Editor's note: In part one of this series on deep packet inspection (DPI), we examine the difference in stream vs. proxy-based DPI. In part two, we list a wide variety of DPI vendors and
Now that deep packet inspection (DPI) functions are being integrated into intrusion detection and network management appliances, a wide range of providers from traditional network infrastructure vendors to third-party specialists are now offering the tools. Some vendors offer stream-based DPI while others offer proxy-based technology. Meanwhile, some integrate DPI into multipurpose devices while others use separate appliances alongside each other. In this DPI vendor comparison, we run down a sampling of vendors and their offerings.
Check Point Software: Check Point, a pioneer in network firewalls, offers a series of security appliances, from high-end units with capacity to protect a data center or large enterprise network to units suitable for a small business or branch office. It also offers virtual appliances that protect inter-VM traffic in VMware systems and a Virtual Appliance for Amazon Web Services that protects applications executing in the Amazon cloud.
Check Point's security software blades can be selected individually or purchased in bundles to provide services including firewall, IPS, DLP, anti-spam, anti-virus, URL filtering and IPSec VPN. The blades can then be installed in Check Point security appliances, including the Virtual Appliance.
Cisco Systems: Security services incorporating DPI are incorporated in Cisco switches and routers as well as network security devices. The ASA 5500 Series Adaptive Security Appliance incorporates a firewall plus IPS and VPN services, and is available in a range of capacities and configurations. The IPS 4300 Series Sensors offer the same IPS features as the ASA 5500, but are designed to be deployed where firewall and VPN services are not required.
Fluke Networks: Best known for its cable and datacom test equipment, Fluke Networks offers the OptiView XP Network Analysis Tablet and the Network Time Machine to aid in network monitoring and performance analysis. The Network Time Machine records network traffic and streams it to disk to enable after-the-fact analysis of network problems and performance issues.
Fortinet: Fortinet's FortiGate security appliances range from models suitable for service providers and large enterprises to models for mid-sized and small businesses. They can be deployed as firewalls and IPS systems at the network edge or at points internal to the network. They can also provide Layer 2 and 3 routing, traffic shaping, web filtering, WAN optimization, Web caching, anti-spam, anti-virus and SSL VPN. FortiGate virtual appliances provide the same features as FortiGate hardware appliances and support versions of VMware, Citrix XenServer and open-source XenServer hypervisors.
Network Instruments: Network Instruments' Observer software, network probes and GigaStor products together enable network managers to monitor and capture network activity for later analysis. Probes are available to support 802.11, 10 Mb to10 GbE, Fibre Channel, and WANs from T1 to OC12.
Palo Alto Networks: Palo Alto Networks has enhanced traditional firewall capabilities to protect against threats carried in encrypted traffic. The firewall decrypts and then scans data passing through the firewall for malware. All traffic is classified by application, with previously unidentified traffic being classified based on heuristics or behavioral analysis. Access is controlled based on application type and on user and group policies.
SonicWALL: SonicWALL, acquired by Dell Inc. in 2012, offers a series of network security appliances that range from units capable of supporting very large enterprise or service provider networks down to units designed for small businesses. The products provide both firewall and UTM services and enable network managers to monitor and control bandwidth allocation by application, user or group. The SonicOS platform specializes in integrating DPI with other security functions.
Sophos: Best known for its anti-virus software products, Sophos Ltd. acquired Astaro GmbH in 2011. The Astaro Security Gateway, now the Sophos UTM, is offered as a hardware, software or virtual appliance and integrates DPI with other security functions. Hardware appliance models range from units supporting 10 users to units supporting up to 5,000 users. The virtual UTM can execute within the Amazon Elastic Computing Cloud using an image provided by Astaro. In addition, the Amazon Virtual Private Cloud Connector provides a link between a dedicated private segment of the Amazon cloud to the enterprise network.
WatchGuard Technologies: WatchGuard offers a series of firewall appliances to support large enterprises and mid-size and small businesses. Virtual firewall products provide security between VMs in a VMware environment. Small business models also incorporate an integrated 802.11n access point. WatchGuard's XCS content security appliances provide anti-spam and anti-malware, data loss prevention, Web filtering, email encryption and email attachment control. They combine DPI and a number of other security functions.
Wedge Networks: Conducting so-called Deep Content Inspection, Wedge products reassemble a sequence of packets that are then decompressed and decoded into application level objects. Then Wedge's anti-spam, anti-virus and Web monitor products inspect the entire object to detect threats. The company offers anti-spam, anti-virus and Web monitoring products as a series of hardware appliances designed to support a range of network sizes.
The Wedge Cloud Solutions for Managed Security Service Providers (MSSPs) product let MSSPs provide security to their customers by placing a browser or client on end-user devices and directing network traffic to the Wedge solution deployed in the cloud. End users configure security and parental services to meet individual needs.
About the author: David B. Jacobs of The Jacobs Group has more than twenty years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software start-ups.
This was first published in June 2012