A firewall is simply a device that monitors and controls traffic flowing in or between networks. The problem with this simple scheme is that it is very black and white. You either allow a certain protocol or you block it. Fine-grained control of the protocol is impossible.

Clearly the firewall needs to dig deeper into the protocols to understand exactly what the protocol is being used for. And that is exactly what Deep Packet Inspection does. After the traditional firewall rules are applied, the firewall inspects the content of the contained messages and applies more detailed rules.

For example, a Modbus DPI firewall determines if the Modbus message is a read or a write message and then drops all write messages. Good DPI firewalls can also “sanity check” traffic for strangely formatted messages or unusual behaviours (such as 10,000 reply messages in response to a single request message). These sorts of abnormal messages can indicate traffic created by a hacker trying to crash a PLC and need to be blocked.


Blog Posts

Press Releases

Videos and Presentations

White Papers