Extrusion Prevention Solutions | Fidelis Security Systems

Built on a patent-pending deep session inspection platform™, the Fidelis Extrusion Prevention System®, Fidelis XPS™, is the industry's only next-generation data leakage prevention solution with the power to deliver comprehensive prevention, complete control, and the lowest total cost-of-ownership to stop data leakage on gigabit-speed networks.

Organizations choose Fidelis XPS to solve their biggest data leakage challenges:

SAFEGUARD digital assets, intellectual property, and identity information;
COMPLY with government and industry privacy regulations including PCI, HIPAA, GLBA, FERPA, and State privacy regulations;
ENABLE visibility into and control over sanctioned and rogue applications over all network ports;
MAXMIZE security program performance;
MITIGATE risk while enabling the business adoption of collaborative and emerging technologies.

Learn more about Fidelis XPS industry solutions for the commercial enterprise, government, and educational institutions.

SAFEGUARD Digital Assets, Intellectual Property and Identity Information

Digital Assets

Effective use of an organization’s digital assets - including their monetization typically requires sharing them across an extended enterprise in some collaborative process, such as a company’s supply chain or a bank’s credit-review process. While technology has made collaboration cheaper and easier, it has also made it easier to lose control of the network and valuable intellectual property.

The leakage, or extrusion, of this information imposes real costs to organizations, their partners, and their shareholders. In addition to direct financial costs, competitive advantage, brand impact, reputation risks, and civil liabilities can be substantial.

Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage, mitigating the risks organizations face in the protection of their digital assets. The Fidelis Extrusion Prevention System®, Fidelis XPSTM, provides the first direct control to prevent the extrusion, or unauthorized disclosure, of digital assets. Rather than using the indirect approach of focusing on controlling user behavior through access control, Fidelis XPS focuses on the digital assets themselves. As a network appliance, it enables companies to actually mitigate their risks by implementing a policy-based approach to prevent the transfer of digital assets, rather than merely reporting on compliance with internal policies and external regulations.

Intellectual Property

From manufacturing product designs to source code to business knowledge stored electronically, intellectual property has become digitized across organizations and has provided great productivity increases.

Unfortunately an extrusion of intellectual property by an accidental disclosure, a malicious insider or external hacker, can have intensely negative market, brand, legal, operational, and financial consequences to an organization. To properly safeguard an organization's resources, it is imperative to prevent the unauthorized transfer of protected data rather than merely reporting on the extrusion. Instead of an indirect approach of focusing on user behavior through access control, preventing the extrusion of the digital assets themselves will assure an organization's ability to mitigate risks.

Identity Information

Likewise, the protection of information about customers and employees is critical to success in today’s business environment. From competitors seeking intelligence to hackers looking to commit identify theft, there is no shortage of people trying to get access to this information. Recent high-profile extrusions of personal information have illustrated the costs to organizations that do not adequately protect this information. An extrusion can have an incredibly negative impact, potentially resulting in legal liability, lawsuits, fines, penalties, incarceration, and significant damage to an organization’s reputation and brand.

Many laws and industry regulations have been passed to protect sensitive information. But sometimes organizations and technology solutions lose sight of the goal of such regulations—the point is not to issue a report on the organization’s compliance with internal policies and external regulations when policies have been breached, but rather to implement controls that mitigate the risks by preventing the extrusion altogether, thereby avoiding non-compliance and the detrimental financial, legal, and business consequences that accompany it.

COMPLY with Privacy Regulations

The leakage, or extrusion, of personally identifiable information (PII) has been shown to have significant negative consequences on an organization’s brand, reputation, and customer trust as well as legal, operational, and financial implications. With the number of PII extrusions on the rise, both governments and industry organizations (such as the Payment Card Industry) have responded by instituting several privacy laws and industry operating standards with which all organizations must comply. Most privacy compliance laws and standards require the reporting of unapproved disclosures of privacy-sensitive identity information and include financial (and sometimes criminal) penalties for non-compliance.

However, the range of laws and regulations mandated to better control identity information has severely taxed the resources of many organizations required to comply. In an effort to support their compliance efforts, organizations must put policies and tools in place to monitor and control privacy-sensitive identity information.

Historically, the controls available required searching the entire enterprise to locate all occurrences of identity information and placing access controls, typically in the form of authentication and authorization, on systems containing sensitive information. Even if this were done successfully, access controls typically become ineffective once information is accessed by an approved user. Initial automated content monitoring tools not only require this time-consuming and labor-intensive discovery process, they also require extensive integration to maintain registration as data changes. These drawbacks not only result in expensive deployment and maintenance, but also lead to false negatives as non-registered data slips through un-noticed. Bottom line—accidental disclosures, malicious insiders, and systems comprised by hackers have all led to the leakage of identity information.

Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage, mitigating the risks organizations face when privacy compliance regulations are breached. The Fidelis Extrusion Prevention System®, Fidelis XPS, delivers out-of-the box privacy compliance with a range of policies that allows organizations to support regulations without increasing staff. A uniquely powerful rules-based approach to identifying privacy sensitive information eliminates the need for time consuming and unreliable data registration, allowing protection within current business practices.

ENABLE Network Visibility and Control

A new generation of business buzz words has surrounded us—mobilization, googlization, globalization. The consumerization of information technology has spawned a host of productivity and collaborative applications, as well as pervasive communication channels such as Skpe, Linkedin, MySpace, and Facebook. Organizations have literally no way of telling where data is flowing on their networks. Networks are designed to forward packets as fast as possible. Applications are not information-aware and are unable to determine if the data they are using and transmitting is sensitive or not.

