Fidelis Blog

Private: Gerald Mancini
Chief Strategy Officer

Gerald (“Jerry”) Mancini is Fidelis’ Chief Strategy Officer. He brings valuable experience building and leading product development teams in his tenure with Fidelis. Prior to joining the... Read More


Why Fidelis Is a Leading Provider of Network Detection & Response


While there are many players in the field, Fidelis Cybersecurity is a leading provider of NDR. We detect, hunt and respond to organization’s most advanced threats and we’ve been doing it for years. What sets us apart from other Network Detection and Response vendors then?


The Basics of NDR

Typical network detection and response solutions use a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks. At its most basic level, network security protects an organization’s private information and sensitive assets from threats that are considered low. Low threats constitute ones that you know and can identify easily. Most security teams enable protections like firewalls to prevent against these malicious actors.

However, as you get into more advanced network security, the ability to detect and respond to threats becomes key. Potential threats (I.e., the ones you may not see) become a key issue when trying to protect an enterprise’s security from data leakages, malware, ransomware, and more. NDR technology captures, processes, and analyzes network traffic to detect and investigate data that may indicate a cyberattack.

How is Fidelis NDR More Advantageous than other Solutions?

  • Deep Session Inspection: Our patented Deep Session Inspection® (DSI) technology gives you visibility across all ports and protocols. We can search for data leakages, malware, and every other little piece of information that was communicated in REAL TIME. Do note, our competitors do not provide the richer metadata that we capture, and at such a speed as we do.
  • Rich Metadata: DSI provides the basis of network metadata, which is stored for every network session whether it passes real-time security analysis or not. The stored metadata enables analysis of many network sessions over time to detect data leakage and threat vectors that are missed by real-time analysis of a single network session. Fidelis Network® is unique in its ability to go well beyond the high-level “stream” metadata and collect “rich metadata” from inside the session. For instance, with a web session, other vendors collect the source and destination IP, URL, and in some cases minimal header information. In contrast, Fidelis collects all of this plus more, including rich metadata from within the web session itself.
  • Retrospective Analysis of the Metadata: In a podcast Highlighting the Role of Response in NDR, our COO discusses how retrospective analysis provides security teams with the ability to apply new insights or threat intelligence against historical traffic (I.e., the metadata stored about prior network traffic) to determine if the environment was compromised by a previously unknown threat. The analysis is automated and continuously running against stored network metadata.With DSI and a retrospective analysis of an organization’s metadata, security teams can analyze the details of a security incident. This includes how the cyber defenses were breached, what resources were accessed, and what changes were made within the environment. This information is crucial in formulating your incident response and determining what needs to be done to prevent future breaches.
  • Fidelis is the only vendor in the security market to offer a combo of Network DLP and NDR. With the Fidelis Network DLP capabilities, you can benefit from visibility of data movement across all ports and protocols and get complete content and context, as well as receive indicators of compromise with data departing from your network.

Key Takeaways

Overall, Fidelis Network Detection & Response provides visibility and unique, patented contextual perspective across your network, email, and proxied web traffic. Combining this valuable contextual perspective with machine learning, sandboxing, threat intelligence and active deception defenses ensures more effective threat detection throughout the entire kill chain. This goes from the initial infection through to the data leakage by malicious outsiders or malicious insiders. Teams can rapidly respond to identified issues in the network or at the endpoint to immediately remove malware, execute a response playbook and prevent data theft. To learn more about our Network Detection and Response solution, contact us or request a demo.

Stay up to date on all things security

Subscribe to the Threat Geek Blog