How Deep Packet Inspection Provides a Multilayered Look Into Your Network

To protect your network, you need solutions that can dig deep and spot hidden threats.

Server room

If your company were to experience a cyberattack or an outage of a key application like your customer-facing website, would you know where to look for the problem? Many of us would look to IT to fix it, and many in IT would look to a stable of security products or a network monitoring platform to isolate the issue. But where is that software actually “looking”?

Ensuring the security and performance of IT networks requires that organizations have full visibility into the underlying “packets” of information. That’s where a technology first developed in the 1980s, called deep packet inspection (or DPI), comes in.

To gain a clearer understanding of what’s happening with deep packet inspection technologies, how they advance what enterprises are able to do in cyberspace, and why patent trolls are gumming up this progress trying to make a buck, we spoke with Paul Barrett, a member of the Board of Directors for the DPI Consortium, a nonprofit dedicated to keeping DPI technology available to all. Paul has been involved with international IT standardization for close to 25 years and is chief technology officer for Enterprise at NETSCOUT.

Paul Barrett, Chief Technology Officer for Enterprise, NETSCOUT
Paul Barrett, Chief Technology Officer for Enterprise, NETSCOUT

Q: What is deep packet inspection?

Paul Barrett: Deep packet inspection involves analyzing the traffic traveling over computer networks—for example, the IT network operated by an enterprise—by looking at the various layers of information in the packets that traverse the network and enable the different machines making up that network to communicate. When you access an application, communicate with a co-worker via chat or just connect to your company’s Wi-Fi, network packets make that possible. The outer layers of the packet provide information about where a packet is traveling to and from; the inner layers contain information relating to the application or service that generated the packet.

Q: What is DPI used for?

Barrett: DPI supports many important functions in a modern network. DPI is used to monitor the health of a network, and perhaps even more importantly, the services that run over it. It is also used in many critical cybersecurity tools, such as in firewalls, intrusion detection systems and DDoS [distributed denial of service] detection and mitigation systems.

Like any powerful technology, DPI can be used for good or bad, with negative applications including censorship by governments. However, the vast majority of modern use cases are highly constructive. For example, DPI is used to ensure the availability of key network-based services, including commercial applications such as banking and retail websites, and the systems that support our country’s critical infrastructure, such as power grids and hospitals. DPI technology is also used by security teams to detect and thwart attackers trying to steal personal information or take down networks.

Q: How did the DPI Consortium come into being?

Barrett: The DPI Consortium is a 501(c)(6) nonprofit created by NETSCOUT that was officially launched at the end of November 2022.

NETSCOUT has spent years advancing DPI technologies by removing traditional barriers to using and understanding the vast quantities of data that are generated by modern networks to serve multiple purposes, from increasing security to network performance management.

Like any technology company, NETSCOUT receives spurious claims from patent assertion entities (PAEs) from time to time. So, in addition to fighting against baseless claims, we at NETSCOUT decided to do something to help our entire industry fight back. The result was the DPI Consortium.

Our first step was to assemble a stellar advisory board to help guide our mission of improving patent quality and assisting true innovators in defending their innovations. The consortium’s advisory board comprises seven luminaries from the world of networking, and we are enormously grateful for their time and guidance.

Q: What is the mission of the DPI Consortium?

Barrett: The DPI Consortium provides resources to support and advance the field of deep packet inspection technology by making historical research and development resources available to all, including innovators fighting frivolous claims made by patent assertion entities.

DPI technology has been around since the 1980s, but it has been rediscovered in recent years as companies try to solve increasingly complex application and cybersecurity problems. Understanding the history of DPI technology and its vital role in modern networks helps companies advance their technology and fend off spurious claims against their development.

Q: You mentioned patent assertion entities; who or what are they?

Barrett: Patent assertion entities, sometimes called patent trolls, do not perform research or product development themselves or even manufacture or sell products. Instead, they acquire patents from third parties and file lawsuits against technology companies with products that fall in the general area of those patents. The problem is that even if the accused products do not infringe the asserted patents, it is usually simpler and cheaper for the targeted organizations to reach a settlement with the PAE than it is to go through the time and expense of proving that at trial. As a result, this type of patent assertion has become a big business.

Q: How is the DPI Consortium helping to counter PAEs?

Barrett: As DPI technology has been rediscovered in recent years, this has sometimes led to new patent applications based on old technology and patents with questionable validity being asserted by patent assertion entities.

The Consortium has built a database of prior art that can be used to challenge patents that should not have been granted in the first place. Our resources include prior art and information about pioneering developments in DPI technology, including hard-to-find product data sheets, articles, patents and webpages from the Internet Archive.

Our database is hosted on the Zotero platform, widely used in academic circles for research. It is freely available, and we hope that its contents will also be used to further the art of deep packet inspection and help people to understand its long history.

Q: What’s next for the DPI Consortium?

Barrett: We have made the database available to everyone, and we plan to invite patent offices around the world to consider including it in their work, so we can minimize the risk of new patents being granted that unwittingly describe technology invented many decades earlier.

Paul Barrett is CTO for NETSCOUT’s Enterprise and Federal businesses. Paul joined NETSCOUT with the acquisition of Psytechnics Ltd in 2011. Paul was head of engineering for most of his 10-year tenure at Psytechnics and was CTO when the company was acquired. Prior to that Paul worked at BT Laboratories on voice transmission systems for GSM and 3G. Paul has 25 years of experience in the IT industry and has been actively involved in international standardization for much of that time. Paul holds a master’s degree in electronic systems engineering from the University of York in the United Kingdom. He is a senior member of the IEEE in the U.S., and a member of the IET and a chartered engineer in the U.K.

Learn how deep packet inspection can improve your network security posture.