The Next Layer of Defense is Here!

The researchers from the article below “…expect their findings to be beneficial to enterprises and other organizations in developing the next layer of defense.”

The next layer of defense is already here. The MetaFlows Security System uses behavioral analysis (along with the traditional signature detection) in order to catch even the stealthiest of Malware. It can even catch things that were in the network before it was deployed!
Read the TechNewsWorld article below to find out more about why, regardless of company size, having the most intelligent network protection is key. Then go to www.metaflows.com to find out how to get the most intelligent network protection.

The Never Ending Cycle of Prey and Predator: The Malware War!

Malware is not new and yet ever-evolving. Companies need to strengthen security practices and tools in order to stay ahead, or at the least, stay in the game! With attacks and costs sharing an rising trajectory, information security should be the top of every IT director’s list. Read about it from the perspective of a CSO:

Malware: War without End

Find out how the MetaFlows Security System is keeping steady in the war against Malware and defeating enemies with innovative and cost efficient technology!

WakingShark II: Stress Testing the City of London

The City of London underwent a massive cyber attack- on purpose! In a great feat of preemptive security hundreds of people, from hackers to holy grail financial institutions, participated in a collaborative attack to test various organizations and government institutions’ preparedness. More cities and organizations should be testing their mettle in such a way.

Waking Shark II – Stress Testing the City of London

 

 

See how the MetaFlows Security System can put your network to the test. Find out what you are not seeing in our Free 14 Day Trial.

Security and The Internet of Things

In a world where, increasingly, EVERYTHING is linked together by internet, bluetooth, and technology at large, security is at its utmost importance. However- and who is to say whether we choose ignorance as bliss or just are too trusting- many do not even realize how much of their private lives are basically on a buffet table at a party hosted by Internet.

An interesting look at the expansion and effects of “The Internet of Things.”

Insecurity and the Internet of Things Part 1: Data, Data Everywhere

Feature Spotlight: Global Enterprise Solution

Global Enterprise Solution

The MSS Global Enterprise (MSS GE) is a complete turn-key security system intended for large Enterprise or Government networks, and includes advanced Malware/Botnet detection, Intrusion Prevention, Log Management/SIEM, and integrated vulnerability assessment. The MSS GE controller can be deployed either as a high performance Appliance (starting at 1200 Events/Second) or as an Amazon EC2 instance (AMI). The MSS GE sensors can be easily provisioned on off-the-shelf hardware (up to 10 Gbps per sensor) running Linux CentOS/RedHat, high-performance Appliances, VMware or on Amazon EC2.

ges image

Web Security Console

  • Real Time SIEM, Flow & Log management
  • Multi-user Online Collaboration
  • One-click Remediation
  • Highly Customizable
MSS GE Controller

  • Deploy as an Appliance or as an Amazon EC2 Instance
  • Predictive Event Correlation quickly finds Malware
  • Centralized Sensor Provisioning
Daily Intelligence Feeds

  • Behavioral Malware Detection
  • Zero-day/APT Intelligence
  • Vulnerability Scanning
  • Geo-location Intelligence

 

False Positives: A Contradiction Most Annoying

False Positives are the thorn in the backside of every IT security professional. The following article does a good job of breaking them down and explaining some of their greater risks.

The Impact of False Positives

 

False Positives are all but eliminated by the MetaFlows Security System. A fact that seems to good to be true, but is made totally possible by innovative technology!

Old Dog, New Tricks: Reengineering Human Behavior Can Foil Phishing

No, UPS does not have a package waiting for you and that prince in Nairobi does not really want to give you $50,000, no matter how well thought out his plan is.

The article below details how, with just a bit of training, even your typical end-user can become more savvy and avoid those pesky phishing emails, thus saving your network from nonsense.

Reengineering Human Behavior Can Foil Phishing

Find out how the MetaFlows Security System, by utilizing Network Level AntiVirus and an Internal File Carver, can notify on and prevent pesky phishing scams.

Information Breach Tragedy: It Could Have Been Avoided Completely!

A University employee single handedly demonstrates why it’s just as important to know what’s leaving your network as it is to know what’s coming into it!

University Employee Fired for Inadvertently Emailing Student Data

 

 

Find out how the MetaFlows Security System can monitor important files leaving your network, and catch them before they make it out!

 

 

 

The Cost of Crime Is Up and So Are Their Profits

It’s amazing what some people will do maliciously, and even more amazing what they can accomplish when there is $ behind it.

Lucrative Business: Cybercrime-as-a-Service

See what MetaFlows can do with Software-as-a-Service to protect you from the cybercriminals!

Not Your Grandma’s Malware Protection

The MetaFlows Security System Malware Protection is ADVANCED. We’re talking behavioral and signature detection, multi-layered, Malware-butt kicking advanced. The MSS finds Malware using a 3-layer approach where each level is highly scalable and works independently to progressively increase the detection accuracy.

Layer1: Session level

This is the most basic level of intrusion detection carried out by hardened Linux-based open source components. Our fine-tuned and extremely robust Session-level process can scale from 100 Mbps to 10 Gbps using inexpensive, standard server hardware.

vrtemerging threats

Layer 2: Multiple-Session

With multiple-session correlation, we identify typical infection behavior by looking at alerts belonging to a single home machine. The MSS positively scores alerts based on observing at least two events corresponding to the typical phases of a Bot Infection.

  1. Inbound scanning
  2. Exploit
  3. Egg download
  4. C&C communication
  5. Outbound scanning/propagation

Multiple-session analysis (unlike traditional IDS) reduces false positives almost entirely and brings true positives to the forefront. This proprietary analysis is performed by Cyber-TA’s BotHunter (licensed to MetaFlows by SRI International). BotHunter intelligence feeds and rules are updated weekly from the SRI Malware Threat Center.

bothunter

Layer3: Multiple-Domain (Predictive Global Correlation)

Research funded by the National Science Foundation has led to the development of a proprietary multiple-domain correlation algorithm that is mathematically similar to Google’s page ranking. Event scores are autonomously obtained from a global network of virtual machines that masquerade as victims. As the victims are repeatedly attacked and infected, the MSS records security event information of both successful and unsuccessful hacker techniques and subsequent nefarious activities. This information is then combined with 5 additional network intelligence sources and then propagated in real time to each of our users to augment the session level and multiple-session-level ranking described above. This additional inter-domain correlation is important because it adds operational awareness based on real-time, measured intelligence.

With multiple-session correlation, we identify typical infection behavior by looking at alerts belonging to a single home machine. The MSS positively scores alerts based on observing at least two events corresponding to the typical phases of a Bot Infection.

  1. Inbound scanning
  2. Exploit
  3. Egg download
  4. C&C communication
  5. Outbound scanning/propagation

Multiple-session analysis (unlike traditional IDS) reduces false positives almost entirely and brings true positives to the forefront. This proprietary analysis is performed by Cyber-TA’s BotHunter (licensed to MetaFlows by SRI International). BotHunter intelligence feeds and rules are updated weekly from the SRI Malware Threat Center.

layer3

You can always learn more about how we are protecting networks better here.