Network Antivirus File Reconstruction
Metaflows Network Security Appliances monitor the transmission of all notable files (.exe, .dll, .pdf, .zip, Microsoft Office formats, etc.) transmitted on your network. The digest of each file is passed to the Network Antivirus system, which consists of 50+ Antivirus solutions at once giving us the broadest possible base of signatures to use for virus Detection. All files that test positive on 3 or more Antivirus solutions generate high-priority alerts. Any host involved in the transmission of such files can be safely blocked and taken off the network because it is mot likely compromised.
Correlate File Transmissions With IDS
As shown in the diagram, all potentially dangerous file transmissions (.exe, .dll, .pdf, .zip, Microsoft Office formats, etc.) are logged and correlated whether or not they are actually malicious. This allows you to see what your users are uploading or downloading. In the example below, a file download event has been correlated with several other events to provide helpful context for the file transmission results. Merging file transmission records with IDS events provides an invaluable source of intelligence in detecting data exfiltrations or potentially devastating user behavior.