The threat landscape is continuously evolving at a rapid pace. While machine learning products are still only partially effective at recognizing threats, static firewall configurations, and traditional network IDS & antivirus solutions do not adapt quickly enough. As an hybrid solution, MetaFlows SaaS malware detection uses traditional threat intelligence but dynamically ranks it using anonymous feedback provided by our customers' event data.
While we provide dynamic shared threat intelligence to our customer on a continuous basis, we publish weekly statistics of the measurements we perform. Below you can see a partial sample for the week 12/04/2018-12/11/2018. The bars represent the best 15 malware predictors (left to right) for each category. The height represent the severity of what they predict. You can see the full reports here.
Some vendors have a good detection rate, but they do not detect really important malware; some may have lower detection rates, but catch the bad stuff. It's a horse race, no two weeks are the same.
These signatures were involved in multi-session incident reports which have a high probability of reporting a compromise. If you see one of these signatures, you better be prepared to deal with malware in your network.
Malware is not all the same. Some malware is common but just undesirable while some can destroy your reputation and cause irreversible damage. It is important to know what malware you are dealing with.
Finding these communications is golden, however, malware networks constantly change and are an extremely dynamic threat feed. We have trouble keeping up with this one; imagine your firewall or traditional IDS.
Our network malware detection software requires a dedicated (physical or virtual) Linux machine to passively analyze your Internet communications.
Once our software is installed in your network or VPC, it instantly becomes an active contributor and consumer of our global cloud-based correlation system. It constantly receives new threat intelligence while transmitting security event data to the cloud in real time. The system then dynamically ranks customers' threat feeds using the network security event data that reaches our SaaS cloud.
An IPS on Steroids: MetaFlows Security System"This is not just any IPS. Because it is a hybrid application – local and cloud-based – users get a lot of benefit from the cloud piece that are not available from a standard IPS. For example, a typical IPS gets its updates at whatever update interval the vendor determines. The updates usually are based on the efforts of the vendor's threat assessment laboratory. Not so for MSS." More...
Register here to build our award-winning malware prevention appliance using one of the links below.
See our Software Subscription Options from 100 Mbps to 10 Gbps and virtual cloud environments such as Amazon EC2.
MetaFlows offers turnkey network security appliances pre-configured with our malware detection software (MSS). The appliances are based on open source standards to allow quick and seamless integration in any existing infrastructure. They are remarkably robust (we have measured 99.99999% availability so far) and they offer one of the best, verifiable cost-to-performance ratios in the industry.
See the Specifications.