Our friends at SC Magazine have inducted us into the SC Magazine Innovators Hall of Fame. It is nice to be recognized for our innovations. Importantly, this is purely based on their journalistic curiosity; we give them props for performing their reviews based on sound technical knowledge. We refuse to pay money for recognition. You might think we are old-fashioned but this is how we roll at MetaFlows.
Their article also points out the importance of monitoring beyond the network perimeter using multi-session correlation. If you are not sure what multi-session correlation can do for you, it is best for you to put it to the test. You will be amazed of what you can find out about your network.
Read the article at SC Magazine’s Website
Next generation (NG) firewalls allow administrators to efficiently restrict network use policies to prevent infections. These firewalls (Palo Alto Networks is the most notable example) secure your enterprise by blocking everything that is not explicitly allowed by your network administrator. It clamps down on anything unknown: unknown users, unknown applications, unknown ports, etc. NG firewalls also provide some traditional IPS features that can be used to shape traffic coming into the network.v
So what is wrong with locking everything down as a primary defense mechanism? This approach has 2 major drawbacks.
Problem 1: It’s Not Scalable
NG firewalls are basically a heuristics-based approach to security. Some networks and some operators might be a good fit for this, but many are not. This approach works in small, simple networks where the operator is omnipotent and has complete visibility on the network use policies. Unfortunately, most networks are not simple and most operators are not omnipotent.
As new uses for networks evolve and new applications are used, these heuristics need to be constantly updated and evolved as well. After a few months of complaining from their users, operators will start relaxing the policies and therefore leave the network as exposed as it once was with a traditional firewall.
Problem 2: It’s Can’t Actually Stop Active Intrusions
Once something bad makes it inside the network, NG firewalls are no better than a traditional IDS system. They flood network operators with thousands of alerts which can be used as audit trails, but are otherwise useless for detecting active intrusions. This poses a significant risk: most data breaches today happen through legitimate network channels (browser drive-by, spear-phishing, social engineering, etc.). Think about your house: you can put bars on the windows, but if your teenager invites a thief inside the house, the bars and the locks are useless.
Don’t Put All Your Eggs In One Basket
There is a saying in security: “Hard on the outside and soft and chewy on the inside.” If you are serious about security, you need to lock the gate. But you also need a way to look for anomalies on the inside. That is what MetaFlows does well: we complement your firewall, traditional or next generation. We don’t claim to be able to replace everything in one magical box like most of our competitors, and you shouldn’t put all of your eggs in one basket. Your firewall should do what it does best: lock your door. But firewalls must also be complemented by a security solution that can actively detect and respond to network intrusions. 20 years of cyber-security research helped us to create a product that detects threats, no matter how they got in. Try Metaflows today to see what your firewall is missing!
One of the most important lessons from cyber-war fighters is that relying on a single mechanism to defend your enterprise is naive. In fact, the more disparate and heterogeneous the network defense mechanisms, the better. MetaFlows fully embraces this concept by providing several detection mechanisms that work together:
- IDS behavioral analysis looking for multiple symptoms that indicate a compromised host.
- Using up to 50 different antivirus solutions at once to find bad content on the network.
- Honeypots continuously mining for new threats.
- Flow and log analysis.
These are just a few things that MetaFlows does.
Until now, MetaFlows has used these mechanisms independently to find and defeat threats. Our multifunctional approach has proven to be very effective. Many customers characterize the MetaFlows Security System as “The Last Line of Defense”. But now, we just upped the ante!
Leveraging our multifunctional view, we now also support behavioral correlation to combine disparate intelligence sources. Our Correlation Engine Rule (CER) specification now allows you to connect the dots across the different functional paradigms. But enough smoke and mirrors! Here are some REAL examples.
- Detect the external hosts that are scanning your network.
- If any of these hosts exchange more than a few thousand packets with an internal host, flag the internal host as compromised.
Notice that (1) is an IDS function while (2) is a flow analysis function.
