Network Critical - The Window to your Network

Network Critical Joins Cyphort Technology Partner Program

Network Critical announced today that they have joined the Cyphort Technology Partner Program. Likewise, Cyphort has been added to the Network Critical Technology Partner Program. The alliance programs are designed to provide enterprise and service provider customers with tight collaboration between innovative security solutions and the access foundation that enables and supports these applications.

Cyphort’s network-based, next generation APT Defense solution evolves as rapidly as the threats it is designed to detect. Cyphort provides a unique experience by utilizing a single-pane-of-glass for threat visibility across an enterprise’s perimeter and internal networks, ensuring the identification of initial compromised systems, and the ongoing internal threat progression. The result is a solution that reduces time from detection to remediation and is able to be deployed across an enterprise’s global infrastructure quickly via general purpose hardware, virtual machines or cloud appliances.

The alliance between Network Critical and Cyphort will help to consolidate their well established presence in the United States market, and facilitate their mission to expand in the UK and EMEA markets. Mike Harrison, Network Critical Director of Sales and Marketing said, “We believe combining Cyphort’s threat visibility and Network Critical’s access platforms will provide better network visibility and broader network protection for our common customers worldwide.”

Network Critical provides 100% complete and accurate access to the necessary data flows. Network Critical taps can be deployed with Cyphort Collector software running on commodity, low cost hardware deployed at key network locations throughout network egress points, data centers or branch offices. Taps allow accurate and complete visibility while providing fail safe operation insuring the continued availability of network services in the event of power disruption or other appliance issues.

About Network Critical
Network Critical is an industry leader in network access technology. Our technology ensures 100% continuous network visibility. Network Critical products eliminate any concerns of downtime and scale easily as the network grows. The health of your network is always secure with Network Critical products. The 1G to 10G TAPs and packet brokers are used with IDS, IPS, network traffic monitoring tools, sniffers and more, to provide completely accurate network visibility with zero packet loss. For more information, visit

About Cyphort
Cyphort is the next generation APT defense solution for enterprise organizations. Cyphort provides a single pane of glass across perimeter and laterally moving threats, correlates threat signals before and after an incident, while eliminating noise from false alerts and red herrings. Cyphort has leveraged the power of machine learning and data science to build a next generation threat detection engine that evolves ahead of the threats. A virtualized deployment model combined with open API based integration allows customers to address APT security gaps across global locations while leveraging their existing investments in perimeter and endpoint security for threat defense. Cyphort is a privately held company headquartered in Santa Clara, California. For more information, please visit and follow us @Cyphort.

Posted: 01/03/2016 00:00:00 by Global Administrator with 0 comments

Delegate to the Golden Gate - Network Critical at RSA 2016

The RSA conference is coming to San Francisco next week and Network Critical will be in attendance. The conference will be loaded with tutorials, training sessions and events, and we look forward to meeting you there to talk about the latest innovations in taps and packet broker solutions.

RSA 2016 is your best opportunity to connect with the technology, trends and people that will protect our digital world. Speakers at the conference include Loretta E. Lynch, Attorney General of the United States, Ryan Agee, Technical Director, NSA/CSS Threat Operations Center, and Academy Award-winner Sean Penn, among other noted cyber security experts.

There will also be three days of exhibits on the sold out expo floor from Monday evening through Thursday. This will be your opportunity to meet one-on-one with security focused companies and the experts that drive them.

End-point security appliances need a foundation of access and visibility to network data flows. Network Critical provides copper and fiber taps from 1G to 10G and beyond. Their SmartNA-X Packet Broker portfolio is uniquely suited to provide connection and simplified management of a variety of security and analytic appliances to networks.

Network Critical is the leading Intelligent Access and Monitoring Solutions provider delivering real-time IT visibility, monitoring and control. Network Critical provides lab-certified, innovative, carrier-grade TAP solutions that enable complete access to network traffic across various network media. Network Critical’s SmartNA™ solutions are used in conjunction with Network Analyzers, IDS/IPS appliances, Bandwidth Management, Forensics, Filtering, Data Leakage Prevention and Lawful Interception, all while providing 100% network visibility and zero packet loss.

