The deep packet inspection and processing market are anticipated to reach a CAGR of 5.5% over the forecast period 2020-2025. DPI combines signature matching technology with a data analysis algorithm to determine a communication stream impact. Hardware-based middleboxes are prevalent in computer networks, which usually incur high deployment and management expenses. A recently arising trend aims to address those problems where researchers are proposing two practical approaches to implement a cloud-based DPI middlebox. The outsourced DPI middlebox performs payload inspection over encrypted traffic while preserving the privacy of both communication data and inspection rules.
- The increasing adoption of regulatory and data protection laws is driving the market. Various countries are implementing the regulatory bodies, such as in May 2019, President Vladimir Putin signed the "sovereign internet" law, where the proclaimed goal is to protect the Russian segment of the internet from threats to its security, integrity, and sustainability. Internet service providers (ISPs) are compelled to install "the technological means [equipment] for countering [external] threats" into their networks. This equipment includes deep packet inspection (DPI) technology, which allows the government to track, filter, and reroute internet traffic.
- In contrast, DPI in the European Union is used very differently. It is used as part of mechanisms to clamp down on drug trafficking and child pornography. When the EU established their intent, they were quick to enforce laws that controlled the use of data. The consideration falls under the ambit of the General Data Protection Regulation (GDPR), a comprehensive set of laws that protect EU citizens and their sensitive data.
- Further, the high adoption of cloud-based security technologies drives the market. According to cloud security provider, Armor, it is said that cloud customers were hit with 681 million cyber-attacks in 2018. According to 2018 Cost of Data Breach Study by Ponemon Institute, the average cost of a data breach in 2018 was USD 3.86 million, which is a 6.4% increase in the 2017 cost of USD 3.62 million.
- Many cloud services are accessible to the entire internet, which means improved system accessibility is an important driver for cloud migrations. However, cloud servers and applications are regularly attacked using a broad range of methods from anywhere on the globe. Deep packet inspection and processing are essential to keep the bad traffic out while letting the good traffic through without too much interruption. It is also important to look beyond this perimeter-based defense layer. There are several approaches to successfully deploy a security control based on Deep Packet Inspection within a public cloud environment, such as using the vendor solutions already built for this exact purpose, and another product range is based on agents running on customer endpoints.
- Moreover, attackers already started exploiting the burst of information and heightened alertness of the public for COVID-19 related news. Phishing, spam campaigns, and malicious websites/domains have significantly increased. In order to relieve the load on VPNs and mitigating the chances of successful command and control (C2) channel for malware to be established, F-Secure recommends using deep packet inspection on VPN concentrators and other network perimeter devices. With such stand, certain bandwidth-heavy online services can be blocked, such as streaming and various gaming services. It is also recommended for allowing communication on only known and approved ports, such as HTTPS. The pandemic is significantly increasing the adoption rate.
Key Market Trends
Software Solution to Witness Significant Growth With Increasing Enterprise Internet Traffic
- In recent years, DPI (Deep Packet Inspection) software has evolved into a powerful tool to meet new network challenges, playing a central role in today's internet and network infrastructure. As most of the internet traffic is now encrypted, a reliable DPI software engine needs a tool kit of advanced techniques to classify traffic.
- DPI identifies and classifies traffic based on the signature database that includes information extracted from the data part of a packet, allowing finer control than classification based only on header information. Applications such as peer-to-peer (P2P) traffic provide increasing problems for broadband service providers.
- Typically, P2P traffic is used by applications providing file sharing. Due to its frequently large size of media files being transferred, P2P drives the increasing traffic loads, which requires additional network capacity. DPI allows operators to oversell their available bandwidth while ensuring equitable bandwidth distribution to all users by preventing network congestion.
- The network must be able to parse through content, assemble enough of an application message, and identify traffic usage and patterns based on the information. DPI functions fall into four categories:Protocol analysis/application recognition, Anti-malware/anti-virus, Intrusion Detection and Prevention (IDS/IPS), URL filtering.
- According to the Enea AB survey, 70 percent of respondents (high-tech product managers) require the classification of connected devices in the enterprise and IoT/industrial networks. And also, the increased use of encryption along with the adoption of the stringent TLS 1.3 security protocol (mandatory in 5G), threatens essential traffic visibility for many vendors. This essentially requires the Deep packet inspection and processing catering to the future market growth.
