Welcome to the MetaFlows Blog’s First Feature of the Month!
This month, we thought we would start things off right by spotlighting our proprietary, groundbreaking Soft IPS technology.
The long and short of it: Soft IPS enables you to block threatening traffic passively, or not in line. The benefits to being able to effectively stop threats without being in line are many. For starters, your security is more secure- it isn’t a threat in itself and your network can continue uninterrupted. No firewall modifications are needed after every major event and threats can be blocked in real time!
But HOW?! If you are more technically inclined, please read on to see how, through reverse engineering the Great Wall of China, we are able to make accomplish such things!
MetaFlows’ Soft IPS technology blocks unwanted traffic in passive mode. MetaFlows’ Soft IPS does this by injecting spoofed TCP packets into the network to disrupt unwanted communications. This idea (also employed by the Great Firewall of China) is coupled with a new algorithm that will safely predict what traffic to block based on observed communication patterns
Uses powerful active response technology to block unwanted traffic (Bots, spyware, P2P, etc..) and actively learns which hosts on a network need to be isolated.
Want to learn more? Jump In!
You can now deploy MetaFlows sensors on Amazon EC2 though the new AWS Marketplace. It is extremely easy to setup and you will be billed hourly as part of your EC2 instance subscription. You can use your existing MetaFlows account (or one will be automatically created for you), and monitor EC2 instances together with your existing physical sensors through a Browser. This is true innovation!
MetaFlows has developed 10 Gbps functionality using off-the-shelf hardware.
Previously, MetaFlows measured the performance of PF_RING with Snort inline at 1 Gbps on an I7 950. The results were quiet impressive.
In MetaFlows latest testing, the Development Team reports on their experiment running Snort on a dual processor board with a total of 24 hyperthreads (using the Intel X5670). Besides measuring Snort processing throughput varying the number of rules, they also (1) changed the compiler used to compile Snort (GCC vs. ICC) and (2) compared PF_RING in NAPI mode (running 24 Snort processes in parallel) and PF_RING Direct NIC Access technology (DNA) (running 16 Snort processes in parallel).
Read the full report.
Intrusion prevention systems (IPS), for the most part, involve very expensive network appliances that sit outside the network to prevent attacks from getting in. We call that “hard IPS”. A typical IPS could cost at least $10,000 or more plus maintenance fees.
Soft IPS is software that uses off-the-shelf hardware to monitor network traffic at high-performance speeds in passive or inline mode, block unwanted traffic through packet filtering, TCP session disruption and customizable inline drop policies.
The MetaFlows Security System (MSS) is the very first soft IPS and costs a fraction of what typical a IPS might cost because it doesn’t need an expensive piece of hardware to run.
MetaFlows has modified a piece of open-source software, called PF_RING, so that it can turn a standard off-the-shelf desktop computer into a high-performance intrusion prevention system. If you’d like to learn exactly how our modified version of PF_RING does that, you can read our technical release here.
Soft IPS lets small and medium-sized businesses get the protection they need by lowering the cost of a high-performance IPS. For large enterprises and government agencies, this means that they can drastically reduce their information security and IT costs.
If you’re interested in integrating our modified PF_RING into your own Snort IPS system, you can download our code and install instructions here: MetaFlows Modified PF_RING.