Stop Advanced Threats
Before They Strike

Multi-session correlation technology that detects sophisticated attacks traditional tools miss. Proven protection from nation-state threats to everyday malware.

Request Demo How It Works

The Problem with Traditional Security

Most intrusion detection systems analyze network traffic one session at a time. This works for simple attacks, but sophisticated threats don't operate in isolation.

Modern attackers use multi-stage campaigns: reconnaissance, exploitation, lateral movement, and data exfiltration. Traditional IDS sees individual sessions as benign, missing the larger attack pattern.

The result? Advanced persistent threats, botnet infections, and coordinated attacks slip through undetected while your team drowns in false positives from signature-based tools.

Our Approach: Multi-Session Intelligence

MetaFlows correlates activity across multiple sessions to identify attack patterns that span hours, days, or weeks. We see what others miss.

🎯

BotHunter Technology

Our flagship multi-session correlation engine tracks the complete infection lifecycle, from initial compromise through command-and-control communications to data theft.

πŸ”

Deep Packet Inspection

Full protocol analysis combined with behavioral analytics. We don't just look at headersβ€”we understand what's actually happening in your network traffic.

⚑

Real-Time Detection

Immediate alerts when threats are detected, with comprehensive context about the attack chain. Know exactly what's happening and how to respond.

πŸ›‘οΈ

Adaptive Intelligence

Machine learning models that evolve with emerging threats. Our system gets smarter as attackers adapt their techniques.

πŸ“Š

Actionable Analytics

Clear, prioritized insights that help your team focus on real threats. No more alert fatigue from overwhelming false positives.

πŸ”—

Seamless Integration

Works alongside your existing security infrastructure. SIEM integration, API access, and standard log formats for easy deployment.

System Architecture

Built on open standards for flexibility, scalability, and best-in-class cost-performance

The MetaFlows Security System uses a distributed architecture with two main components: sensors and controllers. A single controller can manage anywhere from 1 to 1,000+ sensors, providing centralized management and analysis at any scale.

MetaFlows Architecture Diagram

Distributed sensor and controller architecture

Sensors

Sensors run on standard Rocky Linux 9 augmented with our multi-functional deep packet inspection software and proprietary kernel drivers. Key features:

  • Full root access: Easily augment with site-specific applications or configurations
  • Automatic updates: OS updates via standard package management, MetaFlows software self-updates
  • Flexible deployment: Install on customer hardware, VMware, or EC2 instances
  • High performance: Scales to 10 Gbps using PF_RING technology

Controller

The controller provides centralized management and analysis capabilities:

  • Web GUI for system management of all sensors
  • Receives and stores metadata continuously exported by sensors
  • Web-based forensic analysis application
  • Automated reports and email alerts
  • Security intelligence feed management and distribution

Typical Workflow

1

Detection

Sensor detects suspicious behavior through multi-functional network traffic analysis

2

Alert

Metadata and automated incident report sent in real-time to controller and/or SIEM

3

Notification

Controller triggers email alert or analyst sees event on real-time console

4

Analysis

Analyst reviews metadata through web interface or SIEM, queries sensor for payload data

5

Documentation

Analyst files incident report with relevant metadata and payload evidence

6

Remediation

Instantiate remediation policies through Soft IPS or verify existing protections

Performance & Scalability

Industry-leading deep packet inspection cost-performance ratio

Thanks to MetaFlows' pioneering work on open source core-based IDS parallelism (PF_RING), our appliances achieve exceptional performance on commodity hardware. This approach provides enormous flexibility while delivering one of the best cost-performance ratios in the industry.

IDS Throughput vs. Processing Cores (8C Appliance)

Performance chart showing IDS throughput scaling with cores

8-core parallel processing achieves nearly 700 Mbps sustained throughput with 6,765 ET Pro Snort signatures

64C Appliance Full System Performance

64C appliance performance with all features enabled

64C appliance processes nearly 8 Gbps sustained with 10,003 Snort rules enabled

Performance Highlights

  • 8C Appliance: Up to 800 Mbps sustained throughput
  • 24C Appliance: 800-5,000 Mbps sustained throughput
  • 64C Appliance: 5,000-10,000 Mbps sustained throughput
  • Process-level parallelism effectively scales across cores
  • PF_RING DNA provides superior performance over NAPI mode
  • Intel ICC compiler offers 25% performance improvement at high rule counts

Appliance Options

From small offices to large enterprises, we have the right appliance for your needs

High Performance Appliances
Appliance Throughput Hardware Application
MSS-Silver <100 Mbps 1 CPU, VMware, Amazon EC2 Small Enterprise, Cloud Security
MSS-APP-8C 100-800 Mbps 1 CPU (8 Cores), Amazon EC2 Small/Medium Enterprise, Cloud
MSS-APP-24C 800-5,000 Mbps 2 CPU (32 Cores) Medium Enterprise
MSS-APP-64C 5,000-10,000 Mbps 4 CPU (64 Cores) Medium/Large Enterprise

Deployment flexibility: MetaFlows software can be deployed on customer's own hardware or provided through our turnkey appliances. Our appliances are based on carefully selected commodity hardware that undergoes rigorous QA testing. We maintain nearly 100% availability across dozens of production deployments.

Soft IPS

Soft IPS reliably blocks unwanted traffic in passive mode

MetaFlows' Soft IPS reliably blocks unwanted traffic in passive mode by injecting spoofed TCP packets to disrupt communications. This refined approach is as effective as inline deployment without the reliability and latency concerns. Nearly all our customers use Soft IPS.

Capability Inline IPS Soft IPS (Passive)
Blocks TCP βœ“ Yes βœ“ Yes
Extracts Attacker Invariants Dynamically βœ— No βœ“ Yes
Block IP from Console βœ— No βœ“ Yes
Blocks UDP and ICMP βœ“ Yes βœ— No
Software Failure Impact All Traffic Stops All Traffic Through
Hardware Failure Impact All Traffic Stops All Traffic Through
Power Loss Impact All Traffic Through All Traffic Through
Performance Impact ~200 Β΅s Latency None

Deploy Your Way

Flexible deployment options that fit your infrastructure and compliance requirements.

SaaS

Fully managed cloud solution. Deploy in minutes with zero infrastructure overhead. Perfect for fast-growing teams.

On-Premises

Complete control and data sovereignty. Ideal for regulated industries and air-gapped environments.

AWS / Azure

Native cloud deployment in your VPC. Seamless integration with your existing cloud infrastructure.

GovCloud

FedRAMP-ready deployment for government and defense contractors with strict compliance requirements.

Ready to See the Difference?

Join security teams protecting critical infrastructure worldwide.

Schedule a Demo Start Free Trial