Advanced Network Malware Detection

Emerging trends like mobility, P2P applications, cloud-based services, and social media are giving us better access to information at the expense of security. Modern network malware can exploit these trends to bypass the network perimeter.

Today's cutting edge perimeter defense systems can prevent most intrusions by using advanced access control heuristics, real time threat feeds & content behavioral analysis. However once there is a compromise, malware can dangerously go unnoticed for quite a while because these techniques cannot detect communication behavior over multiple sessions over time. This is why MetaFlows' advanced malware detection technology continuously performs multi-session analysis. Rather than focusing on single events (like a traditional IDS/IPS), it produces incident reports containing multiple events related to the same threat. False positives are virtually eliminated letting security administrators focus on security events that really matter.

There are good reasons why it is important to proactively record all packets traversing a network. Without packet logging, incidents often lead to these familiar, unanswered questions: Did the user click on the link? Did the user log in? Did the server respond? What else did they download? Without packet logging, there is little to investigate and circumstantial evidence often leads to very uncertain conclusions.

MetaFlows provides an extensible full packet logging solution to search, reconstruct, render and analyze whatever was transmitted on a network. The time horizon is directly proportional to the storage to bandwidth ratio and can range from a few hours to a few weeks depending on the setup. The time horizon can be adjusted by sizing the storage hardware while leveraging our proprietary packet indexing technology to elevate forensic capabilities to a whole new level. Indexed packet logging provides an unprecedented level of network visibility essential to assessing the security of your network.

In order to reliably identify hidden threats, our network security monitoring software needs to perform several CPU intensive, deep packet analysis functions in real time. Dynamically executing content through sandboxes also requires plenty of CPU and RAM.

Fortunately, our network security monitoring software easily meets these processing requirements using open software, hardware, and virtualization standards. MetaFlows offers inexpensive, turn-key, malware detection appliances ranging in capacity from 50 Mbps to 10 Gbps. Importantly, you can also build your own appliances by simply downloading our software on Linux Centos or RHEL systems (physical or virtual). Our software was designed as an open system and can therefore be easily customized and integrated into any existing infrastructure. Start a free trial today on your own existing hardware!