In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Trevor Bidle, Chief Information Security Officer of US Signal on the impact of traffic visibility on modern IP networks. Trevor joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness. The series explores how advanced analytics power various network functions amidst the rapid growth in traffic and applications.
Ariana: How important is traffic visibility for your suite of solutions and products?
Trevor: Traffic visibility and DPI are key components of operating and protecting an enterprise network. Utilizing opensource or commercial solutions and enabled network performance management enables IT leaders to monitor for user experience, performance degradation and traffic bottlenecks. With near real-time data, problems can be quickly identified and remediated to maintain optimum service levels for their end users and customers.
For IT leaders in compliant industries such as health care or banking, traffic visibility and DPI are critical controls to monitor for compliance with the secure and encrypted communication of protected health information, payment cards, or banking account information associated with PCI DSS, HIPAA, and Banking Regulations.
Ariana: How effective is deep packet inspection (DPI) technology in addressing today's traffic complexities?
Trevor: Deep Packet Inspection (DPI) technology is quite effective in managing today's traffic complexities due to several reasons:
- Granular Visibility: DPI offers detailed insights into network traffic at the application layer, which is a necessary given in today's complex and sophisticated applications that often encrypt their traffic. This allows for the enforcement of rules and policies at the application level to process network traffic based on the application being used by the customer or end user.
- Security Monitoring: Modern security threats are complex and often well-disguised. DPI helps in uncovering hidden malware, identifying anomalies, and enforcing security policies at a granular level. This can include blocking certain applications or destinations based on known associated threats.
- Application Performance: With the growth of bandwidth-intensive applications, DPI can prioritize critical applications over less important traffic, helping to manage bandwidth and ensure quality of service (QoS) for traffic such as voice and video.
- Policy Enforcement: Enterprises can utilize DPI to enforce policies that align with regulatory compliance standards, which is increasingly important as data sovereignty becomes a significant concern.
One significant challenge for network operators is balancing encryption of traffic in transit against the needs to perform DPI. TLS 1.3, as an example, makes DPI very difficult if traffic is not decrypted to allow for inspection.
As Chief Information Security Officer, Trevor Bidle oversees US Signal’s Information Security and Information Systems teams. He also leads the Security Operations Center (SOC), incident response team, compliance and privacy programs, along with the internal audit functions. Bidle has 23 years of experience leading information technology, engineering, and information security teams. He holds a CISA and CDPSE certification and has completed graduate studies in Cyber Security at George Washington University.
This interview is a part of The Fast Mode's Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today's IP networks. A research report on this topic will be published in June 2024 - for more information, visit here.