To set up an appointment with one of our team, please email your request to

Posted: 24/02/2016 11:55:06 by Global Administrator with 0 comments

Ideas for Apple and the FBI

This blog is not strictly about technology. It is about finding acceptable solutions to complex issues. Apple and the FBI are in a legal stand off. It seems they both need some creative ideas.

Apple is fighting a court order in the United States to cooperate with the FBI in developing unique code to open the locked iPhone of a dead terrorist who murdered 14 humans and seriously injured 22 more. The Apple argument is that if the United States government can order them to defeat security on this device, then it will set a precedent for Apple to turn over encryption code to other governments for various reasons thus compromising the individual privacy of millions of iPhone users.

The argument of the FBI is that there very likely are important contacts and other information on the device that could help thwart future terrorist attacks. This ownership of the phone is not in question. The culpability of the terrorist is not in question. He was known to the group that he attacked and was shot and killed near the scene with weapons and explosives in his car.

Apple is supported by privacy groups and their argument is not without merit. Deciding whose phone should be decrypted and searched and whose should not is a slippery slope. Who will make the decision and on what criteria will the decision be made? Another significant question to ponder is what other international corporations will then be compelled to develop and surrender code to a government agency that requests it, regardless of the rationale.

Both sides have very valid philosophical arguments. However, in the real world, there are continuing bombings and shootings in France, Syria, Iraq, USA, Turkey and elsewhere. Governments need weapons to penetrate terror organizations and block attacks before they occur. Web sites, email and cell phone communications are critical tools in this battle.

Network Critical is a global provider of network access and visibility equipment to governments, cellular carriers and enterprise customers. We are a company that develops solutions and feel compelled to propose an idea here. Rather than hiring lawyers to fight the court order, perhaps Apple should put their brilliance to the task of finding a solution that works for both sides.

Here is one idea: Apple does not need to develop and surrender the code that will circumvent iOS security to the government. They only need to create the back door key that fits one specific serial number, take that one phone into a secure Apple lab location, unlock the phone, remove the passcode and return the open phone to the authorities. This way no government gets the back door key, and no precedent is set to deliver encryption/decryption code to any government. The potentially life saving information on that one phone is delivered to the investigative organization so they can do their job protecting citizens from future attack.

It's certainly an interesting case and we are looking forward to see how it develops.

Posted: 23/02/2016 15:55:47 by Global Administrator with 0 comments

Any Questions? Part 2: TAPs

Taps can offer a virtually unlimited number of physical ports for access to network links passing data to analysis, compliance, security and other appliances. The Tap connects two network end-points and provides a mirror copy of the traffic passing through the Tap. (See the diagram below.) It is important to note that Taps do not analyze packets, change packet timing, alter or otherwise interfere with network traffic. To the network, a Tap looks like a piece of wire. If a Tap loses power, a fail-safe mechanism will maintain traffic flow.

Taps are independent of the network end-points making up a link. There are many different points in the network where taps can be inserted offering access to a variety of analysis, compliance and security tools. Some typical tapping points for analysis applications include:

  • Between router and firewall for protocol analysis, bandwidth monitoring, traffic trending and packet analysis
  • Inside the firewall for LAN analysis, session monitoring and Intrusion Prevention
  • Between LAN switches for subnet monitoring or departmental monitoring
  • Between LAN switches and access points for user access control, VoIP monitoring or workstation monitoring

Taps also provide flexibility in how they pass traffic to the monitor port. There are four different modes of operation:

