Page 30 - CDM-Cyber-Warnings-March-2014
P. 30
obfuscation techniques used by all protocols is required to solve those presented by a new release of a certain application or anonymizing client, as an example. Of course, as with anything, the path to product selection involves choices and trade-offs. One thing that cannot be compromised in selection of DPI engines is performance. The constant in data networks since their inception is growth in the data travelling on them. So, a DPI engine optimized for linear performance over deployed CPUs enables the highest available performance. Unlike other categories of subscription, accurate coverage and predictable release cadence are also important success factors in the selection of DPI software. As it relates to SWGs, these attributes are critically important. Decisions to exercise security policy are directly tied to the classification results provided by the DPI engine. An error causes the right traffic to be impeded, while the wrong traffic might be afforded passage. In either case, unpredictable results may occur and good security is dependent on consistency and predictability. Release cadence, while not always top of mind, can mean the difference between a vulnerability that is patched in days or lingers for weeks and even months. The ability to create and release accurate, dependable DPI signatures in short order can be a game-changing capability. With most SWG products, fast response to new threats are an implied part of the contract with any user and running afoul of that trust creates tension most could do without. A vendor of DPI software must have experience in the crucible as it relates to rapid signature deployment. Shawn Sweeney Director Product Management and Marketing Procera Networks " # % " $ " # ! !
