ipoque, a Rohde & Schwarz company and a leading provider of next-gen deep packet inspection (DPI) software, has published key findings of its latest research report ‘Next-gen DPI for ZTNA: Advanced traffic detection for real-time identity and context awareness’. The report finds poor traffic visibility affecting 90.7% of zero trust network access (ZTNA) vendors, compromising identity and context awareness that forms the basis of zero-trust strategies. The research also finds an overwhelming 92.6% of ZTNA vendors anticipating a rise in security vulnerabilities due to inadequate visibility, with 55.6% of vendors expecting the implication to be severe. The report, which is based on a survey of 55 leading ZTNA vendors, took place in November last year and was jointly conducted by ipoque and The Fast Mode, a leading telecoms/IT publication.
Assessing network and traffic intelligence that underpin the implementation of ZTNA, the report aims to uncover visibility challenges and the role of DPI in fortifying zero-trust executions. ZTNA merges access control and security in a cloud-based model, leveraging principles such as microsegmentation and least privilege access (LPA). “Trends in Cloud, SaaS, work-from-anywhere (WFA) and IoT have made ZTNA indispensable,” said Ariana Leena Lavanya, Principal Analyst at The Fast Mode. “Continuous adaptive trust, which is central to any ZTNA execution, uses real-time traffic intelligence to form virtual network perimeters that deliver seamless and secure access to enterprise resources.”
Lack of visibility impairs effectiveness of ZTNA
Visibility issues reported by ZTNA vendors stem from the explosive growth of traffic and application types and the emergence of new encryption protocols such as TLS 1.3, QUIC and ECH as well as various anonymization and obfuscation techniques. “Regardless of whether it is cloud, hybrid or on-premises ZTNA, ZTNA solution providers require advanced traffic detection techniques that can single out resources, devices, users, security status and irregularities. This is critical in executing fine-grained policies which are customized to different risk profiles and data sensitivity,” said Dr. Martin Mieth, VP Engineering at ipoque. Without sufficient visibility, ZTNA vendors have to fall back on blanket access rules and generic security measures, which lead to increased security vulnerabilities, network abuse and user experience issues, according to the report.
DPI equips ZTNA with future-proof traffic filtering capabilities
The ipoque OEM DPI engines R&S®PACE 2 and R&S®vPACE for networking and cybersecurity vendors combine behavioral, heuristics and statistical analysis, as well as machine learning (ML) and deep learning techniques to classify network traffic by protocols, applications and service types, even when encrypted. “Our DPI suite of solutions, which are optimized for both standard and cloud computing environments, are powered by AI and ML- based capabilities and weekly-updated libraries. Combining these with metadata extraction allows us to address information that ZTNA vendors deem most critical, namely threats, anomalies and application awareness,” said Dr. Mieth. The DPI technology by ipoque boasts high throughput, linear scalability and improved memory efficiency to support any number of user sessions. It also features extended capabilities such as first packet classification, custom DPI signatures, tethering detection and an IPFIX exporter that converts DPI data into Netflow/IPFIX flow records for seamless integration into SIEM solutions.
Higher use of DPI expected within ZTNA
The report finds that 83.3% of respondents currently use or plan to use DPI for ZTNA. Apart from enhancing the core mechanisms of ZTNA, DPI supports other ZTNA features such as single sign-on, single DLP and multi-factor authentication, and addresses encryption, unmanaged devices and even issues with ZTNA itself. “With real-time application awareness spanning legacy and hybrid applications, ipoque brings ZTNA performance to the next level and supports next-gen ZTNA features such as automatic network segmentation, intra-server / API access and even DEM,” added Dr. Mieth. “Continuous R&D into traffic trends and adoption of AI-based techniques have positioned us at the forefront of traffic intelligence, allowing us to support even the most advanced ZTNA implementations.”