Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Packet Brokers for Network Threats Analysis. Pros and Cons

Andrey Dugin

0 vote(s)

Packet brokers usage in the corporate network for traffic analysis optimization. There are described:

- network architecture and traffic copy points of analysis,
- TAPs points of implementation,
- SPAN vs TAP splitters usage,
- inline and sniffer modes usage of packet brokers analysis,
- economic efficiency of packet brokers usage in different scenarios.

It is actual for datacenters with a lot of reconfiguration tasks where Information Security engineers must protect datacenter infrastructure and information in spite of any reconfiguration. I implemented network TAPs and packet brokers with SPAN aggregation features as a traffic mirroring infrastructure to have an ability to manage traffic going to security analysis solutions on any territory with minimum impact to productive environment. I can demonstrate on several use cases that traffic copy infrastructure (splitters+brokers) is useful for engineers and may save some money even on security solutions price. Use cases when splitters+brokers are too expensive is described too.

100% tech. 0% marketing.

About Andrey Dugin

Working for international Telecom operator group in Ukraine and Russia since 2003. CCNP Security certified. Performed information security audits for IP/MPLS networks and IT infrastructure in 5 countries. Speaking experience in Russian information security conferences: PHDays, InfoSecurity Russia, scientific conferences in Moscow and St. Petersburg. Articles published in Russian IT and InfoSecurity journals "System Administrator" http://samag.ru , "Information Security", "Inside. Information Defense" http://inside-zi.ru