pixel_dreams - Fotolia
I heard about a new security technology that leverages multifunction, multi-session behavioral detection and traffic analysis to improve network security. How is this type of technology different from traditional perimeter security, and is it something enterprises should consider implementing?
The Metaflows Security System (MSS), by Metaflows Inc., is designed to combat advanced malware in that it "detects and prevents cyberthreats using multiple collaborative intelligence sources at once, rather than using a traditional single-source, proprietary intelligence feed," according to the company's website. In essence, it looks for multiple characteristics of network hosts that could indicate an infection or related anomaly.
I'm not a product expert on every offering in the advanced malware space; however, I do know that certain technologies already in existence offer similar features. These include:
- Security information and event management technologies from vendors such as Intel or Splunk Inc.;
- Intrusion prevention system technologies from vendors such as Sourcefire (Cisco) or Extreme Networks Inc.; and
- Advanced malware detection/prevention technologies from vendors such as FireEye Inc. or Damballa Inc.
However, Metaflows is different from these technologies as it uses what it refers to as "Multiple Session Correlation" to analyze what's mapped and scored against a malware infection lifecycle model to help confirm what is actually taking place and limit false positives.
Technologies such as MSS are wonderful because of how they leverage multiple technologies to look at the bigger picture. Such tools should certainly be part of the security controls of any enterprise network -- especially those on the larger end where complexity and lack of visibility prove to be challenging.
It's hard to argue against the reality of advanced malware attacks and the trouble they can bring to any sized business. If MSS and other similar technologies mean that organizations can move away from traditional antimalware and perimeter protection and towards more reasonable security controls, I'm all for them.
Ask the Expert:
Want to ask Kevin Beaver a question about network security? Submit your question now via email. (All questions are anonymous.)
Learn how behavior profiling advanced threat detection improves network security
Explore how to prevent attacks with behavior analysis IPS
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading