Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyse the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when it comes to encrypted network traffic. Metadata Analysis has been specifically developed to overcome these limitations. By utilizing metadata for analysis, network communications can be observed at any collection point and be enriched by the information providing insights about encrypted communication.
Network Detection and Response (NDR) solutions have become crucial to reliably monitor and protect network operations. However, as network traffic becomes encrypted and data volumes continue to increase, most traditional NDR solutions are reaching their limits. This begs the question: What detection technologies should organizations utilize to ensure the maximum security of their systems?
This article will shed light on the concept of Deep Packet Inspection (DPI) and Metadata Analysis. We will compare both detection technologies and examine how modern Network Detection and Response (NDR) solutions can effectively protect IT/OT networks from advanced cyber threats.
What is Deep Packet Inspection (DPI), and how does it work?
DPI is a way of network traffic monitoring used to inspect network packets flowing across a specific connection point or switch. In DPI, the whole traffic is typically mirrored by a core switch to a DPI sensor. The DPI sensor then examines both the header and data section of the packet. If the data section is not encrypted, DPI data are rich in information and allow for robust analysis of the monitored connection points. Traditional NDR solutions rely on DPI-based technologies, which are quite popular to this day. However, in the face of rapidly expanding attack surfaces and evolving IT environments, the limitations of DPI have become increasingly prevalent.
images from Hacker News