Fidelis Cybersecurity Strengthens Ransomware Capabilities
Achieves Strong Results in MITRE ATT&CK Evaluations
BETHESDA, Md.–(BUSINESS WIRE)–Fidelis Cybersecurity today announced Fidelis Endpoint®, a favored solution of forensics and incident response professionals worldwide, successfully detected Data Encrypted For Impact (T1486), which is indicative of Ransomware attacks, during the 2021 MITRE Engenuity Round 4 ATT&CK® Evaluation. In this MITRE evaluation, the Fidelis Cybersecurity Endpoint Detection and Response (EDR) platform successfully detected overwhelming evidence of malicious activity prior to the final phase of data being encrypted, which enabled the platform to disrupt the attacks before attackers could impact target systems. The results demonstrate Fidelis Endpoint rules and detections have become even more precise since previous testing. Fidelis Cybersecurity also announced new and enhanced features, including advanced memory scanning, that will improve customers’ ability to quickly find and neutralize Ransomware and other malware.
Fidelis Endpoint is available as a standalone offering or as part of Fidelis Elevate®, an Active eXtended Detection and Response (XDR) platform. Fidelis Elevate provides advanced threat detection, deception, deep session inspection, and data loss prevention to help security teams find and stop threats faster. The Fidelis Elevate platform combines EDR with Network Detection and Response (NDR) and Deception capabilities to detect attacks more thoroughly when compared to the endpoint-only ATT&CK Evaluation. Fidelis Elevate would have achieved near total visibility and detection in similar testing, based on the robustness of the platform.
MITRE ATT&CK Results
Independent MITRE ATT&CK Evaluations assess the ability of EDR solutions to detect real-world cyber threats that are known to impact businesses and governments worldwide. Through the lens of the ATT&CK knowledge base, evaluations focused on two threat actors, Wizard Spider and Sandworm. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a destructive Russian threat group that is known for carrying out notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017’s NotPetya attacks. These two threat actors were chosen based on their complexity, relevancy to the market, and how well MITRE Engenuity’s staff can fittingly emulate the adversary. For full results and more information about the evaluations, please visit: https://attackevals.mitre-engenuity.org/enterprise/wizard-spider-and-sandworm/
“MITRE ATT&CK Evaluations provide insight into the ability of EDR solutions to detect attack tactics and techniques, allowing enterprises to understand their risk and ability to detect advanced attacks,” said Jerry Mancini, COO and VP Products, Fidelis Cybersecurity. “Fidelis Endpoint results demonstrate the strong detection, forensics, and investigation using the version 9.4 solution used during the evaluation. The substantial product improvements in version 9.5, which include the integration of Intel TDT, further strengthens our ability to automatically respond and remediate threats and improves our ransomware abilities.”
Fidelis Endpoint v9.5
Fidelis Endpoint is a powerful, proactive endpoint detection and response (EDR) platform that provides deep visibility into endpoint activity both on and off premises and within cloud environments to speed investigations. Hands-on control and automation help security teams quickly pinpoint and eradicate threats to an organization.
Fidelis Endpoint v9.4 was used for the MITRE Round 4 testing. The new v9.5 release expands the ability to both detect and respond to ransomware attacks.
With Fidelis Endpoint v.9.5, Fidelis Cybersecurity is adding:
- Intel® Threat Detection Technology (Intel® TDT) accelerated memory scanning (AMS) Integration
- to help detect ever evolving and intensifying cyberthreats that hide in memory
- to offload memory scanning to the Intel integrated GPU to minimize impacts on CPU performance
- Agent Platform Coverage
- Support for Windows 11 and macOS 12, and support for Apple M1 architecture
- Service Monitoring and Supportability
- Enhanced system monitoring to provide real-time, detailed system health status.
“By integrating Intel Threat Detection Technology accelerated memory scanning (AMS) into Fidelis Endpoint, enterprise customers with Intel vPro® Platforms can perform more frequent memory scanning with higher performance – a great benefit for our mutual customers to continue to help stay ahead of bad actors,” said Carla Rodríguez, Sr. Director, Ecosystem Partner Enablement, Intel Corporation.
About Intel Accelerated Memory Scanning (AMS)
Intel is the only provider of hardware-based security capabilities that enhance industry security software to deliver high efficacy threat detection — utilizing Intel Threat Detection Technology (Intel® TDT). To help combat extensive CPU usage, Intel TDT accelerated memory scanning (AMS) offloads memory scanning to the Intel integrated GPU to reduce the impact on performance and power consumption. This offloading enables Fidelis Endpoint to scan more frequently, while minimizing the impact to the user experience, improving overall system security, and helping to uncover hard-to-detect file-less attacks in the memory layer. Computers on 6th Gen Intel® Core™ processors and above can take advantage of the Fidelis Endpoint hardware-enabled AMS capability. (Intel TDT is only available on Intel® Core™ platforms, Intel vPro® Essentials, and Intel vPro® Enterprise.)
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.
MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.About Fidelis Cybersecurity
Fidelis Cybersecurity combats the full spectrum of cyber-crime, data theft and espionage. A leading provider of threat detection, hunting and response solutions, Fidelis provides full visibility across hybrid environments, automates threat and data theft detection, empowers threat hunting, and optimizes incident response with context, speed and accuracy. Fidelis is trusted by Global 1000s and Governments as their last line of defense.
The Fidelis Elevate® platform captures rich metadata from across the threat landscape and combines that content to enable real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment.
For more information go to www.fidelissecurity.com. Fidelis Cybersecurity is a portfolio company of Skyview Capital.