In my six years of exhibiting at the it-sa IT Security Messe and Kongress in Nuremberg, Germany I’ve seen notable changes and significant growth of both the Expo and the trade visitors.
This year the topics on everyone’s minds were identification and prevention of DDoS attacks, Malware and Ransomware as well as all matters about Cyber Security.
Do you know what's going on in your network?
This was our ‘hook’ to captivate and engage the visitors passing our shared booth with my company, NEOX Networks, and our two partners Savvius and Garland Technology. We also offered a complete network monitoring solution.
This year it-sa had a 10% growth rate of booth exhibitors and trade visitors. Trade visitors exceeded 10,000 and new companies that wanted to exhibit this year were not able to secure space. However in 2017, the show staffers are planning for expansion since the role of IT security will only increase in this era of cyber attacks.
We provided visitors a complete picture of network visibility by featuring a demonstration of Savvius’ Omnipeek deployed with Garland’s network TAPs and packet brokers. In this demo, we showcased how Omnipeek’s analysis and forensics tool allows security professionals to monitor their network for threats and anomalies. However, Omnipeek needs all the packets in order to provide complete network visibility - this is where Garland’s network TAPs and packet brokers come into the solution by providing 100% packet capture.
“You cannot compromise on packet capture when you are striving to attain network security. It is a short sighted statement to say that a SPAN port can do the same thing as a TAP. It has been proven by many experts and labs that SPAN/switch ports result in packet loss. This is a reality, not a what-if.” explains Chris Bihary, CEO/Co-founder of Garland Technology.
At the it-sa show there is a large segment of high level network managers and engineers that are very educated and understand the requirement of complete packet capture. But then you engage with a visitor that thinks that a SPAN/switch port can accomplish the same level of packet capture that a TAP can. I often find myself taking on the role of educator because it is imperative that the risks of using SPAN/switch ports in security environments are significant, not just because of the inevitable packet loss, but also because this is an active device, once the switch is attacked it doesn’t provide any visibility.
Enjoy our it-sa video recap, find familiar faces and friends or tag yourself in our facebook photos.
Until next year, Prost!
If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.
If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.
While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.
Some of you may have noticed a flaw in the logic behind this solution! You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.
Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.
Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.
Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.