Next generation intrusion prevention solution shrinks response and remediation times by 15X by eliminating the investigative back-and-forth with IT teams that often takes days or weeks
Fidelis Cybersecurity, the leader in next generation intrusion prevention, introduces advanced features and enhancements to its Fidelis Network® product. Fidelis Network 8.3 solves the problem of alert fatigue and reduces the time to detect, validate and triage alerts from days to minutes. The new release brings together Fidelis Network’s unique ability to assemble and analyze network sessions in real time with new deep endpoint integration that provides automated, alert-specific endpoint validation. An innovative no-click investigation feature shrinks response time from days to minutes by showing security teams exactly what was happening on the endpoint when the alert occurred.
Fidelis Cybersecurity will be demonstrating Fidelis Network at RSA 2017 at booth #933 in the South Hall, Moscone Center. Schedule your demo with Fidelis at RSA.
“Security teams are short on time and buried in alerts. Fidelis Network 8.3 prioritizes alerts based on which attacks were successful so you can act on the most important ones first. On one screen, the Fidelis solution provides everything you need to know about what happened on the endpoint before, during and after an attack. When suspicious activity occurs, Fidelis Network investigates every endpoint and groups those exhibiting similar behavior together so you can scope the entire incident and respond immediately.” — Brian Karney, Fidelis Cybersecurity Senior Vice President of Products
Fidelis Network 8.3 includes new features that decrease time to resolution and deliver greater efficiency. Highlights and benefits include:
- Validation of Fidelis Network Alerts: Alerts are now automatically validated based on the type of alert detected. By querying the endpoint event history, validation includes checks on whether known or suspicious processes are running, problematic network connections are being created, known command- and-control IP addresses are being communicated with, unusual user behavior is being observed or known or suspicious files are being executed. This automated validation prevents alert fatigue and prioritizes alerts so your existing security professionals are more effective.
- No-Click Investigation: For each validated Fidelis Network alert, users see key information that tells them what happened on the endpoint including processes executed, network elements, files written and registry entries created or altered. Without the integration, accessing this information would require locating the endpoint, performing incident response, determining if the endpoint was actually compromised and deciding what further actions to take. This process would typically take hours or days. With Fidelis Network 8.3 and the endpoint integration, this process takes minutes.
- Automated Endpoint Remediation: With this release, when Fidelis Network identifies a suspicious or compromised endpoint, users can now choose to take remediation actions against that endpoint from within Fidelis Network. Actions include endpoint isolation, file collection, file delete, memory analysis or run user created custom scripts. Users can also participate in a user script community where remediation actions and investigation workflows are shared by the entire Fidelis user base.
- Threat Intelligence Integrations: Fidelis has collaborated with ThreatConnect to allow ThreatConnect subscribers to download their choice of intelligence feeds and make them available for use in their policies. This release also includes the option to include threat feeds of your choice from any TAXII (Trusted Automated eXchange of Indicator Information) provider.
- Threat Lifecycle Dashboard: The Threat Lifecycle dashboard summarizes and categorizes detected threats according to each step of the attack lifecycle, including the following stages: detected threats, proactive discovery, initial compromise, suspicious host activity, malware, compromised hosts and data theft. The dashboard also supports dynamic interaction such as drill-into visibility and allows users to automatically create risk-driven executive reports.
- ThreatCache: Fidelis now identifies all executable files found in network traffic and sends the MD5 file hash to ThreatCache for analysis. ThreatCache then augments information about the file with information on the number of antivirus (AV) engines the file was run through and the number of AV engines that reported the file as malicious. This additional context accelerates investigation workflows and helps improve detections.
- Threat Score Enhancements: Threat scores allow analysts to assess the usefulness of alerts. Our machine learning algorithms are constantly enriched with new threat intel to update threat scores. Threat scores now also include inputs based on the feedback provided by the Fidelis user community. This input provides additional context for each alert.
- Exact Data Matching for Personally Identifiable information: With this release, Fidelis Network introduces a new way of providing precise matches on user-provided data fields, resulting in zero false positives for PII data being exfiltrated. This requires users to upload a file that correlates identity information for a single user. False positives and aliasing for PII data can be eliminated by providing exact data for social security numbers, names, addresses, and other PII data.
“Security teams don’t have time to investigate every possible threat. With the new capabilities in this release of Fidelis Network, when an intrusion attempt is identified, it automatically investigates and instantly validates whether endpoints were compromised. This dramatically decreases response and remediation times. Users can initiate remediation actions, including network isolation, memory analysis and file collection from the Fidelis Network user interface. What used to take days or weeks now takes moments.” — Kurt Bertone, Fidelis Cybersecurity Chief Technology Officer
In related news, Fidelis also announced today the launch of the industry’s first and only next generation intrusion prevention system delivered from the cloud with Fidelis Cloud™. Fidelis Cloud combines the advanced automation, detection and analytic capabilities of Fidelis Network with the added convenience and economy that comes from a cloud delivery model. With Fidelis Cloud, Fidelis maintains the infrastructure so users can focus on their own security without the distractions of provisioning, patching and maintaining their security applications.
Availability: Fidelis Network 8.3 is generally available worldwide.
Fidelis Cybersecurity combats the full spectrum of cyber-crime, data theft and espionage. A leading provider of threat detection, hunting and response solutions, Fidelis provides full visibility across hybrid environments, automates threat and data theft detection, empowers threat hunting, and optimizes incident response with context, speed and accuracy. Fidelis is trusted by Global 1000s and Governments as their last line of defense.
The Fidelis Elevate® platform captures rich metadata from across the threat landscape and combines that content to enable real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment.
For more information go to www.fidelissecurity.com. Fidelis Cybersecurity is a portfolio company of Skyview Capital.