Entities such as the military, universities, schools, businesses and the like often use local networks that are operated in a plain text fashion. That is, because the devices communicating on the local networks are typically all in control by the same entity, such devices are trusted. Thus, no encryption is typically required on such a trusted network. However, entities may often control two or more local trusted networks that are not co-located. In order to transfer data between two separate trusted networks, it may be necessary to transfer such data through an untrusted network, such as the Internet. An arrangement in this manner may be referred to as crypto-partitioned networks.
One technique for transferring data from one trusted (Red) network to another trusted network is to use an encryption device to encrypt the data, send the data in packets through the untrusted (Black) network, receive the data on a decryption device at the target Red network, and decrypt those packets before reassembling the data packets into the original message. This is helpful in the event that the data packets are sensitive or classified in some way, as the data would be inaccessible and unreadable to an outsider in the Black network who may hack the network or attempt to alter the network or its properties in any way.
As Red networks are isolated from the Black network by an encryption device, any traffic on the Black network that originated from the Red network is encrypted. Likewise, any traffic coming into the Red network will need to include the appropriate encryption key to pass through the encryption device. Given this structure, gathering general data about the enterprise's network traffic and current situation in the Black network, and the management and visualization thereof, is difficult.