Logo
  • known-issues
  • Network Antivirus

Welcome to MetaFlows

123456

Shared Network Intelligence

Unique real time security analysis uses 5 different intelligence sources at once. You will be better protected from threats because no ONE intelligence source is enough.

Do you have blind spots?

Easily collect and correlate events from ALL your security devices (and meet computer security auditing standards while you are at it).

Easily shut down Malware

Ground-breaking soft IPS technology can instantly shut down Malware without requiring an inline deployment.

Threats can literally walk in…

Our cost-effective multi-gig behavioral analysis can ALSO find and shut down internal threats that walk through the front door.

1 2 3 4
  • The MSS
  • Products
  • Comparison
  • Videos
  • FAQs

123456

Protect your Business with the MSS.

SC Magazine says:

"This is a killer app. The more we watched this one sort through the data that it was monitoring, the more we wanted one."

"...it may have a lightweight price and a lightweight presence on a network, but what it does is far from lightweight."

Use MetaFlows' leading-edge security technology to

  • Protect you from Malware
  • Easily enforce acceptable use policies
  • Comply with security standars
  • Increase productivity

"Here's how:"

1. Run the MSS software on standard server(s) to inspect your network traffic.

From 100 Mbps to 10 Gbps per server!

1. Run the MSS software on standard server(s) to inspect your network traffic.

From 10 Mbps to 10 Gbps per server!

2. Simply login into our service to easily find and actively shut down Malware and other potential problems.

1. Run the MSS software on standard server(s) to inspect your network traffic.

From 10 Mbps to 10 Gbps per server!

2. Simply login into our service to easily find and shut down Malware and other potential problems.

3. Check your inbox for

  • Custom email alerts
  • Daily executive reports
  • Daily intelligence updates

Typical customers' reaction:

"This makes sense. How come ALL other security vendors don't do it like this?"

Our Answer:

"They lack the vision and the resources to re-design network security from the ground up like we did."

Get Started Now!

BotHunter focuses on the communications dialog that occurs between internal network nodes and external entities in the form of a series of data exchanges. Suspicious bots typically match a state-based infection sequence model. In its initial implementation, BotHunter uses three malware-focused network packet sensors, each of which specializes in various phases of malware infection, including inbound scanning, exploit usage, egg downloading, outbound bot coordination dialogs and outbound attack propagation
  • Advanced Malware Detection
    High-speed Malware detection with 5 network intelligence sources at once.
  • Threat Prevention
    Find and shut down exploits, Bots, C&C, Phishing attempts or sites with bad IP reputation.
  • Flow Analysis & Monitoring
    Protect your intellectual property. Monitor communication patterns that can go unnoticed.
  • SIEM & Log management
    Collect and correlate events from ALL your security devices. Easily comply with security standards.
  • Software as a Service
    Multiple administrators can share analysis and collaborate using advanced reporting tools.
  • Network Antivirus
    Real time Malware scanning of files transmitted using 46 antivirus solutions at once.
Flexible Architecture

Unlike other product the MSS allows to flexibly choose the appropriate security data storage solution for each deployment. The table below indicates the storage location options for each subscription type.

Subscription Type Security events and System logs Sensor configuration Application Data and Payloads
MSS SaaS MetaFlows Cloud MetaFlows Cloud Sensor Disk
MSS SaaS Local Sensor Disk MetaFlows Cloud Sensor Disk
MSS Global Enetrprise MSS GE controller MSS GE controller Sensor Disk

In the MSS SaaS option the Sensors can either export security event messages to the MetaFlows cloud or store them on the local sensor storage. In either case, you access your security information and shut down Malware through a browser. The advantage of storing the events in the MetaFlows Cloud is that they are globally and anonymously correlated to give you better security. Storing event data on the local sensor disk allows certain organizations (like Government) to still benefit from MetaFlows' advanced security technology while complying with local policies governing event storage.

By design, it is always the case that application data (packet payloads) never leave the local sensor’s disk. In our system this separation is very strict. This division makes SaaS-based security event monitoring much more practical. Very sensitive payload data contained in the packet logs is protected by the customer’s own network security infrastructure inside the sensor (usually placed behind a firewall).

