Executive Summary

In high-security and distributed environments, traditional monitoring often fails due to connectivity constraints or the sensitivity of the network. Profitap’s IOTA EDGE family addresses these challenges by combining industry-leading TAP (Test Access Point) technology with integrated PCAP storage that can later be shared with your tools for analysis.

By providing a passive, "all-in-one" capture solution, Profitap enables deep-packet visibility in air-gapped networks and remote sites. Crucially, Profitap bridges the gap between isolated segments and centralized security operations by allowing teams to export high-fidelity PCAPs for retrospective analysis with monitoring and NDR tools.

The challenge: The visibility gap in isolated networks

Securing and troubleshooting modern networks requires backhauling massive amounts of data to central tools. A task that is often impossible or unsafe in several scenarios:

• Air-gapped networks: ICS/SCADA, government, or research environments lack external connectivity, making real-time centralized monitoring unfeasible.
• Remote/edge locations: Sites with limited bandwidth cannot export raw packet data without saturating the production link.
• Incident response mobility: Security teams need to deploy "on-the-fly" monitoring to debug or triage an issue quickly without reconfiguring the entire network.

The Profitap solution: A ‘TAP with integrated storage’

Profitap’s IOTA EDGE family redefines visibility by integrating the capture point with local, encrypted (TCG Opal 2.0, AES-256) storage and traffic analysis capabilities. This approach to network observability ensures that data is captured and stored at the source, regardless of network connectivity.

Key use cases

• Air-gapped monitoring: Deploy a dedicated IOTA EDGE in environments with zero external connectivity. Data remains local, secure, and ready for physical or authorized retrieval.
• Incident response & triage: Quickly deploy IOTA EDGE to a "hot" segment for debugging or triage using the built-in dashboards, without the need for an external laptop or PC.
• Network forensics: Maintain a rolling buffer of complete packet data. When an anomaly is detected, IOTA provides the historical context required for deep-dive forensic investigations.
• Network Debugging with Wireshark: Capture line-rate traffic with nanosecond-precision hardware timestamping and export for granular frame-level inspection.

Retrospective analysis: Bringing the network to the tool

One of Profitap IOTA’s most powerful capabilities is the ability to "bring the network to the tool." In environments where data streaming is impossible, IOTA serves as a forensic time machine:

1. Continuous local storage: Internal SSDs record extended periods of traffic metadata and raw packets.
2. Targeted extraction: Users can filter specific timeframes, IP ranges, or protocols to extract only the relevant PCAPNG files.
3. Tool integration: These captured files can be imported into Network Detection and Response (NDR), Forensic Suites, or Network Performance Monitors (NPM). This allows your centralized security stack to "analyze the past" with the same depth as if it were connected to the air-gapped segment in real time.

Versatile deployment configurations

Profitap excels at providing passive, non-intrusive access to traffic regardless of your physical topology. In copper 10/100/1000M networks, a single IOTA 1G or 1G+ device can be configured to support Inline and Out-of-Band modes as shown in Figure 1:

Figure 1: 10/100/1000M Copper Deployment Modes (IOTA Edge 1G+ shown)

Monitoring of 1/10G fiber connections or 10G copper networks is supported with the IOTA 10G or 10G+. Both units support SFP/SFP+ interfaces, allowing fiber or 10G copper transceivers to be used. Because SFPs require power to pass traffic, we recommend using separate TAPs as shown in Figure 2 to ensure the network link stays up in the event of power failures to the IOTA 10G/10G+.

Figure 2: Deployment Modes with Separate TAPs (IOTA Edge 10G+ shown)

Similar to the Out-of-Band example in Figure 1, the IOTA 10G/10G+ also supports out-of-band monitoring when the interfaces are connected to 1 or 2 SPAN sessions at 1 or 10G.

Examples of other deployment configurations are shown in the Appendix.

Conclusion

Profitap enables network monitoring in hard-to-monitor locations. By combining the functionality of an internal TAP with local, encrypted (TCG Opal 2.0, AES-256) storage, the IOTA EDGE platform enables traffic capture and storage that can be retrospectively shared with your monitoring tools and teams. The portable IOTA Edge platform serves as the basis for air-gapped and incident-response retrospective analysis.

To learn more about Profitap’s solutions, go to https://www.profitap.com/

Appendix: Additional deployment scenarios

Profitap has your monitoring needs covered for other network configurations and operational constraints, including multi-link monitoring, longer-duration monitoring, and high-vibration environments such as factories or transportation applications that use M12 interfaces.

To enable monitoring of multiple network links/segments, the IOTA Edge platforms can be deployed along with the Profitap Booster family of in-line and out-of-band aggregation TAPs.

Figure 3: Multi-link Monitoring Options with IOTA 10G/10G+ and Boosters

To enable long-term monitoring, the IOTA 10 CORE provides up to 16x more storage than the IOTA EDGE family, and provides flexibility with multiple monitoring ports supporting link speeds of 100M/1G/10G. The following table highlights the deployment modes:

Figure 4: Longer-term storage with the IOTA 10 Core

The IOTA 10 CORE Fly-Away Capture Kit provides a complete solution of an IOTA 10 CORE, copper, and fiber TAPs, and transceivers in a sturdy travel case.

The IOTA 1G with M12 (female, 8-position, X-coded) interfaces support monitoring in high-vibration environments such as factory automation and transportation.

Figure 5: Monitoring in high-vibration environments with M12 interfaces