Deep Packet Inspection (DPI)
Examine and Manage the Network
Detecting and stopping attacks that could cause massive network damage is a major challenge. Organisations find it hard to examine and monitor network traffic. With security being a huge concern, organisations are looking for an improvement over conventional packet analysis because attackers are getting better at hiding malicious payloads in plain sight, which only examine packet headers.
Besides security issues, in this dynamic time of communication, communication service providers (CSPs) are continually evaluating innovative solutions to stay afloat. CSPs find it challenging to access the customer’s unique data which can help improve customer service, build loyalty with existing customers and get on the new customer's list of preferred providers.
Deep Packet Inspection (DPI) using Cubro Products
Deep packet inspection (DPI) is an advanced monitoring technique and a useful application for telcos. The main advantage of DPI is that it provides most accurate information on bandwidth as it reads the packet. Analyzing digital traffic can reveal some very useful insights and help telcos to identify general consumer behavior. For instance, how long customers stay at a location, how often is a customer joining a specific location, which transport medium is the customer using to come to a location. Based on this information it is possible to optimize the availability of resources. By studying metadata using deep packet inspection (DPI), network specialists can learn how best to optimise servers to reduce overhead, detect hackers, combat malware, and get intimate details about user behavior.
On the engagement side, telcos can introduce innovative content-based plans to meet the needs of individual customers, study overall network usage to analyze aggregate behavior, and identify behavior patterns by application type. The operators can ensure service quality by instigating traffic control and bandwidth allocations, prioritizing popular applications such as YouTube, Netflix, or Skype, over other less time sensitive data. And from a revenue generating perspective, operators can create plans with different service levels enforced through DPI application. Furthermore, DPI data enables operators to segment customers by their online behavior and this data can help the operators to find alternate means of generating revenue.
The other use case of DPI is lawful intercept. With this data security threats can be detected at a very early stage, because it is possible to see how many people are moving towards a place, and if this is an unusual behavior then Law and Enforcement can react faster.
DPI typically entails decoding of packets above layer 4. It is used to identify the network protocol. It is also used to identify the application.
There are two major DPI applications and Cubro devices can perform both these functions:
- Filter with DPI and traffic steering - the Sessionmaster EXA can use its DPI features in the packet stream to identify a packet and then forward this related stream based on rules to an output port (original packets).
- Metadata extraction - XDR - the Cubro Probe can use its DPI feature to look into the packet stream, identify a packet, extract Metadata and send this to a server for the next processing step (non-original packets).