You can now deploy MetaFlows sensors on Amazon EC2 though the new AWS Marketplace. It is extremely easy to setup and you will be billed hourly as part of your EC2 instance subscription. You can use your existing MetaFlows account (or one will be automatically created for you), and monitor EC2 instances together with your existing physical sensors through a Browser. This is true innovation!
This is a killer app. The more we watched this one sort through the data that it was monitoring – over a million events and flows at a major university – and dig down and analyze it, the more we wanted one. This is a very serious service/application that we have to admit also is very cool. This is an intrusion detection system (IDS)/intrusion prevention system (IPS) on steroids. It uses just about every security paradigm that we can think of. It is tied into a network of honeypots all over the world. It allows both IDS and IPS, and it has a level of detail and drilldown that enables solid forensic analysis of events.
Payload and Event Reporting by MetaFlows CEO Livio Ricciulli, Part III
By Joshua L. Konkle on January 31, 2012 5:00 AM
MetaFlows is a network security monitoring tool implementing some unique capabilities in today’s ever-changing security environment.
MetaFlows Security System uses a combination of open source and proprietary technologies to reduce costs and support off-the-shelf hardware
By Lucian Constantin, IDG News Service
January 30, 2012 10:20 AM ET
Network security monitoring startup MetaFlows launched a new Software-as-a-Service (SaaS) product that can be installed on low-cost hardware to monitor network traffic flow, detect possible intrusions and analyze event logs.
SaaS-based Global Correlation System Cuts False Positives, Improves Productivity
SAN DIEGO, CA, January 30, 2012 — MetaFlows, Inc., a startup focused on leveraging emerging cloud and virtualization technologies for the next generation of network security solutions, has developed a Software as a Service (SaaS) product that allows IT managers to easily implement high-performance Intrusion Detection/Prevention Systems (IDPS) using standard, off-the-shelf hardware. This technology allows users to load balance existing IDPS applications (like Snort or Suricata) on commodity multi-core processors like the Intel I7, thus slashing the cost of network security hardware by at least an order of magnitude.
Until now, only proprietary machines that cost around $50,000 could run parallel streams of traffic on an IDPS system. The MetaFlows Security System (MSS) is a software-based solution that can divide traffic into multiple streams and process each of them on a separate CPU core to monitor up to 10 Gbps of sustained network throughput on standard, off-the-shelf servers costing $4,000 or less. The MSS extends the capabilities of common hardware to do packet filtering and web filtering as well, providing effective protection against cyber threats.
But perhaps the biggest achievement of the MSS software is that it lets users find security issues more quickly and more reliably. This is because the MSS performs intra-domain correlation of an unprecedented range of security event information (Network and Host IDS, Event Logs, Vulnerability Data), flows and dynamic reputation intelligence feeds.
“MetaFlows SaaS ensures security analysts deliver qualitative reporting by minimizing routine data center configuration and false positives, and it does this while minimizing capital and operational costs,” said Joshua Konkle, CISSP #39157 and Vice President of DCIG
The MSS’s, real-time, browser-based security console ranks events using a new predictive global correlation system mathematically similar to Google’s page ranking algorithm. Important events show up at the top and users can prevent, quickly investigate and remediate security and usage policies issues before they become critical.
“Businesses and other organizations benefit from our software because it affords them a level of security, network awareness and processing efficiency that has only been available to enterprises with large security budgets,” said Livio Ricciulli, CEO and Chief Research Scientist of MetaFlows. “MetaFlows customers get that same performance and even better security through more accurate event and flow analysis for a tenth of the price.”
For a video demonstration of the MetaFlows Security System, please visit https://www.metaflows.com/resources/webvideo/.
Network security monitoring is a constantly changing environment of both tools and methodologies. Most of them today, however, have used a lone “cowboy” mentality where datacenter solutions operate independently. MetaFlows is changing that. Today, I am continuing my interview with MetaFlows CEO Livio Ricciulli, discussing how their product is optimizing network security monitoring and performance.
Enterprise organizations face the daily challenge of ever-growing threats to their network and IT infrastructure. Not only are these threats growing, but they are constantly changing as well, forcing companies to adapt by changing not only their tools but also their training. Today, I’m talking with MetaFlows CEO Livio Ricciulli about howMetaFlows is addressing these problems by delivering network security monitoring using the “Software as a Service” model.
The MSS now allows to perform vulnerability scans. Right-click on a record and choose the host/port combination to scan. A report will be created in real time once the scan is done and the results will also be stored as Log events to be retrieved through the historical queries. The scans can be slow, so be patient once you initiate a scan.
Our event analysis interface was improved to provide more correlation between Flow, IDS, and Log events. Snort events are blue, Service discovery and User discovery events are yellow and Log event are red. Each of these categories can be under the source or destination IP address or the Event column. If the events are under the source or destination addresses it means that they have been associated with that address (or group of addresses) only. If the events appear in the Event column, it means that they have been associated with that flow or group of flows (both source and destination addresses were associated with that event).
We improved the way we calculate packet received (RX) and packet drop (DR) rates. RX+DR should now be exactly the total of what the box is seeing. RX is the actual Snort processing rate and DR is the rate of packets Snort is not able to process either because the OS drops them or Snort drops them.
