Signature Updates
Netify DPI - Signature Updates
The Netify Signature Updates system is a premium add-on to the Netify Agent.
The free version of Netify contains approximately 175 protocols and 200 application definitions updated approximately once every quarter. Signature Update subscribers get access to over 200 protocols and 1500 applications updated several times a week.
| Open Source | Signature Updates Subscription | |
|---|---|---|
| Applications | 200 | 1500 |
| Protocols | 175 | 200 |
| Updated | Quarterly | Several times a week |
How It Works
Deep packet inspection is not a one-time implementation - new applications are continually appearing and evolving. Applications use a variety of domains to deliver an application. For example, Twitter is more than just twitter.com; there are dozens of domains used to deliver images, videos, APIs, and other application assets:
- t.co
- twimg.com
- twitter.com
- twimg.com.akahost.net
- twitter.map.fastly.net
- cs1138.wpc.edgecastcdn.net
- etc.
Netify DPI uses these domains to identify application network traffic flows. The engine uses hostnames derived from TLS SNI, TLS certificate common names, HTTP headers, DNS requests, DNS hinting, and any hostname that pops out of deep packet inspection.
A domain like cs1138.wpc.edgecastcdn.net may not look related to Twitter, but upon inspection, it is. The Netify analysis and machine learning engines are constantly on the prowl for new domains, network blocks, and behaviors.
The following is a list of some of the protocols that are only available with Signature Updates:
Further Reading
Plugins and Addons
- Flow Actions Plugin
- Stats Plugin
- Signature Updates - 1500+ Applications and 200+ Protocols
Netify Agent
Getting Started
Plugins and Addons
Netify Tools
Open Source DPI
Evaluate Netify DPI
Do you want to get started with evaluating Netify DPI? Request the Integrators Kit today.
Integrators Kit