Shine a Light on the Darkening of the InternetHow to maintain visibility in the age of encryption

Cam Cullen, VP Marketing

3

Mimic bird

Encrypted Traffic Dominates Networks Worldwide

Service Upstream %

SSL v3 16.12%WebDAV 7.83%Netflix 5.65%HTTP 5.52%HTTP media stream 5.41%Raw MPEG-TS 4.85%BitTorrent transfer 4.85%uTP 4.65%BitTorrent KRPC 3.70%Google 3.40%YouTube 2.04%RTP 1.73%HTTP download 1.44%Facebook 1.44%BitTorrent encrypted transfer 1.39%

Procera Networks Data - December 2016

Service Downstream %

Netflix 19.27%HTTP media stream 16.39%SSL v3 9.63%YouTube 8.96%HTTP 4.47%Raw MPEG-TS 4.08%HTTP download 3.42%Facebook 3.19%QUIC 1.86%Xbox Live update 1.49%Instagram 1.46%Playstation.net download 1.16%uTP 1.09%BitTorrent transfer 1.05%HTTP2 over TLS 1.00%

Regional Popularity December 2016

Service DS% US%

Netflix 22.51% 9.04%HTTP media stream 17.64% 6.84%SSL v3 8.66%18.98%Raw MPEG-TS 7.79% 8.48%YouTube 5.35% 2.05%

Service DS% US%

HTTP media stream 21.54% 2.77%SSL v3 8.06% 8.17%YouTube 7.23% .86%HTTP 5.17% 3.9%BitTorrent KPRC 5.13%25.68%

Service DS% US%

HTTP media stream 13.06% 2.72%Netflix 11.90% 1.81%SSL v3 8.78%14.88%Facebook 7.75% 1.80%YouTube 7.04% 2.22%

Worldwide Application Growth (By Volume)2016 Growth in Key Services – Heavy on Encrypted Applications

Service Upstream

Netflix 30.93%

YouTube 61.01%

SSL v3 47.45%

HTTP 63.65%

Facebook 88.57%

Amazon Prime 257.64%

Instagram 119.20%

uTP 58.37%

Twitch 82.60%

Twitter 93.26%

Service Downstream

Netflix 93.55%

YouTube 67.61%

SSL v3 140.25%

HTTP 80.71%

Facebook 76.72%

Amazon Prime 217.23%

Instagram 145.64%

uTP 69.09%

Twitch 175.47%

Twitter 136.21%

What do we mean by encryptionThree categories

Obfuscation Proxies EncryptionPROXIES ENCRYPTION

VPN

10

Encryption Scenarios Going Forward

HTTP HTTPS (TLS 1.1/1.2)

Full URLHostnameUser AgentContent TypeFile SizeOther HTTP/HTML

Full URLHostname (direct)User AgentContent TypeFile SizeOther HTTP/HTML

1 TLS 1.3SNI Clear

TLS 1.3SNI Encrypted

DNS Encrypted

2 3 4

1 Happening 2015 and 2016Will happen in 2017 May happen as part of TLS1.3 in 12-18 months May happen in 24-36 months

234

Full URLHostname (direct)User AgentContent TypeFile SizeOther HTTP/HTML

Full URLHostname (inferred)User AgentContent TypeFile SizeOther HTTP/HTML

Full URLHostname (inferred)User AgentContent TypeFile SizeOther HTTP/HTML

HTTP

23%

non-HTT

P77%

How Is Procera Helping Operators?

Weekly Signature UpdatesIndustry-leading Agility and Speed to Keep Pace with the Internet Age

2775 signaturesAverage of 16 updates or additions per week over the past year

Multiple Application Detection Techniques

• Expression matches: Patterns on payload• Analyzers: Virtual Services• Control/Data protocols: Port tainted• TLS detection: SNI tracking• Heuristics mechanisms: Flow behavioralanalysis —Randomness—Metrics—VoIP flag

Sample of DRDL techniques for Application Identification

Sophisticated Tools to Accelerate DevelopmentHighly Automated Signatures Lab Solves Major Challenges

Assessing Regional Dependencies

Automated Update Tracking

The Device Matters

bundle

Rapidly Adaptable Heuristics Engine

(RAHE)

Real-Time Endpoint

Classification (REC)

Enhanced Device detection

Continuous Improvement: Enhanced Capabilities in 2017

Traffic Management

Policy & Charging

IT Analytics Regulatory ComplianceSecurity

Verticals

Use Cases • NOC Dashboard• QoE Measurement• Capacity Planning• Worst Node Reporting• Speedtest Reporting• CDN Reporting• Device Reporting• …...

