Of most interest is a new feature called First-packet iQ Application Classification that automatically identifies more than 10,000 applications and 300 million web domains based on the first packet received in order to make traffic policy decisions.
“If you’re looking to make a control decision you have to start on the very first packet of the flow,” said Damon Ennis, Silver Peak’s SVP of products. “We developed a technique that can make that decision from the very first packet. No one else is doing this to our knowledge.”
Ennis explained that firewalls typically classify applications based on certain criteria. For more granularity, deep packet inspection (DPI) can be used. But DPI requires multiple packets to be seen. Silver Peak’s First-packet iQ is unique because it can identify the traffic based on the first packet of a flow.
To do this, Silver Peak uses a cloud-hosted Internet map and geolocation database to track and index IP addresses. And the technology uses machine-learning to constantly update the information.
“For thousands of applications, we’re tracking what those IP addresses are,” said Ennis. “Our EdgeConnect devices download that every day, and when they see a packet for a new application they look up that IP address.”
Based on First-packet iQ, Silver Peak’s overlay SD-WAN technology uses its traffic policy to determine which connections should carry which applications. Unknown or suspicious traffic is steered to a regional hub or data center firewall for further inspection.
“Most of the other vendors typically only do path selection, steering traffic over MPLS and the Internet,” said Ennis. “We bond those links. It’s much more of a packet-by-packet decision.”
In addition to the packet technology, EdgeConnect now integrates a stateful firewall for branch office locations that do not host applications. The firewall allows outbound traffic to exit, but only allows ingress traffic to enter in response to user-initiated sessions.
For applications traffic directed to regional or corporate firewalls, EdgeConnect supports service chaining across its partner ecosystem that includes: Check Point Software, Palo Alto Networks, Fortinet, and zScaler.