Qosmos Deep Packet Inspection (DPI)-based technology identifies data traveling over networks in real time, providing a true picture of the traffic by identifying protocols, types of application, and extracting additional information in the form of metadata. Qosmos DPI engine recognizes over 3300 protocols and can extract over 5300 metadata – more than any other on the market. Equipment makers, telco and enterprise software vendors use the technology to gain application visibility, accelerate time to market and benefit from continuous signature updates.3
Enea’s Qosmos technology typically recognizes over 97% of network traffic including regional applications. Each Qosmos signature is augmented with specific characteristics (such as family and tags) to enhance service awareness and enable highly accurate processing.
Qosmos advanced techniques also mean that our technology can classify most types of encrypted traffic.
Qosmos network traffic classification and metadata extraction:
|SIGNATURE||EXAMPLES OF CHARACTERISTICS & METADATA|
|BitTorrent||Multiple client access, P2P service, File transfer workflow|
|YouTube||Video, URL, date, duration, frame rate, +30 other metadata|
|MSFT Lync||Service identification, IM, database|
|RTSP||Play/pause, streamed file, URL, video duration, +40 other metadata|
|Skype||Service identification, VoIP service, IM|
|Program version, service identification, IM|
Qosmos Labs has accumulated more than 10 years of expertise in identifying IP protocols and applications and detecting their changes. This enables us to remain one step ahead of the competition and provide our customers with the most complete and reliable DPI and metadata extraction engine.
Our international team of protocol experts and developers work around-the-clock gathering traffic samples and reverse engineering new protocols. Our long experience ensures a solid software supply chain based on robust processes and in-house tools, such as the Protocol Development Language (PDL) and protocol signatures in data format, that we have developed to speed up protocol plugin development and make our technology more accurate while ensuring the highest standards of quality.
Qosmos can also provide the tools for customers who want to develop specific signatures themselves.
Beyond complex protocols which have to be tested in different configurations (e.g. throttling and blocking workflows), Qosmos also performs a series of automated tests to ensure that classification is free from false positives.
In order to handle more complex applications and increasing encryption, Qosmos Labs has added new approaches to identify protocols, based on a combination of advanced techniques: e.g. behavioral recognition, regexp, statistical analysis, flow correlation, and DNS matching.