How Network TAPs Enable Security Visibility
By Alastair Hartrup, CEO, Network Critical
As the rate of cyberattacks continues to grow year over year, so do the costs for businesses affected by breaches. According to a 2018 study by the Ponemon Institute, the average cost of a data breach for a U.S. company is $7.91 million — the highest in the world. And the longer it takes to identify and contain a breach, the higher those costs can be.
Today, breaches can result from many forms of attacks including phishing, ransomware, trojans, DDoS and other destructive malware. And, the motivations for these attacks are as disparate as the threats themselves. Bad actors are perpetrating attacks for financial gain, political influence, competitive advantage and sometimes just to rage against the system. Whatever the motivation, hacking is a significant problem that’s impacting productivity and costing organizations time, money and resources. Despite all of this troubling news, progress is being made to combat network attacks.
The growth in network attacks is paralleled by significant growth and technological advances in the cybersecurity appliance industry. There are many specialized network tools that help reduce the threat landscape by identifying and blocking attacks. For example, Data Loss Protection solutions, Next Generation Firewalls and Unified Threat Management Appliances, Network Analytics platforms, ID and Encryption appliances, and more. In addition, AI and machine learning technologies are making advances in processing millions of security events, new predictive analysis technologies are identifying known threats, and advanced network monitoring appliances are providing traffic flow visibility and analysis.
But ensuring visibility is becoming more challenging as networks move away from centralized architectures. Cloud, hybrid-cloud and remotely hosted applications are driving new types of business activity. Interconnection between users and the remotely hosted information they seek requires multiple links to the internet, corporate intranets, data centers and cloud carriers. It’s no longer economically feasible to attach every security appliance directly to every single network link.
Furthermore, when multiple appliances are directly connected to a link it impacts the reliability and availability of the network. Each appliance represents a potential failure point. If the appliance has to be taken offline for maintenance or updates, the link needs to be taken down as well. For example, one unit with a reliability factor of .999 on a link will be down for about 8 hours per year. However, when three units with a .999 reliability factor are deployed on the same link, the overall reliability impact on the link degrades to .997, or about 26 hours per year. As more specialty appliances are added, the overall reliability continues to degrade. Managing these maintenance windows can become a real nightmare.
Network TAPs (Test Access Point) play a vital role in solving these availability and reliability issues. As devices that connect network security and monitoring appliances to network links safely and securely, TAPs receive the network traffic flow. A mirror copy of the traffic is then passed on to an appliance that is also connected to ports on the TAP. While the mirror traffic is passed to the appliance, live network traffic continues to pass back into the network without significant delay. TAPs also provide network fail-safe technology that keeps network traffic flowing even if power to the TAP or connected appliance is lost. Therefore, multiple security appliances can safely be connected to links using TAPs, without impacting the reliability or availability of the live network.
TAPs can be deployed out-of-band or in-line. Monitoring appliances generally use out-of-band mode which, as noted above, sends a mirror copy of the data to the appliance for analysis, but does not interact with live data. Deploying TAPs in-line means that live data travels from the TAP through the appliance and then back into the live network. This method allows security appliances to interact in real time with live data, allowing the appliance to immediately isolate and block malware before damage is done to the network. In-line TAPs automatically bypass an appliance if it’s taken offline for any reason. This feature keeps live traffic flowing even if an appliance is down, which simplifies maintenance windows and troubleshooting.
There are also intelligent TAPs on the market that offer aggregation, filtering and port mapping. These features provide additional economic efficiencies allowing flexibility in determining traffic flows to the appliances. By aggregating underutilized links, appliances can support multiple links, providing CAPEX savings. Filtering irrelevant traffic also lessens the traffic burden on appliances allowing more efficient operation and faster response times to threats. Port mapping provides a simple method of directing traffic from the TAP to the appliance and back into the network.
When developing a network protection strategy, it’s important to deploy the right monitoring tools and security appliances. Network TAPs deliver the critical data needed to gain granular visibility so teams can detect and respond to threats quickly, reducing the amount of time and resources it takes to contain problems. By including TAPs in an IT department’s architecture plan from the beginning, networks have maximum protection without compromising reliability or availability.
Alastair Hartrup is the CEO and founder of Network Critical, a company that provides industry-leading network TAPs and Packet Brokers, which help organizations increase visibility across dynamic and complex networks. He founded Network Critical in 1997, and today more than 5,000 companies worldwide rely on its technology to help power the network and security monitoring tools needed to control changing infrastructure.