MetaFlows’ advanced malware detection uses patented intrusion detection technology that does not require any tuning or significant configuration, and yet consistently finds malware and data breaches that are routinely missed by all other products deployed in the same network. The key is Multi-session traffic analysis.

Multi-Session Traffic Analysis

Multi-session traffic analysis (also called dialog-based correlation) was originally embedded in a revolutionary IDS tool called BotHunter. Since then, MetaFlows has significantly extended and improved such technology for commercial use. Simply put, it automatically connects the dots between security alerts involving a single internal host with multiple external hosts over time.

Traditional IDS software generates alerts by reconstructing a single session between two hosts and finding known patterns that confirm security violations within that specific session. This usually results in a very high false positive rate. Important events are often missed due to the huge volume of false positive or low-priority network security events.

MetaFlows uses Multi-Session Intrusion Detection Analysis. This advanced malware detection technique combines multiple security events (also called dialog events) that form a typical behavior pattern for an infected host. Dialog events from each internal host are mapped and scored against an abstract Malware infection life cycle model.

When the Multi-session analysis algorithm shows that a host’s dialog patterns map sufficiently close to the Malware life cycle, the host is declared infected, and an infection profile (a partial summary example is shown below) is generated to summarize all evidence about the infection.

advanced malware detection example

Multiple Detection Techniques

MetaFlows uses multiple network detection techniques to find and shut down hidden malware that is routinely missed by all other security products. The matrix below compares important features of existing network security products. As you can see from the matrix, our products can cast a much wider net than traditional intrusion detection systems.

Operating System Register to Download Software
Linux CentOS/RHEL 6/7
VMware ESX4/Server
Amazon EC2 AWS EC2

Try our unprecedented combination of features side-by-side any of our competotors

Our software plans support from 50Mbs to 10Gbps of sustained network inspection. Simply Register here to start a 2-week unlimited trial.

Minimum hardware requirements are:

  • 4GB RAM or 2GB RAM/core (whichever is greater)
  • At least 2 Physical Ethernet Interfaces (one for management and one for passive traffic analysis)
  • At least 100GB disk