Deep Packet Inspection, infamously used by Comcast to forge reset packets to disrupt the BitTorrent protocol, and by the NSA to spy, and by the government of Iran to identify protestors (pursuant to imprisoning and murdering some of them) is making a comeback in enterprises, according to Christopher Rhoads at the Wall Street Journal.
Out of 145 top-tier communication-services providers, 77% of respondents said they were either strongly or somewhat interested in DPI, according to results of a survey last year by Yankee Group and RCR Wireless News. Most said they wanted it to improve network security, according to the survey.
The concerns, as always, are with traffic prioritization and security. For traffic prioritization, the obvious uses are placing streaming teleconferencing videos ahead of streaming YouTube videos of cats or wedding dances, and in the case of security, it mostly deals with being able to identify malware on the network, for example, by content, rather than by anomalous behavior.
The point is that most network traffic monitoring solutions identify traffic by context: Flows, flags, and facts about your devices. DPI identifies traffic by content. True, DPI gives you a lot of information, but it gives you far more information than you need, with uncomfortable privacy concerns.
From a more pragmatic standpoint, by focusing efforts on content rather than context, network engineers and network management might end up spending too much of their time micromanaging the network. That is, it should not be the priority of the network team to prevent non-critical traffic – it should be the priority of the network to preserve critical traffic. For most organizations, having a controlled network is not as important as having a network that meets the application performance needs of the business.
And somewhere in the middle of controlling every aspect of the network by content and not knowing or caring what goes on in the network is the middle ground of knowing how your network is being used.
No comments yet.