The MetaFlows Security System

The threat landscape is continuously evolving at a rapid pace. While machine learning products are still only partially effective at recognizing threats, traditional network IDS & antivirus solutions suffer from false positives and false negatives. The MetaFlows Security System uses a vast amount of threat indicators (to reduce false negatives) and dynamically ranks them using anonymous feedback provided by our incident reports (to reduce false positives).

How it works

The MetaFlows Security System requires a (physical or virtual) Linux machine dedicated to passively analyze Internet communications. Once our software is installed, it immediately gets access to the following threat feeds:

  • MineMeld feeds (~100k IPv4 addresses, ~100k URLs and ~2,700 domains)
  • Virus Total file signatures (approximately 700k new hashes/day)
  • Emerging Threat IDS signatures (~40k IDS signatures updated daily)

Besides ingesting intelligence, each installation also becomes an active contributor to our global cloud-based correlation system. This allows us to identify and prioritize specific event types with good predictive potential to further improve detection accuracy based on dynamic measurements.

SC Magazine Review

An IPS on Steroids: MetaFlows Security System
"This is not just any IPS. Because it is a hybrid application – local and cloud-based – users get a lot of benefit from the cloud piece that are not available from a standard IPS. For example, a typical IPS gets its updates at whatever update interval the vendor determines. The updates usually are based on the efforts of the vendor's threat assessment laboratory. Not so for MSS." More...

Real Time Event View

These are the origins of the security events being received by the MetaFlows cloud right now. Sometimes you will see a red dot signifying a confirmed source that was involved in an incident repot.



Packet Analyzed


Events Received


Threats Found


Inbound Content Scanned

Software Download

Register here to build our award-winning intrusion detection appliance using one of the links below.

See our Software Subscription Options from 100 Mbps to 10 Gbps and virtual cloud environments such as Amazon EC2.

Turn-key Appliances

MetaFlows offers turnkey intrusion detection appliances pre-configured with our software (MSS). The appliances are based on open source standards to allow quick and seamless integration in any existing infrastructure. They are remarkably robust (we have measured 99.99999% availability so far) and they offer one of the best, verifiable cost-to-performance ratios in the industry.


5 Gbps Behavioral Malware Detection Appliance


10 Gbps Behavioral Malware Detection Appliance


10 Gbps Behavioral Malware Detection Appliance


20 Mbps UTM Appliance

See the Specifications.