More network security functions today require payload-level knowledge. Data leak prevention requires the understanding of actual content sent through the wire. A Layer 7 firewall works on payload content rather than header information. Security service providers in the cloud, such as antispam or Web filtering services, must gain real-time visibility of content across multiple customers' traffic in order to quickly derive threat and attack information. They, too, require content-level intelligence.
Traditionally, such security functions are provided with special-purpose technologies, which may include some DPI capabilities. IPS, for instance, has built-in DPI. Secure Web gateways also provide DPI analysis for Web content. But each special-purpose technology results in an inefficient network infrastructure with many special-purpose boxes or incompatible software. A packet may end up being inspected multiple times for multiple purposes. In addition, these technologies do not provide a programmable interface, which means you cannot extract arbitrary information.
Beyond security, DPI has a major impact for cloud computing providers, where subscription and user management is a major challenge. Many vendors that use homegrown or off-the-shelf technology to manage service subscriptions are finding that it either lacks scalability or does not provide enough information for complex management tasks. DPI, on the other hand, is able to provide intelligence about user traffic, application usage, content communicated, and anomalous patterns. The service vendor can also use the programmable interface to glean other useful data, such as marketing intelligence and customer profiles.
Challenges Still Lie Ahead For Deep Packet Inspection
As a relatively young market, the DPI industry faces a number of challenges. For instance:
No standard benchmarks exist. The DPI market today is full of confusing, one-off, application-specific performance information. The industry needs standard benchmarks that would include connection setup time, TCP, UDP, and forward throughput testing. These benchmarks are essential to establishing comparable performance metrics among competing products.
Proprietary solutions limit potential. Different DPI technologies continue to emerge, and it is only a matter of time before the open architecture question arises. An "OpenDPI" movement would allow third-party developers to write DPI applications on top of different commercial solutions.
DPI technology market is here to stay. Today, its application maybe fragmented and non-consistent, but its huge potential and the industry-wide interest will ultimately push it towards a standardised and open DPI market for the greater community.
Chenxi Wang is a Principal Analyst at Forrester Reseach, where she serves Security & Risk professionals. She is a leading expert on content security, application security, Web. 2.0 security, and vulnerability management. For free related research from Forrester, please visit www.forrester.com/cso.