Network traffic inspection has been a long-term technical challenge, with increased difficulty as technology evolves and more devices with heterogeneous operating systems are added to the system. Applications of network traffic inspection range from network traffic measurements and bandwidth control to monitoring and security applications, such as intrusion or threat prevention detection.
In an example, a user receives an email or a text as part of a phishing attack. The email or text includes a link to a phishing website that is designed as a clone of a well-known website. When the user clicks on the link, the phishing website is displayed on his computer, and the user is tricked into believing that the phishing website is the well-known website. The user is prompted to enter his login ID and his password, and he enters this sensitive information, which is then captured by the phishing website. The criminals that operate the phishing website are able to exploit this sensitive information by using it to log in to the well-known website.
One application of network traffic inspection is related to security. If the network traffic of the user's access of the phishing website could be inspected by a security application, the security application could detect that the user is accessing a suspicious website, and could flag the access as a potential security threat.