Your sensors monitor the transmission of all notable files (.exe, .dll, .pdf, .zip, Microsoft Office formats, etc.) transmitted on your network. The digest of each file is passed to the Network Antivirus system, which consists of 50+ Antivirus solutions. All files that test positive on 3 or more Antivirus solutions generate high priority reports for your analysis. Content which is unknown to Virus Total is executed in MetaFlows' Sandbox. A mix of proprietary and open source tools analyze the behavior of the content as it is executed/opened to determine whether it is well behaved. If the behavior is consistent with dangerous Malware, the sandbox updates our database and issues a high priority alert with a detailed report of why the content is bad.
Sandboxing is relatively simple, but it needs lots of memory and CPU to keep up with the arrival rate of the content. Unlike competing products, MetaFlows sandboxes scale on standard hardware and therefore you do not have to pay ridiculous amounts of money for standard hardware functions. In fact, you can run our turn-key sandboxes on your own hardware!