Advanced Intrusion Detection Finds Hidden Threats

MetaFlows’ advanced intrusion detection software uses patented technology that does not require any tuning or significant configuration, and yet consistently finds malware and data breaches that are routinely missed by all other products deployed in the same network. The key is Multi-session traffic analysis.

Multi-Session Traffic Analysis

Multi-session traffic analysis (also called dialog-based correlation) was originally embedded in a revolutionary Intrusion Detection software tool called BotHunter. Since then, MetaFlows has significantly extended and improved such technology for commercial use. Simply put, it automatically connects the dots between security alerts involving a single internal host with multiple external hosts over time.

Traditional intrusion detection software generates alerts by reconstructing a single session between two hosts and finding known patterns that confirm security violations within that specific session. This usually results in a very high false positive rate. Important events are often missed due to the huge volume of false positive or low-priority network security events.

MetaFlows uses Multi-Session Intrusion Detection Analysis. This advanced intrusion detection technique combines multiple security events (also called dialog events) that form a typical behavior pattern for an infected host. Dialog events from each internal host are mapped and scored against an abstract Malware infection life cycle model.

When the Multi-session analysis algorithm shows that a host’s dialog patterns map sufficiently close to the Malware life cycle, the host is declared infected, and an infection profile (a partial summary example is shown below) is generated to summarize all evidence about the infection.

advanced malware detection example

Besides detecting active malware (we detect thousands per day), Multi-session analysis can also be reversed to detect lateral moves that would otherwise go unnoticed. For example, if an external host A scans one of your internal hosts B and then A later on also receives a large amount of data from another internal host C, our system generates an incident report indicting a possible intrusion through B and data exfiltration from C. Admittedly, these kinds of incident reports are rare, but when they occur, they can truly save your enterprise from disastrous data loss.

Take a tour of our interface.

Multiple Detection Techniques

MetaFlows uses multiple network detection techniques to find and shut down hidden malware that is routinely missed by all other security products. The matrix below compares important features of existing network security products. As you can see from the matrix, our products can cast a much wider net than traditional intrusion detection systems.

Operating System Register to Download Software
Linux CentOS/RHEL 7
VMware ESX4/Server
Amazon EC2 AWS EC2

Try our unprecedented combination of features side-by-side any of our competitors

Our software plans support from 50Mbs to 10Gbps of sustained network inspection. Simply Register here to start a 2-week unlimited trial.

Minimum hardware requirements are:

  • 4GB RAM or 2GB RAM/core (whichever is greater)
  • At least 2 Physical Ethernet Interfaces (one for management and one for passive traffic analysis)
  • At least 100GB disk