Video Screencast Help

Discussion: Recommended TAP device for DLP Network Monitor

Created: 21 Nov 2012 • Updated: 19 Feb 2013 | 5 comments
Goltrek's picture
This issue has been solved. See solution.

 

Hi, good day.
 
 
Recently we are promoting DLP on several customers. One of the more recurrent scenarios is: "I don't have TAP/SPAN ports available in my core switch" 
 
So, I'd like to go to these customers with recommendations about Tap Devices that they can deploy on their networks. 
 
If you have to recommend one of these devices, what you would recommend for use with SYMC DLP Network Monitor (If you can explain you experience with this devices, will be valuable for us)?
 
Thank you,
 
 
Goltrek
 

Comments 5 CommentsJump to latest comment

CarbnSecurity's picture

+1 on the Endace cards. I have used them at multiple client sites for over 5+ years and had nothing but positive results.

Regards,

patriot3w's picture

if they don't have TAP port, how endace cards going to work? tks.

stumunro's picture

unless you own them last timei looked endace cards are about 10K$ on top of the proce for dlp. this still doesnt incoude the gbics and fiber to go with it. If you are in a low latency high end network this may be your only option.

The problem with span/mirror ports is that is can create a point of failure, intodays managed layered ports there are more and more etherchannls. Cisco ASA's now support therchannels and Juniper have for a while.

 

Personally I would prefer a tap as this article alludes and gigamon have seen to do a good job, you are not subject to the packet loss and bad frames like you are in a span port.