Metaflows SaaS Threat Detection and Remediation

The threat landscape is continuously evolving at a rapid pace. While machine learning products are still only partially effective at recognizing threats, static firewall configurations, and traditional network IDS & antivirus solutions do not adapt quickly enough. As an hybrid solution, MetaFlows SaaS threat detection uses traditional threat indicators but dynamically ranks it using anonymous feedback provided by our customers' event data. Our network threat detection software requires a (physical or virtual) Linux machine dedicated to passively analyze Internet communications. Once our software is installed, it immediately gets access to the following threat feeds:

• MineMeld feeds (~100k IPv4 addresses, ~100k URLs and ~2,700 domains)

 

• Virus Total file signatures (approximately 700k new hashes/day)

 

• Emerging Threat IDS signatures (~40k IDS signatures updated daily)

 

Besides ingesting intelligence, each installation also becomes an active contributor to our global cloud-based correlation system. This allows us to identify and prioritize specific event types with good predictive potential to further improve detection accuracy based on dynamic measurements.