OT TAP vs SPAN PORT
Join us for a 4-day all-inclusive journey across California's most beautiful beaches
Challenge: How do I access data for my tools?
Securing and monitoring your network is of utmost importance. However, operational technology (OT) teams often face complex challenges in architecting connectivity throughout large and sometimes aging infrastructure that wasn't initially designed with network security in mind.
To properly analyse threats and anomalies, as well as performance and regulatory conditions, there are two options to access network packets: network TAPs and SPAN ports.
SWITCH SPAN PORTS
One of the most common use cases for network visibility is to route mirrored traffic from a SPAN port on the switch to a security or monitoring tool. Port mirroring, also known as Switched Port Analyser (SPAN), is a specific network switch port designed to mirror or send a copy of network packets that are seen on a particular port (or an entire VLAN). As a result, the copied packets can be analyzed for network troubleshooting, security inspection, or performance monitoring purposes.
- Provides access to packets for monitoring
- SPAN sessions do not interfere with the normal operation of the switch
- Configurable
NETWORK TAPs
Industry Best Practice for Packet Visibility: Network TAPs (Test Access Points)
Securing the industry's gold standard in network monitoring and security means adopting network TAPs (Test Access Points) — the epitome of reliability and efficiency in achieving seamless packet visibility. These specialised hardware devices work tirelessly, providing a 24/7 exact duplicate of network packet data, a process that leaves network integrity uncompromised.
- Uncompromised Data Integrity with Full Duplex Copying: Network TAPs stand as a sentinel, offering a 100% full duplex copy of network traffic, thus ensuring that every bit of data is captured for analysis without losing the data's original integrity.
- Preservation of Data Authenticity: It is a non-negotiable feature of network TAPs not to alter the data or drop packets. This characteristic guarantees the retention of data's authenticity, an essential factor in maintaining a high-fidelity network monitoring setup.
- Scalability for Diverse Network Demands: The requirements of networks can vary significantly, necessitating a solution adaptable to different scales and functionalities. Network TAPs rise to the occasion, providing options to disseminate a single copy, generate multiple copies through regeneration, or consolidate traffic via aggregation. This flexibility maximises the efficacy of your monitoring tools, enhancing productivity and safeguarding network health.
| Provides 100% full duplex copies of network traffic | |
| Ensures no dropped packets, passing physical errors and supports jumbo frames | |
| Does not alter the time relationships of frames | |
| Passive or failsafe, providing no single point of failure (SPOF) | |
| TAPs are secure, do not have an IP address or MAC address, and cannot be hacked | |
| CALEA (Commission on Accreditation for Law Enforcement Agencies) approved for lawful intercept, providing forensically sound data, ensuring 100% accurate data captured with time reference | |
| Data Diode TAPs provide unidirectional traffic to protect against the backflow of traffic into the network | |
| Scaleable for traffic optimization and can aggregate multiple links down to one |
| Provides access to packets for monitoring | |
| Can take up high-value ports on the switch | |
| SPAN traffic is the lowest priority on the switch | |
| Some legacy switches do not have SPAN available | |
| SPAN ports drop packets, an additional risk for security and regulation solutions | |
| Will not pass corrupt packets or errors | |
| Can duplicate packets if multiple VLANs are used | |
| Can change the timing of the frame interactions, altering response times | |
| Bidirectional traffic opens backflow of traffic into the network, making the switch susceptible to hacking | |
| Administration/programming costs for SPAN can get progressively more time-intensive and costly |
To ensure minimal to no network downtime, it is essential to build a network that adheres to critical infrastructure's guiding principles. This involves laying down a strong foundation of network infrastructure and visibility architecture, which can be achieved by incorporating best practices. By following these guidelines, you can build a network that is built to last and meets the desired goals.