Cisco has an interesting tease for an upcoming Webcast entitled "Defending Your Router in 256 Bytes or Less." The thesis is that "the increase in accuracy and performance of network security products has pushed hackers to create attacks within the first 256 bytes of code that slip into networks under the radar." The upshot is that Cisco is pitching Flexible Packet Management (FPM), a technique it developed as a more effective way to block attacks than the deep packet inspection methods that are widely used.
I'm no expert, but something jumps out at me here. Indeed, it's implicit in the fact that Cisco is holding this seminar, and also that there are multiple packet-examination techniques extant, that we've got something of a packet-inspection arms race going on. Hackers are getting smarter and more focused in their attacks, and vendors have to jump through ever tighter hoops to protect their routers, firewall appliances, etc.
I think the "hoops" analogy is apt, because if the idea now is that the most successful attacks take place in the initial packets, this means that the network doesn't have much (any) time to get its act together. No lengthy analyses allowed; just cut to the chase and protect. Now.
OK, so let's do a short short on the two techniques at hand. Here's a brief description of deep packet inspection (DPI), from a 2005 article by Dr. Thomas Porter, in SecurityFocus. DPI, he notes, is performed in firewall applicances:
"[The] DPI engine scrutinizes each packet (including the data payload) as it traverses the firewall, and rejects or allows the packet based upon a ruleset that is implemented by the firewall administrator. The inspection engine implements the ruleset based upon signature-based comparisons, heuristic, statistical, or anomaly-based techniques, or some combination of these."
