Mark Manu is the GSEC of the San Diego-based Cubic Corporation.

Here’s Mark in his own words talking about the MetaFlows Security System.

“Deploying an IDS system and monitoring your network for anomalies could not be easier with the MetaFlows system.  The web based sensor setup quickly takes the guesswork out of manual Snort configuration by giving the user a quick and easy set of questions to define your network and what you want to protect.  Once you complete the form your unique sensor is created in the MetaFlows cloud and you are presented with the option to download the sensor as a vmware virtual machine or tarball file to install on physical hardware.  You will be up and running with a working Snort sensor with the latest rule sets in under an hour.  From here on all of your management of MetaFlows and your sensors are done through a secure web connection. This couldn’t be easier.

Once up and running, choose the rule sets you want from Emerging Threats or add your Sourcefire oinkcode to run those rules. You can also quickly view the traffic that is flowing across your network and make decisions as to whether the traffic is hostile or benign. Then you can tune your rule set based on the traffic you see to help you find false positive alerts and modify the ruleset to exclude them.

But the best features are the inclusion of Bothunter tool and the MetaFlows algorithm which ranks snort alerts according to severity.  These tools quickly let you know which Snort alerts are the most important to view and which of your hosts are most likely infected with bots or malware. We have used these tools to quickly identify and shut down these infected hosts.

MetaFlows is a simple yet robust system to get your IDS sensors under control and start finding the “evil” on your network before it has a chance to wreak havoc.”