Challenge: How do I access data for my tools?
Out-of-band monitoring and security tools analyze packet data from the production network to provide insights or alerts for SecOps and NetOps teams to properly respond. What is the best way to access this data for network monitoring?
There are two basic architectural choices for delivering traffic data to out-of-band tools. Either connecting a tool directly to a mirrored port using the switched-port analyzer (SPAN) or a purpose-built network TAP.
TAPs are considered best practice, as they offer a couple of advantages over SPAN port configurations. As they are more reliable, TAPs don’t impact the performance of the network device, and do not drop packets. Network TAPs can also be combined with NPBs to groom and modify traffic, which in turn reduces the amount of data processing for the out-of-band appliances.
•Active Copper TAPs designed for 10/100/1000M (1G) links, support additional functionality like aggregation and regeneration as well as advanced functions like filtering and bypass. Active TAPs include failsafe technology to protect against device or power failure.
Benefits of accessing tools with network TAPs and packet brokers, includes:
• Improved performance of security analytics
• Improved data quality
• Agility to deploy/update new tools quickly
• Reduced administrative overhead
• Improved tool collaboration/data sharing
• Reduced architectural complexity
• Reduced/consolidated hardware costs