Maestro Active Defense

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

Buy Now

 View Demo Video

Unified network security for every enterprise environment.

Maestro Active Defense is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. Maestro engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks    DDoS Attacks    Brute Force attacks  DNS Flooding   Port Scanning  Null packets 
Protocol Anomalies   Application Attacks  and much more..

 

How it works / Connection Diagram

A Maestro system consists of two main componets that can be installed on same or different machines,  the Maestro Engine and the Maestro Management/ Collector .

The Maestro Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the Maestro Management server. For better protection is recommended to install Maestro Engine (appliance) in front of your router as shown in the diagram.

The Maestro Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The Maestro engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a Maestro engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The Maestro Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the Maestro Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the Maestro Engine via a web interface.

In addition to the Maestro Engine, the Maestro Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 's-pro' correlation engine and provide additional input to the Maestro Engine.

On enterprise enviroments with multiple Internet gateways you can use one Maestro Management to configure and monitor more than one Maestro Engines.

 

 

 

Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
Maestro Product Line
Build an effective DDoS protection
Cloud server and data sharing
Maestro API Connector
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings

 

 

Maestro Active Defense

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

   

 View Demo Video

Unified network security for every enterprise environment.

Maestro is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. Maestro engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks   
DDoS Attacks   
Brute Force attacks 
DNS Flooding  
Port Scanning 
Null packets 
Protocol Anomalies  
Application Attacks  and much more..

How it works / Connection Diagram

A Maestro system consists of two main componets that can be installed on same or different machines,  the Maestro Engine and the Maestro Management/ Collector .

The Maestro Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the Maestro Management server. For better protection is recommended to install Maestro Engine (appliance) in front of your router as shown in the diagram.

The Maestro Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The Maestro engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a Maestro engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The Maestro Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the Maestro Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the Maestro Engine via a web interface.

In addition to the Maestro Engine, the Maestro Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 's-pro' correlation engine and provide additional input to the Maestro Engine.

On enterprise enviroments with multiple Internet gateways you can use one Maestro Management to configure and monitor more than one Maestro Engines.

 

 
Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
Maestro Product Line
Build an effective DDoS protection
Cloud server and data sharing
Maestro API Connector
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings