LAN, WAN, SAN,and now

DANData Access Network

What’s a DAN?out-of-band passive monitoring network

Includes passive tools like: Security IDS Sensors,

Application Performance Monitors,

Troubleshooting Protocol Analyzers,

VoIP QoS Probes,

Forensic Recorders,

and Data Access Switching

Prop

rieta

ry &

Con

fiden

tial

Prop

rieta

ry &

Con

fiden

tial

3

DAN provides “Data Sockets”Part of a Flexible Network Infrastructure

• Plug-in multiple out-of-band tools – ANY data to ANY tool• Unobtrusive 24x7 tool connections – never touch the network• Aggregate, Replicate, Filter and load balance data streams• Use legacy 1Gig tools to monitor new 10Gig networks

Why are DANs Needed Now?Things Have Changed

Enron and 9/11 spawned SOX auditing, increased security

and lawful intercept requirement

PLUS technology and business developments:Web site e-commerce and internet applications demand support

VoIP and media convergence make the network more strategic

Green networking demands smaller Data Center footprint

Network is how business gets done. Downtime is unacceptable

Prop

rieta

ry &

Con

fiden

tial

New SOX compliance transaction monitors Keep your boss out of jail!

IDS Sensors detect external attacksFrom hackers

NAC appliance protects networks from insideFrom your own people!

CALEA lawful intercept and Forensic Recorders

Configuration monitoring tools watch over network resources

Application and Network troubleshooting

Prop

rieta

ry &

Con

fiden

tial

Proliferation of Tools

Prop

rieta

ry &

Con

fiden

tial

Proliferation Causes Contention for Span Ports

Security and IT Engineers seen

here “Negotiating” Over

a SPAN Port

Prop

rieta

ry &

Con

fiden

tial

An Analogy:

Using a DAN is like using a power strip.

Prop

rieta

ry &

Con

fiden

tial

Too Many Power Tools? Not Enough Sockets?

?

??

?

Prop

rieta

ry &

Con

fiden

tial

For Power Tools, use a Power Strip

Prop

rieta

ry &

Con

fiden

tial

Too Many Monitoring Tools? Not Enough Span Ports?

?

?

?

?

Prop

rieta

ry &

Con

fiden

tial

For Sensors/Monitors/Analyzers,Use a DAN Switch

One Span port serves Many tools

What Other Problems do DANssolve?

Distributed Monitoring burning the budget?Consolidate tools; $ave money on capital and operational budgets

Unsecure monitor or tap ports risk data leakage?DAN can secure all access point to prevent snooping

Too much traffic for one tool? Reduce and balance load over multiple units to match tool capacity

Restrictive Configuration Management Policies?Deploy tools and make changes on your own schedule

Prop

rieta

ry &

Con

fiden

tial

Prop

rieta

ry &

Con

fiden

tial

Monitoring a Mesh Network?

Prop

rieta

ry &

Con

fiden

tial

Old Solution: Lots of Distributed Tools,Deploy one tool per span port/switch

Lots of hardware…very expensive!

Prop

rieta

ry &

Con

fiden

tial

Better: Distribute Connections with a DANConsolidate Tools; Save CapEx $$$

Aggregate and balance flows to Consolidated Tools

DAN is “Best Practice” for Network Infrastructure Design

Totally flexible solution to many problems

Facilitates unobtrusive instrumentation of a network

Solves requirement for multiple tool access

Gives tools the view of the total network

Secures monitor and tap ports

Improves monitor coverage, saves time and money.

Prop

rieta

ry &

Con

fiden

tial

DAN Solves Access Problems By

• Aggregating many links to any tool

• Multicasting any link to many tools

• Filtering data to map packets to tools

• Saving $$ Cap Ex and Op Ex budget$

Any to Any Any to ManyMany to Any Bit-Mask Filtering

Prop

rieta

ry &

Con

fiden

tial