• VOIP Blocking• P2P Blocking• Blocking Child Porn• Site Blacklisting• Website Access Logs• Lawful Intercept• DMCA Notice Analysis• …..

• Resolution-based TM• Peering Circuit Mgmt• Heavy User Tiering• DSCP Marking • Optimizing Circuits• Tethering Detection• Line Sharing Detection• …...

• Zero Rating• CDR Generation• Tiered Bandwidth Plans• Top Up Portals• Shared Plans• Tiered Quota Plans• Subscriber Engagement• …...

• Malware Detection• Spam Server Detection• SSL Attacks• Profiling Malicious Traffic• DDOS Dashboard• DDOS Forensics• Volumetric Att. Detection• …...

• Revenue Assurance• Big Data Enablement• ScoreCard• OTT Trend Monitoring• …...

Solution Areas• Regulatory Analytics• OTT Traffic Blocking• Compliance Logging• URL Filtering• ….

• Fair Usage• Congestion Mgmt• Video Traffic Mgmt• Carrier Grade NAT• ….

• PCC w/GX/Gy• Zero Rating• Quota Management• Parental Control• ….

• DDOS Analytics• DDOS Mitigation• IoT Security

Maintaining Visibility Across Multiple Use CasesEnsuring up-to-date visibility despite encryption

Impact of Encryption on Use CasesAnd leveraging virtualization

SecurityIT Analytics Traffic Management

Policy & Charging

to

Regulatory Compliance

to

eVolution eVolution

eVolution

• Customer Shifted from a traditional probe to Procera due to reduced visibility

• Supporting Tens of Millions of Mobile subscribers

• Over 20 virtual systems running >40Gbps of capacity streaming IPFix to HP Big Data system

• Executives get weekly reports leveraging Procera’s Unique Network, Subscriber, and Service Intelligence

Virtualization: LTE Analytics Use Cases Executive Decisioning with Carrier-Scale Big Data Deployment

PSM

LTE Packet Core

Core Router

IPFix

IPFix

eVolution

Provisioning

LiveView

HP DataWarehouse

Sample Use Cases

OTT Trending

RevenueAssurance

IoT Analytics

Network Forensics

Service Planning

PerformanceMonitoring

Encryption: In-Line Policy Enforcement Use CasesHigh Profile Application Aware Services and Regulatory Compliance

Real-time Visibility

Real-time forensics with topology awareness

Traffic Mgmt

Sophisticated queuing to enhance subscriber QoE and manage P2P shaping

Regulatory Compliance

OTT VOIP Blocking and VPN detection

Analytics

Subscriber, application, location and device reporting and forecasting

Customer Care

Customer Care Insights for real-time problem resolution

Intelligent Charging

Differentiated billing based on subscriber intelligence using Gy

Tiered Services

Service plans enhancing customer value using Gx

Peering

BGP Peering analytics and management

WiFi Services

PCEF for the WiFi Network using Gx and Gy

URL Categorization

URL categorization based on a set of predefined rules

OTT Partnerships

Zero-rating and/or revenue sharing partnerships with OTT players

IPFix Data Feed

For use with sixthsense media services

40G per

system

80G per

system

Internet

.

.

.x9

.

.

. x4

Big Data: Analytics Use CasesData Scientists + Procera Data = $$$M in Additional Revenue Generated in 2016

PRE PL 8960

PSM Clusterfor Enrichment

6 Collection Sites

Stre

am M

edia

tion

.

.

.

.

PIC COLLECTOR

IPFIX

CDR

Data Analytics

Visualisation

Campaign Management

Billing

IN

CRM

Network

TV Log

Sample Use Cases

RevenueAssurance

CampaignDemographics

Network Forensics

Service Planning

QoEMonitoring

Trend Monitoring

Thank you

Download the whitepaper at: https://www.proceranetworks.com/lp-procera-spotlights-encryption