Open-source DPI efficiency is challenged by encryption, poor AI adoption and emerging application complexities
A recent survey by ipoque, a Rohde & Schwarz company, found that encryption, poor AI adoption, and emerging application complexities challenge the efficiency of open-source deep-packet inspection (DPI) software.
June 14, 2024
Sponsored by ipoque
The goal of the study, which ran between March and April 2024 and surveyed 48 networking vendors, was to explore the use of open-source DPI among networking and cybersecurity vendors and to understand their perspectives on its efficacy and long-term prospects.
This article discusses some of the key findings from the corresponding survey report, including key open-source DPI challenges, alternative solutions, and the benefits commercial DPI can offer network vendors.
Challenges of open-source deep packet inspection
As more traffic is tunnelled, anonymised, and tougher encryption protocols adopted, advanced DPI engines are increasingly turning to AI techniques, such as machine learning (ML) and deep learning (DL), to regain the lost visibility.
Meanwhile, the survey results show the use of such techniques by open-source DPI as rather limited. Less than a third of vendors (31%) participating agree that AI is used significantly or even moderately in classifying traffic in open-source DPI. This means that open-source DPI’s ability to view and manage encrypted traffic and flow is significantly constricted by poor adoption of these techniques.
Another key finding relates to the classification of protocols, applications, service types, and threats and the challenges it brings about for vendors.
The results reveal that while open-source DPI delivers on comprehensive classification for standardised protocols, agreed by nearly four in five respondents, it falls short in detecting applications, service types, and threats.
To deliver deep insights into traffic flows, any robust DPI tool will need to combine different layers of monitoring. Once such layer includes application awareness or identification. This forms a focal point of analysis in DPI and is executed via advanced methods such as statistical and behavioural analysis.
When asked about application identification, about half of the respondents believe that open-source DPI can only identify applications such as Zoom, Facebook, Telegram, TikTok, and Netflix moderately. Meanwhile, fewer than a third believe it to have comprehensive capabilities to classify them and a quarter believe it has indeed limited capabilities.
Similarly, when it comes to classifying service types (e.g. messaging, video streaming, or file downloads), only just over a quarter of respondents agree that open-source DPI can classify these comprehensively, leaving the majority of respondents (>70%) believing in a more moderate to limited capability to do so.
The limitations of open-source DPI become even more apparent as the survey explores vendors’ views on cyber-attacks (e.g. spear phishing, DDoS, code injections, malware and DNS tunnelling) and anomalous/suspicious traffic (e.g. unknown URLs, unknown devices).
While two in five respondents, believe that their level of identification is moderate, nearly as many respondents believe there are limited capabilities of classification for either of these categories (39% and 38%, respectively). These results highlight significant visibility gaps in open-source DPI.
Deployment facilitation is another key driving factor in choosing the right solution. While open-source DPI is rated as excellent in its ease of integration by over a third of survey participants, more than 70% of vendors agree it offers inadequate customer support, posing another challenge with taking the open-source route.
Looking at the key factors to choose alternative solutions, the survey found that traffic volumes, signature libraries, and application complexities (e.g. niche protocols for IIoT and real-time communications) are driving vendors’ decision to switch to commercial DPI.
Alternative solutions
Alternative solutions to open-source of course include commercially licenced DPI and in-house built solutions. But considerations regarding tools needed to support migration and costs, and resources involved for in-house built solutions, also need to be taken into account.
Custom migration tools play a significant role during the migration process and for maintenance. They can assist in cutting down integration complexities and enabling transfer of existing configurations, such as custom signatures, and databases and files to be exported to a new DPI software.
As such, it is unsurprising to see that more than four in five vendors agree that having a migration tool can positively impact their decision to upgrade from open-source to a commercial DPI software solution.
While developing a DPI solution in-house is not impossible, it can be resource intensive, laborious to develop and deploy, and there is a need for additional domain expertise. Despite open-source software being free to access basic insights across common networking and security use cases, developers also still require training on software and customization.
These restrictions result in limited cost efficiency and in increased collaborations with third-party vendors for new features to be added and managed.
Subsequently, as business requirements continue to evolve, vendors are exploring strategic alternative solutions. Commercial licenced DPI solutions are purpose-built to address higher performance, capacity, and customer service requirements.
Benefits of licencing commercial DPIs
The benefits of licencing from OEM DPI software vendors such as ipoque are multi-pronged. They include reduced development costs and the maximization of return on investment (ROI). ipoque’s licenced DPI also offers 24/7 support and assistance. Vendors are further enabled to tailor ipoque solutions to suite their exact use cases or applications.
ipoque also offers flexible service level agreements and development support and consulting. These include on-site integration and application engineering assistance as well as high-level product trainings down to low-level features and integration trainings.
Other benefits include the ability to optimize DPI performance with in-house code reviews and troubleshooting assistance alongside the opportunity to influence product roadmaps by requesting new features and support for new protocols and applications.
Conclusion
The survey results highlight a number of network visibility gaps in open-source DPI, as encryption protocols change and new complexities emerge with evolving business requirements. The results also highlight the vital role of migration tools in accelerating networking and cybersecurity vendors’ transition to commercial DPIs.
ipoque’s high-performance OEM DPI engines include R&S®PACE 2 and its VPP-native counterpart R&S®vPACE as they are enhanced with encrypted traffic intelligence to deliver accurate classification across any protocol, application, and service type, including for encrypted traffic.
Boasting the industry’s lowest memory footprint and a comprehensive, weekly-updated library with thousands of signatures, ipoque offers a highly scalable and reliable alternative to open-source DPI. ipoque’s DPI technology is backed by extensive R&D and a stringent QA methodology including the mobile automation framework which involves constant performance and reliability testing across the globe for the highest detection rates across any traffic, including high-priority mobile applications.
To learn more about the benefits, challenges, and other implications of open-source DPI as well as ongoing migrations to commercial DPI you can download the report here.
Read more about:
Vendor SpotlightsYou May Also Like