State of open-source DPI: 4 key takeaways

Open-source deep packet inspection (DPI) is as popular as commercial DPI solutions, offering multiple potential benefits such as no up-front licensing costs.

That’s one of the baselines of a new report, conducted by ipoque, a Rohde & Schwarz company and The Fast Mode, that includes survey input from 48 leading networking and cybersecurity vendors on their open-source DPI usage.

From a networking standpoint, DPI’s depth and breadth enables more intelligent and context-aware traffic management. It’s also playing a major role in security, particularly as networks – and the threats against them – have grown far more complex and diverse.

The report found that open-source DPI is the top procurement model in terms of vendor awareness, with 41.7% saying they were very familiar and another 25.0% being quite familiar. That’s roughly neck-and-neck with commercial DPI options, with 35.4% and 31.3% of vendors saying they were very or quite familiar, respectively. Homegrown DPI solutions built from scratch internally, on the other hand, appear less popular: roughly one in five respondents said they weren’t at all familiar with this approach.

But open-source DPI also faces several key challenges that can ultimately make commercial DPI solutions more attractive to organizations as their needs scale and evolve over time.

Let’s take a closer look at these and other important insights from the full report, “State of open-source DPI - Challenges, opportunities and alternative”.

Takeaway #1: Reducing Costs Drives Open-Source Interest – But Not Forever

While it’s somewhat of a misnomer to call open source “free” – someone still must implement and manage the code, of course – it can reduce licensing costs relative to commercial options, especially during the initial adoption phase.

More than half of respondents (52%) strongly agree that low initial costs is one of the biggest benefits of open-source DPI, with another 25% saying they moderately agree.

Yet while most respondents said operational costs tend to remain moderate, other requirements can spur unexpected costs over time that make open-source DPI solutions more expensive than anticipated.

Two of the biggest culprits here are long-term support and solution customization. On the support front, half of vendors expect support delays (because of a lack of available support from the open-source project itself) will cause high or very high costs.

Customization requirements are also common based on industry and business-specific needs, as well as technical optimization. The report notes as an example that a load balancer and an application performance monitoring solution have very disparate visibility requirements – optimizing a DPI implementation would typically require different resource and output configurations.

Nearly half (46%) of respondents say such customizations are likely to spur high or very high costs.

Takeaway #2: Newer Encryption Protocols Challenge Open-Source DPI

Data encryption is a major tool in terms of privacy and security. But it’s also a major challenge for DPI, because by its nature it hinders – if not preventing altogether – traffic visibility and the ability to properly classify different applications on the network.

The report dug into how different encryption protocols are handled by open-source DPI tools and found quite a bit of variability.

The vendors surveyed largely agreed that TLS / SSL (TLS 1.0 to 1.3) traffic flows are the easiest for open-source DPI to detect, with 73% agreeing. QUIC and other encrypted Layer 7 protocols (SRTP, S/MIME, DTLS, SSH, SNMP) were a close second (72%) in terms of the ease with which open-source DPI can detect.

Two newer protocols, TLS extensions (such as ESNI and ECH) and DoX (such as DNS-over-

HTTPs, DNS-over-TLS), appear to pose more significant challenges when using open-source DPI, according to the report, which also noted that traffic obfuscation (such as domain fronting, tunneling, and mimicry) and anonymization technologies (such as VPNs and CDNs) also pose challenges. Just half of respondents said open-source DPI can provide proper visibility into anonymized traffic, and even fewer (40%) said it could effectively detect obfuscated traffic.

Takeaway 3: Potential Security Holes Cause Concern

The report rightfully notes that any new or added technology solution can increase an organization’s attack surface from a cybersecurity standpoint.

The survey specifically dug into vendor concerns with open-source DPI solutions, and found the top three issues were:

Takeaway 4: Several Factors Spur Move From Open Source To Commercial DPI

The report also takes a deep dive into various other challenges with open-source DPI, as well as key factors vendors and other organizations consider when considering a move to a commercial tool.

There are plenty of insights here, including potential issues with long-term costs and support with open-source solutions. In general, the report concludes that there is a valuable place for both open-source and commercial DPI solutions – and a clear relationship between the two.

It also found that there are some common drivers that give network and cybersecurity vendors impetus to consider migrating from open-source DPI to a commercial solution.

Traffic growth was the clear top factor that pushes vendors to consider commercial solutions, with nearly two-thirds of respondents picking it.

The need for a robust, comprehensive, and frequently updated signature library came in second, at 58%.

“Commercial DPI tools provide organizations, specifically fast-growing enterprises, powerful and scalable traffic analytics solutions that are fully backed by specialist providers with deep expertise and experience,” the report says.

Finally, the report notes that the availability of a custom migration tool often serves as a catalyst for moving from an open-source DPI solution to a commercial option. Such migrations are usually labor and time-intensive, and the right tool can greatly alleviate the effort required.

Conclusion

The report makes clear that both open-source DPI and commercial DPI software have valuable roles to play. However, the challenges that face open-source DPI can lead organizations to switch to a commercial solution.

Commercial DPI solutions, such as those from ipoque, can proactively solve many of the common challenges highlighted in the report. These include keeping pace with new traffic protocols and mitigating potential security vulnerabilities caused by issues like misconfigurations or unmaintained code.

ipoque, for example, offers 24/7 support, robust migration and customization capabilities, and innovations such as enhanced traffic intelligence that can accurately classify any protocol, application, or service – even when it’s encrypted.

Read the full report and all of its comprehensive takeaways:  “State Of Open-Source DPI: Challenges, Opportunities And Alternatives.”