Malware Detection Appliances

MetaFlows offers turn-key Malware Detection appliances with the best cost-performance ratio in the industry. Subscribers can order and configure MetaFlows Network Security Appliances through the subscription page of the MetaFlows Security System or by contacting MetaFlows directly. The appliances are based on open standards that allow quick and seamless integration in any existing infrastructure and shipped with the MSS and system software pre-configured for maximum performance.
RAM 9 GB 24 GB 32 GB
Hard Drive 1 TB 4 x 1TB 4 x 2TB
Processor Intel Core i7 2 x Intel Xeon 6 core (24 HW threads) 4 x AMD 6276 (64 HW threads)
Ethernet Cards 3x1Gbps 2x1Gbps + 2x10Gpbs 2x1Gbps + 2x10Gpbs
Throughput 800 Mbps 3-5 Gbps 5-10 Gbps
Or you can build your own appliances and just use our software only plans.

Malware Detection Software

The MetaFlows Security System software can be easily installed on your own hardware* to monitor 10Mbps to 10Gbps networks. The software can run on CentOS 6, as a virtual machine or in your cloud-based assets.

Platform Linux CentOS 6.x or RHEL6 VMware ESX4 or Server Amazon EC2 CentOS 6.x
Download Link linux.zip MetaFlows_SensorVM-2.0.zip AWS EC2
How to install unzip linux.zip
cd nsm
./setup.sh 		unzip MetaFlows_SensorVM-2.0.zip
open MetaFlows_SensorVM-2.0/VM.vmx
 Launch Instance

*Activation requires registration at http://nsm.metaflows.com

Subscription Plans

The MSS subscription cost is based on the number of sensors you operate at any given time. The cost of each sensor is primarily determined by the amount of traffic it needs to inspect (measured in bps) and its features. Our software is offered in 3 feature / performance tiers of Bronze, Silver & Gold via Monthly, Annual & 2 Year subscription terms.

Sensor Software Number of Processing Cores Sustained Performance Features
Bronze 1 100Mbps BotHunter & Snort with daily Emerging Threats Pro, SRI Malware Threat Center & MetaFlows International Honeypot Network intelligence feeds and monthly SourceFire VRT Rule sets (Oink code required), p0f, Ntop, Soft/Hard IPS, Event storage for 1 year, and access to both Real Time monitoring and Historical Reports.
Silver 1 100Mbps Includes all Bronze Features + Log Management & SIEM integration + Vulnerability Scanning, all available through our powerful forensics interface.
Gold 8 1Gbps Includes all Features Features + Performance up to 1Gbps
Gold Add-on* 4 500 Mbps Provides incremental processing power to Gold Sensor Software. You can add this item incrementally to meet your increased performance demands.

* This option allows for exceptionally High Performance processing. For example, for 3 Gbps performance we recommend a total of 24 cores (1 Gold + 4 x Add-on), 5 Gbps performance requires 32 cores (1 Gold + 6 x Add-on) and 8 Gbps performance requires 64 cores (1 Gold + 14 x Add-on). Please contact us for additional information or for a quote.

How to Deploy

The MSS is the only Malware Detection system with the flexibility to shut down Malware either in Inline mode or Passive mode

Passive Configuration
Security Software Configuration

Placing a computer inline is not always desirable because of reliability/latency concerns. MetaFlows' proprietary Soft IPS technology reliably blocks unwanted traffic in passive mode as well. MetaFlows does this by injecting spoofed TCP packets into the network to disrupt unwanted communications. This idea (also employed by the Great Firewall of China) is not new but it has been refined to the point that makes a passive Soft IPS configuration as effective as an inline deployment without its potential drawbacks.

Inline Configuration
Security Software Configuration

Thanks to our breakthrough with PF_RING inline, our appliances can also work as a traditional IPS but at a fraction of the cost. They can sustain from 800 Mbps to >5Gbps of bridged Ethernet traffic while matching thousands of Malware rules. There is no need for specialized hardware. See our appliance detailed performance numbers.

Product Comparison

The matrix below compares important features of existing IPS products. This product comparison is based on public data and may not reflect proprietary information not available to us. If you think we need to correct this matrix please do not hesitate to contact us and we will promptly correct any mistakes.

Feature MetaFlows Open Source Snort SourceFire Fireeye Dell Juniper PaloAlto Networks Cisco McAfee
Behavioral Malware Detection MSS Product Comparison
Antivirus M SonicWALL Sophos
Signature Detection M
SIEM 3rd party Log Management
Flow Analysis
Passive Service Discovery
Vulnerability Assessment Nessus Qualys
File Carving
Scalable to 10G bps
Software only or Appliance
No upfront costs; pay as you go
Does not Require Significant Service Contract

As you can see from the matrix, MetaFlows' MSS offers an unprecedented mix of features and also provides very flexible deployment options which do not require upfront costs or capital expenditures.

