Challenge: How do I access data for my tools?
Out-of-band monitoring and security tools analyze packet data from the production network to provide insights or alerts for SecOps and NetOps teams to properly respond. What is the best way to access this data for network monitoring?
There are two basic architectural choices for delivering traffic data to out-of-band tools. Either connecting a tool directly to a mirrored port using the switched-port analyzer (SPAN) or a purpose-built network TAP.
TAPs are considered best practice, as they offer a couple of advantages over SPAN port configurations. As they are more reliable, TAPs don’t impact the performance of the network device, and do not drop packets. Network TAPs can also be combined with NPBs to groom and modify traffic, which in turn reduces the amount of data processing for the out-of-band appliances.
Benefits of accessing tools with network TAPs and packet brokers, includes:
• Improved performance of security analytics
• Improved data quality
• Are scalable and can either provide a single copy, multiple copies (regeneration), or consolidate traffic (aggregation) to maximize the production of your monitoring tools.
• Agility to deploy/update new tools quickly
• Reduced administrative overhead
• Secure — TAPs do not have a IP address, or MAC address and cannot be hacked.