project only adds about 5-10% to the total budget. Who’s your starter now?
[Ready to score with network TAPs? Download Garland's whitepaper today to discover network connectivity best practices and engineering end-to-end visibility.]