Signature Updates

The Netify Signature Updates system is a premium add-on for the Netify Agent that expands both the depth and frequency of traffic detection. The open-source version includes approximately 270 protocols and 200 application definitions, with updates released on a quarterly basis.

With a Signature Update subscription, this coverage increases to over 300 protocols and 2,500 applications, with updates delivered several times per week. In addition, Network Intelligence signatures introduce advanced security heuristics - enabling accurate detection of anonymization services, encrypted DNS, and other high-risk traffic patterns essential for modern policy enforcement.

Signatures	Premium	Open Source
Applications	2500	200
Protocols	300	270
Intelligence	Optional	-
Frequency	Daily	Quarterly

Deep packet inspection is not a one-time implementation. It requires continuous adaptation as new applications emerge, protocols evolve, and network intelligence constantly shifts.

Example in Action

Applications use a variety of domains to deliver an application. For example, Twitter is more than just twitter.com; there are dozens of domains used to deliver images, videos, APIs, and other application assets:

t.co
twimg.com
twitter.com
twimg.com.akahost.net
twitter.map.fastly.net
cs1138.wpc.edgecastcdn.net
etc.

Netify DPI uses these domains to identify application network traffic flows. The engine uses hostnames derived from TLS SNI, TLS certificate common names, HTTP headers, DNS requests, DNS hinting, and any hostname that pops out of deep packet inspection.

A domain like cs1138.wpc.edgecastcdn.net may not look related to Twitter, but upon inspection, it is. The Netify analysis and machine learning engines constantly prowl for new domains, network blocks, and behaviors.

The licensed version includes access to the latest application and protocol signatures in the Signature Updates system.

The following is a list of some of the protocols that are enhanced with licensed Signature Updates: