The Compliance Advantage: Metadata vs. DPI
By Matt Wilson
Sr. Director, Product Management
I’ve written a lot about the impact of the acceleration of Zero Trust on traditional network detection and response (NDR) tools that rely on packet capture models for network visibility. As Zero Trust becomes the norm, encryption of network traffic is accelerating and deep packet inspection (DPI) is increasingly blinded. Companies that decrypt network traffic for inspection encounter scalability, cost, and manageability issues. They also run into an often unforeseen increase in their compliance burden as their scope of compliance with respect to personally identifiable information (PII) expands.
Here, I’m going to talk more about the compliance challenges that crop up and how using metadata for complete network visibility instead of decrypting packets helps reduce compliance scope and burden while providing all the data you need for real-time and retrospective attack detection.
The data distinction
When talking about PII it is important to distinguish between personal data and sensitive data. For years the industry has debated whether a simple IP address falls into the category of personal data and the answer is: “it depends.” On its own, an IP address is personal data. However, when an IP address can be correlated against other types of data through a series of events, then it is sensitive data. Marketing agencies do this level of correlation all the time, tying together user behavior to link an IP address to a certain individual so they can target their advertising.
Why is this distinction important as it relates to network visibility?
Companies that rely on packet capture and engage in decryption to examine the contents expand the scope of where they have access to sensitive PII. Many enterprises today interact with customers and partners through portals which means that with each inbound request, in addition to IP addresses, they are potentially seeing sensitive data including usernames, credentials, credit card numbers, even social security numbers. Compliance discussions come down to what is in scope, and access to the entire payload extends compliance into other parts of their operations, which translates into higher levels of documentation and scrutiny out of necessity and a greater compliance burden.
Narrowing the scope
The way to narrow the scope of compliance and at the same time mitigate risk, is to either reduce the need to have access to sensitive data or use tools that don’t rely on DPI and decryption to provide network visibility.
A solution like Netography, that relies on metadata instead of capturing and decrypting full packets, provides comprehensive network visibility without including sensitive data. You can collect and store metadata in the form of flow data without regulatory concerns. And it’s an approach that’s available across your entire network infrastructure—multi-cloud, on-premises, and hybrid environments. You still get personal data such as IP addresses, but because there is no sensitive aspect to the data you receive, you aren’t expanding your scope of compliance.
The reality is, you don’t need to see inside every packet to know that something bad or different is happening within the network. Metadata is all you need to view and monitor network traffic for detection and response, and it helps puts you out in front of compliance instead of behind the eight ball.