Next-Gen DPI for AI Success

High-Quality Input Data for AI Product Quality & Differentiation

As enshrined in the timeless “garbage in, garbage out” maxim, feeding a computer program poor quality data inevitably produces inaccurate and unreliable programming results. AI algorithms and the applications built upon them are no exceptions to this rule. In fact, if anything, the impact of poor-quality data is magnified in AI, particularly in agentic AI contexts where poor data can result in poor decision-making that leads to real world harms.

On the contrary, supporting AI algorithms and models with data that is complete, accurate, relevant, timely, consistent, and unique can dramatically improve models’ output – without making changes to the algorithms used. In the context of networking and cybersecurity solutions that integrate Large Language Models (LLMs), significant training is required to produce reliable results as LLMs foundational data source (the World Wide Web) is lacking both in reliability and specificity.

This training has become more manageable with strategies like Retrieval Augmented Generation (RAG), which refines results via run-time queries of trusted datasets, and the development of derivative Small Language Models (SLMs) that operate on smaller, high-quality data sets (with relevancy being an important quality measure in this context).

Whichever modeling strategy is used, the Qosmos ixEngine is the deep packet inspection (DPI) technology most widely trusted by networking and cybersecurity vendors because of its 1) technical depth (4600 protocols and 5900 metadata types), 2) accuracy, and 3) readiness for use. This data readiness means Qosmos ixEngine-generated data is automatically cleansed, validated, organized, documented, labelled and ready for vendors to use in AI applications.

Qosmos ixEngine data is also valued in AI applications due to its uniqueness. This includes standout coverage of industrial protocols (OT, IIoT, ICS), indicators of anomalous and evasive traffic, and ML-based encrypted traffic classification.

Observability for Shadow AI, AI Agent Behavior, and Action & Asset Provenance

Observability for Shadow AI

Security professionals need continuous global visibility into who is using which AI tools, and where and how they are being used. And they expect their software solution vendors to meet this visibility need, and to implement management and security functions on top of it.

The explosion in GenAI-powered applications has created serious governance and security challenges for IT teams. Like the Shadow IT and Bring-You-Own-Device (BYOD) practices that preceded them, Shadow AI refers to the unauthorized and unmanaged use of AI tools and applications by enterprise users (both human and machine). And as with Shadow IT, addressing the risks associated with Shadow AI begins with network observability.

To assist vendors with this challenge, Enea has made it a priority to extend protocol coverage to the latest AI tools, including:

• APIs for LLM companies like Anthropic, AI chatbots like MS Copilot, personal assistants like Pi, code writers like Amazon CodeWhisperer, image generators like DALL-E, writing tools like Writesonic, multi-chatbot interfaces like Poe, voice generators like Murf.AI, video and image editors like RunwayML, email management tools like Mailbutler, music composition like Aiva, and productivity apps like Notion.
• In addition, protocol profiles include important transactional metadata like file downloads or uploads.

Observability for AI Agent Activity

“It is… logical to expect that as agent use proliferates, so will agent-related security incidents, and activity in AI Agent security will intensify,”  Laura Wilber, Senior Analyst, Technology & Industry at Enea [1]

Qosmos ixEngine provides detailed real-time and forensic data vendors can use to help monitor and manage the behavior of rapidly proliferating AI agents. AI agents are artificial entities (typically in software-only form) that can understand their environment, make autonomous decisions, and take autonomous actions. While still largely controlled through programmatic guardrails, AI agents require close monitoring as the security challenges associated with AI agents remain largely under-explored and unresolved. [1]

Qosmos ixEngine supports this monitoring by capturing holistic network flow and transactional data in granular detail. This provides an accurate picture of network activity – including agentic activity. It also provides provenance indicators for actions and assets.

Observability for Provenance of Actions & Assets

Deepfakes of all kinds (voice, video, image, etc.) are rapidly becoming wholly indistinguishable from their factual counterparts. And while solutions like watermarking are valuable, the bad guys won’t use them, or will likely learn to fake them along with everything else. In such a world, provenance information becomes a pivotal safeguard.

Qosmos ixEngine has long provided provenance data that helps foil deceptions whether AI-based or not, like file spoofing, domain fronting, complex tunneling, the use of anonymizers and much more. It also plays a key role more broadly in the use of multifactor authentication in zero trust environments. Unfortunately, the number of factors needed for multifactor authentication will only grow during the AI era, but fortunately you will have the Enea team by your side to ensure you have the data you need to succeed.

And you can store this ‘ground truth’ metadada in a database where it can be rapidly and easily accessed for analysis: because Qosmos ixEngine stores traffic metadata only, forensic storage is reduced by up to 150x compared to full packet capture.

Compute Efficiency for AI-Powered Threat Detection

A primary use of Enea’s Qosmos DPI technology is to provide Network Traffic Analysis (NTA) to support Network Intrusion Detection Systems (NIDS) and Network Threat Detection and Response (NDR) solutions. NIDS traditionally focuses on the detection of known threats by matching traffic patterns against signatures for these threats. NDR extends this capability with behavior-based anomaly detection which can reveal new and unknown threats, i.e., ‘zero day’ attacks or advanced persistent threats.

A main function of AI in cybersecurity is detecting zero-day attacks and APTs, which are in turn increasingly designed and executed using AI. This includes highly sophisticated attacks that traditional defenses and human agents struggle to detect, and low-quality/high-volume GenAI-fueled attacks that are difficult to combat not due to their sophistication but due to their sheer volume.

Defensive AI systems can be effective in dealing with both of these types of AI attacks, and hence their use is critical in cybersecurity today. However, defensive AI use comes with a high price in terms of compute requirements, especially as such systems increasingly integrate Large Language Models (LLMs) to enable the detection of sophisticated threats through advanced anomaly detection.

The quality data provided by Enea’s Qosmos ixEngine supports AI strategies that can produce better results with smaller but higher quality corpora of training data, which translates to lower compute demands (GPUs, memory, energy, etc.). This is the case, for example, with the use of Small Language Models (SLMs) and Retrieval Augmented Generation (RAG), or a strategic use of Supervised Fine Tuning (SFT) as in DeepSeek-R1.

Deploying Enea’s Qosmos Threat Detection SDK (Qosmos TD SDK) as part of a NIDS or NDR solution also provides compute efficiency for the signature-based network threat detection functions typically deployed in tandem with AI-based anomaly-based systems. The Qosmos TD SDK embeds core functionalities from the industry’s best-in-breed IDS, Suricata, in a software development kit that integrates tightly with Qosmos ixEngine. With this integration, not only are traffic insights vastly expanded to support AI, but expensive double packet processing for DPI and IDS is eliminated, and parsing speed is significantly accelerated. The result is a two-to-three-fold reduction in compute requirements.