Cloud Network Intrusion Detection

MetaFlows offers a complete network intrusion detection system optimized for virtual cloud environments such as Amazon AWS, Microsoft Azure or Google Cloud Platform.

Our unique solution shuts down network threats using 200,000+ real time threat indicators and over 40,000 IDS signatures while recording, scanning and validating all data communications of your cloud-based assets as if they were in a LAN. Our patented event correlation technology virtually eliminates false positives focusing on the events that really matter.

Compare AWS Network IDS/IPS Cloud Security Solutions

The matrix below compares important features of existing AWS security products. As you can see from the matrix, MetaFlows' solution offers a number of unique features designed to reliably detect and prevent modern network threats. False positives are virtually eliminated by correlating multiple independent flows and powerful forensic capabilities eliminate the guesswork when investigating automated incident reports.

How it works

Deploy the MetaFlows Security System in the cloud.
  • Create an MSS sensor by installing our intrusion detection software in a Linux RHEL/CentOS virtual instance dedicated to monitor the LAN traffic of your cloud. Or use a pre-configured MetaFlows AMI.
  • Install agents on your cloud instances to forward promiscuous traffic through an encrypted tunnel to the MSS sensor (thus creating a Virtual TAP).
  • The sensor then analyzes the forwarded traffic in real time to generate incident reports based on 40,000 Emerging Threats IDS signatures, over 200,000 real time threat intelligence indicators, 65+ antivirus solutions at once, AWS Guard Duty, and more.
  • Use a standard browser to instantly gain extreme visibility of your cloud assets through historical reporting, real-time event analysis and email alerts.
  • Perform historical forensic analysis to see the content of past network communications.


Our network intrusion detection system generates an unprecedented amount of useful security information. Multiple event types: IDS, Service/Host Discovery, Syslog, File transmission analysis (network antivirus/sandboxing), Intrusion prevention notifications, Multi-session Incident reports, and WAF notifications can be exported to any existing syslog management system (SIEM) or the award winning MetaFlows Security Console.

Splunk or Qradar applications are available for quick integration.

Splunk Application snapshot