Bothunter Logo Multi-Session Intrusion Detection

The MetaFlows Security System (MSS) uses patented intrusion detection technology (Dialog Based Correlation) that does not require any tuning or significant configuration, and yet consistently finds malware and data exfiltrations that are routinely missed by all other products deployed in the same network. The key is multi-session traffic analysis.

Multi-Session Traffic Analysis

Multi-session traffic analysis (also called dialog-based correlation) automatically correlates IDS alerts involving a single internal asset with multiple external hosts over time.

Traditional IDS software generates alerts by reconstructing a single session between two endpoints and finding known patterns that confirm security violations within that specific session. This usually results in a very high false positive rate. Important events are often missed due to the huge volume of false positive or low-priority network security events.

MetaFlows uses Multi-Session Intrusion Detection Analysis. This advanced correlation technique gathers specific IDS alerts (also called dialog events) that form a typical behavior pattern for an infected host. Dialog events are fed directly into a separate correlation engine, where each host’s individual dialog production pattern is mapped and scored against an abstract Malware infection life cycle model.

When the dialog correlation algorithm shows that a host’s dialog patterns map sufficiently close to the life cycle, the host is declared infected, and an infection profile (a partial summary example is shown below) is generated to summarize all evidence about the infection.

Bothhunter screen

SC Magazine Hall of Fame

SC Magazine has inducted MetaFlows in the Industry Innovators: Hall of Fame.
They write: "We were pleased that this Innovator continues to blaze the trail ahead for perimeter defense in an environment increasingly consisting of less and less perimeter to defend. The problem is a tough one and MetaFlows has brought creativity and insight to the solution. This is one of the most positive uses of the cloud for security purposes that we have seen in quite a while. More...

Top 20 Most Promising Enterprise Security Companies

CIO Review Magazine has selected MetaFlows as one of the top 20 Most Promising Enterprise Security Companies.
In the article Cost Effectively Tackling Advanced Security Threats, MetaFlows' Chief Scientist Livio Ricciulli provides a road map for tackling the new security challenges facing Enterprises in the upcoming decade. More...

How to Get Our Software

Complete Software Solution

Our complete SaaS network security solution can be installed (1) as a turn-key security appliance, (2) in a dedicated CentOS 7 physical or virtual machine in your LAN, or (3) in your cloud-based networks. If you want to try our complete software solution in your LAN for 14 days, please register here and then follow these instructions to build your own MetaFlows network security appliance. Contact us if you want to evaluate one of our turn-key security appliances for 30 days.

Stand-alone BotHunter

We offer the ability to run BotHunter without any additional features. Stand-alone BotHunter can be used to either monitor a span/mirror up to approximately 100 Mbps or as a host-based IDS. If you intend to use it to troubleshoot a single Windows system, you can run it on the system itself as a Virtual Machine. This mode is available for both commercial and non-commercial use (free). Non-commercial use does not require registration (although we recommend it in order to receive support). Please follow these instructions to run in this mode.

Find hidden threats in you network today. Try multi-session analysis today.
Start Free 14-Day Trial Schedule Demo