MetaFlows’ advanced malware detection uses patented intrusion detection technology that does not require any tuning or significant configuration, and yet consistently finds malware and data breaches that are routinely missed by all other products deployed in the same network. The key is Multi-session traffic analysis.
Multi-session traffic analysis (also called dialog-based correlation) was originally embedded in a revolutionary IDS tool called BotHunter. Since then, MetaFlows has significantly extended and improved such technology for commercial use. Simply put, it automatically connects the dots between security alerts involving a single internal host with multiple external hosts over time.
Traditional IDS software generates alerts by reconstructing a single session between two hosts and finding known patterns that confirm security violations within that specific session. This usually results in a very high false positive rate. Important events are often missed due to the huge volume of false positive or low-priority network security events.
MetaFlows uses Multi-Session Intrusion Detection Analysis. This advanced malware detection technique combines multiple security events (also called dialog events) that form a typical behavior pattern for an infected host. Dialog events from each internal host are mapped and scored against an abstract Malware infection life cycle model.
When the Multi-session analysis algorithm shows that a host’s dialog patterns map sufficiently close to the Malware life cycle, the host is declared infected, and an infection profile (a partial summary example is shown below) is generated to summarize all evidence about the infection.
MetaFlows uses multiple network detection techniques to find and shut down hidden malware that is routinely missed by all other security products. The matrix below compares important features of existing network security products. As you can see from the matrix, our products can cast a much wider net than traditional intrusion detection systems.
Minimum hardware requirements are: