January 30, 2012, 9:59 AM — Network security monitoring startup MetaFlows launched a new Software-as-a-Service (SaaS) product that can be installed on low-cost hardware to monitor network traffic flow, detect possible intrusions and analyze event logs.
The MetaFlows Security System (MSS) is composed of local software agents that can run on inexpensive off-the-shelf hardware and a cloud-based service where the results are stored.
The local MSS sensors capture network events and transmit the corresponding data to the company's cloud system where they get analyzed and sorted by priority. Customers can inspect the results using a secure Web interface.
The sensors can be deployed as stand-alone appliances or they can be installed on the customer's existing hardware using a Linux-based software package that contains proprietary and open source technology.
The software agent includes BotHunter, an IDS (intrusion detection system) software licensed from SRI International; the open source Snort IDS with generic signatures from the Emerging Threats project; the Flow, NetFlow, Sflow and CFlow network traffic monitoring plug-ins; log management tools compatible with OSSEC (Open Source Security) and MetaFlows proprietary applications.
The company also offers a package for setting up a honeypot client that acts as a decoy for internal network threats, although this is an optional feature.
One of MSS' key benefits is the low cost associated with its deployment and maintenance when compared to traditional IDS products, said MetaFlows CEO Livio Ricciulli.
This is partly due to the use of open source software, but also because of improvements made to it by MetaFlows. One example is the modifications made by the company to the PF_RING packet capture library in order to support multithreaded Snort instances on multi-core processors.
This allows MetaFlows sensors to process 800M bps of sustained network throughput when using an eight-core Intel i7 CPU that costs around $1,000. In comparison, the max throughput that can be processed using a standard packet capture library with a single thread is 100M bps.
On the server side, the company has developed a threat prediction algorithm similar to the one used by Google's search engine to rank websites. This technology is used to prioritize events, therefore increasing the productivity of network security analysts.