What is the NetTAP® Network Packet Broker(NPB)?
2024-10-17
What is a Network packet Broker?
Why do I need a network packet broker?
- Get more comprehensive and accurate data for better decision making
- Tighter security
- Solve problems faster
- Increase initiative
- Better return on investment
What exactly can the NPB do?
- Redundant packet deduplication
- SSL decryption
- Header stripping
- Application and threat intelligence
- Application monitoring
- Benefits of NPB for you
Keeping networks secure and users evolving in a rapidly changing IT environment requires a complex set of tools to perform real-time analytics. Your monitoring infrastructure may have network and application performance monitoring (NPM/APM), data loggers, and traditional network analyzers, while your defense systems utilize firewalls, intrusion protection systems (IPS), data leak prevention (DLP), anti-malware, and other solutions.
No matter how specialized security and monitoring tools are, they all have two things in common:
- You need to know exactly what's going on in the network
- The results of the analysis are based only on the data received
A 2016 survey by the Business Management Association (EMA) found that nearly 30 percent of respondents don't trust their tools to receive all the data they need. This means there are monitoring blind spots in the network, which ultimately leads to futility, excessive costs, and a higher risk of being hacked.
Visibility requires avoiding wasteful investment and network monitoring blind spots, which require collecting relevant data on everything moving in the network. The mirror ports of splitters/splitters and network devices, also known as SPAN ports, become access points used to capture traffic for analysis.
This is a relatively "simple operation," and the real challenge is how to efficiently deliver data from the network to every tool that needs it. If you only have a few network segments and relatively few analysis tools, then the two can be directly connected. However, given the ever-expanding speed of the network, even if logically feasible, this one-to-one connection has the potential to create an unmanageable management nightmare.
The EMA reports that 35% of organisations cite a shortage of SPAN ports and splitters as the main reason they are unable to fully monitor their network segments. Ports on high-end analytics tools such as firewalls can also be scarcer, so it's important to avoid degrading performance by overloading your device.
Why do I need a network packet broker?
The Network Packet Broker (NPB) is installed between the splitter or SPAN port used to access network data, as well as security and monitoring tools. As the name suggests, the basic function of a network packet broker is to coordinate network packet data to ensure that each analysis tool gets exactly what it needs.
NPB adds an increasingly critical layer of intelligence that reduces cost and complexity and helps you achieve the following:
Get more comprehensive and accurate data for better decision making
Network packet agents with advanced filtering capabilities are used to provide accurate and effective data for your monitoring and security analysis tools.
Tighter security
When you can't detect a threat, it's hard to stop it. NPB is designed to ensure that firewalls, IPS, and other defense systems always have access to precisely the data they need.
Solve problems faster
In fact, the time it takes just to identify an existing problem accounts for 85% of the average time to fix (MTTR). Downtime means money is lost, and mishandling it can have a devastating impact on your business.
Context-aware filtering provided by NPB helps you discover and determine the root cause of problems faster by introducing advanced applied intelligence.
Increase initiative
The metadata provided by the Smart NPB via NetFlow also facilitates access to empirical data to manage bandwidth usage, trends, and growth to nip the problem in the bud.
Better return on investment
Smart NPB can not only aggregate traffic from monitoring points like switches, but also filter and collate data to improve security and utilization and productivity of monitoring tools. By simply handling the associated traffic, you can improve tool performance, reduce congestion, minimize false positives, and achieve greater security coverage with fewer devices.
5 ways to Improve ROI with Network packet Brokers
- Speed up troubleshooting
- Detect vulnerabilities faster
- Reduce the burden of security tools
- Extend monitoring during an upgrade
- Tool life
- Simplify compliance
What exactly can the NPB do?
In theory, aggregating, filtering, and delivering data sounds simple. But in reality, smart NPBS can perform very complex functions, resulting in exponentially higher efficiency and security gains.
Load balancing traffic is one of these functions. For example, if you upgrade your data center network from 1Gbps to 10Gbps, 40Gbps, or more, NPB can slow down to distribute high-speed traffic to an existing batch of 1G or 2G low-speed analytical monitoring tools. This not only extends the value of your current monitoring investment, but also avoids costly upgrades when IT migrates.
Other powerful features performed by NPB include:
Redundant packet deduplication
Analysis and security tools support receiving large numbers of duplicate packets forwarded from multiple splitters. NPB eliminates duplication to prevent tools from wasting processing power while processing redundant data.
SSL decryption
Secure Socket Layer (SSL) encryption is a standard technology used to securely send private information. However, hackers can also hide malicious cyber threats in encrypted packets.
Examining this data must be decrypted, but breaking down the code requires valuable processing power. Leading network packet brokers can offload decryption from security tools to ensure overall visibility while reducing the burden on high-cost resources.
Data desensitization
SSL decryption makes the data visible to anyone with access to security and monitoring tools. The NPB can block credit card or Social Security numbers, protected health information (PHI), or other sensitive personally identifiable information (PII) before passing on information, so that information is not disclosed to the tool and its administrators.
Header stripping
NPB can remove VLAN, VXLAN, L3VPN headers, etc., so tools that cannot handle these protocols can still receive and process packet data. Context-aware visibility helps detect malicious applications running on the network and the footprints left by attackers as they work their way through the system and network.
Application and threat intelligence
Early detection of vulnerabilities can reduce the loss of sensitive information and the ultimate cost of vulnerabilities. The context-aware visibility provided by NPB can be used to expose intrusion indicators (IOCS), identify the geographic location of attack vectors, and combat cryptographic threats.
Application intelligence extends beyond Layers 2 through 4 of the packet data (OSI model) up to layer 7 (application layer). Rich data about user and app behavior and location can be created and exported to prevent application-layer attacks where malicious code masquerades as normal data and valid client requests.
Context-aware visibility helps spot malicious applications running on your network and the footprints left by attackers as they work their way through systems and networks.
Application monitoring
The visibility of application perception also has a profound impact on performance and management. Perhaps you're wondering when an employee used a cloud-based service like Dropbox or Web-based email to bypass security policies and transfer company files, or when a former employee tried to access files using a cloud-based personal storage service.
Benefits of NPB for you
- Easy to use and manage
- The intelligence that removes the burden on the team
- No packet loss - 100% reliability when running advanced features
- High-performance architecture
Read More