Network Detection and Response

Dig Deeper into Your Network and Cloud Traffic to Detect and Respond to Malicious Activity

Detect and Analyze Threats in Your Network Traffic

Cyber attackers typically leverage multiple tactics to evade security tools, but in doing so they also create more opportunities for analysts to find them. Network Detection and Response (NDR) technology captures, processes, and analyzes network traffic to detect and investigate data that may indicate a cyber-attack. Typical network detection and response solutions use a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks.

NDR is the Cornerstone of Detection and Response

Network Detection and Response is the anchor for threat detection and response by providing deep visibility into all the other tactics and techniques that attackers use to explore your network, expand control, and entrench themselves.

Fidelis Network® provides visibility across all ports and protocols and digs deeper into the traffic to analyze connections, flows, packets and metadata in real-time, while also enabling retrospective analysis. With Fidelis you can automatically pivot to an integrated Endpoint Detection and Response solution, which is critical to containing and minimizing resolution time of a detected threat.

Retrospective Detection with Fidelis NDR

Not only does Fidelis provide real-time analysis, but also automated, retrospective analysis that gives your security team increased visibility to look back at their systems over the last 360 days and thoroughly analyze what happened during a breach. Now you can understand how a cyber security defense was breached, what the threat did, and what needs to be done to prevent future breaches.

Read our white paper: The Latest Trend in Network Cybersecurity to learn why NDR is not only beneficial, but necessary for gaining the cyber advantage, and how organizations can implement Fidelis solutions to detect, hunt and respond against the most advanced threats.

Metadata: The Secret Sauce to Network Detection and Response

The value of metadata is that it is easy to query, facilitates faster and deeper investigations and is much more cost-effective than storing full PCAPs. While other Network Detection and Response solutions can collect some metadata, Fidelis Network is unique in its ability to go well beyond the high-level “stream” metadata and collect “rich metadata” from inside the session. For instance, with a web session, other vendors collect the source and destination IP, URL, and in some cases minimal header information. In contrast, Fidelis collects all of this plus more, including rich metadata from within the web session itself.

Fidelis Network® collects rich metadata including:

domain user, webmail user, FTP user, email address, device ID, organization name

filenames, SHA256, MD5, content tags, malware name, malware type

from present day/time to as far back as you want to store data

source, destination, country, IP address, organization, url, domain

protocols, applications, file type, user agent, custom protocols, obfuscated files and scripts

Improving Visibility with Network Detection and Response

“One of our favorite takeaways from using a platform such as Fidelis Elevate was being able to exercise the concept of holistic visibility, meaning the environment is ingested, analyzed and treated as a single unit. Holistic visibility allows for threats to be analyzed and neutralized faster, and lets organizations make confident decisions that truly affect enterprise security.”

Matt Bromiley, Analyst, SANS

Read the Report

Network Detection and Response Use Cases

Advanced attacks are designed to evade traditional prevention and detection techniques. Fidelis Network identifies threats traversing the network as well as through AWS and Azure traffic.

Visibility Across Your Network
and Cloud Traffic

Attackers know where to hide in your network traffic, but Fidelis provides bi-directional visibility across every port and every protocol. Attackers have nowhere to hide.

Data Loss Prevention

Fidelis inspects all content going across the wire to identify and prevent data exfiltration. Every email is scanned in its entirety against a rigorous policy engine to ensure the protection of sensitive data.

Threat Detection

Fidelis Network leverages numerous detection techniques to identify threats at different stages across the kill chain, including supervised and unsupervised machine-learning techniques, deep packet and deep session inspection, malware detection, sandboxing, asset inventory, and more.

  • Real-time: Each packet and session is broken down and reassembled in real-time for immediate detection and analysis.
  • Retrospective: Provide rich metadata that enables retrospective detection and analysis going back many months.

Incident Response

Fidelis Network is used in IR investigations to help mitigate damage and recover from an incident. Since Fidelis Network and Endpoint are seamlessly integrated, incident responders can gain substantial improvements in speeding alert investigation and resolution.

Fidelis automatically validates that a threat detected via network traffic has in fact compromised an endpoint or multiple endpoints in the environment, and provides incident responders with the ability to automatically take an action, such as isolating impacted endpoints from the network.

What Customers Are Saying

"We used Fidelis Network to evaluate IOCs and threat hunt with 100's of Gigabits of data. It does a great job of building a story of what a threat actor may be doing on the network. With its insight, we were able to find a correlation of a beacon that was phoning home on a variable of 3-6 month...
Read the Full Review

Key Benefits of Fidelis’ Network Detection and Response

Fidelis Network is a robust solution that:

  • Provides visibility across all ports and all protocols
  • Bi-directionally scans all network traffic to reveal network and application protocols, files, and content via sensors that can be placed at the gateway, internally, in the cloud, and at both the email and web gateways
  • Conducts real-time analysis of raw network packet traffic or traffic flows
  • Monitors and analyzes north/south traffic and east/west traffic
  • Differentiates between normal and anomalous network and cloud traffic
  • Leverages machine learning and analytics to detect network traffic anomalies
  • Provides rich metadata that enables retrospective detection and analysis going back many months
  • Profiles TLS encrypted traffic based on metadata and certificates, determining human browsing versus machine traffic, and leveraging data science models to detect hidden threats
  • Consolidates similar alerts and the related context and evidence to speed alert triage
  • Integrated with Fidelis Endpoint to automate relevant response actions based on what has been detected

Eliminate Blind Spots with Network Detection and Response

Learn More