Advanced Network Intrusion Detection

Unpredictable user behavior, bad passwords and social engineering attacks are the leading cause of network security breaches and cannot be prevented by firewalls. Advanced network intrusion detection works beyond the firewall to analyze the communication patterns of your internal assets to find dangerous user behavior, malware and data breaches that would otherwise go unnoticed.

Evolve Your Network Security WithThe MetaFLows Security System

The MetaFlows Security System (MSS) is an advanced network intrusion detection system that does not require significant tuning or baselining, and yet consistently finds dangerous user behavior, malware and data exfiltrations that are routinely missed by all other security products deployed in the same network. While performing full packet capture of all communication, the MSS also continuously scans incoming content that gets passed your firewall for both known and unknown malware.

Single IDS events are rarely useful without a context and often reported in high volume without an explanation of what they mean. Our patented technology, instead, automatically generates incident reports comprised of multiple inter-dependent (IDS and other) events. Rather than only providing isolated single-session events, incident reports give you the big picture with links to the underlying event data that matters as well as the complete packet capture of the incident. Using our technology, you will be amazed what you can find out about your network.

SC Magazine Hall of Fame

SC Magazine has inducted MetaFlows in the Industry Innovators Hall of Fame. They write: “We were pleased that this Innovator continues to blaze the trail ahead for perimeter defense in an environment increasingly consisting of less and less perimeter to defend. The problem is a tough one and MetaFlows has brought creativity and insight to the solution. This is one of the most positive uses of the cloud for security purposes that we have seen in quite a while. More…

SaaS-based shared threat intelligence

Any single threat feed is insufficient and leads to false negatives (something bad should have been detected). For example, we measured the average single antivirus solution detection rate at 20% of the known threats. That is why we use 55+ antivirus solutions at once and perform behavioral analysis with threat intelligence from Emerging Threats, VirusTotal, OSSEC, Trustwave, Cuckoo, YARA, Web of Trust and more.

read more

Indexed Full Packet Capture

As cyber security threats are detected (regardless of how they got in), they are shut down and reported through our browser-based security management console.

When you deploy a MetaFlows sensor you can record and search an indexed packet history database stored on your hard drive(s). You can size your storage according to your average network throughput and the desired time horizon . For example, if your Internet traffic averages 100 Mbit/s and you want to look back up to 1 week, you can size your storage as:

100(Mbps)*3600*24*7(your time horizon)/8000000(Convert to TB)=7.560 TB

After you identify which flows are interesting, you can go back in time and see what content was downloaded or uploaded and/or obtain a complete pcap of the flows.

Together with our Multi-session correlation of over 40,000 IDS signatures, it will elevate the sophistication of your network awareness and forensic capabilities to a whole new level. Every MetaFlows customer uses this feature. After you try it, there is no turning back. It will quickly become an indispensable network analysis tool that you cannot do without.

SaaS-based Network Antivirus/Sandbox

The MSS monitors the transmission of all notable files (.exe, .dll, .pdf, .zip, Microsoft Office formats, etc.) seen on your network. The digest of each file is passed to the Network Antivirus system, which consists of 55+ Antivirus solutions at once giving us the broadest possible base. All files that test positive on 3 or more antivirus solutions generate high-priority alerts.

Content which is unknown is executed in MetaFlows’ cloud-based sandbox analysis system. A mix of proprietary and open source tools analyze the behavior of the content as it is executed/opened to determine whether it is well behaved. If the dynamic behavior is consistent with dangerous Malware, the MSS updates its database and issues a high priority alert with a detailed report of why the content is bad. See some of the reports we generate every week.

Join our Customers

pb logo

You will be amazed by what you can find out about your network Try Our Technology

Try our on-premise technology to analyze your network traffic from a SPAN or Mirror port  (from 100 Mbs to 10 Gbps):
Order one of our appliances or simply register here, download and install our network intrusion detection software on a CentOS/RHEL machine (physical or virtual) located near your firewall.

For advanced network intrusion detection in the Amazon EC2 cloud simply run our pre-configured Amazon EC2 instance and install our software tap to monitor your cloud instances as if they were in your LAN.

Passively analyze network traffic to:

  • Scan all content entering your network with 55+ antivirus software solutions at once
  • Sandbox unknown content to discover new threats
  • Reliably detect and shut down malware that gets passed your perimeter defense
  • Detect lateral moves and data exfiltration attempts
  • Pinpoint and prevent potential network security threats
  • Proactively log all IP packets for forensic investigations

Minimum hardware requirements are:

  • 4GB RAM or 2GB RAM/core (whichever is greater)
  • At least two physical Ethernet interfaces (one for management and one for passive traffic analysis)
  • At least 100GB of disk space

As cyber security threats are detected (regardless of how they got in), they are shut down and reported through our browser-based security management console.

Schedule a Live Demonstration

Interact with an expert security analyst as he uncovers previously unknown, compromised machines in a live university network!