  • Breakout – A breakout tap operates like the diagram above. The directional traffic is broken out between two output (monitor) ports. This allows each direction of traffic to be sent to a discreet monitor port at full wire speed. For example, if each direction is operating at a full 1Gbps, the total duplex traffic is 2Gbps. So, not to oversubscribe the monitor port, this method uses two 1Gbps output ports to connect to the analysis appliance eliminating any chance of dropped packets.
  • Aggregation – Providing access for applications with lower throughput, Taps can aggregate both directions of the traffic and send the frames to a single monitor port. This mode can reduce port costs on probes and other analysis appliances by making efficient utilization of expensive analyzer ports.
  • Regeneration – As mentioned above, there are often requirements for specialized analysis using a variety of appliances. Regeneration mode allows the same data stream to be sent to two or more monitor ports.
  • In-Line or Virtual-In-Line (V-Line) – This is sometimes called Bypass tapping. In this mode the live network traffic passes through the analysis device real time then back to the Tap. This is used primarily in security analysis appliances such as IPS and DLP. This allows the appliance to see and act on live data as it passes through the network. In this mode, the Tap continuously monitors the analysis appliance for heartbeat and bypasses the appliance if the appliance goes down. This Bypass feature allows these in-line appliances to be connected without the risk of taking down the network as a result of a software glitch or power loss to the appliance.

Because of a Tap’s independence from the network end-points, they can mirror 100% of the data to the monitor port. Physical layer errors, error packets, short frames and other packets that are filtered out on a SPAN session can be passed through Taps to the monitor port(s). This provides the IT Manager with a legally defensible, pure data stream for analysis and reporting. No GIGO. Taps guarantee access to all the data all the time.

Some of the industry trends that are leading IT Managers toward Taps include the massive increase in network bandwidth and throughput with 10Gbps links and faster becoming very common in the data center. In addition to increasing speeds, analysis must often hold up to audits in this era of legal compliance. Recent legislation includes the EU's Data Protection Acts, the banking sector's Basel III requirements and the raft of recently introduced US legislation including the Affordable Care Act (ACA) in healthcare, Dodd-Frank in financial services and the yet-to-be-named Cyber Security Bill.

Some current innovations in this technology include drag and drop User Interfaces for ease of configuration and management. Taps are also being combined with port aggregation devices providing efficient port utilization of expensive analytic tools. Taps and port aggregators are also providing advanced packet filtering and load balancing options that allow optimization of tool performance and improved management of network resources.

IT Managers are increasingly turning to Taps as the preferred method for providing network access to tools. Taps provide access to all the data to ensure accurate analysis. They provide fail-safe operation avoiding risk of network disruption as a result of power interruption or failure of an appliance. Taps can also provide simultaneous access to many tools for a wide variety of analytic, security and compliance analysis.

Posted: 19/02/2016 12:03:01 by Global Administrator with 0 comments

Any Questions? Part 1: Span Ports

It is not only kids in school who are afraid to admit they do not know the answer. I have been to many training sessions and seminars where college educated, professional adults have the same phobia. The larger the event, the less likely anyone will stand up and say, “Will you please explain that in more detail, I don’t understand.” Some might be Googling under the table. Most people, however, just allow the lecture to continue and bide their time until lunch.

Well, within the privacy of your own computer screen, I will explain Span ports and Taps in a two-part blog series. Why two parts, you ask? Because most of you will already know generally about Taps and Span ports, but many may not understand the operational details of each, and when to use one or the other. The good news is you do not have to admit to the group you are not a Span or Tap expert, just read on and enjoy a risk-free education about network access and visibility technologies.

Part one is Span Ports. Part two, in next week’s blog, will discuss Taps. Note that this is not “Tap and Span Ports for Dummies”. This is “Tap and Span Ports for Smart People” who want to understand more about access technology.

There are two primary methods of providing data to an analysis appliance, Switch Port Analyzer ports (SPAN) and Taps. SPAN ports replicate or mirror packets in the switch and direct them to a monitor port where the analysis appliance is connected. SPAN is seen as a simple way to send packets for analysis without disrupting any network link. SPAN access can work well in low bandwidth applications where throughput is well below switch capacity and 100% accuracy of packet delivery is not critical. In fact, to paraphrase many appliance web sites, “you can attach our products using a Span port to tap.” The implication is that they are interchangeable. However, this is not exactly the case.

