You can now deploy MetaFlows sensors on Amazon EC2 though the new AWS Marketplace. It is extremely easy to setup and you will be billed hourly as part of your EC2 instance subscription. You can use your existing MetaFlows account (or one will be automatically created for you), and monitor EC2 instances together with your existing physical sensors through a Browser. This is true innovation!
MetaFlows has developed 10 Gbps functionality using off-the-shelf hardware.
Previously, MetaFlows measured the performance of PF_RING with Snort inline at 1 Gbps on an I7 950. The results were quiet impressive.
In MetaFlows latest testing, the Development Team reports on their experiment running Snort on a dual processor board with a total of 24 hyperthreads (using the Intel X5670). Besides measuring Snort processing throughput varying the number of rules, they also (1) changed the compiler used to compile Snort (GCC vs. ICC) and (2) compared PF_RING in NAPI mode (running 24 Snort processes in parallel) and PF_RING Direct NIC Access technology (DNA) (running 16 Snort processes in parallel).
Intrusion prevention systems (IPS), for the most part, involve very expensive network appliances that sit outside the network to prevent attacks from getting in. We call that “hard IPS”. A typical IPS could cost at least $10,000 or more plus maintenance fees.
Soft IPS is software that uses off-the-shelf hardware to monitor network traffic at high-performance speeds in passive or inline mode, block unwanted traffic through packet filtering, TCP session disruption and customizable inline drop policies.
The MetaFlows Security System (MSS) is the very first soft IPS and costs a fraction of what typical a IPS might cost because it doesn’t need an expensive piece of hardware to run.
MetaFlows has modified a piece of open-source software, called PF_RING, so that it can turn a standard off-the-shelf desktop computer into a high-performance intrusion prevention system. If you’d like to learn exactly how our modified version of PF_RING does that, you can read our technical release here.
Soft IPS lets small and medium-sized businesses get the protection they need by lowering the cost of a high-performance IPS. For large enterprises and government agencies, this means that they can drastically reduce their information security and IT costs.
If you’re interested in integrating our modified PF_RING into your own Snort IPS system, you can download our code and install instructions here: MetaFlows Modified PF_RING.