Fidelis Cybersecurity announced a more robust and open XDR platform with improvements to its leading Network Detection and Response (NDR) and Deception solutions.
Latest enhancements include new integrations, a larger CommandPost, and a faster network sensor in Fidelis Network, coupled with expanded cloud capabilities in Fidelis Deception. Both products are available as standalone offerings or as part of Fidelis Elevate, an Active XDR platform. Fidelis Elevate provides advanced threat detection and response across cloud, network and endpoints, and deception, deep session inspection, decryption, and data loss prevention to help security teams find and stop threats faster.
Fidelis Network v9.5 enhances the speed, context, and accuracy of network threat detections and response with a new, larger Fidelis CommandPost and 20G sensor that provides twice the throughput in half the space of our 10G sensor. The larger CommandPost can retain more data to support retrospective queries across historical data. This feature is critical to quickly performing damage assessments of suspected breaches to understand the attacker’s initial entry point, when the attack occurred, and what data and services were impacted.
Additionally, Fidelis Cybersecurity expanded its integrations ecosystem. In addition to Gigamon and others, Fidelis Network can now ingest data from even more leading third-party platforms, which helps security analysts consolidate vendor silos, correlate events across multi-vendor environments, and track adversarial movements across cloud, endpoint, and network. An important part of an open XDR platform, Fidelis Network works with these leading platforms to help security teams more quickly and easily find and respond to threats anywhere on the network:
- Zscaler – Zscaler delivers a Security Service Edge (SSE) architecture moving network security to the edge. The integration with Fidelis Network enables all data generated by Zscaler Internet Access (ZIA) to be ingested and analyzed, improving threat hunting and alert workflows.
- DEVO– Fidelis Elevate analyzes all data on networks, endpoint, and decoys, over cloud, data center, and hybrid environments. Integrating Fidelis data and detections with Devo cloud-native logging and security analytics expands security teams’ threat hunt and correlation over the entire enterprise, including data from firewalls, secure web gateways, secure mail gateways, and more.
The 9.5 release of Fidelis Deception adds cloud-based decoys for multi-cloud environments to detect attacks against an organization’s cloud assets. These features include:
- Decoy Vulnerability Management: Enables security teams to provision decoys with specific vulnerabilities (eg Log4j) to catch adversaries searching for vulnerable cloud assets.
- Enhanced support for RealOS-basd Decoys on VMs: Provision bespoke, golden images, or ISO files on the Decoy Server to run native applications with support for up to five RealOS Decoys on one Decoy Server running within a Virtual Machine (VM) with multiple IP addresses for each RealOS Decoy.
- ARP MITM Detection: Easily detect and respond to man-in-the-middle attacks where attackers are spoofing ARP replies.
- Amazon Web Services (AWS) Breadcrumb Enhancements: Adds more dedicated AWS objects as breadcrumbs to lure attackers to decoy assets
Fidelis Deception v.9.5.1, available in Spring 2022, adds container support and functionality:
- Support for Containerized Decoy Server: Support for AWS on Dockers/Kubernetes, providing additional Decoy Server deployment options. (Users can already deploy the Decoy Server directly on AWS.)
- Customer-developed Decoy Containers: Load home-grown containers and other containerized applications to the Decoy Server to detect attackers trying to exploit these specific containers.