Zero Trust Network Access (ZTNA) is currently one of the hottest areas of cybersecurity investment with an addressable market for products and services that is estimated at over $10 billion [1] Success on this market depends on ZTNA performance and scalability and this, in turn, depends on traffic visibility and the degree of intelligence ZTNA functions receive on the different traffic flows. Traffic visibility has been strongly impacted in recent years by encryption, new techniques for cloaking malicious traffic, and the erosion of traditional network perimeters where traffic has previously been decrypted and inspected. Effective ZTNA therefore requires traffic intelligence that overcomes these visibility challenges while operating across multi-tenant, multi-edge deployments.
The most common source of traffic intelligence is deep packet inspection (DPI) which passively analyzes network traffic flows to identify the protocols, applications and services in use. There are various DPI solutions available to ZTNA providers, however the level and quality of information can vary considerably and this has a significant impact on the performance of the different ZTNA functions.
What is next generation deep packet inspection (NG-DPI)?
DPI is a widely deployed technology long used to provide traffic visibility in networking and security solutions. Specifically, it is software that passively analyzes network traffic flows from Layer 2 (data link) to Layer 7 (applications and data) to identify the protocols, applications and services in use, and to extract additional information in the form of metadata to support specific networking and security functions.
NG-DPI has evolved to meet three important challenges of high importance in ZTNA effectiveness:
- The rise of encrypted traffic, which impacts the essential visibility required to properly manage and secure networks,
- The emergence of advanced, complex cyberattacks perpetrated by sophisticated criminal actors and nation-states, and
- The shift to cloud-based solutions, with significantly higher performance and scalability requirements.
NG-DPI meets these challenges with these distinguishing capabilities:
- Encrypted traffic classification
- Detection of anomalous and evasive traffic
- Advanced first packet processing
- Extended protocol and application coverage
- Cloud-scale performance
How can NG-DPI be used to boost ZTNA effectiveness?
NG-DPI improves the effectiveness of each of ZTNA’s main functional components by combining telemetry-based traffic flow analysis with a high level of protocol and application recognition so that the identity schema becomes much more granular. Add to this contextual insights from extended metadata related to users, devices, flows and locations, and the risk analysis process can become extremely accurate. Some of today’s NG-DPI solutions can deliver enough precision and context that ZTNA solutions can reach zero false-positive identification, creating an air-tight barrier that prevents malicious users, devices, or programs from ever making an initial connection.
Options for acquiring NG-DPI
Building NG-DPI in-house requires significant development resources and deep NTA experience. Protocol and application libraries need to be constantly updated and machine learning expertise is crucial for encrypted traffic identification and classification.
Open-source NG-DPI can be used as a foundation for in-house development, but to meet advanced ZTNA needs it requires deep customization.
For this reason, vendors building ZTNA offerings often turn to commercial NG-DPI engines because they represent a more effective financial and technical solution. They also have the advantage of being delivered as a fully functioning component, accelerating product development and enhancing the solutions with advanced techniques that bring higher performance and product differentiation. In addition, commercial protocol libraries are already extensive and are constantly maintained, ensuring more accurate traffic identification.
You can find out more about NG-DPI for ZTNA and how to integrate it into your solutions in a new industry brief “How to Improve ZTNA with Next Generation Deep Packet Inspection”. It looks in detail at each ZTNA function, the traffic visibility challenges that are limiting ZTNA performance, explains how NG-DPI can improve solution effectiveness and the different options for acquiring the technology.
