DPI Sensor for Threat Hunting

The Challenges

Cyber crime is becoming increasingly sophisticated with advanced malware now able to evade commercial IDS. Security Operations Centers therefore need to bolster their security solutions with extra barriers to intrusion and a higher level of cyber threat detection.

At the same time, data overload is becoming a critical problem in cyber security operations, hampering efficiency and performance:

  • Huge amounts of data must be gathered, analyzed and stored.
  • Numerous alerts are generated, many of them false positives that use up significant resources and drown out legitimate alerts. 


The Solution

By adding Deep Packet Inspection (DPI) sensors to existing security systems, data volumes can be reduced and cyber threat detection can be improved through more efficient data analysis and a higher level of traffic visibility: 

  • A DPI sensor can help reduce the size of forensic data storage by up to 150x compared to full packet capture (FPC).
  • Using DPI to inspect traffic provides visibility up to Layer 7. The extraction of metadata gives a higher granularity of information and can also be used to index content, improving threat hunting. 
  • Information on patterns gathered by the DPI sensor can be combined with existing traffic rules and used to constantly update the security system by creating new rules for other components such as IDPS, drastically reducing the number of false positives.


Qosmos Probe – An Advanced DPI Sensor

Qosmos Probe provides a perfect complement to signature-based detection tools e.g. IPS and FPC.

Qosmos Probe in a Security Operations Center

The classification and metadata engine embedded in Qosmos Probe is based on Qosmos ixEngine, the most widely used DPI engine in cyber security. Qosmos Probe provides detailed visibility of traffic up to Layer 7, recognizing over 3 000 protocols and with the ability to extract more than 5 000 metadata, including cyber security dedicated metadata.

  • Detects patterns based on a Regular Expression matching.
  • Gives full visibility on traffic, including services or encrypted traffic and non-standard ports, enabling sharper tools for threat hunting.
  • The Deep File Inspection capability detects file type, checks consistency between MIME type and file extension, computes file hash and extracts metadata.

Qosmos Probe supports extensive data formats and standard APIs, making integration in cyber security architectures, whether physical or virtualized, rapid and simple. 

Qosmos technology has proven performance, reliability and scalability. Qosmos Probe can scale up to N x 100 Gbps and can therefore be deployed in country-size networks.

“Layer 7 visibility allows a view of individual application flows and even an understanding of components of applications.”

Jeff Wilson, Research Director and Advisor, Cybersecurity, IHS

IHS Markit Logo

Why would you use DPI sensors for threat hunting?

Join us for a webinar on How to Strengthen Threat Hunting with DPI Sensors and discover the results of a new survey!

>> Find out more

We use cookies to improve and personalize your browsing experience. This site may also include cookies from third parties. By using this site, you consent to the use of cookies. Read more

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.