So If I read this
https://www.sophos.com/en-us/medialibrary/pdfs/factsheets/sophos-utm-feature-list-dsna.ashx it says
Intrusion protection: Deep packet inspection engine, 18,000+ patterns
But the following suggest DPI is found Sophos (XG) Firewall not UTM
https://community.sophos.com/utm-firewall/f/general-discussion/127587/utm-deep-packet-inspection
So I'm confused whether please can someone kindly clarify
DPI Engine is some sort of a "new phrase" for a particular way to work with data.
DPI means Deep Packet Inspection, and this kind of technology is in both products. It is the IPS in a nutshell.
But DPI Engine in SFOS means the xStream Architecture. It is a technology to work on a stream based level (therefore the name). Stream based technologies will not act as a proxy or anything. Instead it will copy packets into another space and analyse them while the client is still communicating with the server. It is likely to be a flow / stream between client and server.
Stream based technologies can decrypt TLS1.3 and analyse those packets. IPS is able to do this, but it is lacking the decryption part. While UTM can only decrypt TLS1.2 on Web based traffic, SFOS can decrypt all packets on all ports and the IPS can look at those decrypted traffic to increase the security.
That is the big difference between both products.
