Ram Krishnamurthy is a Senior Product Management professional with over 20 years of industry experience building mission critical products and solutions across various verticals including software, telecommunication... Read More
Network Detection & Response is the latest trend in network-based cybersecurity. NDR culminates years of research and software development to bring together the basic elements of security requirements: Detection and Response. Fidelis has mastered these two requirements over the years. Most recently, Fidelis Decryption™ is a new product that was launched as a proactive capability to give visibility into hidden threats in an enterprise’s network traffic.
As we’ve seen in this white paper on Network Detection & Response, perhaps the most important aspect of NDR is to determine security gaps in an organization’s environment and to correct the security posture before an attack occurs. One proactive capability is Fidelis Decryption.
The use of network encryption is widespread, with over 80% of internet traffic secured over HTTPS using TLS (Transport Layer Security). While encryption enables much-needed data privacy and integrity, it also creates blind spots allowing malware and trojans to bypass security controls and provides an encrypted tunnel to circumvent advanced counter threat measures put in place.
Some NDR solutions offer encrypted traffic pattern analysis capability without decrypting to detect some aspect of malicious behavior on the network. These detections can be valuable, but the lack of full visibility reduces the effectiveness of NDR because you can’t detect and respond to what you cannot see. The analyst is left to peruse log files to attempt to understand how the attack started, the scope of the compromise, and what data was stolen.
Decryption of TLS is thus an essential tool in NDR. Decryption expands the amount of traffic that can be inspected by NDR which permits Fidelis NDR to capture metadata on the HTTPS session and inspect certificates to ensure they are valid. The Fidelis TLS Decryption appliance provides Man-in-the-Middle (MITM) decryption of TLS traffic to expose application protocol traffic and content to the enterprise security team for threat detection and response.
Fidelis Decryption is the only solution that, when deployed with our award-winning Fidelis Network, can extract the TLS session metadata as well as the decrypted application protocol and content. Other benefits include increased ROI on existing security investments, blind spots removed by decrypting traffic, improved performance of existing appliance by offloading decryption, and comprehensive protocol and cipher support.
Operational efficiency is gained by NDR, and proactive capabilities are just one part of the critical components in detecting and responding to your most advanced threats. To learn more about NDR, read our white paper on demystifying NDR and how Fidelis has been a leading provider of Network Detection & Response solutions for years. Still have more questions? Reach out to us.