The what, when and where of network monitoring is taking a giant leap forward, thanks to the latest in smart tap technologies that were announced at the latest RSA event. Leading vendors, such as Net Optics, Gigamon and DATACOM Systems are enhancing the intelligence found in a network tap, to allow it work better with security and monitoring solutions, such as IDS/IDP and traffic management devices.
Network managers have relied on all sorts of technologies to know exactly what is going on over the network wire. From an intelligence standpoint, it is critical to understand how packets and related traffic affect the network for a multitude of reasons, ranging from traffic diagnosis to compliance concerns to security issues.
Those tasks usually fell under the domain of packet capture technologies, and administrators would look through capture logs for anomalies. That worked up to a point, at least until traffic exploded across the wire and became more complex, including everything from voice to video to display protocols. Until recently, administrators had to rely either on switch integrated span ports or network taps, both of which had their own set of problems.
Span ports are prone to miss capturing traffic during high loads, while traditional taps can add latency or become a single point of failure on a network. According to Chris Mac-Stoker, distinguished engineer, Niksun, "The debate between tap technology and span ports for data capture has been going on for some 15 years."
That may all change now that intelligence has been built into the ordinary tap, creating what is referred to as a smart tap. Although not new, smart taps are the latest technology to make a dramatic impact on network monitoring abilities. The technology offers the ability to plug into the network to provide strategic, persistent monitoring, a capability that is proving to be more important than ever when it comes to monitoring traffic across networks, clouds and mobile knowledge workers.
"Smart taps are replacing traditional taps and span ports because they are much more capable and can address a variety of different situations more effectively," says Mac-Stoker. Smart tap technology offers several advantages over traditional taps and spans. First of all, smart taps normally incorporate fail-over technology, which prevents a failed tap from interrupting network traffic. What’s more, smart taps are designed to capture all traffic and do not suffer from lost packets due to network congestion and high traffic demands. Smart taps also are easier to manage and incorporate technologies that allow administrators to filter and direct traffic captures to different devices for analysis.
That all translates into features that administrators need today, including the ability to gather certain types of information and then be able to analyze it in both real time and as part of a forensic event. What’s more, the filtered data gathered from smart taps can be fed into big data solutions for additional analysis as part of a business intelligence project.
Smart tap technology is the heir apparent to span ports and traditional network taps, and is bound to make an impact on networks of all sizes--especially as prices drop and capabilities increase. In other words, network administrators should be looking to incorporate smart taps into their networks and data centers, either as part of a network refresh or redesign.
Major players in the smart tap market include Gigamon, Net Optics, Network Critical and Network Instruments, all of which offer proprietary taps with integrated intelligence that provides the foundation for selective analytics.
Learn more about Strategy: SIEM by subscribing to Network Computing Pro Reports (free, registration required).