In contrast, stream-based DPI scans the jigsaw puzzle pieces in order of arrival. There is no limit as to the file size, no buffering of packets (except for in the out-of-order case) until they can all be scanned at once. It deems the photograph "threat-free" once it scans the last jigsaw piece, without the need for reassembly.

Multiply that capability across the typical flow of network traffic, and the performance benefits of the stream-based approach are easy to grasp. Stream-based DPI is a very low-latency approach and speaks directly to "need for speed" in network performance.

The ability of stream-based DPI to support all communications protocols (not just HTTP/HHTPS, SMPT and FTP) gives it a scalability advantage as well. This makes stream-based DPI not only faster but easier to deploy, manage and update.

As far as security differences, stream-based scanning is more secure when scanning for threats in real-world deployment scenarios. For example, since proxy-based solutions have to buffer content completely, there is never enough memory on the device to buffer all content that is downloaded concurrently by all users on the network. The increasingly large file sizes involved in enterprise applications further compounds the problem. Proxy-based solutions have to skip scanning some or most of the downloaded content.

But can a stream-based DPI solution truly scale across all file types -- again, driven by the almost-daily introduction of new social media applications and ? One of the biggest misperceptions about a stream-based approach is that it is less secure than a proxy-based approach, particularly for file formats that require full buffering before being decompressed. The real-world implementation of high quality stream-based solutions has demonstrated that they are indeed capable of decompressing most common compression formats without reassembly.