Network Access for Tools
MSSP Solutions
Challenge: How do MSSPs access data for their tools?
Out-of-band monitoring and security tools analyze packet data from the production network to provide insights or alerts for MSSP teams to properly respond. What is the best way to access this data for network monitoring?
Solution
There are two basic architectural choices for delivering traffic data to out-of-band tools. Either connecting a tool directly to a mirrored port using the switched-port analyzer (SPAN) or a purpose-built network TAP.
TAPs are considered best practice, as they offer a couple of advantages over SPAN port configurations. As they are more reliable, TAPs don’t impact the performance of the network device, and do not drop packets. Network TAPs can also be combined with NPBs to groom and modify traffic, which in turn reduces the amount of data processing for the out-of-band appliances.
Benefits of accessing tools with network TAPs and packet brokers, includes:
• Improved performance of security analytics
• Improved data quality
• Agility to deploy/update new tools quickly
• Reduced administrative overhead
• Improved tool collaboration/data sharing
• Reduced architectural complexity
• Reduced/consolidated hardware costs