Network Intrusion Detection & Prevention for the Cloud

MetaFlows offers advanced network intrusion detection for public cloud environments such as Amazon AWS, Microsoft Azure or Google Cloud Platform. It performs deep packet inspection of cloud based network traffic using:

  • Emerging Threats (now ProofPoint) IDS signatures (~40k Snort signatures updated daily)
  • SpiderLbas Web Application rules (~19k Mod Security rules updated monthly)
  • MineMeld feeds (~100k IPv4 addresses, ~100k URLs and ~2,700 domains updated daily)
  • Virus Total file signatures (approximately 700k new hashes/day)
  • Yara sandboxing rules to detonate unknown content uploaded to your instances

Instantly start receiving email alerts with actionable incident reports that identify suspicious behaviour.

Gain unprecedented visibility. Analyze coincident threat indicators, and reconstruct historical network activities using full packet logging.

Use real time flow analysis to quickly identify abnormal data communication patterns caused by misconfiguration, or hostile netowrk behavior.

Architecture

Sensors receive SSL mirror feeds from your cloud instances and perform a number of concurrent network traffic analysis operations which include multi-session correlation analysis, IDS/IPS, sandboxing/antivirus, SSL interception, passive asset discovery, indexed packet logging and syslog event import/export. Sensors post incident reports and security event data to the MetaFlows SaaS cloud where they can be accessed for analysis through a browser.

Deploy the MetaFlows Security System in the cloud.

Besides offering network security tools to analize the event data, The MetaFlows SaaS cloud also centralizes the management of compliance reports, IDS/IPS rules, event classification policies, sensor configurations, software licenses, audit logs and data sharing across multiple users.

How to setup a production system

Event Types

Our cloud-based network intrusion detection system generates the following event types:

  • IDS
  • Multi-session Behavioral Analysis Incident Reports
  • File Transmission Activity
  • Network Antivirus & Sandboxing
  • Intrusion Prevention Notifications
  • User Logins
  • Service/Host Discovery
  • WAF notifications
  • AWS Guard Duty Events
  • Aggregated System Logs
All this information is available in real time through our award winning MetaFlows Security Console. Optionally we can export our events either in syslog or CEF format to any existing Security Event Management System (SIEM).

Splunk or Qradar applications are available for quick integration.

Splunk Application snapshot

Compare AWS Network IDS/IPS Cloud Security Solutions

The matrix below compares important features of existing AWS security products. As you can see from the matrix, MetaFlows' solution offers a number of unique features designed to reliably detect and prevent modern network threats. False positives are virtually eliminated by correlating multiple independent flows and powerful forensic capabilities eliminate the guesswork when investigating automated incident reports.


Try it now for free