Secure Networks: Endace Packet Forensics Files

Episode 51: Eric Buchaus, Director of Sales at Niagara Networks

Michael Morris Season 1 Episode 51

Are SPAN ports sufficient to provide network traffic visibility for high-quality security (NDR) and network (NPM) investigations? What about cloud workloads?  What do you need to gain insights into cloud network activity?

In this episode of the Endace Packet Forensic Files, I talk with Eric Buchaus, Director of Sales at Niagara Networks. Eric outlines potential pitfalls and challenges associated with SPAN ports and highlights situations where they may fall short for network and security analysts.


Eric walks us through some alternative options, discussing the merits of network TAPS, network packet brokers, and in-line bypass solutions which can offer NoC / SoC teams more reliable, efficient, and scalable ways to get network packet data to the right tools in large-scale and complex environments.  He discusses some of the specific challenges of network visibility in cloud infrastructures and suggests some practical ways to overcome these obstacles.


Eric suggests things organizations should consider when exploring different packet brokers or TAP vendors and outlines the management and scrutiny that needs to be applied to encrypted traffic to achieve in-depth visibility securely.


Finally, Eric talks about how TAPs and packet brokers can help in dynamic SDN environments with high traffic volumes. He emphasizes why they are important for organizations looking to implement zero-trust infrastructures - particularly environments with many walled gardens and lots of VLANs for IOT/IOTM devices and technologies.