MetaFlows is a network security monitoring tool implementing some unique capabilities in today’s ever-changing security environment. They are allowing security administrators access to not only aggregated threat information for their own network, but are also alerting them to potential global threats in their enterprise spaces. I am finishing up my interview today with MetaFlows CEO Livio Ricciulli, looking at how they are able to aggregate threat information while maintaining security in a cloud-based solution.
Joshua: MetaFlows is managing security from the cloud, using a “Software as a Service”-based solution. Our readers will probably be wondering: Is MetaFlows shipping all of the internal log events, including the intrusion detection system-related events, to the cloud and storing them there as a part of that system?
Livio: Yes, everything except for the payloads. Everything that happens in the enterprise generates either a log or an intrusion detection system event through our agent. But, all these events are then anonymized. Once the event data is sent to the cloud, it is stored in our private cloud space in a way similar to the way your bank account information is stored, nobody can see it. It is private to the user, only authorized users can see it.
The important point is that the payloads themselves do not go to the cloud. They are logged for forensic reasons only. But the payloads themselves stay on the devices within the enterprise.
Joshua: So you are saying, if MetaFlows is looking at an HTTP get or put request, MetaFlows examines and stores the source IP and target IP address, but not data transferred?
Livio: Exactly. MetaFlows only stores the event that happens, the time, source and destination IP, and the signature that triggered. That data is stored in the cloud in that company’s private webspace.
Log management is a big deal, too. Many organizations nowadays have a problem with compliance. They need to log everything happening no matter what. If you have a distributed system with these types of requirements, you are in a kind of pickle because you need a way to concentrate all this data and manage logs from all these different systems and networks.
We have solved that problem with this model because now you can point all your logs to our system. Then, using a browser-based dashboard, you can correlate your log data with IDS events. So our model has significant advantage with logging, too.
Joshua: It seems like today; people are scratching their heads, especially in this virtualized world we live in and asking “why do I need to have another appliance-based system?”
Livio: That is true. One thing we found out is some customers still want to buy the appliance, but they want to buy it as a service rather than buy it as expenditure. Most of the appliances we have sold are actually hardware and software solutions at an early charge. Customers can expense the entire amount rather than expense just a portion of it. We have found that selling the appliance bundled with the software as a service as a yearly charge is very attractive to customers.
Joshua: What you are saying is companies like the idea of purchasing these as an operating expense as opposed to a capital expense that has to be depreciated over a period of three to five years?
This is the final installment of a three part series with MetaFlows CEO Livio Ricciulli. Here are the first two installments: