The security threat landscape is changing constantly as malicious attackers continually find new ways to compromise today's networks. To combat this threat, network security best practices include implementing a layered security approach to minimize the chance of a breach.

In short, any single defensive monitoring tool may be flawed, so a series of diverse defenses can cover any gaps in the protective capabilities of the others. Firewalls, intrusion detection systems, malware scanners, integrity auditing procedures, and local storage encryption tools each serve to protect your information technology resources in ways the others cannot.

An IDS acts as an effective second layer of defense for your network. Placed between the firewall and the system being secured, a network-based intrusion detection system provides an extra layer of protection. For example, monitoring access from the internet to sensitive network ports can determine whether the firewall has been compromised or an attacker has bypassed the security mechanisms of the firewall to gain access.

Deploying an IDS with Network Taps Improves Security

Intrusion Detection Systems are frequently deployed out-of-band to analyze a copy of network traffic, versus being deployed inline. This scenario makes them ideal for use with Network TAPs.

100% Network Traffic Visibility is Critical to Ensure Intrusion Detection Systems Perform at Peak Effectiveness

Network TAPs provide IDS visibility into the traffic flowing over the network. By not limiting a monitoring tool’s visibility to only what is available from SPAN ports, Network Taps make certain that your IDS has 100% visibility of the traffic.

Taps avoid the complexity and inherent vulnerabilities of using Span ports to monitor network traffic:

• Taps require little or no configuration. Once a Tap is installed in a link, IDS access to the link traffic is always available, consistently and persistently.
• Taps send the IDS appliance an exact copy of the link traffic, including layer 1 and layer 2 errors and malformed packets. No matter how busy the link is, Network Taps never drop packets.
• Taps are secure. Because they have no IP address, attackers cannot see them, and they cannot inject traffic into the network under any circumstances. In fact, a Tap actually hides the IDS from the network—providing true “stealth” monitoring.
• Taps are completely passive. They cannot affect link traffic, even if they lose power.

Deploying an IDS with Network Packet Brokers (NPBs) as Part of Your Total Network Monitoring Infrastructure

Network Packet Brokers (NPB's) provide capabilities to process, consolidate, and filter monitored traffic while controlling costs and future-proofing the network. These capabilities make NPBs ideal for helping organizations utilize security and monitoring tools more efficiently, centralize traffic monitoring and security functions, and share tools and traffic access among groups. The compact footprint, scalability and ease-of-use of NPBs not only help lower CAPEX and OPEX, but allow organizations to manage the network efficiently amid a dynamic and challenging environment.

How Network Packet Brokers Improve Intrusion Detection System Deployments

NPBs optimize the access and visibility of traffic from one or many network links to monitoring, security and acceleration tools, including IDSs. The benefits of deploying an IDS with NPBs include:

• Aggregation of traffic from multiple links/segments to a single IDS
• Traffic filtering and grooming to reduce sending irrelevant traffic to the IDS
• Load-balancing traffic across a pool of multiple IDS tools
• Regeneration of traffic across multiple types of security tools, including an IDS