Organizations are under persistent attack. As networks constantly evolve, our comprehensive range of network TAPs and Packet Brokers provide the visibility platform required to protect your business and manage your network’s traffic, without compromising availability or reliability.
CONNECTING SPECIALIZED SECURITY APPLIANCES IS VITAL… BUT WHAT ABOUT:
THE ANSWER? TOTAL VISIBILITY.
There will always be new types of attack threatening the networks of organizations, big and small. The most vital first step is to ensure that you and your appliances are gaining full, uncompromising access to every last bit of data. Here are two common scenarios where Network TAPs and Packet Brokers can provide unwavering visibility for your network’s architecture.
IPS ACTIVE BYPASS PROTECTION
You need robust network security but require maximum network reliability and availability. The foundation of any network security profile is a Next Generation Firewall (NGFW) which is a combination of firewall and Intrusion Protection System (IPS). This appliance needs to process data flows in real time in order to block malicious attacks. Yet, connecting to links in-line puts the network at risk if the appliance goes down. TAPs with bypass access allow risk free connection of real time appliances by providing a “heartbeat” to monitor the condition of the appliance. If the appliance goes down, the TAP will keep the network traffic flowing until the appliance is back online.
What is Bypass Mode?
When an IPS or other Inline Appliance is installed behind a V-LineTM Tap, the Tap continually checks the status of the appliance and if it is online, will direct traffic through it. If the appliance goes for maintenance or update, or any reason, the Tap will automatically bypass the appliance and direct traffic straight through to the network. When the appliance comes back online, the status is detected by the Tap and traffic is once again directed through the appliance.
How does the TAP detect if the appliance is online?
Heartbeat packets are injected into the traffic stream and are directed to the monitoring device. If the Heartbeat packets are not detected when the traffic is passed back through the V-LineTM TAP on their way back to the network, the TAP enters Bypass mode and bypasses the appliance. Heartbeats are configurable for maximum flexibility and Heartbeat packets are NEVER sent on to the live network.
INLINE BYPASS TAP
During normal operation network traffic is directed to the IPS and ‘heartbeat’ packets are injected into the traffic stream.
After flowing through the sensor the heartbeat packets are detected and removed from the traffic stream.
INLINE BYPASS TAP
In BYPASS mode heartbeat packets continue to be sent out to test whether the IPS is online.
If heartbeat packets are not detected the Tap enters BYPASS mode and traffic is directed straight through.
Unified access platform for complete IDS or SIEM systems
Cyber security and compliance do not begin and end with a firewall. Additional appliances such as Intrusion Detection Systems (IDS), Data Loss Prevention (DLP) and Security Information and Event Management (SIEM) are necessary to build a robust network security profile. To connect all the required security appliances to every link is costly and detrimental to overall network reliability. Network appliances need full visibility all the time to provide strong security against persistent attacks. The solution is to connect all security appliances to a unified platform that is simple to deploy, provides 100% visibility to data flows, and has no negative impact on system reliability or availability.
The Visibility Architecture
Tapping network links at the Core, Distribution and Access layer requires you to access traffic from many links. This diagram shows how to optimize your tap strategy for cost, performance and reliability. The foundation is to insert a passive optical TAP into each network link. Optical TAPs split the light from the network, sending a mirror copy of the network traffic to a Network Packet Broker (NPB) for aggregation and distribution to the monitoring tools. Optical TAPs require no power, so the network links continue to pass traffic even if power to the monitoring equipment fails. Optical TAPs are flexible and can be designed for single mode and multi-mode fiber at speeds from 10Mbps to 100Gbps.
- Once all the links are tapped, the traffic is passed to a Network Packet Broker which provides intelligent features required to aggregate the traffic from many links into a variety of traffic streams.
- If aggregated traffic is greater than the capacity of any single monitoring tool, the NPB can equally distribute the load to multiple monitoring tools, providing flexibility and scalability as your network changes and grows.
- Using other advanced features, the NPB can mask confidential information contained in packet payloads and or strip the payload altogether, providing compliance with data privacy regulations.
- Using optical fiber taps feeding all traffic to an intelligent Network Packet Broker saves overall cost by lowering TAP and monitoring tool costs, while providing complete traffic visibility for more accurate analysis and output.