Data Diode TAPs
Join us for a 4-day all-inclusive journey across California's most beautiful beaches
The Challenge: How do I provide guaranteed unidirectional traffic to my security and monitoring tools?
Within Industrial Control System (ICS) environments, one of the paramount challenges is safeguarding crucial network segments from threats—especially when these threats could potentially emerge through the very infrastructure designed for protection. In numerous OT and IT network settings, out-of-band Ethernet packet copies are channelled to security monitoring systems for in-depth threat analysis. Many of these visibility architectures transmit this out-of-band data from different facilities to a centralised network, making analysis more streamlined. However, this approach can inadvertently bridge the once-isolated infrastructure to the vastness of the internet, posing additional vulnerabilities.
Utilising SPAN in these networks is a glaring risk. Given that SPAN or port mirroring from network switches are bidirectional, they open the door for potential breaches if hackers were to install a Remote Access Trojan on a device aimed at monitoring or security.
The solution
Data Diode TAPs
Enter Data Diode TAPs are purpose-built network hardware devices engineered to let data flow strictly in one direction. When used as a traffic taskmaster, Data Diode TAPs ensure information security, shielding vital digital systems—like industrial control systems—from inbound cyber onslaughts. Here's what sets Network TAPs apart: they duplicate both sides of the traffic flow with impeccable accuracy, operating uninterruptedly throughout the year.
These TAPs neither drop packets, induce delays, nor tamper with the data. Designed to be either passive or "failsafe", these devices ensure that the flow of traffic between network elements remains unaffected—even if there's a power disruption or a monitoring tool is detached. Consequently, it is a robust defence mechanism without introducing potential failure points.
