The decision to use Network TAPs instead of relying on SPAN (mirror) ports can be the simplest, yet most important decision that must be answered for any network monitoring or security project. Case in point. The US Military knows the value Network TAPs provide, and that when it comes down to ensuring the effectiveness of a mission, TAPs are a must.
The Problem with SPAN Ports
The US Army regularly participates in the Department of Defense’s War Fighter, an information technology exercise testing the command center’s ability to execute mission command and mission control tactical communications between units in the field.
During setup for a recent exercise, the team ran into immediate issues with their sniffers due to packet loss. This can be attributed to using the SPAN ports on the switches as the access method for the sniffer. The packet loss was due to configuration issues, which lead to the port being rendered permanently inoperable, and even caused the entire division’s headquarters building to go down. When it comes down to it, packets matter. Without having a complete copy of the packets, no matter what monitoring tools you’re using, it’s impossible to perform an accurate analysis of the project at hand.
Using Network TAPs in the Field
It was these issues with the SPAN ports that led the 82nd Airborne Division to look for an alternative access method for their sniffers. After some initial research, they found that Network TAPs were the superior option when it comes to capturing network traffic. By using a TAP instead of a SPAN port, issues with packet loss and network downtime, that hindered the cyber security analysts ability to do their job, were eliminated.
The cyber security team was in communication with another Army division who recommended Garland TAPs, and lent the 82nd Airborne Division one of theirs for the exercise. And after additional research, the team was overnighted additional TAPs necessary to help complete the exercise. By selecting Garland Technology as the TAP provider for this exercise, the team was guaranteed 100% wire data for packet capture, which was the foundation for the entire communication exercise.
The Monitoring Solution: Garland TAPs + SecurityOnion + McAfee + Palo Alto Networks
The 82nd Airborne Division used Garland Technology XtraTAPs during the DoD’s War Fighter to feed wire data to SecurityOnion’s sniffing interface to capture the traffic. Logs for the routers, switches, and anything else within the network infrastructure, was forwarded to a McAfee Enterprise Security Manager, ESM, which provided alerts if anything beyond the Palo Alto NGFW should be analyzed for any reason.
[Want to learn more about the benefits a Network TAP can provide instead of SPAN ports for your monitoring solutions? Download our whitepaper: TAP vs SPAN: Real Network Visualization Considerations for Professionals today!]
Garland is engineered, designed, made in America. With anything these days, especially with technology, you have to be fairly careful what you buy.” -Cybersecurity Chief, 82nd Airborne Division