First-ever report on the state of open-source DPI by Rohde & Schwarz unveils network visibility gaps and the vital role of migration tools in accelerating networking and cybersecurity vendors’ transition to commercial DPI

• Open-source DPI delivers comprehensive classification for standardized protocols, but falls short in detecting applications and service types
• Poor use of AI techniques such as machine learning and deep learning constricts open-source DPI’s ability to manage encrypted traffic
• Inadequate customer support cited by more than 70 % of vendors
• Custom migration tools play a significant role in driving vendors’ decision to switch from open-source to commercial DPI

ipoque, a Rohde & Schwarz company and a leading provider of next-gen deep packet inspection (DPI) software, today unveiled key findings from its latest research report ‘State of open-source DPI: challenges, opportunities and alternatives’. The study, which aims to highlight the benefits and challenges of using open-source DPI among networking, cybersecurity and analytics vendors, finds only 28.3 % of vendors strongly agreeing to its ability to comprehensively classify applications and service types, as opposed to 78.3 % for protocol classification.

Despite extensive use of advanced statistical, behavioral and heuristic analyses, open-source DPI continues to be challenged by the relentless growth in applications. “Multiple software versions and frequent release updates coupled with constantly changing delivery pathways, for example the use of CDN and multi-cloud architectures, impact application classification in terms of accuracy and reliability,“ said Ariana Leena Lavanya, Principle Analyst at The Fast Mode. “This affects application-based policies, leading to vendors reverting to generic rules that tend to compromise application performance, and network security and efficiency.”

Poor adoption of AI-based techniques leads to constrained visibility into encrypted flows

Based on a survey of 48 leading networking and cybersecurity vendors conducted early this year, the report shows poor use of AI-based techniques such as machine learning (ML) and deep learning (DL) in open-source DPI, with less than a third (31 %) of vendors citing their usage. “The adoption of AI has become increasingly critical in the face of tougher encryption protocols, such as TLS 1.3, DoX, ESNI and ECH, which progressively erode traffic data that is available to traditional DPI tools,“ said Dr. Martin Mieth, VP Engineer at ipoque. “To address and reverse these visibility gaps, our commercial DPI technology for networking and cybersecurity solution providers comes with encrypted traffic intelligence (ETI) which combines advanced ML and DL techniques to accurately and reliably classify traffic flows, despite encryption, obfuscation or anonymization.“

Higher traffic volumes and the need for comprehensive signature libraries drive shift to commercial DPI

With zero licensing fees, open-source DPI provides an attractive option for delivering baseline insights across common networking and security use cases. However, evolving business requirements are pushing vendors to explore strategic alternatives, specifically commercial DPI solutions which are built to address higher performance, capacity and customer service requirements. According to the report, 71.3 % of vendors rate the service and customer care provided by open-source DPI to be limited or non-existent. The report also finds traffic volumes, signature libraries and application complexities (e.g. niche protocols for IIoT and real-time communications) positively influencing vendors‘ decision to switch to commercial DPI.

Migration tools expected to significantly reduce transitioning complexities

According to the survey, 82.2 % of vendors agree that having a migration tool can positively affect their decision to upgrade from open-source to a commercial DPI software solution. Migration tools can cut down integration complexities, by allowing existing configurations such as custom signatures, databases and files to be exported to the new DPI software. By replicating past algorithms, rules and processing thresholds, vendors can speed up deployment and minimize service disruptions.

Exploring new alternatives with ipoque’s cutting-edge, next-gen DPI technology

ipoque’s high-performance OEM DPI engines, which include the DPDK-based R&S®PACE 2 and its VPP-based counterpart R&S®vPACE, are enhanced with ETI (encrypted traffic intelligence) to deliver accurate classification across any protocol, application and service type, even for encrypted traffic. Boasting the industry’s lowest memory footprint and a comprehensive, weekly-updated library with thousands of signatures, ipoque offers a highly-scalable and reliable alternative to open-source DPI. ipoque’s DPI technology is backed by extensive R&D and a stringent QA methodology including the mobile automation framework which involves constant performance and reliability testing across the globe for the highest detection rates across any traffic, including high-priority mobile applications.

“More importantly, we provide a specialized migration tool from open-source DPI to our DPI technology, which automatically translates existing information structures. This cuts down integration complexities, including extensive code changes, thus speeding up onboarding. We top this with flexible SLAs, a global team, hands-on training and 24/7 customer support for continuous facilitation before, during and after migration,” added Dr. Mieth. ipoque’s DPI engines also include various enhancements, such as first packet classification, tethering detection and the ability to customize signatures. The DPI software engines cater for not only leading networking and cybersecurity vendors, but also startups across the globe.

Conducted jointly with The Fast Mode, a leading telecoms/IT publication, the survey also uncovers the benefits, long-term costs and security implications of open-source DPI, as well as ongoing migrations to commercial DPI. The report is available for download at: www.ipoque.com/open-source-dpi.