pixel_dreams - Fotolia
I heard about a new security technology that leverages multifunction, multi-session behavioral detection and traffic analysis to improve network security. How is this type of technology different from traditional perimeter security, and is it something enterprises should consider implementing?
The Metaflows Security System (MSS), by Metaflows Inc., is designed to combat advanced malware in that it "detects and prevents cyberthreats using multiple collaborative intelligence sources at once, rather than using a traditional single-source, proprietary intelligence feed," according to the company's website. In essence, it looks for multiple characteristics of network hosts that could indicate an infection or related anomaly.
I'm not a product expert on every offering in the advanced malware space; however, I do know that certain technologies already in existence offer similar features. These include:
- Security information and event management technologies from vendors such as Intel or Splunk Inc.;
- Intrusion prevention system technologies from vendors such as Sourcefire (Cisco) or Extreme Networks Inc.; and
- Advanced malware detection/prevention technologies from vendors such as FireEye Inc. or Damballa Inc.
However, Metaflows is different from these technologies as it uses what it refers to as "Multiple Session Correlation" to analyze what's mapped and scored against a malware infection lifecycle model to help confirm what is actually taking place and limit false positives.
Technologies such as MSS are wonderful because of how they leverage multiple technologies to look at the bigger picture. Such tools should certainly be part of the security controls of any enterprise network -- especially those on the larger end where complexity and lack of visibility prove to be challenging.
It's hard to argue against the reality of advanced malware attacks and the trouble they can bring to any sized business. If MSS and other similar technologies mean that organizations can move away from traditional antimalware and perimeter protection and towards more reasonable security controls, I'm all for them.
Ask the Expert:
Want to ask Kevin Beaver a question about network security? Submit your question now via email. (All questions are anonymous.)
Learn how behavior profiling advanced threat detection improves network security
Explore how to prevent attacks with behavior analysis IPS
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Kevin Beaver
The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains ... Continue Reading
While most mobile platforms provide levels of security from mobile cryptojacking, IT must still be aware of the risks and procedures to address an ... Continue Reading
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.