First Packet Advantage: A New Approach to First Packet Classification for SD-WAN and SASE

What is First Packet Processing?

First packet processing is a technique for identifying applications and services in network traffic from the very first packet in a flow. This enables the instantaneous execution of application-specific rules, such as those related to unique bandwidth, latency, or security requirements.

Enea’s Unique Solution for First Packet Classification

The Challenge with First Packet Processing

First packet processing is beneficial for high-throughput networking and security solutions like SD-WAN and SASE. However, most first packet processing techniques score poorly on accuracy and granularity. This leaves vendors with an unfortunate choice between passing more traffic through DPI – limiting the performance advantage of first packet processing, or executing immediate traffic steering or security policies based on limited – or even erroneous – information.

The Enea Solution

Enea’s First Packet Advantage addresses these accuracy, granularity and performance challenges to unleash the full power of first packet processing. It improves on conventional cache-based first packet processing through two innovative features:

  • Cascading Cache Structure: First Packet Advantage replaces conventional single-pass cache lookups of previously classified traffic with a cascading, multi-criteria lookup structure that leverages internal session prediction caches and known IP addresses. This boosts accuracy and significantly reduces the amount of traffic that requires immediate DPI processing.
  • Internet Protocol Database (IPDB): First Packet Advantage expands the IP addresses used in its prior cascaded cache from hundreds of IP addresses to millions of rigorously verified addresses. These IP addresses are derived from the fully qualified domain names (FQDN) of the top 1 million most popular Internet domains. To maintain accuracy, the FQDNs and associated IP addresses are continuously run through a multi-step validation process as part of the “Evergreen” program in the Enea Labs.

In addition, First Packet Advantage applies service categories to Office 365 traffic based on first packet data alone, enabling ultra-efficient, category-based management of this widely used software suite.

First Packet Advantage is available as a standard feature in Enea’s Qosmos ixEngine and Qosmos Probe (a software sensor which embeds ixEngine). It delivers an immediate performance advantage for SD-WAN and for Secure Access Service Edge (SASE) solutions, which provide integrated SD-WAN and security functions as a cloud service. It also enables vendors of these solutions to better position themselves for major industry changes, including fully encrypted environments and Artificial Intelligence (AI)-driven orchestration and analytics.

Performance + Innovation for SD-WAN & SASE

Paving the Way for Artificial Intelligence
This new approach translates to an immediate performance boost for today’s SD-WAN and SASE solutions. Beyond this performance boost, First Packet Advantage also delivers the data precision and lightning-fast processing required for AI-powered orchestration in the SD-WAN market, and AI-based security operations management and threat analytics in SASE solutions.

Supporting the SD-WAN to SASE Evolution
First Packet Advantage is also unique in its ability to deliver robust security-related information in addition to application and service classification. This enhances existing security capabilities for SASE vendors and supports product evolution for SD-WAN vendors. Specifically, the security-related data enables SD-WAN vendors to enhance their offer with new security rules, to develop firewalls and other key security components as part of a Secure SD-WAN solution, or to evolve their offer into complete, cloud-based SASE solutions.

Providing a Visibility Safeguard for Fully Encrypted Environments
In addition, the unique IP-based traffic classification system (IPDB) within Qosmos ixEngine will be especially valuable as stronger, more rigorous encryption standards are adopted. This change in encryption practices will expand the situations in which proxies cannot be deployed to decrypt and inspect traffic, or in which doing so will become undesirable for performance.

In such environments, IPDB will provide an important alternative method of accurately identifying protocols, applications and services. Furthermore, Enea Labs research has shown that machine learning combined with IP-based classification can help restore some of the vital granularity that is typically lost with IP-based classification.

Related insights

Qosmos ixEngine Named Best Product Embedded Security in the Global InfoSec Awards 2023

Enea’s Qosmos ixEngine Wins Global InfoSec Best Product Award

Read more

Tags: Cybersecurity , Deep Packet Inspection , Intrusion Detection , Qosmos ixEngine , Traffic Intelligence

How to Boost ZTNA Performance with Detailed Traffic Visibility

Read more

Tags: Cloud Security , Deep Packet Inspection , Qosmos ixEngine , SSE , Traffic Intelligence , ZTNA

Discover the 3 Hot Topics at RSA Conference 2023 with Enea

There will be 3 Hot Topics at RSA Conference 2023: Find Out What They Are and Why

Read more

Tags: Cloud Security , Deep Packet Inspection , Intrusion Detection , SASE , SD-WAN , SSE , Traffic Intelligence , ZTNA

The Role of DPI in Cybersecurity - An Interview with Roy Chua, Founder and Principal of AvidThink

The Role of DPI in Cybersecurity – An Interview with Roy Chua, Founder & Principal of AvidThink

Read more

Tags: Cybersecurity , Deep Packet Inspection , Encryption , SASE , SD-WAN , Traffic Intelligence

Enea Qosmos Probe Shows High Performance for Cyber Security

Intel Solution Brief: Enea Qosmos Probe Shows High Performance for Cyber Security

Read more

Tags: Cybersecurity , Deep Packet Inspection , Intrusion Detection , Traffic Intelligence