Netify DPI - Signature Updates

The Netify Signature Updates system is a premium add-on to the Netify Agent.

The free version of Netify contains approximately 175 protocols and 200 application definitions updated approximately once every quarter. Signature Update subscribers get access to over 200 protocols and 1500 applications updated several times a week.

Open Source Signature Updates Subscription
Applications 200 1500
Protocols 175 200
Updated Quarterly Several times a week
Applications

How It Works

Deep packet inspection is not a one-time implementation - new applications are continually appearing and evolving. Applications use a variety of domains to deliver an application. For example, Twitter is more than just twitter.com; there are dozens of domains used to deliver images, videos, APIs, and other application assets:

  • t.co
  • twimg.com
  • twitter.com
  • twimg.com.akahost.net
  • twitter.map.fastly.net
  • cs1138.wpc.edgecastcdn.net
  • etc.

Netify DPI uses these domains to identify application network traffic flows. The engine uses hostnames derived from TLS SNI, TLS certificate common names, HTTP headers, DNS requests, DNS hinting, and any hostname that pops out of deep packet inspection.

A domain like cs1138.wpc.edgecastcdn.net may not look related to Twitter, but upon inspection, it is. The Netify analysis and machine learning engines are constantly on the prowl for new domains, network blocks, and behaviors.

Netify Evaluation Kit

The open-source Netify Agent (netifyd) comes with 200 application and 175 protocol signatures, as well as full data stream support. Please contact us to gain access to the Netify Evaluation Kit which includes:

Evaluate Netify DPI

Do you want to get started with evaluating Netify DPI? Request the Integrators Kit today.

IntegraKors Kit