Zero-day Infection of Something That Cannot Be Executed in a Sandbox
A downloads a bad
.exe from server
C (an Apple computer) downloads a
JAR file from server
C is talking to a known Command & Control site.
(1) is detected by a virus scanning application, (2) is detected with L7 analysis, (3) is detected by an IDS rule.
These examples demonstrate why traditional defenses are inadequate. Correlated together, these rules give you a powerful view of exactly what is happening on your network. You really need a multifunctional system that can connect the dots.
The researchers from the article below “…expect their findings to be beneficial to enterprises and other organizations in developing the next layer of defense.”
The next layer of defense is already here. The MetaFlows Security System uses behavioral analysis (along with the traditional signature detection) in order to catch even the stealthiest of Malware. It can even catch things that were in the network before it was deployed!
Read the TechNewsWorld article below to find out more about why, regardless of company size, having the most intelligent network protection is key. Then go to www.metaflows.com to find out how to get the most intelligent network protection.
Malware is not new and yet ever-evolving. Companies need to strengthen security practices and tools in order to stay ahead, or at the least, stay in the game! With attacks and costs sharing an rising trajectory, information security should be the top of every IT director’s list. Read about it from the perspective of a CSO:
Malware: War without End
Find out how the MetaFlows Security System is keeping steady in the war against Malware and defeating enemies with innovative and cost efficient technology!
The City of London underwent a massive cyber attack- on purpose! In a great feat of preemptive security hundreds of people, from hackers to holy grail financial institutions, participated in a collaborative attack to test various organizations and government institutions’ preparedness. More cities and organizations should be testing their mettle in such a way.
See how the MetaFlows Security System can put your network to the test. Find out what you are not seeing in our Free 14 Day Trial.
In a world where, increasingly, EVERYTHING is linked together by internet, bluetooth, and technology at large, security is at its utmost importance. However- and who is to say whether we choose ignorance as bliss or just are too trusting- many do not even realize how much of their private lives are basically on a buffet table at a party hosted by Internet.
An interesting look at the expansion and effects of “The Internet of Things.”
Insecurity and the Internet of Things Part 1: Data, Data Everywhere
Global Enterprise Solution
The MSS Global Enterprise (MSS GE) is a complete turn-key security system intended for large Enterprise or Government networks, and includes advanced Malware/Botnet detection, Intrusion Prevention, Log Management/SIEM, and integrated vulnerability assessment. The MSS GE controller can be deployed either as a high performance Appliance (starting at 1200 Events/Second) or as an Amazon EC2 instance (AMI). The MSS GE sensors can be easily provisioned on off-the-shelf hardware (up to 10 Gbps per sensor) running Linux CentOS/RedHat, high-performance Appliances, VMware or on Amazon EC2.
|Web Security Console|
- Real Time SIEM, Flow & Log management
- Multi-user Online Collaboration
- One-click Remediation
- Highly Customizable
|MSS GE Controller|
- Deploy as an Appliance or as an Amazon EC2 Instance
- Predictive Event Correlation quickly finds Malware
- Centralized Sensor Provisioning
|Daily Intelligence Feeds|
- Behavioral Malware Detection
- Zero-day/APT Intelligence
- Vulnerability Scanning
- Geo-location Intelligence
False Positives are the thorn in the backside of every IT security professional. The following article does a good job of breaking them down and explaining some of their greater risks.
The Impact of False Positives
False Positives are all but eliminated by the MetaFlows Security System. A fact that seems to good to be true, but is made totally possible by innovative technology!
No, UPS does not have a package waiting for you and that prince in Nairobi does not really want to give you $50,000, no matter how well thought out his plan is.
The article below details how, with just a bit of training, even your typical end-user can become more savvy and avoid those pesky phishing emails, thus saving your network from nonsense.
Reengineering Human Behavior Can Foil Phishing
Find out how the MetaFlows Security System, by utilizing Network Level AntiVirus and an Internal File Carver, can notify on and prevent pesky phishing scams.