Network Intrusion Detection & Prevention for the Cloud
MetaFlows offers advanced network intrusion detection for public cloud environments such as Amazon AWS, Microsoft Azure or Google Cloud Platform. It performs deep packet inspection of cloud based network traffic using:
- Emerging Threats (now ProofPoint) IDS signatures (~40k Snort signatures updated daily)
- SpiderLbas Web Application rules (~19k Mod Security rules updated monthly)
- MineMeld feeds (~100k IPv4 addresses, ~100k URLs and ~2,700 domains updated daily)
- Virus Total file signatures (approximately 700k new hashes/day)
- Yara sandboxing rules to detonate unknown content uploaded to your instances
Instantly start receiving email alerts with actionable incident reports that identify suspicious behaviour.
Gain unprecedented visibility. Analyze coincident threat indicators, and reconstruct historical network activities using full packet logging.
Use real time flow analysis to quickly identify abnormal data communication patterns caused by misconfiguration, or hostile netowrk behavior.
Sensors receive SSL mirror feeds from your cloud instances and perform a number of concurrent network traffic analysis operations which include multi-session correlation analysis, IDS/IPS, sandboxing/antivirus, SSL interception, passive asset discovery, indexed packet logging and syslog event import/export. Sensors post incident reports and security event data to the MetaFlows SaaS cloud where they can be accessed for analysis through a browser.
Besides offering network security tools to analize the event data, The MetaFlows SaaS cloud also centralizes the management of compliance reports, IDS/IPS rules, event classification policies, sensor configurations, software licenses, audit logs and data sharing across multiple users.
How to setup a production system
- Launch one or more MetaFlows AMI in the same availability zone of your instances (the first one you start will create an account in our system).
- Install SSL agents on your cloud instances or setup VPC Traffic Mirroring.
- Login to get access to real time security events and perform sophisticated forensic investigations on you network traffic
Our cloud-based network intrusion detection system generates the following event types:
- Multi-session Behavioral Analysis Incident Reports
- File Transmission Activity
- Network Antivirus & Sandboxing
- Intrusion Prevention Notifications
- User Logins
- Service/Host Discovery
- WAF notifications
- AWS Guard Duty Events
- Aggregated System Logs
Compare AWS Network IDS/IPS Cloud Security Solutions
The matrix below compares important features of existing AWS security products. As you can see from the matrix, MetaFlows' solution offers a number of unique features designed to reliably detect and prevent modern network threats. False positives are virtually eliminated by correlating multiple independent flows and powerful forensic capabilities eliminate the guesswork when investigating automated incident reports.
Try it now for free
- Create and account
- Respond to the welcome email with the word AWS Trial in the body of the message
- Start mirroring your AWS traffic (AWS data metering charges may apply depending on the AWS availability zone).
- Get instant access to real time security events and perform sophisticated forensic investigations on you network traffic.