Monitor your public cloud as if it was your LAN.

Analyze security incidents reports rather than single events.

Advanced Intrusion Detection >

Get to the ground truth with full packet logging.

Validate dangerous content with cloud-based antivirus & sandboxing.

Advanced Intrusion Detection

Accurately identify and block malware, dangerous user behavior and data exfiltrations that would otherwise go unnoticed.

Lower False Negatives

Signature-based IDS/IPS & antivirus solutions are becoming increasingly ineffective.
MORE LESS

For example, we measure that an antivirus solution misses known malware from 20% to 50% of the time with respect to all its rivals combined. Things get even worse if we also count unknown malware that can only be detected through a sandbox.

Signature-based detection systems cannot detect and prevent today's leading causes of cyber security incidents. Unpredictable user behavior, bad passwords and social engineering attacks can only be detected using behavioral threat analysis.

Diverse threat intelligence
Our Network Antivirus system not only uses more than sixty (60+) antivirus solutions at once, but also uses a mix of proprietary, commercial and collaborative feeds to analyze the behavior of the content as it is executed/opened to determine whether it is well behaved.

Dynamic Ranking
When you deploy our technology, your enterprise becomes an integral part of our cloud-based correlation system. By anonymously sharing threat intelligence from multiple enterprises we can extract dangerous communication patterns that are strong predictors of a potential compromise. This information is then fed back to each customer in the form of dynamic IPS block rules.

Even More >

Lower False Positives

Isolated alerts contain very little actionable information.
MORE LESS

Traditional Network IDS software generates alerts by finding known threat patterns within a single TCP/UDP session. This usually results in a very high false positive rate. Important events are often missed due to the huge volume of false positive or low-priority network security events.

MetaFlows uses Multi-Session Correlation. Multi-session correlation is an evolution of dialog-based correlation first introduced by a revolutionary malware detection tool called BotHunter.

Multi-session correlation extends dialog based correlation by leveraging diverse threat intelligence that goes well beyond signature based IDS alerts. Simply put, it automatically connects the dots between (any) security alert involving a single internal host with multiple external hosts over time.

Even More >

The MetaFlows Security System

A diagram illustrating how the pieces of Metaflows' software-as-a-service solution fit together.

The MetaFlows Security System requires a (physical or virtual) Linux machine dedicated to passively analyze network traffic from a mirror/SPAN or agents deployed in public cloud instances (like AWS, Azure or GCP). Once our software is installed, it immediately gets access to the following threat feeds:

Emerging Threat IDS signatures (~40k IDS signatures updated daily)
MineMeld feeds (~100k IPv4 addresses, ~100k URLs and ~2,700 domains updated daily)
Virus Total file signatures (approximately 700k new hashes/day)
~19,000 SpiderLbas Rules

Besides ingesting intelligence, each installation also becomes an active contributor to our global cloud-based correlation system. This allows us to identify and prioritize specific event types with good predictive potential to further improve detection accuracy based on dynamic measurements.

Real Time Event View

These are the origins of the security events being received by the MetaFlows cloud right now (). Sometimes you will see a red dot signifying a confirmed source that was involved in an incident report.

Daily Stats

Packet Analyzed:	4.35
Events Received:	626
Files Analyzed:	1,200
Threats Found:	260K

Intrusion Detection Software

The MSS network intrusion detection software runs on CentOS/RHEL 7, and therefore, can be deployed (1) on dedicated hardware, (2) as a virtual machine, or (3) in any public cloud like the Amazon EC2, Microsoft Azure or Google Cloud Platform.

Go beyond compliance, improve your security operations.

Advanced Threat Hunting & Forensics

MetaFlows' network intrusion detection software provides indexed packet logging to easily reconstruct what happened in your network past. The time horizon is directly proportional to the storage to bandwidth ratio and can range from a few hours to a few weeks depending on the setup. The time horizon can be adjusted by sizing the storage capacity while leveraging our proprietary packet indexing technology to scale your forensic capabilities to a whole new level.
MORE >

Take charge or your network. Shut down security threats with dynamic IPS policies updated every 12 hours.

Block Threats Without Impacting Reliability

Soft IPS is ground-breaking software-based Intrusion Prevention technology that shuts down threats with zero impact on performance and reliability. It uses powerful active response technology to block unwanted traffic (bots, spyware, P2P, etc.) and actively learns which flows need to be blocked by extracting invariants from your communication patterns.
MORE >

Cost-effectively inspect your encrypted traffic without compromising security and reliability.

Passive SSL/TLS Interception

Passive SSL/TLS interception does not require a proxy, it is more reliable and more secure. Also the cost of passive SSL/TLS interception is significantly lower than traditional techniques because it does not require an inline device to continuously perform cryptographic operations in real time to first decrypt and then encrypt all traffic to inspect.
MORE >

Cost-effective deployment options for both on-premise and the public cloud.

Deploy Anywhere

Our software was designed as an open system and can therefore be easily customized and integrated into any existing infrastructure. It can be installed in minutes on Linux CentOS or RedHat, VMware (Server/Player or ESX4), Amazon EC2 or Microsoft Azure supporting a variety of storage and monitoring configurations. We also provide cost-effective malware detection appliances optimally designed to scale from 50 Mbps to 10 Gbps.
MORE >

Features & Pricing

The software scales with the hardware and can handle from a few Mbps to 10 Gbps. The software cost is determined by the amount of traffic it needs to monitor (measured in bps) and its features. Our software subscriptions are offered in three feature / performance tiers: Bronze, Silver, and Gold and can be purchased on monthly, annual and biannual subscription terms. Amazon EC2 hourly AMIs are billed directly by Amazon.

Feature	Community* (free)	Bronze ($1,798/year)	Silver ($3,010/year)	Gold ($8,778/year)	EC2 ($0.44/hour)
Processing Cores	1	1	1	8+	1+
Sustained Performance	100 Mbps	100 Mbps	100 Mbps	500+ Mbps	100+ Mbps
Multiple Intelligence feeds
Multi-session correlation
Passive Host / Service Discovery
Real-Time Flow Analysis
Syslog Export
Historical Event Analysis
Network Antivirus/ Sandboxing
Full Packet Logging
Compliance Reporting
Active Directory/User Discovery
Syslog Import
Vulnerability Scanning
Multiple Cores
	Metaflows Silver and Gold subscriptions can perform packet capture and deep-packet inspection of your assets in the Amazon EC2 infrastructure
*Community subscriptions use Emerging Threats open source signatures rather than the commercial feed.