Fidelis strengthens its ransomware capabilities

Fidelis Cybersecurity today announced Fidelis Endpoint successfully detected Data Encrypted For Impact (T1486), which is indicative of Ransomware attacks, during the 2021 MITRE Engenuity Round 4 ATT&CK Evaluation.

In this MITRE evaluation, the Fidelis Cybersecurity Endpoint Detection and Response (EDR) platform successfully detected overwhelming evidence of malicious activity prior to the final phase of data being encrypted, which enabled the platform to disrupt the attacks before attackers could impact target systems. The results demonstrate Fidelis Endpoint rules and detections have become even more precise since previous testing. Fidelis Cybersecurity also announced new and enhanced features, including advanced memory scanning, that will improve customers’ ability to quickly find and neutralize Ransomware and other malware.

Fidelis Endpoint is available as a standalone offering or as part of Fidelis Elevate, an Active eXtended Detection and Response (XDR) platform. Fidelis Elevate provides advanced threat detection, deception, deep session inspection, and data loss prevention to help security teams find and stop threats faster. The Fidelis Elevate platform combines EDR with Network Detection and Response (NDR) and Deception capabilities to detect attacks more thoroughly when compared to the endpoint-only ATT&CK Evaluation. Fidelis Elevate would have achieved near total visibility and detection in similar testing, based on the robustness of the platform.

MITRE ATT&CK Results
Independent MITRE ATT&CK Evaluations assess the ability of EDR solutions to detect real-world cyber threats that are known to impact businesses and governments worldwide. Through the lens of the ATT&CK knowledge base, evaluations focused on two threat actors, Wizard Spider and Sandworm. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a destructive Russian threat group that is known for carrying out notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017’s NotPetya attacks. These two threat actors were chosen based on their complexity, relevancy to the market, and how well MITRE Engenuity’s staff can fittingly emulate the adversary.

“MITRE ATT&CK Evaluations provide insight into the ability of EDR solutions to detect attack tactics and techniques, allowing enterprises to understand their risk and ability to detect advanced attacks,” said Jerry Mancini, COO and VP Products, Fidelis Cybersecurity. “Fidelis Endpoint results demonstrate the strong detection, forensics, and investigation using the version 9.4 solution used during the evaluation. The substantial product improvements in version 9.5, which include the integration of Intel TDT, further strengthens our ability to automatically respond and remediate threats and improves our ransomware abilities.”

Fidelis Endpoint v9.5
Fidelis Endpoint is a powerful, proactive endpoint detection and response (EDR) platform that provides deep visibility into endpoint activity both on and off premises and within cloud environments to speed investigations. Hands-on control and automation help security teams quickly pinpoint and eradicate threats to an organization.

Fidelis Endpoint v9.4 was used for the MITRE Round 4 testing. The new v9.5 release expands the ability to both detect and respond to ransomware attacks.

With Fidelis Endpoint v.9.5, Fidelis Cybersecurity is adding:

Intel Threat Detection Technology (Intel TDT) accelerated memory scanning (AMS) Integration

  • to help detect ever evolving and intensifying cyberthreats that hide in memory
  • to offload memory scanning to the Intel integrated GPU to minimize impacts on CPU performance 

Agent Platform Coverage

  • Support for Windows 11 and macOS 12, and support for Apple M1 architecture

Service Monitoring and Supportability

  •           Enhanced system monitoring to provide real-time, detailed system health status.

“By integrating Intel Threat Detection Technology accelerated memory scanning (AMS) into Fidelis Endpoint, enterprise customers with Intel vPro Platforms can perform more frequent memory scanning with higher performance – a great benefit for our mutual customers to continue to help stay ahead of bad actors,” said Carla Rodríguez, Sr. Director, Ecosystem Partner Enablement, Intel Corporation.