Home » Data Protection » Network Security

Industry View

Forrester: Deep Packet Inspection As An Enabling Technology

While the market needs to mature, Chenxi Wang says deep packet inspection can provide much more than just security benefits

By Chenxi Wang, Ph.D.

Page 2

Large enterprises can use DPI to manage network performance. Enterprises with large networks covering many geographic regions have very diverse traffic types running across their internal networks. Beyond controlling costs and bandwidth usage, security is a constant challenge that requires an understanding of application traffic on the network. These enterprises are beginning to see the benefits of DPI analysis. For example, a network administrator can use DPI technology to rate limit certain application traffic when the network performance is low, and raise the limit when the performance goes back to normal.

More network security functions today require payload-level knowledge. Data leak prevention requires the understanding of actual content sent through the wire. A Layer 7 firewall works on payload content rather than header information. Security service providers in the cloud, such as antispam or Web filtering services, must gain real-time visibility of content across multiple customers' traffic in order to quickly derive threat and attack information. They, too, require content-level intelligence.

Traditionally, such security functions are provided with special-purpose technologies, which may include some DPI capabilities. IPS, for instance, has built-in DPI. Secure Web gateways also provide DPI analysis for Web content. But each special-purpose technology results in an inefficient network infrastructure with many special-purpose boxes or incompatible software. A packet may end up being inspected multiple times for multiple purposes. In addition, these technologies do not provide a programmable interface, which means you cannot extract arbitrary information.

Beyond security, DPI has a major impact for cloud computing providers, where subscription and user management is a major challenge. Many vendors that use homegrown or off-the-shelf technology to manage service subscriptions are finding that it either lacks scalability or does not provide enough information for complex management tasks. DPI, on the other hand, is able to provide intelligence about user traffic, application usage, content communicated, and anomalous patterns. The service vendor can also use the programmable interface to glean other useful data, such as marketing intelligence and customer profiles.

Challenges Still Lie Ahead For Deep Packet Inspection

As a relatively young market, the DPI industry faces a number of challenges. For instance:

No standard benchmarks exist. The DPI market today is full of confusing, one-off, application-specific performance information. The industry needs standard benchmarks that would include connection setup time, TCP, UDP, and forward throughput testing. These benchmarks are essential to establishing comparable performance metrics among competing products.

Proprietary solutions limit potential. Different DPI technologies continue to emerge, and it is only a matter of time before the open architecture question arises. An "OpenDPI" movement would allow third-party developers to write DPI applications on top of different commercial solutions.