Because the SPAN session copies full duplex traffic, a fully loaded 1Gbps link actually can produce 2Gbps of traffic to the monitor port oversubscribing the capability of the port. Note also, that SPAN traffic is the lowest priority traffic in the switch. This will cause all output traffic beyond 1Gbps to be dropped. Because there is no provision for intelligent filtering or load balancing, the packets will be randomly dropped causing unreliable traffic information being passed to the analysis appliance.

The top priority for a switch, of course, is to direct network traffic. Therefore, as the switch reaches capacity, packets to the SPAN port will be dropped. This problem is critical because, just as a need for switch traffic analysis presents itself (packets overrunning switch capacity), so does the condition when the SPAN port will not provide accurate switch traffic information. Without accurate input, the network analysis tool will not be able to provide reliable analysis. In the “old days” of mainframe programming, this was called GIGO, Garbage In, Garbage Out.

Even in low utilization environments, there are certain packets such as undersized or error packets that can be filtered on the switch and never make it to the SPAN port. These packets are dropped and not reported by the switch. If the analysis requires 100% of packets be submitted to the appliance, SPAN cannot guarantee such accuracy. In this era of required legal compliance in many industries, it is important to be able to document 100% capture with no packet manipulation.

Historically, traffic analysis was primarily a troubleshooting tool. In today’s high speed, networked environment, analysis can take on many new functions such as policy management, security, legal compliance, quality of service, customer experience management, policy enforcement and more. As a result of this broad spectrum of analytical applications, there are many specialized appliances that require access to the same data. This often requires more physical connections than SPAN ports can deliver. Further, beyond physical limitations, there may also be political issues to consider. If the SPAN port is controlled by the Network Department, and a connected appliance is connected by the Security Department, who controls the port? Who controls the appliance? What happens when another port is needed by the Network Department? Span access can be useful and inexpensive in smaller, lower speed networks but, as in all things network, careful planning is required before making a decision.

In summary, scalability, packet capture accuracy and project control must be considered when determining access technology. As networks scale in size, speed and criticality, it might be worth the effort to get an education about Taps. Fortunately, that will be coming in next week's blog.

Posted: 11/02/2016 12:48:46 by Global Administrator with 0 comments

ntop and Network Critical become Tech Partners

Network Critical announced today that they have become a technology partner with ntop. Likewise, ntop has become a member of the Network Critical Technology Partner Program. The alliance programs are designed to provide enterprise and service provider customers with tight collaboration between innovative security solutions and the access foundation that enables and supports these applications.

ntop started as an open source project in 1998 whose goal was to create a simple yet effective web-based traffic monitoring platform. Many things have changed since then, including the nature of the traffic being analyzed, operating systems running on PCs, and the type of users. Though these changes, ntop has evolved from a single-project centric effort into a full fledged research company whose goal is still the original one. Namely innovate in network monitoring using commodity hardware and open-source operating systems.

The nBox Recorder is a network traffic disk recorder application. With nBox Recorder you can capture full-sized network packets at gigabit rate from a live network interface and write them into files. It has been designed and developed mainly because most network security systems rely on capturing all packets (headers and payload), since any packets may have been responsible for the attack or could contain the problems that we are trying to find.

The best practice for connecting the nBox Recorder, of course, is using a Tap on the link between network end points. By inserting a tap on the link and connecting the nBox to the tap, users will see 100% visibility into the data flows. Further, the Tap protects the network with fail safe technology keeping the network up and available even if there are issues such as power failure. With a Tap, unlike Span port connections, there are no concerns about dropped packets or adding unnecessary internal traffic in the switch.

Mike Harrison, Network Critical Director of Sales said, “We are pleased to be working with ntop. Their high quality networking software and end to end support is a great fit with the Network Critical network access hardware products and commitment to customer service.”

Today’s security and analysis environment requires multiple tools to fully understand traffic flows and protect the network. Connecting multiple tools through Taps into a Packet Broker is the best way to manage dynamic traffic flows, aggregate links and efficiently distribute the right data to the right tool. This partnership will provide turnkey solutions for data access, capture, storage and analysis.

