Smart Taps Define Future of Network Intelligence

Knowing who is doing what, from where and when has become one of the core tenants of network security and performance monitoring. Simply put, it comes down to situational awareness--the ability for IT managers to see the big picture surrounding network traffic and usage.

IT professionals have turned to a variety of technologies over the years to accomplish the lofty goal of understanding and securing network traffic. However, many of the technologies to date have proved lacking in one area or another.

Although not new, the latest technology on the scene to make a dramatic impact on network monitoring abilities is the smart tap, a technology that plugs into the network to provide strategic, persistent monitoring. This capability is proving to be more important than ever when it comes to monitoring traffic across networks, clouds and mobile knowledge workers.

Network taps are commonly used for network intrusion detection systems, VoIP recording, network probes, RMON probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment. Taps are used in security applications because they are non-obtrusive, are not detectable on the network (having no physical or logical address), can deal with full-duplex and non-shared networks, and will usually pass through traffic even if the tap stops working or loses power.

"Smart taps are replacing traditional taps and span ports because they are much more capable and can address a variety of different situations more effectively" says Chris Mac-Stoker, distinguished engineer, Niksun. "Smart taps offer the ability to slice and filter traffic into manageable chunks, without losing any of the payload" he adds.

Mac-Stoker speaks from experience. His tenure with Niksun, a network forensics security vendor, has exposed him to a wide variety of data capturing technologies. "The debate between tap technology and span ports for data capture has been going on for some 15 years," he says. "Span ports have a critical weakness, if the host switch is experiencing high traffic, the span port may lose packets. On the other hand, traditional taps created other problems, such as being a single point of failure in a network or overloading connected analytics devices with excessive traffic."

Smart tap technology offers several advantages over traditional taps and spans. First of all, smart taps normally incorporate fail-over technology, which prevents a failed tap from interrupting network traffic. What's more, smart taps are designed to capture all traffic and do not suffer from lost packets due to network congestion and high traffic demands. Smart taps are also easier to manage, and it is easier to incorporate technologies that allow administrators to filter and direct traffic captures to different devices for analysis.

For example, if an administrator wants to focus only on HTTPS traffic to identify a security problem, the smart tap can be configured to capture only that traffic and ignore all other traffic. That simplifies the analysis process and reduces the need to shape the data before processing.

Mac-Stoker says, "Smart taps bring needed capabilities to modern data centers and are becoming more cost effective. If someone is refreshing a data center or commissioning a new deployment, smart taps should be incorporated into the design."

Obviously, that sage advice seems relevant as companies move deeper into cloud-based technologies and are re-engineering data centers for private, public and hybrid clouds--a situation where traffic analysis and security takes on new precedence.

Major players in the smart tap market include Gigamon, Net Optics, Network Critical and Network Instruments, all of which offer proprietary taps with integrated intelligence that provides the foundation for selective analytics.

A recent report from Frost & Sullivan confirms that the need for network tap technology is poised for additional growth, especially in the Europe, Middle East and Africa (EMEA) markets. The research firm reported in February that the EMEA intrusion detection systems market earned revenues of €1.25 billion in 2010 and estimates this to reach €1.34 billion by 2017, mostly driven by revenues from the residential, commercial and critical infrastructure segments.

"First responders of IDS are increasingly ignoring alarm calls due to a high number of false alarms. Market participants are acknowledging this technological shortcoming in their systems and are customizing their current product lines to reduce the number of false alarms," explains Frost & Sullivan research analyst Krzysztof Rutkowski.

Research firm Gartner also recognizes the growth potential for security services, which are becoming increasingly reliant on smart tap technology and real-time traffic analysis. Gartner's Lawrence Pingree reported in June of 2011 that the enterprise security infrastructure market is projected to grow at an approximate compound annual growth rate (CAGR) of 10.9% into 2014 as companies continue to expand the technologies they use to improve their overall security.

Given that the larger, more developed economies were primarily first adopters of many of the first-generation IT technologies, we now are seeing growth rates pick up in emerging markets where there are substantial technological initiatives by both government and industries looking to expand manufacturing and their supply base. At the same time, many emerging economies have dedicated large programs to enhance education or create technology-centric economic zones.

The security services market will grow at an approximate CAGR of 8.2% through 2014. The security services market is roughly one-third larger than the enterprise security infrastructure market. The top security service growth economies are Asia/Pacific, Latin America and North America.

Learn more about Strategy: SIEM by subscribing to Network Computing Pro Reports (free, registration required).