Fidelis Cybersecurity innovations help to detect, hunt and respond to advanced threats

Fidelis Elevate is the first platform of its kind to enable organisations to calculate their vulnerable attack surface and respond accordingly to build a robust defence.

  • 4 years ago Posted in

Fidelis Cybersecurity has introduced the latest release of the Fidelis Elevate platform. This unified platform addresses the challenges that security professionals face when hunting for threats via traditional methods such as logs, events, and alerts. Organisations can now collect network and endpoint metadata of content and context to provide real-time and retrospective analysis for detection, threat hunting, and response across complex on-premise, cloud and hybrid environments with speed, accuracy, and clarity.

This new release includes major innovations across the Fidelis Network , Endpoint and Deception offerings. When used together as a platform, users gain unmatched insight into their organisation’s cyber terrain, including identification of the vulnerable attack surface. Fidelis fully integrates, automates, and orchestrates robust capabilities for asset discovery and classification, network data loss prevention, network threat detection and response, endpoint detection and response, forensics, and deception.

“When speaking with CISOs across the globe, they mention several interlinked challenges - improving visibility of what’s really going on in their hybrid environments, getting a handle on the never-ending flood of false positives, and reducing the number of security tools in their stack that still leave blind spots for their teams to deal with,” said Nick Lantuh, president and CEO, Fidelis Cybersecurity. “Collecting logs, events, and alerts actually slows their ability to detect, hunt, and respond properly. Instead, organisations need rich, indexable metadata that provides the necessary content and context for deep visibility, an understanding of their cyber terrain, and the ability to rapidly and accurately respond. Ultimately if you don’t know your terrain, then you don’t know what to defend…and if you don’t know what to defend, then there is no way for you to ensure a robust defense.”

The Fidelis Elevate platform now offers the ability to continuously discover, classify, and assess assets, including laptops, desktops, servers, enterprise IoT, shadow IT, and legacy systems. Fidelis Endpoint discovers all software installed on these assets, while continually running vulnerability assessments and alerting on any installed vulnerability. Fidelis Network maps all communications surrounding each device to visualise potential attack paths between assets. These newly integrated capabilities combined with rich meta data provide security professionals with the visibility and context needed to take action in reducing the attack surface and effectively protect vulnerable assets.

The release also cements Fidelis as a leader in the emerging deception technology space, offering the widest range of decoys available, as well as becoming the first vendor to offer a network security platform that integrates a fully functional deception product. Fidelis decoys offer customers more features and management than any other vendor. With this expansion, the company now provides a full range of deception layers, including solutions for organisations that desire a safe and smart deception alarm system, as well as researchers who desire to learn TTPs and analyse code for attribution and mitigation from real OS VM decoys.

Key platform innovations by product line include:

Fidelis Network:

  • Discover, Profile and Classify Your Network Terrain: Fidelis continuously discovers and classifies network assets, including enterprise IoT, shadow IT, and legacy systems. Whenever network threats are detected, the knowledge of the asset under attack is critically important and usually not available to the network sensor – until now.
  • Gain Visibility of Threats Hidden in Encrypted Traffic: Fidelis can profile encrypted TLS traffic and can uncover problems with certificates, weak encryption, and the ability to apply a patented approach to determine human vs. machine browsing activity. The TLS dashboard presents a view into encrypted traffic running in your environment which can uncover malicious usage.

Fidelis Endpoint:

  • Identify Assets, Software Inventory, and Vulnerabilities: Fidelis Endpoint now provides details on software name, publisher, version, and install date. Customers can now cross-reference this information with known vulnerabilities to map their vulnerable endpoint attack surface. Copies of first seen executable files and scripts are also collected, addressing the problem of malicious software that will often delete files to hide traces and evade detection.
  • Endpoint Prevention: Fidelis Endpoint provides process blocking with OpenIOC hashes or YARA rules for increased prevention independent of AV engine choice. The Fidelis AV feature is optional, which allows Fidelis Endpoint to coexist with any AV engine and add complimentary process blocking based on threat intelligence feeds.

Fidelis Deception:

  • Flexible Decoys via Emulation and/or Real OS VMs: Decoy servers support both emulation and real OS VMs in customer environments and licensing enables wide spread use, not just specific VLANs. Fidelis Deception is unique with its continuous asset profiling and classification of a customer’s cyber terrain to automate decoy creation and deployment.
  • High Performance Network Sensors: The latest version of Fidelis Deception is fully integrated with Fidelis Network Sensors which provide a 5X improvement in performance to 10G network speeds. Deception also shares the same UI and alert / conclusion database as Fidelis Network to allow visibility and management of all alerts from Fidelis Elevate into a single pane of glass.

“Fidelis Elevate provides a security ecosystem that gives our customers visibility across their entire environment to hunt for unknown threats that are missed by traditional security solutions,” said Lantuh. “The data at the core of security stacks is shifting away from logs and events and towards metadata because of its richness which is more conducive to the application of machine learning and data science. Our ability to access content while providing context in real-time, combined with our understanding of network, cloud and endpoint terrain means that we help customers accurately and quickly detect, hunt and respond to advanced threats like no one else.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
73% of organizations lack automated patch management, and 62% experienced incidents involving exploitation of a vulnerability for which a patch was available but had not yet been deployed.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with certain of its affiliates, “Clearlake”) to acquire the Company from Francisco Partners. Patrick Nichols, current CEO of Quest, will continue to lead the Company supported by the existing executive management team. Upon closing of the transaction, Clearlake will become the majority shareholder in Quest. The terms of the transaction were not disclosed.
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to help secure, isolate and recover data from a ransomware attack.
Aqua’s cloud native application protection platform becomes the only solution that protects cloud applications, their code, and their CI/CD infrastructure.
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities compared to legacy on-premises hardware and appliance-based models.