Guest blogger: Michael Patterson, CEO of Plixer
Deep application awareness is the ability to accurately identify what applications are being used on a business IT network. A company that understands how bandwidth is being consumed, by whom and how it is prioritized, can optimize organizational performance.
To gain deep application awareness, you need a Deep Packet Inspection (DPI) solution to detect and analyze all packets coming from each host. The DPI solution should study the behavior of the traffic patterns by looking at a series of packets and then correctly identify each application. What makes it difficult is that multiple applications can share the same ports. For example, TCP port 80 is used by many different applications. This technique is performed because when using port 80 it is easy to get through a firewall. When a basic packet inspection tool identifies TCP port 80 traffic, it often labels it as HTTPwhen in truth, it could be Skype, Webex, Citrix, Youtube, Facebook, Salesforce, LinkedIn, or any of a myriad of other applications. These are all considered applications today but they are running over the same port. A tool that labels all TCP port 80 traffic as HTTP can be misleading. Correctly identifying applications makes trouble shooting easier and allows administrators to prioritize business applications.
Not only should the DPI product correctly identify end user applications, it should also provide a few performance metrics. For example, for Voice over IP (VoIP) traffic it should deliver details on Jitter and packet loss. For remote or internal employees suffering from poor voice connections, this metric allows administrators to determine which end of the call is experiencing the most issues and at which minute during the entire length of the call. This is important as it allows network analysts to observe the impact that the increase in traffic can have on voice quality at different points on the network.
Dell SonicWALL firewalls include a DPI engine and eliminate the need for a separate appliance on your network. Application traffic and performance data can be exported via the IPFIX protocol to Dell SonicWALL Scrutinizer, an application traffic flow analytics product. With Scrutinizer a detailed history can be stored and analyzed for deep forensics on network activity. For more information on Dell’s security reporting and analytics from Dell SonicWALL: http://www.sonicwall.com/us/en/products/Scrutinizer.html