Advanced Network Malware Detection
Accurately identify and block malware, dangerous user behavior and data exfiltrations that would otherwise go unnoticed.
Lower False Negatives
While machine learning security products are still in their infancy, signature-based IDS/IPS & antivirus solutions are becoming increasingly ineffective.
For example, we measure that an antivirus solution misses known malware from 50% to 80% of the time with respect to all its rivals combined. Things get even worse if we also count unknown malware that can only be detected through a sandbox.
Signature-based detection systems cannot detect and prevent today's leading causes of cyber security incidents. Unpredictable user behavior, bad passwords and social engineering attacks can only be detected using behavioral analsysis.
MoreRelative Antivirus Effectiveness
Lower False Positives
Threat indicators provide noisy data NOT a source of information. We extract information while removing false positives by recognizing specific patterns of diverse classes of threat indicators affecting individual endpoints over time. Our patented technology, automatically generates incident reports (security information) correlating multiple inter-dependent events. Rather than only providing isolated single-session events, incident reports give you the big picture with links to the underlying event data that matters as well as the complete packet capture of the incident.
Other Unique Features
Advanced Forensics
MetaFlows' network malware detection software provides indexed packet logging to easily reconstruct what happened in your network past. The time horizon is directly proportional to the storage to bandwidth ratio and can range from a few hours to a few weeks depending on the setup. The time horizon can be adjusted by sizing the storage capacity while leveraging our proprietary packet indexing technology to scale your forensic capabilities to a whole new level. More
Block Threats Without Impacting Reliability
Soft IPS is ground-breaking software-based Intrusion Prevention technology that shuts down threats with zero impact on performance and reliability. It uses powerful active response technology to block unwanted traffic (bots, spyware, P2P, etc.) and actively learns which flows need to be blocked by extracting invariants from your communication patterns. More
| Inline IPS | Soft IPS | |
| Blocks TCP | ||
| Blocks UDP and ICMP |
Partial |
|
| Software Failure | All Traffic Stops | All Traffic Through |
| Hardware Failure | All Traffic Stops | All Traffic Through |
| Power Loss | Depends on Device | All Traffic Through |
| Performance Impact | ~200 µs latency | None |
Passive SSL/TLS Interception
Passive SSL/TLS interception does not require a proxy, it is more reliable and more secure. Also the cost of passive SSL/TLS interception is significantly lower than traditional techniques because it does not require an inline device to continuously perform cryptographic operations in real time to first decrypt and then encrypt all traffic to inspect. More
| Proxy SSL/TLS Interception | Passive SSL>TLS Interception | |
|---|---|---|
| No Security Impact | Requires Key Management | |
| System Failure/misconfiguration | All SSL traffic stops | SSL inspection stops |
| No Performance Impact | Noticeable | |
| End-to-end Transparency | Ciphers are implicitly re-negotiated | |
| Endpoint supported | All | Partial |
Deploy Anywhere
Our software was designed as an open system and can therefore be easily customized and integrated into any existing infrastructure. It can be installed in minutes on Linux CentOS or RedHat, VMware (Server/Player or ESX4), Amazon EC2 or Microsoft Azure supporting a variety of storage and monitoring configurations. We also provide cost-effective malware detection appliances optimally designed to scale from 50 Mbps to 10 Gbps. More
