This Small Business Innovation Research Phase II project is directed toward fulfilling the need of business and Government organizations to more effectively monitor and protect their electronic networks. Network security devices (NSDs) such as Anti-virus, Intrusion Detection/Prevention, spam/phishing filtering, and bandwidth anomaly detection systems have become an integral part of our networks as they provide invaluable services in maintaining data integrity and confidentiality, while protecting the availability of computing resources. This research aims at significantly increasing the timeliness, accuracy and cost-effectiveness of NSDs in combating fast-changing and ever-more sophisticated network security attacks.
The programming and maintenance of NSDs is today a very significant obstacle to their wider adoption. The most common and significant complaints of existing NSDs users are (1) excessive amounts of false positive events (events that should not be generated) and the difficulty in analyzing security events (2) their extreme sensitivity to the timeliness of the security updates to catch emerging threats and (3) the expertise required in the installation, maintenance and operation of these systems. These obstacles limit adoption by many smaller companies that cannot afford to hire expert system administrators and network security analysts. MetaFlows seeks to capitalize on these deficiencies by providing ways to outsource this complexity. If successful, this research effort will inexpensively and thoroughly improve the manageability, accuracy and return on investment of many existing NSDs.
MetaFlows has developed the first ever network security product entirely based on the Software as a Service (SaaS) model. Events generated by our network sensors or other 3rd-party devices are sent to the MetaFlows cloud where they are stored, correlated, and prioritized using a proprietary global correlation system mathematically similar to Google's page ranking algorithm. The MetaFlows Security System (MSS) unifies the analysis and correlation tools required to assess and intervene in network security monitoring with powerful and convenient web-based configuration, provisioning, and tuning functions. Using a web browser, operators can securely and efficiently monitor and manage their network from anywhere in the world. Our model also supports online operator collaboration by allowing sensor sharing and the use of chat, email groups, and extensive reporting. Customers have consistently characterized the MSS as the ''last line of defense'' because our innovative SaaS model allows for the concurrent correlation of up to 5 different intelligence sources at once, thus greatly improving the ability to detect and prevent cyber-security threats. Furthermore, the MSS can detect internal threats that make it through perimeter defenses because (among other techniques) it can detect threats based on behavior across multiple sessions that can span several hours. The software that monitors network traffic is centrally managed through a browser and can be installed on (1) any type of (cloud) Amazon EC2 instance with at least 4GB of RAM, and/or (2) traditional local area networks using inexpensive, off-the-shelf hardware or VMware. MetaFlows’ monitoring software integrates a mix of proven open source and proprietary components: Snort with Emerging Threats or Sourcefire VRT signatures BotHunter with weekly IP reputation updates Passive computer assets and service discovery Flow data monitoring Log management of 3rd party devices Packet logging Customizable Honeypots File carving Network anti-virus The MSS is currently in general availability and can be deployed as (1) a software package on the customers' own hardware or (2) a yearly hardware-software subscription service which includes turn-key network appliances up to 10 Gbps. The broader impacts of this effort can be seen in the proliferation of products that leverage shared network intelligence. When the project started in 2007 very few organizations understood that the advantages of intelligence sharing greatly outweighed potential disadvantages. Leading by example, MetaFlows has pioneered the concept that security event information sharing across Enterprises can provide substantial security benefits, while does not compromise privacy in any meaningful way. Recently some major fortune 500 corporations have legitimized our security event sharing model by deploying MetaFlows' technology in their networks with great success. As security event sharing products are further commercially legitimized and scientifically refined, other security companies are sure to follow in our footsteps using this new, innovative approach. While this is happens, MetaFlows and its peers will be well positioned to reap the benefits of this new and exciting paradigm in the years to come.