Security Data

Unlike other product the MSS allows you to flexibly choose the appropriate security data storage solution for each deployment. The table below indicates the storage location options for each subscription type.

Subscription Type Security events and System logs Sensor configuration Application Data and Payloads
MSS SaaS MetaFlows Cloud MetaFlows Cloud Sensor Disk
MSS SaaS Local Sensor Disk MetaFlows Cloud Sensor Disk
MSS Global Enetrprise MSS GE controller MSS GE controller Sensor Disk

How to install the MSS Software

Find Malware with the MSS

Reporting and Forensics

Try it on your network.

You need to see it to believe it. Get started now


If you don't find what you're looking for in our FAQ section, Contact Support and we'll get back to you ASAP!

With other network security monitoring solutions, I have experienced too many false positive and false negatives. What makes MetaFlows different ?

MetaFlows uses 5 different network intelligence sources at once to determine if an event is important. These sources of network security intelligence are combined with a ranking algorithm that prioritizes security events according to continuous, global measurements. Unlike other products the MetaFlows Security System is based on shared network intelligence coming from several sources (5 normally but up to 7 in some instances). The integration of multiple feeds from our partners helps reduce the false positive rates.

With your cloud-based model, how do I know that my data is secure ?

With the MetaFlows Security System, packets with sensitive information are only stored on the sensors inside your network (which are highly secure Unix-based open-source systems). So even if the cloud were to be compromised, non of your application data would be exposed simply because it's not there. We only store your security events in our cloud. Security event data exchanged between you and the back-end is encrypted end-to-end: from your browser to our web servers; from the sensor to our web servers; and from the browser/console to the sensors. All authentications are performed using public key cryptography (the same one used to secure your access to your online banking). To secure our cloud we continuously monitor our networks and routinely perform penetration testing of our infrastructure to ensure our computer security.

Does MetaFlows work in a virtualized server environment?

Yes, our sensor software can monitor network traffic in any environment. In fact, our sensor can also be installed as a virtual machine.

With a virtual sensor, how can I count on my system to run at an adequate speed to work properly ?

A virtual machine's performance depends on the resources that are given to it: the more memory and processors available, the better it will run. Our sensor technology automatically scales to the capabilities of the hardware or the virtual machine on which it is installed. Our virtual sensor will only take the memory and processors that are allotted to it. The sensor's software continuously monitors the dropped packet rate and provides real time feedback on its operation which is viewable from the MetaFlows console.

Can I generate custom reports so I can show what I find with the rest of the organization ?

We have a number of reports available at this time and will be continuously adding new ones with flexibility in mind. The beauty of the SaaS model is that you will get any and all upgrades without ever having to perform any system management operations.

How does MetaFlows separate the script kiddies from dedicated attackers?

Our global and local correlation technologies are continuously fed intelligence data that prioritizes security incidents based on event ranking and IP reputation.

I noticed you have a free trial subscription offer. What do I not get in my free subscription versus when I subscribe to your security solution ?

Before you can add monthly subscriptions or yearly licenses, your account must be converted from a trial account to a subscription account. This allows you to take advantage of a number of features only available to subscription users:

  • Daily signature updates from Emerging Threats
  • Private online 1-on-1 chat support, plus priority e-mail support
  • Use unlimited sensors on a single account
  • MetaFlows historical reporting with unlimited storage capacity for 1 year
I like the ease of use of a SaaS model. Can I buy an annual subscription versus a month to month subscription ?

Absolutely, you can. MetaFlows allows you to purchase either a month to month subscription or an annual subscription.

Can MetaFlows provide 24x7x365 support on a global basis?

Yes, MetaFlows offers chat, email, and support ticket capabilities as our primary customer touch points. We have also produced a series of tutorial videos to assist subscribers in download and installation, tuning, and other key self-help tools. Phone support is limited to 9AM to 6PM PST.

Get Started

Call 877.664.7774
Contact Us
Start a free 14-day trial
Customer Login

White Papers

Product Overview
Security-as-a-Service
Amazon EC2 Security Gateway Setup

Technology

Shared Network Intelligence
BotHunter
Soft IPS
Network Antivirus
Flow Analysis
Vulnerability Scanning
SIEM and Log Management
File Carving

Solutions
Product Classes
Global Enterprise
Cloud Monitoring
Higher Ed

Schedule a Live Demo







Sending ...

Partnerships
Become a MetaFlows partner
About MetaFlows
News Room

© 2012, MetaFlows Inc - All Rights Reserved Sitemap