Insights > Network Visibility + Security

Night Vision and Shining a Light on Threats

2020-05-15  |  6 min read 

“Night vision capability provided the single greatest mismatch of the war.” – General Barry McCaffrey, commander of the US Army 24th Infantry Division in Desert Storm.

Resistance is futile.
Credit: US Navy / MC2 Marcos T. Hernandez.

Night vision got its start in WWII, like a lot of interesting technology, with some early deployments by the Third Reich of Generation 0 technology on tanks and Sturmgewehr 44 assault rifles. The Sturngewehr was a handy piece, the Gen 0 night vision devices less so. These devices were heavy and awkward, as well as dependent upon infrared emitters so large they had to be hauled around on flatbed trucks to illuminate the target. That and dinner plate sized optics didn’t help, but the promise of the “Vampir” was obvious, the ability to shed some light on threats had obvious utility and progress was rapid.

By the end of WWII in the Pacific, the US version of the NVD sniper scope was said to be responsible for a disproportionately massive 30% of the small arms casualties suffered by the Japanese during operation Iceberg in Okinawa  . By the way, Okinawa is a really awesome place to visit, much like Hawaii in climate with great people and an unbelievably tasty dish, champuru, made from surprisingly humble ingredients including Spam. We digress…

Generation 1 night vision did away with the need for awkward IR emitters to paint their targets, instead amplifying ambient light. While used in the Vietnam war, these Gen 1 devices were still awkward and relatively limited. Subsequent generations (we are now at Gen 3+ or 4 depending on your perspective and nomenclature) all drove size down and performance up, resulting in gear that while not the ultimate in comfort, certainly delivered huge advantages on the battlefield.

Which brings us to the somewhat less kinetic topic of network visibility. Like many kinds of tech built on ones and zeros, a lot of the early work in network visibility was done by a little company in California. The one we are talking about here got its start in Calabasas with gear for doing test and measurement on gigabit Ethernet with first demos being done with the likes of Foundry and Extreme (remember those purple boxes?).

One thing became clear in doing network test and that was that the networks that organizations have come to rely on are not always as self aware as you might hope. While you can get stats and can do things like port mirroring or SPAN port, when switches and routers get busy they tend to drop packets and mirrored traffic tends not to get the highest prioritization. Fine, perhaps even preferable in most situations, but should you be doing things like lawful intercept or sending traffic to a firewall or doing traffic capture for forensics or any of a number of other important things, just like a night vision scope, there is no substitute for a proper visibility fabric.

Fortunately you don’t need a flatbed truck to haul an IR emitter for what we are doing here with packets, but you do need to start with the right hardware in order to best shine some light on threats. First step is to deploy network taps. Taps, which are available in both copper and fiber iterations, are secure and robust and help ensure you get the data you want to the tools that need it. No dropped packets or SPAN port failures to forward malformed packets.

To build a really robust visibility fabric, you may also want to consider using external bypass switches. Automated failover, preconfigured heartbeats, central management with trick GUIs make it possible to do interesting things to help you get more out of your network. Finally, network packet brokers are the keystone of that visibility fabric. In general, you want hardware accelerated architectures here. FPGAs are a good thing and there is a reason why they are used in high performance switches for high frequency traders and there is a reason why we use them in our packet brokers. When the stakes are high, you can’t afford the blind spots created by randomly dropped packets that can happen when you try to use some of the features and filters that a packet broker offers under load on a software based platform. Yes, it costs a little more but we think that the tradeoff – being able to use multiple features at the same time while properly capturing traffic and not randomly throwing away what might be vital data – is worth it.