DPI (Deep Packet Inspection) is a very useful and flexible technology used in many security and network products today. Recently I took a call from an engineer, John, working in the public sector in the US with a title ‘Senior Deep Packet Inspection Engineer’ really friendly and experienced engineer, managing a team of 11 other engineers who was interested in our product and found it with a SEO search term.
He was interested for a number of reasons, including its integration with some well known Network Management systems like SolarWinds and Splunk. His main pain though was ‘ease of use’. He already had a well known network management system which utilizes Deep Packet Inspection, really likes it, very powerful, can do a deep dive into the packets, extract some useful information, but very complex and difficult to use. As a result, the other engineers in his team keep coming to him for help when using the system, in order to troubleshoot and get to the information they need to understand and solve the problem.
John is what we call in NetFort a ‘power user’ , an expert, extremely technical, proactive, knowledgeable, he knows his network and technology. John is a rare breed though, hard to find and retain, expensive, and usually extremely busy because they are asked to help with everything because they get the job done.
DPI based technology is usually ‘expensive’ not only in monetary terms, but also in terms of costs to deploy, train and manage. Ease of use is not easy, by working closely with the customer we in NetFort tried to ensure even small and medium size organisations can easily look inside the packets and quickly get the level of visibility required to figure out what is going on. The LANGuardian is a product organizations of all sizes can easily download, install, use and afford to purchase and manage. It uses DPI technology, traffic, no agents or clients, to get to the right level of visibility, the information they require with minimum hand holding and support and ‘cost’.
DPI is complex but does NOT have to be always about ‘bits and bytes’ , ‘deep’ packet analysis, timings, errors, etc. In some rare cases it is important to be able to get to that level but these systems should take away the complexity until it is absolutely necessary, start at a high level, a level most of us can understand. Use the information pyramid, the software should be able to extract the complexity, to give the high level picture, to allow instant drill down, to generate reports with detail, actual NAMES, users, files, domains, normal users can understand!
You do not need to look into the packets, let NetFort do it for you!
Thanks to NetFort for the article.