Having insight into the protocol from a DPI solution can be powerful, and when coupled with a URL categorization technology, the resulting OEM filtering solution greatly enhances, exponentially, insight into the pack flow.
With 800,000,000 end-points using our technology and partner telemetry and feedback, our back-end systems get a lot of data to use and create a lot of unique data which we use internally.
The following is an analysis of the traffic of over 2,000,000 unique domains submitted over a few days period and processed on our back-end systems. This data is representative of unique domains and while some urls in the data corpus were submitted over 100,000 times, in this analysis by category, each url is only counted once as a unique entry.
The scale used is similar to a logarithm graph, so the smaller number means the closer the overall category is to representing all categorization traffic in a single category, it is a way to study shifts in categorization patterns over time. Most short-tail (top 20%) of categorization traffic is different than the long-tail (bottom 80%), so exponentional analysis helps investigators find trends and changes that may be quite subtle otherwise, it is similar to how the siesmograph works for earthquakes where a 4.0 is 10x higher amplitude than a 3.0 earthquake.
We show only 5 out of 180 categories, but the take way is the New Domain classifications have been on the rise and new domains typically represent a higher source of malicious and other risky content. Having an OEM DPI solution and an OEM URL content filter can help your product stand out by finding and recognizing traffic protocols and the website associated website classification.