To immediately detect a potential threat requires the ability to see everything, all the time, in one simpliﬁed, uniﬁed view across and throughout the entire network infrastructure. There is only one way this is possible—you need advanced technology that has the ability to unify all the data coming in from all those disjointed point solution feeds. Then, it must act on that data to surgically pinpoint and “bubble up” to the surface a potential threat while the data is still in motion, before it ever comes to rest. Only MetaGrid’s patented technology can do this.
MetaGrid was architecturally designed and patented to act on data in motion. This concept of “data in motion” is dramatically diﬀerent than systems that have to ﬁrst backhaul—in other words, store—their data and bring it to rest before they can perform the functions necessary to detect anomalous behavior. Data at rest is stale. Analyzing data at rest will always be a forensic, rear view mirror approach.
Acting as the unifying layer in your layered security environment, MetaGrid consumes massive volumes of data, any type of data without manually manipulating or reformatting it, and ingests data from every available feed and resource—concurrently—and feeds it into our “grid,” taking in as much context and data as possible from as many feeds as possible—routers, ﬁrewall, IPS, antivirus, SIEM, syslogs, netflow, switches and more. MetaGrid then draws deep correlations into what is happening that could be a potential threat either coming into your network or already within your network. MetaGrid does all this while the data is still in motion. This is why, unlike other systems, MetaGrid can immediately detect anomalies and automate remedial action in seconds or minutes versus weeks or months.
MetaGrid is not a number of diﬀerent open-sourced projects cobbled together. MetaGrid is a complete, software-based anomaly detection solution that includes compute, ﬁle system, relational storage, event storage, indexing and analytics. Built from the ground up in a highly modular architecture for in motion processing, every component of MetaGrid has been intentionally designed to work on data before it ever comes to rest. MetaGrid’s groundbreaking advances are based on three key patented technologies:
Patented Correlation Algorithms
Neural Foam, MetaGrid’s patented correlation engine, is the power behind MetaGrid’s advanced correlation and analytics capabilities. It’s what enables MetaGrid to solve the problem of not knowing what to look for until found. Through Neural Foam, MetaGrid is able to ﬁnd the “unknown unknowns” without rules or signatures.About
Based on fundamental breakthroughs in artiﬁcial intelligence and machine learning algorithmic information theory, Neural Foams ﬁnds meaningful and unusual events, sequences, rates, patterns and correlations on the ﬂy, across any number of concurrent event streams, without prior knowledge of the source or structure of the stream, even if that information diﬀers by only a single bit. It can ﬁnd the indicators of compromise in any data available—logs, traﬃc, network info, etc. even ﬁnding things that no other system can because it makes no assumptions about what might be important. And, it is completely unconstrained by rules or signatures. Neural Foam clusters records by similarity, quickly and visually highlighting the outliers that are unique or anomalous, reducing hundreds of thousands of records down to a few nodes of high value, prioritized alerts. Because the ﬁndings are presented visually, it is easy and intuitive for security domain experts to see the anomalies and immediately investigate.
On the Fly Anomaly Detection
True situational awareness requires the ability to consume all the data, from everywhere, all the time. MetaGrid’s patented stream processing capabilities do this. MetaGrid delivers the speed necessary to do on-the-ﬂy anomaly detection on massive amounts of data from any source. MetaGrid is data agnostic, so it doesn’t care what kind of data it takes in. If it’s data, MetaGrid can ingest it.About
These streaming processes enable MetaGrid to simultaneously consume, cluster, classify, correlate and detect anomalies right on the network’s edge at hundreds of thousands of events per second. Many systems claim “real time” processing, but in reality, they depend on batch processing and centralization. This brings the data to rest before triggering a query to conduct analysis. The moment data comes to rest, it is stale and is no longer real time, making the analytics forensic. MetaGrid is distinctly diﬀerent. MetaGrid’s stream processing capabilities act on the data as it hits the network by using a streaming query model. We move the computation to the data at the edge of the network, ﬁnd results in-stream, create visualizations, and then direct our customizable policy engine to trigger a remediation response.
The MetaGrid platform is where the system’s supercomputing power resides and where all streaming data is processed continuously as it operates, while the data is in motion. It delivers all the power and control of a single system, yet it can use every computer across your entire, globally-distributed enterprise as if it were one.About
The grid delivers unlimited computing power, completely removing the limits of speed, scale and storage from the data security equation. The grid is able to unify the feeds from disparate solutions such as SIEMs, ﬁrewalls, intrusion protection systems and other data silos so they stream into the grid together, providing intelligence and situational awareness through one uniﬁed lens. The grid architecture is easy to manage and upgrade. The Grid makes computing more resilient and practical, even for the extraordinary scale the platform is capable of handling.
MetaGrid is not a “rip and replace” solution. Instead, it complements—rather than replaces—your existing layered security approach. This is possible because MetaGrid has the ability to unify all the data gathered from your current point solutions and devices on the network. MetaGrid becomes the “uniﬁer” in a layered security environment, shoring up huge gaps left exposed by the complexities in today’s typical IT environment.
Companies don’t just have one giant monolithic data set. Instead, they have many data sets in a variety of forms and locations created and stored throughout the enterprise. That’s why we designed MetaGrid to ingest all data—if it’s data, the system can consume it. This is critical, as situational awareness requires visibility at all levels; there can be no dark corners. MetaGrid delivers unprecedented data acquisition capabilities, seamlessly integrating structured, semi-structured and unstructured data on a single platform for search and analysis.
Leveraging key breakthroughs in artiﬁcial intelligence and machine learning, MetaGrid’s patented Neural Foam correlation engine arranges events into clusters of data that all share common patterns. Each cluster is a compressed representation that signiﬁcantly reduces the work required to explore the data. Simultaneously, Neural Foam classiﬁes events based on prior learning and discovers anomalies.
Nothing in the real world happens in a vacuum. In order to reﬂect the interrelated nature of the real world, data must be processed together from multiple sources to yield actionable intelligence. MetaGrid’s Neural Foam correlation capabilities discover deep relationships and interactions across diﬀerent sources of data. While legacy approaches correlate information using manual rules over structured data, MetaGrid uncovers relationships in data of any type, structured or unstructured. It then visualizes the results, presenting the most unusual events within their operational context.
The ability to stop an in-process attack in its tracks requires rapid remediation. MetaGrid oﬀers a highly customizable, scalable policy engine to empower the system to automatically push mitigation methods throughout the entire IT environment to contain and quarantine infected systems before they spread.