>

Advanced Network Intrusion Detection

Unpredictable user behavior, bad passwords and social engineering attacks are the leading cause of network security breaches and cannot be prevented by firewalls. Advanced network intrusion detection works beyond the firewall to analyze the communication patterns of your internal assets to find dangerous user behavior, malware and data breaches that would otherwise go unnoticed.

Evolve Your Network Security WithThe MetaFLows Security System

The MetaFlows Security System (MSS) is an advanced network intrusion detection system that does not require significant tuning or baselining, and yet consistently finds dangerous user behavior, malware and data exfiltrations that are routinely missed by all other security products deployed in the same network. While performing full packet capture of all communication, the MSS also continuously scans incoming content for both known and unknown malware.

Single IDS events are rarely useful without a context and often reported in high volume without an explanation of what they mean. Our patented technology, instead, automatically generates incident reports comprised of multiple inter-dependent (IDS and other) events. Rather than only providing isolated single-session events, incident reports give you the big picture with links to the underlying event data that matters as well as the complete packet capture of the incident.

SaaS-based shared threat intelligence

Any single threat feed is insufficient and leads to false negatives (something bad should have been detected). For example, we measured the average single antivirus solution detection rate at 20% of the known threats. That is why we use 55+ antivirus solutions at once and perform behavioral analysis with threat intelligence from Emerging Threats, VirusTotal, OSSEC, Trustwave, Cuckoo, YARA, Web of Trust and more.

read more

Indexed Full Packet Capture

As cyber security threats are detected (regardless of how they got in), they are shut down and reported through our browser-based security management console.

The MSS records all traffic in an indexed packet history database stored on hard drive(s). The storage size can be adjusted according to the desired search time horizon. For example, an installation with a 100 Mbps average throughput can achieve 1 week of packet history with 7.5 TB of storage (see equation below).

100(Mbps)*3600*24*7(your time horizon)/8000000(Convert to TB)=7.560 TB

As a result of an incident, analysts  can go back in time to see what content was downloaded or uploaded and/or obtain a complete pcap of the flows.

Together with the Multi-session correlation of over 40,000 IDS signatures, an indexed and searchable packet capture elevates the forensic capabilities of the MSS to a whole new level.

SaaS-based Network Antivirus/Sandbox

The MSS monitors the transmission of all notable files (.exe, .dll, .pdf, .zip, Microsoft Office formats, etc.) seen on your network. The digest of each file is passed to the Network Antivirus system, which consists of 55+ Antivirus solutions at once giving us the broadest possible base. All files that test positive on 3 or more antivirus solutions generate high-priority alerts.

Content which is unknown is executed in MetaFlows’ cloud-based sandbox analysis system. A mix of proprietary and open source tools analyze the behavior of the content as it is executed/opened to determine whether it is well behaved. If the dynamic behavior is consistent with dangerous Malware, the MSS updates its database and issues a high priority alert with a detailed report of why the content is bad. See some of the reports we generate every week.

Join our Customers

pb logo

You will be amazed Try Our Technology

Try our on-premise technology to analyze your network traffic from a SPAN or Mirror port  (from 100 Mbs to 10 Gbps):
Order one of our appliances or simply register here, download and install our network intrusion detection software on a CentOS/RHEL machine (physical or virtual) located near your firewall.

For advanced network intrusion detection in the Amazon EC2 cloud simply run our pre-configured Amazon EC2 instance and install our software tap to monitor your cloud instances as if they were in your LAN.

Passively analyze network traffic to:

  • Scan all content entering your network with 55+ antivirus software solutions at once
  • Sandbox unknown content to discover new threats
  • Reliably detect and shut down malware that gets passed your perimeter defense
  • Detect lateral moves and data exfiltration attempts
  • Pinpoint and prevent potential network security threats
  • Proactively log all IP packets for forensic investigations

Minimum hardware requirements are:

  • 4GB RAM or 2GB RAM/core (whichever is greater)
  • At least two physical Ethernet interfaces (one for management and one for passive traffic analysis)
  • At least 100GB of disk space

As cyber security threats are detected (regardless of how they got in), they are shut down and reported through our browser-based security management console.

Schedule a Live Demonstration

Interact with an expert security analyst as he uncovers previously unknown, compromised machines in a live university network!