Network Access for Tools
Industrial Solutions
Challenge: How do I access data for my tools?
Out-of-band monitoring and security tools analyze packet data from the production network to provide insights or alerts for SecOps and NetOps teams to properly respond. What is the best way to access this data for network monitoring in industrial environments?
Solution
There are two basic architectural choices for delivering traffic data to out-of-band tools. Either connecting a tool directly to a mirrored port using the switched-port analyzer (SPAN) or a purpose-built network TAP.
TAPs are considered best practice, as they offer a couple of advantages over SPAN port configurations. As they are more reliable, TAPs don’t impact the performance of the network device, and do not drop packets. Network TAPs can also be combined with NPBs to groom and modify traffic, which in turn reduces the amount of data processing for the out-of-band appliances.
Benefits of accessing tools with network TAPs, include:
• Improved data quality
• Agility to deploy/update new tools quickly
• Secure — TAPs do not have a IP address, or MAC address and cannot be hacked
• Data Diode TAPs disallows bidirectional traffic to protect against back flow of traffic into the network
Improved performance of security analytics
• Network TAPs are scalable and can either provide a single copy, multiple copies (regeneration), or consolidate traffic (aggregation) to maximize the production of your monitoring tools.