For more information visit and

Posted: 09/02/2016 09:38:39 by Global Administrator with 0 comments

Check Point Software Technologies Partners with Network Critical for Advanced Threat Protection

Network Critical announced today that they have become a technology partner with Check Point Software Technologies Ltd. Likewise, Check Point has become a member of the Network Critical Technology Partner Program. The alliance programs are designed to provide enterprise and service provider customers with tight collaboration between innovative security solutions and the access foundation that both enables and supports these applications.

With the increase in sophistication of cyber threats, many targeted attacks begin with exploiting software vulnerabilities in downloaded files and email attachments. These threats include new exploits, or even variants of known exploits unleashed almost daily with no existing signatures and therefore no standard solutions to detect those variants. New and undiscovered threats require new solutions that go beyond signatures of known threats.

Check Point offers a wide range of SandBlast Threat Extraction solutions for customers who have regulatory or privacy concerns preventing them from using the SandBlast Threat Emulation cloud-based service. These appliances can be connected in-line to the network allowing proactive prevention and prompt delivery of safe content.

The best practice for inline appliance connection is through a fail-safe tap. Visibility, simplicity and reliability are the hallmarks of Network Critical’s tap solutions. Connecting inline appliances through taps provide fail-safe operation if there is a power failure or other issues with the appliance. The network always stays up. Further, using inline taps also allows for the connection of other security, performance or analytic appliances to the same links.

Alastair Hartrup, Network Critical CEO said, “This alliance between Check Point and Network Critical will allow our common customers the strongest proactive, real-time threat protection without the risk of network interruption.”

Posted: 08/02/2016 10:22:12 by Global Administrator with 0 comments

Fiber Networks: See the Light or Feel the Heat

Ronald Reagan, 40th President of the United States once said, “If you can’t make them see the light, make them feel the heat.” I’ll bet many network operations managers can relate, quite literally, to those words. If you can not see the light when setting up fiber networks, you will feel the heat from your clients and managers. Further down the supply chain, the equipment vendors also feel the heat when the light is not seen by their customers.

I asked the support geniuses at Network Critical, “How do you help your customers see the light when the heat is on?” There were some interesting and surprisingly simple solutions to turn heat into light.

Tip number one is to clean up your act. Many hours spent troubleshooting vendor equipment have ended up with this surprising conclusion…dirty fiber connectors. If fiber is not being connected new out of the box, be sure to clean the connectors. It does not take much dirt or dust to disrupt the light flow and cause errors. This is a good place to start troubleshooting. It is like checking to see the toaster is plugged in before taking it apart.

Tip number two is to check fiber continuity end to end. Many support issues are caused by fiber type mismatch. When using a fiber tap, the fiber in the tap should match the transport fiber. For example, a multi-mode fiber tap should be connected using multi-mode fiber. Further, even within the fiber types, single mode or multi-mode there are different sizes and types of fiber.

Tip three is to check the Rx and Tx connections. This is particularly important if the end points are not in the same location or building. The Tx at one end must connect to the Rx at the other end. If the connectors are “rolled” during installation, the transmission from one appliance will be pushing light to the transmit side of the other appliance, therefore neither will see the light.

Tip four is to check your light budget. This is a critical step that is often overlooked. Distance between end points is often underestimated due to vertical runs along non-contiguous cable racks. The light generated at end points is finite and degrades over distance. Understanding the light budget will insure strong signals and error free data at the end points.

Finally, and closely related to light budget is the split ratio. When using taps or fiber splitters, a decision must be made about how much light stays in the network and how much light is split off to the connected appliances. As network bandwidth grows and 1G links transition to 10G links and above, it is important to review the split ratios along with the light budget to be sure the signal generated is strong enough to reach its destination at desired speeds without causing errors.

In summary, these simple techniques will save countless hours troubleshooting for more complex network issues that may be found in appliance software or light sources. Remember if you don’t want to feel the heat, make sure your network can see the light! The Network Critical website has some very helpful information on light budget and split ratios here:

Posted: 03/02/2016 17:10:50 by Global Administrator with 0 comments