Not Your Grandma’s Malware Protection

The MetaFlows Security System Malware Protection is ADVANCED. We’re talking behavioral and signature detection, multi-layered, Malware-butt kicking advanced. The MSS finds Malware using a 3-layer approach where each level is highly scalable and works independently to progressively increase the detection accuracy.

Layer1: Session level

This is the most basic level of intrusion detection carried out by hardened Linux-based open source components. Our fine-tuned and extremely robust Session-level process can scale from 100 Mbps to 10 Gbps using inexpensive, standard server hardware.

vrtemerging threats

Layer 2: Multiple-Session

With multiple-session correlation, we identify typical infection behavior by looking at alerts belonging to a single home machine. The MSS positively scores alerts based on observing at least two events corresponding to the typical phases of a Bot Infection.

  1. Inbound scanning
  2. Exploit
  3. Egg download
  4. C&C communication
  5. Outbound scanning/propagation

Multiple-session analysis (unlike traditional IDS) reduces false positives almost entirely and brings true positives to the forefront. This proprietary analysis is performed by Cyber-TA’s BotHunter (licensed to MetaFlows by SRI International). BotHunter intelligence feeds and rules are updated weekly from the SRI Malware Threat Center.

bothunter

Layer3: Multiple-Domain (Predictive Global Correlation)

Research funded by the National Science Foundation has led to the development of a proprietary multiple-domain correlation algorithm that is mathematically similar to Google’s page ranking. Event scores are autonomously obtained from a global network of virtual machines that masquerade as victims. As the victims are repeatedly attacked and infected, the MSS records security event information of both successful and unsuccessful hacker techniques and subsequent nefarious activities. This information is then combined with 5 additional network intelligence sources and then propagated in real time to each of our users to augment the session level and multiple-session-level ranking described above. This additional inter-domain correlation is important because it adds operational awareness based on real-time, measured intelligence.

With multiple-session correlation, we identify typical infection behavior by looking at alerts belonging to a single home machine. The MSS positively scores alerts based on observing at least two events corresponding to the typical phases of a Bot Infection.

  1. Inbound scanning
  2. Exploit
  3. Egg download
  4. C&C communication
  5. Outbound scanning/propagation

Multiple-session analysis (unlike traditional IDS) reduces false positives almost entirely and brings true positives to the forefront. This proprietary analysis is performed by Cyber-TA’s BotHunter (licensed to MetaFlows by SRI International). BotHunter intelligence feeds and rules are updated weekly from the SRI Malware Threat Center.

layer3

You can always learn more about how we are protecting networks better here.

SC Magazine Review

Industry Innovators: Hall of Fame

The idea behind this Innovator’s service is that one can place sensors strategically around an enterprise and send the outputs to the cloud where advanced processing performs a host of security functions to result in more efficient, faster and more accurate functions than doing the same ones on-premises. Add global intelligence gathering to give depth and breadth to the core data available and you have the MetaFlows Security System (MSS).
In terms of Network Security, SC Magazine knows how to zero in on the important. As part of their end of year review of the best products, they felt inclined to mention us. And not just mention us, but review us.

Read more…

An IPS on Steroids

“An IPS on Steroids: MetaFlows Security System”

The secret behind the MetaFlows Security System (MSS) is that it really is a hybrid application. It collects data on the network and acts on malicious activity. So far, this is just about the same as any intrusion prevention system (IPS). But don’t be fooled. This is not just any IPS. Because it is a hybrid application – local and cloud-based – users get a lot of benefit from the cloud piece that are not available from a standard IPS. For example, a typical IPS gets its updates at whatever update interval the vendor determines. The updates usually are based on the efforts of the vendor’s threat assessment laboratory. Not so for MSS.
Peter Stephenson’s First Look at the MSS

Syria and The Impending Cyber War

CNN discusses the rise of Cyber attacks and how war has now gained another frontier.

SEA: Syria Electronic Army- Report from CNN

First Wave of A Bigger War?

Find out more about how MetaFlows is working to protect companies from foreign threats, and could likely have stopped the recent meltdowns at the New York Times.

Dear CSO, Do You Know How to Build Security Culture?

Creating a security culture is not easy, but it is definitely beneficial. Click the link for some helpful and interesting points.

Dear CSO, do you know how to build security culture?

With so many points of access to your network, you need manageable visibility and protection, especially if you do not have a strong security culture.

Fake Facebook “Pages You Might Like” Emails Deliver Malware

Something to keep in mind for those without tight Policy violation monitoring

Fake Facebook “Pages you might like” emails deliver malware.

 

We all agree that the biggest threat is often user negligence, and since you can not control every user in your network like a marionette (unfortunately), then malware is a network security issue. But it is one that can be solved

Malware Sophistication Worries IT Leaders

An Interesting Article about why malware detection and prevention is so relevant, and how it is only becoming more so.

Malware sophistication worries IT leaders.

 

… As it should. Are you a worried IT leader? Click here to find out more about how you can successfully defeat Malware in your network.

Soft IPS: Protecting Your Network Passively and Proficiently

Welcome to the MetaFlows Blog’s First Feature of the Month!

This month, we thought we would start things off right by spotlighting our proprietary, groundbreaking Soft IPS technology.

The long and short of it: Soft IPS enables you to block threatening traffic passively, or not in line. The benefits to being able to effectively stop threats without being in line are many. For starters, your security is more secure- it isn’t a threat in itself and your network can continue uninterrupted. No firewall modifications are needed after every major event and threats can be blocked in real time!

gfc

But HOW?! If you are more technically inclined, please read on to see how, through reverse engineering the Great Wall of China, we are able to make accomplish such things!

MetaFlows’ Soft IPS technology blocks unwanted traffic in passive mode. MetaFlows’ Soft IPS does this by injecting spoofed TCP packets into the network to disrupt unwanted communications. This idea (also employed by the Great Firewall of China) is coupled with a new algorithm that will safely predict what traffic to block based on observed communication patterns

Uses powerful active response technology to block unwanted traffic (Bots, spyware, P2P, etc..) and actively learns which hosts on a network need to be isolated.

Want to learn more? Jump In!