- Further, most vendors report that they have or are developing cloud solutions, with half of them planning to offer a Secure Access Service Edge (SASE) solution that integrates security and networking in a cloud-based service. This requires the use of DPI software, which adhere to market growth.
- Furthermore, players are introducing new software for traffic analysis which caters to the market growth. In February 2020, Sophos introduced a new Xstream architecture for Sophos XG Firewall with high-performance Transport Layer Security (TLS) traffic decryption capabilities that eliminate significant security risk associated with encrypted network traffic. Its newly enhanced Deep Packet Inspection (DPI) engine dynamically risk-assesses traffic streams and matches them to the appropriate threat scanning level, enhancing throughput by up to 33% across most network environments.
North America Accounts for the Significant Market Share
- North America accounts to hold significant share as the growth in the region is being driven by the rising internet penetration and increasing adoption of cloud-based and IoT applications across verticals. Moreover, North America tops the world in terms of security breach incidents, which caters to the DPI adoption.
- Cybercriminals are increasingly targeting businesses and medical institutions to gain the personal data of the victim. The personal data is then often used for socially engineering their attacks, which are more likely to trick the victim when compared to traditional cyber attacks. In fact, as of 2019, 79% of the total data breaches recorded in the United States were reported in business and medical sectors (source: Identity Theft Resource Center).
- The HIPAA Privacy Rule established national standards to safeguard Protected Health Information (PHI), individuals' medical records, and other personal health information. This is following the trend towards deploying servers executing sophisticated Deep Packet Inspection (DPI) logic to identify and extract relevant data segments from the raw traffic.
- Further, according to Akamai Technologies, United States has the highest penetration share of DDOS (Distributed Denial of Service) attack traffic from Nov 2017 to April 2018 with 30%, and China stands at second with 16%. In the United States, it is likely to increase attacks against the country's end-user industries. DPI is used to enhance the capabilities of ISPs to prevent the exploitation of IoT devices in DDOS attacks by blocking malicious requests from devices. Thus DDOS is likely to increase the adoption of DPI solution.
- Moreover, players are coming up with new technologies that are potentially adding value to market growth. For instance, in March 2019, CoSoSys announced its a new release of its award-winning Data Loss Prevention solution, Endpoint Protector 220.127.116.11, at RSA Conference 2019. The latest update introduces a brand-new feature: Deep Packet Inspection.
- This DPI technology available for macOS and embedded into the Endpoint Protector client intercepts all file transfers through web browsers. With such a feature now, it is possible to monitor the destination of a file, as well as to whitelist and blacklist specific URLs. Whitelisting allows file transfers only to specific domains and URLs, while with the blacklisting option, access to specific websites can be blocked.
The deep packet inspection and processing market is fragmented as the players are increasingly innovating new hardware and software solutions, and also new entrants are adding to this market that caters to the significant competition. Several innovations have been witnessed in the deep packet inspection and processing market, including the development of Next-Generation Firewalls (NGFWs) that are capable of investigating the network packets up to 7 application layers of the OSI model. Such instances provide intense rivalry among the players for providing unique Ksolutions. Key players are Nokia (Alcatel Lucent), Huawei technologies, and others. Recent developments in the market are -
- July 2020 - Rapid7, Inc., announced that the Network Traffic Analysis (NTA) is now available in InsightIDR, the company's market-leading Security Information and Event Management (SIEM) solution. InsightIDR's NTA leverages a proprietary Deep Packet Inspection (DPI) engine to capture raw network traffic flows, extracting rich metadata. This approach drastically reduces data volume but retains the critical data ideal for investigations, deeper forensic activities, and custom rule creation.
- August 2020 - SafeRide Technologies announced the release of new Intrusion Detection and Prevention Software (IDPS) to protect Automotive Ethernet networks against cyberattacks. The new solution is integrated into SafeRide's vSentry Edge AI software. vSentry Edge AI monitors the CAN and Ethernet communications from multiple domains and performs deep packet inspection and payload analysis.
- The market estimate (ME) sheet in Excel format
- 3 months of analyst support