Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

The Role of Bypass Solutions in a Network Visibility Fabric

Posted by Jeff Warner | 4/4/19 8:00 AM

Designing complete network visibility solutions takes more than just Network TAPs and Network Packet Brokers at key points in the access and aggregation layers of the network. With network security being more important than ever before, today’s network visibility fabrics also must supply traffic to inline security tools such as a next-gen firewall, WAF, or IPS to protect critical parts of the network.


In order to get production network traffic to inline security tools, the network visibility fabric must make use of bypass technology. Unlike SPAN ports, Bypass TAPs provide complete network visibility by passing all live wire data to the active, inline security tools, while monitoring the health of the appliance. According to the researchers at EMA, inline security tools are the most popular analysis tool connected to a visibility fabric. 55% of enterprises have firewalls connected to their fabrics, 50% have WAFs connected, and 50% also have data loss prevention systems (DLP) connected to their network visibility fabrics.


Read EMA's Best Practices for Building A Network Visibility Fabric!


Depending on the network size and design, there are two different methods to using bypass technology as part of the network visibility fabric: at the access layer in bypass TAPs or at the aggregation/core layer by using hybrid NPBs with inline capabilities.

Using Bypass TAPs at the Access Layer

The Bypass TAP was specifically designed to resolve the problem of an inline security appliance introducing a point of failure in the network. By placing the Bypass TAP inline, traffic flows to the security tool where it can be inspected and acted on if necessary. Once the security tools have inspected the data, allowable traffic then flows back through the bypass TAPs before returning to the production network. If your security tool goes off-line for any reason, the bypass TAP, like Garland Technology’s EdgeSafe™: Bypass TAPs automatically switches to bypass mode, keeping your network link up while you resolve the issue.

Hybrid NPB with Inline Capabilities

Networks with higher speeds or more links at the aggregation or core layers can make use of hybrid Network Packet Brokers with inline capabilities, like Garland Technology’s EdgeLens® for complete management of the edge of the network. A benefit to using the hybrid NPB approach is that the same traffic that’s being sent through the inline security tools, can also be sent to out-of-band monitoring tools for analysis via the additional ports on the hybrid NPB.

While failure of the tools and appliances in a network visibility fabric is something that you want to minimize the risk of actually happening; when you’re talking about the bypass technology either in bypass TAPs, bypass switches, or hybrid NPBs, reliable functionality is critical. The use of these tools in your network visibility fabric does inherently create a point of failure, since they are inline, rather than out-of-band. If the security tool fails for any reason, traffic must be able to continue flowing, unless corporate security policies prevent traffic to pass uninspected. In some network visibility fabrics, a bypass device may be configured in a high availability scenario, where traffic is forwarded to an alternative security system if the primary solution fails, creating additional redundancy and ensuring that your network protected at all times.

[If you’re interested in learning more about the principles behind a well-designed network visibility fabric, download Garland’s latest whitepaper from the analysts at EMA: Best Practices for Building a Network Visibility Fabric.]

Topics: Network Infrastructure, Network Design, In Band Security Appliances, Network Packet Brokers/Advanced Aggregators

Written by Jeff Warner

With over 20 years experience selling IT and Security Solutions, Jeff has a strong understanding of the needs of enterprise networks, and works to support customers in developing a complete network visibility fabric.