MetaFlows

Payload and Event Reporting by MetaFlows CEO Livio Ricciulli, Part III

admin — Tue, 31 Jan 2012 23:10:50 +0000

Payload and Event Reporting by MetaFlows CEO Livio Ricciulli, Part III

By Joshua L. Konkle on January 31, 2012 5:00 AM

MetaFlows is a network security monitoring tool implementing some unique capabilities in today’s ever-changing security environment.

Read the full article..

MetaFlows launches low-cost SaaS product that unifies network security

admin — Mon, 30 Jan 2012 19:58:38 +0000

MetaFlows Security System uses a combination of open source and proprietary technologies to reduce costs and support off-the-shelf hardware

By Lucian Constantin, IDG News Service
January 30, 2012 10:20 AM ET

Network security monitoring startup MetaFlows launched a new Software-as-a-Service (SaaS) product that can be installed on low-cost hardware to monitor network traffic flow, detect possible intrusions and analyze event logs.

Lowering the Cost of Intrusion Detection and Prevention

admin — Mon, 30 Jan 2012 19:55:36 +0000

Posted by Michael Vizard Jan 30, 2012 12:27:28 PM

One of the issues that a lot of organizations have with IT security is that it’s costly to implement and difficult to manage. While there has been a lot of progress on both of those fronts lately, it hasn’t been dramatic. As a result, a lot of organizations are deploying anti-malware software on the endpoint and a firewall at the perimeter. But adoption of intrusion-detection systems (IDS) has been spotty because they generally require expensive dedicated appliances that can be hard to manage.

Read the full article..

MetaFlows Announces Software-Based IDPS, Enables IDPS Hardware for 1/10 the Price

admin — Mon, 30 Jan 2012 18:04:12 +0000

SaaS-based Global Correlation System Cuts False Positives, Improves Productivity
SAN DIEGO, CA, January 30, 2012 — MetaFlows, Inc., a startup focused on leveraging emerging cloud and virtualization technologies for the next generation of network security solutions, has developed a Software as a Service (SaaS) product that allows IT managers to easily implement high-performance Intrusion Detection/Prevention Systems (IDPS) using standard, off-the-shelf hardware. This technology allows users to load balance existing IDPS applications (like Snort or Suricata) on commodity multi-core processors like the Intel I7, thus slashing the cost of network security hardware by at least an order of magnitude.
Until now, only proprietary machines that cost around $50,000 could run parallel streams of traffic on an IDPS system. The MetaFlows Security System (MSS) is a software-based solution that can divide traffic into multiple streams and process each of them on a separate CPU core to monitor up to 10 Gbps of sustained network throughput on standard, off-the-shelf servers costing $4,000 or less. The MSS extends the capabilities of common hardware to do packet filtering and web filtering as well, providing effective protection against cyber threats.
But perhaps the biggest achievement of the MSS software is that it lets users find security issues more quickly and more reliably. This is because the MSS performs intra-domain correlation of an unprecedented range of security event information (Network and Host IDS, Event Logs, Vulnerability Data), flows and dynamic reputation intelligence feeds.
“MetaFlows SaaS ensures security analysts deliver qualitative reporting by minimizing routine data center configuration and false positives, and it does this while minimizing capital and operational costs,” said Joshua Konkle, CISSP #39157 and Vice President of DCIG

The MSS’s, real-time, browser-based security console ranks events using a new predictive global correlation system mathematically similar to Google’s page ranking algorithm. Important events show up at the top and users can prevent, quickly investigate and remediate security and usage policies issues before they become critical.
“Businesses and other organizations benefit from our software because it affords them a level of security, network awareness and processing efficiency that has only been available to enterprises with large security budgets,” said Livio Ricciulli, CEO and Chief Research Scientist of MetaFlows. “MetaFlows customers get that same performance and even better security through more accurate event and flow analysis for a tenth of the price.”
For a video demonstration of the MetaFlows Security System, please visit https://www.metaflows.com/resources/webvideo/.

Network Security Performance Tuning by MetaFlows CEO Livio Ricciulli, Part II

admin — Sun, 29 Jan 2012 00:10:03 +0000

By Joshua L. Konkle

Network security monitoring is a constantly changing environment of both tools and methodologies. Most of them today, however, have used a lone “cowboy” mentality where datacenter solutions operate independently. MetaFlows is changing that. Today, I am continuing my interview with MetaFlows CEO Livio Ricciulli, discussing how their product is optimizing network security monitoring and performance.

Network Security Monitoring delivered through a “Software as a Service” Model by MetaFlows CEO Livio Ricciulli, Part I

admin — Sun, 29 Jan 2012 00:05:26 +0000

By Joshua L. Konkle

Enterprise organizations face the daily challenge of ever-growing threats to their network and IT infrastructure. Not only are these threats growing, but they are constantly changing as well, forcing companies to adapt by changing not only their tools but also their training. Today, I’m talking with MetaFlows CEO Livio Ricciulli about howMetaFlows is addressing these problems by delivering network security monitoring using the “Software as a Service” model.

Vulnerability Scanning

admin — Tue, 03 Jan 2012 20:49:44 +0000

The MSS now allows to perform vulnerability scans. Right-click on a record and choose the host/port combination to scan. A report will be created in real time once the scan is done and the results will also be stored as Log events to be retrieved through the historical queries. The scans can be slow, so be patient once you initiate a scan.

Improved Correlation

admin — Tue, 03 Jan 2012 20:42:50 +0000

Our event analysis interface was improved to provide more correlation between Flow, IDS, and Log events. Snort events are blue, Service discovery and User discovery events are yellow and Log event are red. Each of these categories can be under the source or destination IP address or the Event column. If the events are under the source or destination addresses it means that they have been associated with that address (or group of addresses) only. If the events appear in the Event column, it means that they have been associated with that flow or group of flows (both source and destination addresses were associated with that event).

It Takes a Cloud to Secure a Cloud

admin — Fri, 16 Dec 2011 17:13:30 +0000

If you’re thinking of setting up some of your assets in the cloud, you need to think about how you can do that without compromising your network security monitoring standards and how you can meet regulatory compliance regulations. Even if you run an Intrusion Detection (and/or Prevention) System in your organization or have host-based IDS, securing the cloud is a different matter. Read this article to learn how the MSS secures assets in the cloud.

Improved packet RX/Drop rate calculation

admin — Wed, 23 Nov 2011 19:20:32 +0000

We improved the way we calculate packet received (RX) and packet drop (DR) rates. RX+DR should now be exactly the total of what the box is seeing. RX is the actual Snort processing rate and DR is the rate of packets Snort is not able to process either because the OS drops them or Snort drops them.