Sensors provide full visibility into all communication moving in and out of the network, including traffic traversing laterally inside of the enterprise where the malicious actor may be staging data for exfiltration. The resultant metadata can be used for threat hunting and quickly pivot to Incident Response.
First, the Fidelis IR team reviews existing information and evidence regarding a breach. They review a triage package to see which endpoint artifacts, such as processes or network connections, are related to a given event. Next, they assess what security controls are in place and then conduct an initial assessment to develop an appropriate response strategy.