Improve Tool Efficiency

Join us for a 4-day all-inclusive journey across California's most beautiful beaches

Challenge: How to ensure optimal tool performance?

Network monitoring and security tools need packet data to properly analyse the task at hand. Teams are typically tasked with getting more out of their existing tool investments, which becomes challenging with growing traffic volumes and legacy architecture.

  • Network and security tools can themselves be oversubscribed.
  • Traffic growth outpaces existing tool capacity, leading to reduced throughput and effectiveness.

To get the data to these tools, your options are spanning a port from your switch or utilising a network TAP. At the same time, it is imperative not to negatively affect the performance of these tools or the connected network.

SPAN ports generally do not affect the performance of the switch, though this varies with different SPAN port features/vendors, but can have an impact on your data and the tools they are feeding, including:

  • Designed for low-throughput situations, SPAN will drop packets if heavily utilised or oversubscribed.
  • Can duplicate packets if multiple VLANs are used.
  • It can change the timing of the frame interactions, altering response times.
  • Will not pass corrupt packets or connection errors

Down Arrow

Solution

Network TAPs guarantee tools complete packet data.

Network TAPs are purpose-built to pass 100% full duplex traffic, passing errors without dropping packets or impacting the network's performance, enhancing the monitoring and security tools they feed.

Other than an advanced XtraTAP, basic network TAPs are "set it and forget it," requiring little management or impact on the deployment. See Network TAPs to learn more about how TAPs can improve your network access.

Modes-Breakout1

Down Arrow

Using data filtering to improve tool efficiency

Dealing with an increase in network traffic can be both time-consuming and expensive. With numerous tools and network segments involved, analysing the data can become a daunting task.

However, in certain cases, concentrating only on the data that requires examination is more efficient and economical. For instance, segregating VOIP traffic or potentially risky traffic can help reduce the amount of traffic that current tools have to handle.

This, in turn, can improve their effectiveness and performance. To achieve this, you can employ a method at the TAP level, using Garland's XtraTAP or a PacketMAX packet broker, to aggregate multiple links simultaneously.

  • Set utilization alerts for each monitoring port.
  • Remotely manage alerts to avoid oversubscription.
  • Set up filtering rules on layers 2, 3 and 4.
  • Aggregating and load-balancing traffic for optimal performance
Portable-Filter+Aggregation2
TAP to AGG -SIEM-Analayzer2