Network security monitoring is a constantly changing environment of both tools and methodologies. Most of them today, however, have used a lone “cowboy” mentality where datacenter solutions operate independently. MetaFlows is changing that. Today, I am continuing my interview with MetaFlows CEO Livio Ricciulli, discussing how their product is optimizing network security monitoring and performance.
Joshua: The MetaFlows product is delivering Network and Log monitoring facilities through a cloud-based “Software as a Service” model. I am sure one of our readers concerns will be that of performance. How does MetaFlows stack up compared to a solution where all the hardware and software is hosted within a company’s own network?
Livio: We have placed a lot of effort in optimizing the performance of our software. In the past if you had a fairly fast network you had to buy appliances specifically designed for security, ranging in cost from $20,000 to $80,000 per gigabit per second. If you have multiple gigabits, they cost even more. These are specialized hardware devices that are highly optimized for security applications. So what MetaFlows did was to take our product and tune it for very high performance on off-the-shelf hardware. We reduced the cost of network security over that of deploying hardware appliances by using hardware that you can buy from any hardware vendor, and then creating a software library that parallelizes the processing.
For example, you can buy a $1,000 machine with a nice set of Intel processors and process up to 800 megabits of data per second sustained with our software, which was unheard of before we added this capability.
Joshua: I want to talk briefly about your competition. Who are your primary competitors? Is Splunk one of them?
Livio: I think our innovation is aggregating a lot of functions into one system that have traditionally been split up between different vendors. Splunk does the log management portion. There are others doing the intrusion detection system function. Then there are still others doing flow monitoring, like Arbor Networks. What we have done is to take pieces from all these different functions and aggregated them into one product giving companies the best of all these tools in one software suite. So I would say that Splunk is a competitor, but they are not a head on competitor.
Joshua: So, then, your biggest competitor might be more operational issues within a company. That competition is convincing some organizations that using a disparate set of products is orthogonal to the operational success of their company. Using MetaFlows SaaS model, a company gets a best in class toolkit, and then does not have to worry about building installation, management and configuration expertise because MetaFlows is doing all that for them.
Livio: Exactly. We have a conceptualization of the market today in four different solutions. There are low-end appliances, high-end appliances, open source solutions, and MetaFlows. The low-end is typically just an implementation of a particular open source IDS. It is low-end in the sense that it is not very sophisticated, and costs $20,000. There is an initial 20 percent markup for a subscription to signature updates. To operate these appliances effectively, you need an expert on staff to interpret what is going on in that appliance and to interpret the output.
Next, there are the high-end appliances that are much more expensive. There is a higher subscription cost, but the administrator does not need to be an expert. You will pay around $50,000 a year for them.
Then there is the open source route where you put a lot of time and effort into build something on your own. But you still need an expert to administer it because you need to be able to update and manage it yourself.
What we have done it to give you a solution at the cost of an open source product with a minimal amount of subscription cost, $99 per month per CPU. You reduce the administrative costs because you do not need as many people to install and run it.
Joshua: It seems like you can help companies better position themselves by having better tools and at the same time lower their costs. They will be able to deliver higher quality threat monitoring and threat identification while moving closer to cloud-enabling. Do you believe Mobile First applications and Cloud Storage should have a positive impact on the perception of your product, especially the global aggregation via Cloud?
Livio: Our take on this idea is that it takes a cloud to secure a cloud. The idea is that this architecture really is the best way to merge traditional hard-asset monitoring and cloud- based monitoring. Now, instead of having to host the database, you can disperse your agents globally, and have all of them point to one cloud-based system for storing events and logging everything that goes on in your network.
Last time, Ricciulli discussed how MetaFlows is delivering an innovative SaaS-based network security solution. Next time, he will explain how MetaFlows deals with payload security and how they deliver threat information to the end-user.