Knowing who is doing what, from where and when has become one of the core tenants of network security and performance monitoring. Simply put, it comes down to situational awareness--the ability for IT managers to see the big picture surrounding network traffic and usage.
IT professionals have turned to a variety of technologies over the years to accomplish the lofty goal of understanding and securing network traffic. However, many of the technologies to date have proved lacking in one area or another.
Although not new, the latest technology on the scene to make a dramatic impact on network monitoring abilities is the smart tap, a technology that plugs into the network to provide strategic, persistent monitoring. This capability is proving to be more important than ever when it comes to monitoring traffic across networks, clouds and mobile knowledge workers.
Network taps are commonly used for network intrusion detection systems, VoIP recording, network probes, RMON probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment. Taps are used in security applications because they are non-obtrusive, are not detectable on the network (having no physical or logical address), can deal with full-duplex and non-shared networks, and will usually pass through traffic even if the tap stops working or loses power.
"Smart taps are replacing traditional taps and span ports because they are much more capable and can address a variety of different situations more effectively" says Chris Mac-Stoker, distinguished engineer, Niksun. "Smart taps offer the ability to slice and filter traffic into manageable chunks, without losing any of the payload" he adds.
Mac-Stoker speaks from experience. His tenure with Niksun, a network forensics security vendor, has exposed him to a wide variety of data capturing technologies. "The debate between tap technology and span ports for data capture has been going on for some 15 years," he says. "Span ports have a critical weakness, if the host switch is experiencing high traffic, the span port may lose packets. On the other hand, traditional taps created other problems, such as being a single point of failure in a network or overloading connected analytics devices with excessive traffic."