Visibility into how data is flowing on the network, putting it into context, and the ability to control this activity is critical to compliance with acceptable use policies and regulatory requirements such as HIPAA, PCI, and GLBA. Concern is not only about data leaving the network through the internet firewall, but also the security of data flowing throughout the network and intranet. Gaining the visibility into data content, the network channels, and most importantly the context in which data is used enables stronger control of how and by whom it is accessed and what are its acceptable uses.

Likewise, having the knowledge of what applications are running on networks—both sanctioned and rogue—is paramount to gaining control over the network. Emerging applications such as Skype and Facebook have obliterated the traditional application port paradigm, deploying technologies that enable a communication session to run over just about each one of the unmonitored 65,535 ports on the network and through the firewall. Because developers of such consumer technologies are motivated to make their applications pervasive, they have been specifically designed to subvert firewall controls with port-hopping and tunneling. Traffic flowing in these “back channels” is unmonitored and cannot be proxied. Visibility into information flow allows control over the internal network and the ability to restrict access based on polices of use and types of channels and resources.

To date, most enterprises have only placed controls on the web and e-mail gateways to prevent extrusions. However, almost half of all network traffic bypasses these two control points, making it easier for insiders to subvert these control points and send out inappropriate materials, typically via back channels like instant messaging, peer-to-peer technologies, and rogue web traffic.

Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage, giving you visibility into and control over your network. The Fidelis Extrusion Prevention System®, Fidelis XPSTM, adds an additional layer of defense-in-depth to your security program by providing the ability to detect and control both content and applications in use on the network across all network ports. The ability to manage content and applications at gigabit speeds provides an organization the ability to see and control what is occurring across the network, and ultimately extends the infrastructure protection capabilities to detect and contain risky activities that originate from inside the infrastructure. Through this insight and control into how people communicate—and with what applications—the risks associated with the overall infrastructure can be detected and contained.

MAXIMIZE Security Program Performance

Enterprises must address their risk of data leakage by choosing and deploying security products in programs that maximize both their security and financial performance. Gone are the days when companies can afford to acquire and implement individual point solutions—application by application—first at the poorly defined and dissolving perimeter, and then trying to extend these ill-equipped solutions to the internal networks. Solutions must be repeatable—a platform deployed to prevent the extrusion of data through IM, email, and the web, past the perimeter—and should leverage existing policies and be applicable to all channels. These solutions must extend to new applications and internal network segments and flexibly adapt to custom applications and proprietary protocols. Information security must be incorporated as part of a defense-in-depth strategy extending data security into the core of the network, controlling traffic at gigabit speeds.

A security solution yielding the lowest total cost of ownership and highest return on security investment has to be up and running fast, have low implementation and operating costs, and be able to provide more comprehensive security. To maximize returns, organizations should not have to spend additional time and dollars post-sale to deploy a software solution that requires purchasing hardware, configuring, integrating, testing, deploying, and troubleshooting when network-based data leakage prevention solutions are available as a ready-to-install appliance. With easy appliance deployment, a solution can be online within hours of plugging into the network and show immediate results within days. The faster the time to value, the more widely accepted the solution will be, thus increasing the reach and optimizing the effectiveness of the program and your security investment.

Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage while allowing an organization to maximize its security program performance. The Fidelis Extrusion Prevention System®, Fidelis XPSTM, is a network appliance designed to go beyond preventing data leakage to help control the use of subversive technologies and policy violations such as identifying internal machines that are part of botnets, key loggers that are sending outbound strokes or downloading sensitive files to insecure local servers/databases, or accessing files remotely (at home or on the road, over insecure networks). Fidelis XPS prevents traffic without a proxy or MTA and require no additional third party products to enforce policy violations. By being dynamic, Fidelis XPS is able to solve more than just the data leakage problem at the network perimeter for applications such as instant messaging, email, FTP, web traffic, and peer-to peer communications.

MITIGATE Risk While Accelerating Adoption of Collaborative Technologies

In today’s networked environment we are all inter-connected on many levels. We are in the midst of a communication revolution with pervasive technologies such as Facebook, Linkedin, wikis, and blogs popping up on your user’s desktops, in addition to the more mainstream technologies such as instant messaging, peer-to-peer, and webmail. The formation of these new communication “channels” can bypass an organization’s typical controls on web and e-mail gateways. The reality of the traditional network perimeter has all but dissolved. The emergence of dynamic relationships with partners—and the ability to share information securely—is critical to your organization’s success.

As information flow has become the currency of the new economy, it is not only probable, but likely, for an organization to lose control of their information in the realities of the new technologies circling around your networks. The promise of increased efficiency that emerging and collaborative technologies can bring to your business sounds powerful. But the adoption of these new technologies is not without risk—legal and financial liability, negative impact on worker productivity, and consumption of precious network resources.

Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage, mitigating the risks organizations face while enabling collaborative and emerging technologies. The Fidelis Extrusion Prevention System®, Fidelis XPSTM, adds an additional layer of defense-in-depth to your security program by providing the ability to detect and control both content and applications in use on the network across all network ports. The ability to manage content and applications—both individually or logically combined—solves more complex problems, provides an organization the ability to see and control what is occurring across the network, and ultimately extends the infrastructure protection capabilities to detect and contain risky activities that originate from inside the infrastructure. Through this insight and control into how people communicate—and with what applications—the risks associated with the overall infrastructure can be detected and contained.