It seems like yesterday that the first “stateful” firewall was bought to market. In fact, it was over two decades ago that the first real commercially available product came to market. This innovation unleashed a renewed look at the firewall problem. And thus came the crush of me-toos and look-alikes for some number of years. Each one trumpeted with more promise than the last.
With the advent of application-specific integrated circuits (ASICs) and their broader use in networking products, a second wave of innovation came a decade or so later. Some new products were brought to market, religious discussions ensued, battles started, wars lost and companies acquired. Lather, rinse, repeat.
The hardware guys argued, and I know as I was conveniently in their camp for a while, “anything software can do, we can do faster!” True enough at the time, but I am reasonably certain, this too shall pass. And so it did.
Fast forward to present day. With every new product announcement exists another application, user-profile, use case and device. Each permutation of “user context” represents yet another way for bits to be sent and received. Keeping up is a full time job that can no longer be easily solved by throwing minds at it or making faster hardware. The latter always limited to what is fact today and poorly suited to the shifting reality of tomorrow.
So, what’s a Product Manager of a firewall or UTM appliance to do, especially if the composed solution has additional special sauce, representing core competency, as it most certainly will? The dizzying array of avoidance and evasion techniques in use today is enough to drive him or her to the madhouse. If you doubt that, consider the anonymizers and the relentless release trains they produce to keep the good people of the repressed world from being discovered – and those in the free world from being committed with a diagnosis of paranoia from the nagging fear they are being watched.
At Procera, we believe that poor, aforementioned Product Manager should seek relief in the form of leveraged expertise. With nearly 1000 customers worldwide—network managers who depend on our DPI products--to make accurate and intelligent policy decisions, there is nothing that escapes the attention of our learned staff. If blocking or conditioning certain traffic types is your game, we would posit that being correct is kind of important and not to be left to chance.
So, our humble recommendation, be it firewall or UTM appliance, leave the deep packet inspection to the experts. We did not invent DPI, but we have advanced the technology across both premise and embedded product lines the world over. This position is unparalleled in the industry, about this there is no dispute if admittedly some jealousy and consternation. The high ground in any disagreement the rightful claim of the best and most diligent.