Network Forensics

Today’s threats involve attacks that attempt to steal your information and transport it over your network.  Attacks have become more customized and have moved further up the architecture to the application layer, deploying more custom “zero day” attacks and often taking advantage of user behavior rather than technical weaknesses—making it challenging for traditional inbound threat mitigation measures to actually defend against the threat.

A new approach to counter these advanced cyber attacks is required as traditional security tools struggle with custom attacks. By utilizing the Fidelis Extrusion Prevention System®, Fidelis XPS™,  for Intelligent Forensics, network forensics and incident response teams now have the ability to not only detect and prevent a threat on the way into the network, but can cutoff the channel used to send the stolen information home—allowing you to detect the threat, and do something about it.  

Fidelis XPS’ solution for Intelligent Forensics provides an important component to the network security infrastructure by providing real-time session-level visibility and control for outbound and optionally bi-directional communications to take action in response to a detected threat, enabling.

Real-time Visualization of Network Activity—Through the Fidelis XPS Information Flow Map™ technology, organizations can see all network activity. Once your network activity can be visualized, then you have the power to take an action. Suspicious network activity can include strange protocols on strange ports going to foreign countries, sensitive data, traffic bypassing your corporate secure email gateways and web proxies, or legitimate business traffic performed over unapproved channels or channels unknown to network security.  By enabling different levels of visualization—from all network activity or only flows of interest—Fidelis XPS Information Flow Map allows an organization to:

• Obtain real-time visibility to content over all ports and protocols;
• View hosts and subnet network activity in real-time;
• Gain context with a unified view of applications and content within the flow;
• Monitor external sites in real-time, including GeoIP and reputational data;
• Access 24-hour playback and node history.

Granular Control over Capture--Fidelis XPS features include the ability to record network sessions of interest, allowing an organization to quickly study details about the session. Recording sessions of interest is a key component in making your forensics program more intelligent. