DPI-powered application awareness for SSE

Securing highly distributed enterprise architectures with SSE

Borders that used to define traditional enterprise networks are rapidly disappearing thanks to the widespread use of Cloud and SaaS applications, the rise of a distributed workforce, and the mass deployment of connected ‘things’. Some organizations even deal with unmanaged devices due to “Bring Your Own Device” (BYOD). Gartner’s Security Service Edge (SSE) introduces a forward-thinking concept to safeguard an enterprise’s distributed resources using an array of cloud-based security services. They authenticate and manage traffic flows between users and applications, enabling seamless and secure access. Secure service edge (SSE) is part of SASE – with only the network services missing.

The four core components of Security Service Edge are:

• Secure Web Gateway (SWG)
• Cloud Access Security Broker (CASB)
• Zero Trust Network Access (ZTNA)
• Firewall-as-a-service (FWaaS)

By providing real-time traffic intelligence for SSE solutions, deep packet inspection (DPI) alongside encrypted traffic intelligence (ETI) enable enterprises to reliably and accurately validate and manage user sessions based on a wide range of network and security policies tailored towards protecting enterprise resources from abuse, attacks, intrusion and exfiltration.

Advanced threat intelligence for security at the edge

Application awareness with session information allows you to filter unlimited volumes of traffic from cloud, SaaS and enterprise applications. Combining behavioral, statistical and heuristic analysis with ETI’s deep learning and machine learning methodologies, the DPI engine R&SPACE2 by ipoque can detect different protocols, applications, and services even across traffic that is encrypted, obfuscated and anonymized. This delivers comprehensive, granular analyses of traffic passing through resources across enterprises’ edge, cloud and branch networks.

The information is then matched with metadata extracted from the underlying packets to determine traffic attributes such as packet size, source/destination URL and device type. Application insights augmented with flow and session details allow you to determine user-specific metrics such as bandwidth usage, frequency of access and applications accessed.

Deep packet inspection is also an important solution for threat detection and enables you to identify malicious and suspicious traffic patterns indicative of attacks and abuse. Detection of irregularities such as many concurrent log-ins, sudden peaks in application usage, and detection of new IoT devices makes it possible for you to identify impending threats and assess their impact on network performance and stability.

With real-time traffic intelligence from DPI, you can:

Protect Cloud and SaaS applications with DPI-powered CASB

Deep packet inspection for CASB addresses the security of your data and applications hosted in the Cloud. DPI facilitates CASB in validating users connecting to the enterprise’s Cloud and SaaS applications with application-aware access rights. By filtering traffic in real time, DPI enables CASB to detect potentially suspicious and malicious activity that could compromise cloud and SaaS resources. With DPI-powered CASB, you can identify the security vulnerabilities of cloud and SaaS applications and implement pro-active monitoring to minimize risks and boost cloud security.

Enhance SWG with real-time traffic visibility from DPI

DPI for SWG provides real-time insights into enterprise applications traffic with fine-grained analysis on applications, services, and transactions across unlimited flows and sessions. DPI’s data allows SWG to identify traffic anomalies and pinpoint suspicious activities in real time, especially across flows originating from outside the network perimeter. Insights from DPI can greatly enhance enterprise application access and usage controls by facilitating highly adaptable, application-aware rules.

Secure critical assets and resources with DPI for ZTNA

Deep packet inspection for ZTNA paves the way for a superior security framework to safeguard the enterprise’s servers, files and data. DPI enhances high performance traffic visibility to support threat detection, allowing you to establish the risk profiles of various cloud and private applications based on their usage patterns and analyses of suspicious, anomalous and malicious flows. DPI also delivers granular information at the packet, flow and application level. This facilitates dynamic, application-aware access policies tailored towards an enterprise’s security requirements, traffic conditions, and monitoring capacity.

Enrich your SSE suite with real-time traffic intelligence

• Continuous validation of a user session via behavior monitoring and prompt termination of suspicious sessions
• Identification and blocking of malicious traffic in real time (via FWaaS, DNS and WAAPaaS)
• Identification of data breaches with analyses of traffic anomalies (via DLP)
• Detection of shadow IT through identification of unauthorized applications at branch offices