The evolving nature and delivery schemes of viruses, malware and spyware have radically changed the scope and best practices of network . Data inspection at the application-content level is necessary to protect against sophisticated hacking schemes. In the pursuit of application-level protection, "" (DPI) has become the preferred approach. There are two core DPI approaches: proxy-based and stream-based DPI.
Both focus on delivering robust network protection via application-level inspection and scanning. However, they have fundamentally different ways of solving the problem, each with a distinctly different impact upon network latency and performance.
ANALYSIS:
Application proxies function by breaking the TCP/IP communication between a client and when a request is passed. The application proxy receives and buffers the entire request, inspects the request and then creates a new connection to the server. This scheme inserts DPI between the endpoints of the connection and increases the level of network protection. However, proxy-based DPI works one application-level request or response at a time -- and each one, in a typical enterprise application, can span megabytes or gigabytes (in cases of file downloads).
Imagine application content or a large data file as a complete photograph carved into a jigsaw puzzle of packets, which in turn is sent and received at corporate HQ. The application proxy scanner takes each piece of the puzzle, copies it into a separate buffer file and holds all of the pieces in that file until the entire jigsaw puzzle can be reassembled -- and only then is it scanned for any threats. A proxy-based solution cannot "infer" what the photograph looks like until it is reassembled or it risks missing key elements of the picture.