Endpoint Protection

Move Beyond Signatures and Feeds

Endpoint Protection, Detection and Response – Working Together

Keeping the door closed on known threats while also preventing new ones is critical for endpoint defenses. New threats continue to become more evasive using macros and scripts, social engineering and business compromise. Most endpoint protection solutions have weak detection and response features, so shopping with prevention in mind first can result in less than desirable endpoint detection and response (EDR) capabilities. Finding the right EDR solution that works in conjunction with endpoint protection provides the best of both worlds – especially if within the same agent.

Endpoint Protection – Two Primary Challenges to Overcome

Challenge 1

Effective endpoint protection requires moving beyond legacy signature defenses, while avoiding the false positives and manual tuning associated with whitelists, isolation containers, and stand-alone ML anomaly detection.

Challenge 2

Merging endpoint protection with detection features brings multiple buyers to the table – security operations, incident responders and IT management – each with different solution requirements.

Protect Your Endpoints with Multiple Defenses

Fidelis Endpoint® uses several engines to detect and stop malware, including antivirus (AV) with behavioral, heuristic and signature defenses, including boot sector protection and a global quarantine of detected malware for analysis; process behavior blocking – which runs independently of your choice of AV – using hashes or YARA rules to extend prevention defenses; and process blocking using threat intelligence feeds as a source of hashes to block.

Fidelis Antivirus Engine

  • Detects malware through signatures and heuristics on Windows systems – powered by Bitdefender
  • Integrated with endpoint activity metadata, so analysts can see what happened prior to the detection and remediation of malware
  • Optional with Fidelis Endpoint, supporting an open choice for AV investment

Process Behavior Blocking (Advanced Malware Detection)

  • Detects and acts upon malware that executes based upon its behavior
  • Monitors and scores process execution across multiple dimensions to identify malicious process behavior
  • If the score of the process crosses the threshold for malicious behavior it is terminated

Process Blocking

  • Easily add hashes for process blocking in order to prevent execution
  • Supports the use of YARA rules to scan executables before allowing execution
  • Process blocking works independently of AV
  • Create advanced rules to look inside an executable and proactively prevent the spread or execution of malware
Learn more

One Endpoint Agent that Tightly Integrates Malware Prevention, Detection and Remediation

With Fidelis, security analysts can quickly pivot from AV alerts into the endpoint process tree with event details that provide context into the source of malware – leveraging the value of combined prevention and detection in one agent. Malware detection and remediation is integrated tightly so analysts can seamlessly follow the path of the malware back to its origin whenever malware is detected and remediated.

When malware is detected, a sample is automatically sent back to a central repository of detected malware for each customer so they can:

  1. Jumpstart an investigation into the threat
  2. View detection information and details
  3. Download the sample for further analysis and investigation

Address Security and IT Concerns By Integrating Endpoint Protection with Advanced EDR

The continuous string of breaches has proven that endpoint prevention is no longer enough. You also need detection and response capabilities to detect unknown intruders and insider threats. Read our Technical Deep Dive white paper on Fidelis Endpoint to see how you can address concerns of both security operations professionals, who want more data and forensic capabilities, along with IT endpoint management staff, who want minimal user impact and fewer agents on each machine.

Protect Your Endpoints by Monitoring Endpoint Behavior in Real-time

Fidelis Endpoint automatically detects when an IOC (IP address, DNS, process name, URL, MD5, etc.) exists on an endpoint or when a process performs certain behavior and can automatically initiate an appropriate response action or generate alerts that are sent to a SIEM. Endpoints are monitored on and off the network ensuring visibility even when employees work in remote locations.

Threat Intelligence Provides an Additional Endpoint Protection Layer

Given modern targeted attacks’ ability to evade basic defenses, the Fidelis Threat Research team provides and continually updates threat intelligence (Fidelis Insight) for our customers, leveraging cloud-based sandboxing, machine learning anomaly detection, and threat research.

What Experts Are Saying

“We found that Fidelis Endpoint offers organizations a robust capability for gaining high level insights into the state of their various endpoints, while also offering drilldowns into key granular details that are crucial for effective detection and response. But perhaps our biggest highlight,...
Matt Bromiley, Analyst
View the Report

See Fidelis Endpoint® in Action