SaaS Threat Detection and Remediation

The threat landscape is continuously evolving at a rapid pace. While machine learning products are still only partially effective at recognizing threats, static firewall configurations, and traditional network IDS & antivirus solutions do not adapt quickly enough. As an hybrid solution, MetaFlows SaaS threat detection uses traditional threat indicators but dynamically ranks it using anonymous feedback provided by our customers' event data.

While we provide dynamic shared threat intelligence to our customer on a continuous basis, we publish weekly statistics of the measurements we perform. Below you can see a partial sample for the week 08/03/2019-08/10/2019. The bars represent the best 15 malware predictors (left to right) for each category. The height represent the severity of what they predict. Hover over the column to see the data. You can see the full reports here.

Measured antivirus effectiveness

Some vendors have a good detection rate, but they do not detect really important malware; some may have lower detection rates, but catch the bad stuff. It's a horse race, no two weeks are the same.

Best Network IDS signatures

These signatures were involved in multi-session incident reports which have a high probability of reporting a compromise. If you see one of these signatures, you better be prepared to deal with malware in your network.

Most destructive malware this week

Malware is not all the same. Some malware is common but just undesirable while some can destroy your reputation and cause irreversible damage. It is important to know what malware you are dealing with.

Hosts contacted by malware

Finding these communications provides good, accurate intelligence, however, malware networks constantly change and are an extremely dynamic threat feed. We have trouble keeping up with this one; imagine your firewall or traditional IDS.

How it works

Our network threat detection software requires a (physical or virtual) Linux machine dedicated to passively analyze Internet communications. Once our software is installed, it immediately gets access to the following threat feeds:

  • MineMeld feeds (~100k IPv4 addresses, ~100k URLs and ~2,700 domains)
  • Virus Total file signatures (approximately 700k new hashes/day)
  • Emerging Threat IDS signatures (~40k IDS signatures updated daily)

Besides ingesting intelligence, each installation also becomes an active contributor to our global cloud-based correlation system. This allows us to identify and prioritize specific event types with good predictive potential to further improve detection accuracy based on dynamic measurements.

SC Magazine Review

An IPS on Steroids: MetaFlows Security System
"This is not just any IPS. Because it is a hybrid application – local and cloud-based – users get a lot of benefit from the cloud piece that are not available from a standard IPS. For example, a typical IPS gets its updates at whatever update interval the vendor determines. The updates usually are based on the efforts of the vendor's threat assessment laboratory. Not so for MSS." More...

Real Time Event View

These are the origins of the threat detection events being received by the MetaFlows cloud right now. Sometimes you will see a red dot signifying a confirmed source that was involved in threat detection report.



Packet Analyzed


Events Received


Threats Found


Inbound Content Scanned

Software Download

Register here to build our award-winning threat detection appliance using one of the links below.

See our Software Subscription Options from 100 Mbps to 10 Gbps and virtual cloud environments such as Amazon EC2.

Turn-key Appliances

MetaFlows offers turnkey threat detection appliances pre-configured with our software (MSS). The appliances are based on open source standards to allow quick and seamless integration in any existing infrastructure. They are remarkably robust (we have measured 99.99999% availability so far) and they offer one of the best, verifiable cost-to-performance ratios in the industry.


5 Gbps Behavioral Malware Detection Appliance


10 Gbps Behavioral Malware Detection Appliance


10 Gbps Behavioral Malware Detection Appliance


20 Mbps UTM Appliance

See the Specifications.