When it comes to securing – and analyzing – your highly utilized networks you have a choice: individual SPAN ports and taps to capture network traffic, resulting in spotty overall visibility with potential failure when your system is under attack OR a network traffic capture system with 24×7 capture of network and security data and total network visibility. Which will you chose?
In a recent article, Shamus McGillicuddy of SearchNetworking, compares network traffic capture systems with network security appliances that simply plug into SPAN ports and taps. Know which solution offers broader security visibility? Network traffic capture systems do. Did you choose right?
Network traffic capture systems employ highly sophisticated network taps that split live, extremely high data rate traffic from switches and routers, and feed it to multiple network security appliances. They also offer matrix switches that aggregate traffic from these taps, allowing a single security appliance to analyze traffic from multiple network ports. Shamus illustrates how relying on individual SPAN ports and taps to capture network traffic for security appliances usually results in spotty overall visibility of your network. Even though SPAN ports can be cheaper than a network capture solution, they often times are unreliable and quit functioning when your system is under attack, in other words, exactly when you need them most. Network traffic capture systems provide a more fault tolerant view of the network, consistently providing all network traffic to security appliances so they can better detect even the normally invisible attacks like APTs (advanced persistent threats).
This same philosophy can be applied to network analysis. As networks get faster and more complex, SPAN ports and taps become more unreliable and oftentimes fail to provide the data needed for network analysis when you need it most. Also, with 10G and now even 40G networks in place, it can even be too much to ask for a single network management appliance to handle these extremely high data rates while still providing the detailed analysis to which we’ve become accustomed. It is essential in today’s high-speed networks to have a complete network analysis solution in place, one which employs both a network traffic capture system as well as network analysis appliances to help you quickly identify and solve problems at the network level, as well as achieve compliance at the business level.
From a network engineer’s perspective, network traffic capture solutions will help you:
- Fully utilize the capabilities of underlying network analysis solutions, even as network speeds grow to 10G and beyond
- Better architect your overall network analysis and network security infrastructure by taking advantage of a centralized, highly available, network traffic capture appliance that can both dissect and aggregate traffic, and deliver it to multiple analysis appliances
- Ensure that network and security data is captured 24×7, and not sacrificed when the precious SPAN port is needed for another application
- Constantly monitor your network, providing the baseline data needed to understand your existing network, as well as the impact of deploying new technologies such as VoIP or video
- Employ network recorders that save all network data, eliminating the time consuming step of having to reproduce problems before they can be analyzed
- Mitigate security issues
From a CIO and manager’s perspective, network traffic capture solutions will help you:
- Save time and money through “always on” network and security analysis
- Respond to issues in real-time, often solving issues before they impact mission critical applications
- Understand service level compliance within organizations
- Audit and track network activity for government and HR compliance
If you are dealing with a network that is highly utilized, SPAN ports and taps are inefficient when it comes to meeting your security, compliance, and network analysis needs. In today’s 10G world, you need to have a system in place that can capture ALL network data, 24×7, to ensure a stable and safe network.