As critical infrastructure and industrial companies invest in digital transformation to increase operational efficiency, cyber risks have become more prominent, resulting in unscheduled downtime, negative corporate brand perceptions and data & security concerns. 100% visibility is becoming a challenging task as the size and complexity of networks increase. Current cybersecurity strategies combine both inline and out-of-band solutions with a suite of active blocking and passive monitoring tools. Network TAPs provide best practices for providing packet visibility from commonly used switching devices to NETWORK AND SECURITY monitoring tools rather than SPAN connection. Threat detection, Intrusion Detection Systems (IDS) and forensics tools, as well as tools for network protection, can access complete packet data to analyze.
Avoid Packet Losses to optimize your network
Complete network monitoring without any blind spots
Garland’s Network TAPs have built-in Data Diode functionality. This sends unidirectional copies of the traffic to out-of-band tools for monitoring purposes, without any effect on the link between the two network elements. Since there is no physical connection between a Data Diode TAP’s monitoring and network ports, there’s no possibility of intrusion from the destination. These TAPs physically do not send traffic back onto the network, providing “no injection” TAP visibility for 10/100/1000M networks.
Many industrial environments are outdated in terms of IT infrastructure. If a company is looking to deploy cybersecurity tools to prevent threats, ransomware attacks, and breaches, there is often a struggle to gain access to the network traffic. Legacy switching fabrics often lack the ability to configure SPAN ports. Rather than upgrading the entire switching fabric and enduring the business cost of interrupting operations, organizations can add a TAP fabric with passive network TAPs at each location. It is a much more cost-effective solution. A TAP fabric allows you to deploy cybersecurity tools today, while also providing permanent access for more tools in the future.
One benefit of using a TAP fabric is the lack of impact on production. Since Network TAPs are typically passive and deployed out-of-band, they don’t have to be certified by whoever runs the plant, approved by whoever makes the control system decisions or endorsed by whoever certifies the changes to new hardware put in place. Customers are simply putting in a TAP, which is passive and out-of-band. It doesn’t have any impact on the live production network!
IDS is a listen-only monitoring solution, it is placed out-of-band on the network infrastructure, it is not analyzing real-time traffic but is receiving a copy of the data. The two ways an IDS tool access this data is through SPAN / mirror ports on the switch or through the industry best practice network TAPs. SPAN is generally used for low utilization applications and are known to drop or alter packets, possibly masking threats. The network TAP creates full duplex traffic copies that pass physical errors and provide the flexibility to send this data to multiple destinations. If the IDS is processing many network segments, a network TAP and network packet broker are used to streamline the data to optimize security detection.
Modern IPS tools may have add-on options for internal or built-in bypass, which may be useful in some failure use cases but leaves open additional vulnerabilities like software failures and doesn’t provide the flexibility to sandbox, troubleshoot and optimize and the cost tends to outweigh the industry best practice of utilizing an external bypass. Bypass TAPs reduce network downtime with which allows you to easily take tools out-of-band for updates, installing patches, maintenance or troubleshooting to optimize and validate before pushing back inline. Designed to eliminate single points of failure within your network.
Wondering how it's done? Visit our resources page for complete solution summaries.
Summaries of Garland solutions
Access the technical documents of the product you are interested in. Learn more for the Garland technical documentation.
Garland (White Papers) technical documents.
Garland Product videos are here. Learn more about Garlandtechnical videos and more.
We have compiled the Garlandvideos for you.