Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Stop Misusing SPAN Ports Or Risk Losing Network Traffic Data

With today’s compliance landscape and your requirements as a business, you can’t afford to have any holes in your network design. Whether you’re leveraging SPAN ports or network TAPs, it’s critical that your monitoring and security tools and applications are able to completely capture your network traffic data.

Network engineers and managers alike need to think critically about the limitations of conventional data-access methods as well as the use of SPAN technology and port mirroring. 

Downsides of the SPAN Port

It’s not that a SPAN port has no use in the design of a network. There are certainly situations and environments in which port mirroring works great and gets the job done. But, given that managed switches are an integral part of any network infrastructure, you must understand the limitations of these devices. Be incredibly careful not to introduce a point of a failure on the network, or should the network go down, the security and analysis applications you’ve invested heavily in will no longer be capable of doing their jobs. In these moments when intrusion detection and prevention systems are down, you’re leaving your network open to a data breach.

In addition, overused SPAN ports tend to drop frames because LAN switches are designed to groom data (from adding delays to changing timing), extract bad frames, and ignore all layer one and two information. 

"The switch treats SPAN data with a lower priority than to-port data...the best strategy is to make decisions based on the traffic levels of the configuration and when in doubt to use the SPAN port only for relatively low-throughput situations." -Cisco

The way in which SPAN ports are typically implemented makes them incapable of handling FDX monitoring and analysis of VLAN. Understanding what you are able to monitor is essential to designing a successful network.

The potentially limited network visibility of a SPAN and its lack of security in transporting monitored traffic through your network could be a risk to your business from a Data Security Compliance perspective. In a court of law, these shortcomings may be identified as impermissible flaws, leading to costly fines.

Download: TAP vs SPAN [Free whitepaper]

Ensure Complete Network Traffic Copies with TAPs

When implemented properly and used in an environment in which it will never oversubscribe, a SPAN port is a resourceful network device. But, as 10-Gigabit environments become more common, the SPAN simply won’t suffice. Ensuring complete network visibility requires the use of a network TAP.

A TAP is completely passive, does not drop packets – regardless of bandwidth – and doesn’t have setup or command-line issues, thereby ensuring complete copies of your network traffic. TAPs also don’t cause any distortion, even on FDX and full-bandwidth networks. As for your network security, network TAPs cannot be hacked by intruders, as they are not addressable devices.

So, stop choosing to use SPAN ports simply because it’s been a common practice, and start considering a device that ensures the function of your in-line appliances and keeps your network safe.

Looking to add a visibility solution to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

TAP versus SPAN, ways to improve your tool performance and data quality

Written by Chris Bihary

Chris Bihary has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance through the integration of network test access points. Previously, Bihary was Managing Partner at Network Critical.