The MetaFlows’ malware detection and prevention system records, scans and validates all inbound Internet content while monitoring outbound communication patterns to uncover active infections and data breaches that cannot be prevented by network perimeter defenses. These advanced network intrusion detection functions are performed by sensors which comprise a mix of proprietary and open source network security software applications (see below) running on CentOS/RHEL7.
Sensors can be deployed on-premise or in the cloud and are in constant communication with the MetaFlows cloud to retrieve real time threat intelligence and user configurations while writing back security event messages and performance telemetry. Configuration, reporting and forensic analysis applications are delivered through MetaFlows’ award-winning SaaS web-based console running on a standard HTML5 Browser.
|Feature||Why it is important|
|Behavioral malware detection||Monitors suspicious outbound communication patterns to uncover active infections and data breaches.|
|Intrusion detection||Provides constantly up-to-date information on how your network may be misused.|
|Soft IPS||Blocks unwanted traffic in passive mode without any performance or reliability risks.|
|Full packet capture/pcap extraction||Provides the ultimate forensic tool in finding out if and when something got compromised.|
|Zero day analysis (SandBoxing)||Analyzes suspicious, never-seen inbound content to see if it is well behaved.|
|Network antivirus||Leverages the Internet community to scan files with 55+ antivirus solutions at once.|
|Active directory/user discovery||Tracks which users log into your network and associates their credentials to security events.|
|Syslog import/export||Helps facilitating the management of multiple security solutions and increases visibility of your network events.|
|Real time flow analysis||Easily discovers misuses of your network like scanning, mis-configurations and network abusers.|
|Passive service discovery||Discover what services and hosts are running in your network.|
|Standard OS/HW scalable to 10 Gbps||Open source systems are always more robust and more cost-effective than proprietary solutions.|
Real time threat feeds from Emerging Threats, Cuckoo, VirusTotal, SRI, OSSEC, Trustwave, YARA, ClamAV and Web of Trust are transparently combined to provide the best network security coverage available today. We further improve malware detection and prevention accuracy with the multi-session invariant analysis of the 350M+ network security events that are stored in our SaaS cloud every week.
Multi-session analysis improves detection accuracy by recognizing a trail of evidence occurring over multiple sessions rather than focusing on single security events. Our malware detection & prevention software automated email alerts and web-based incident reports provide actionable intelligence in the form of clear correlated evidence of a compromise or data breach rather than simple event data that is often difficult to interpret.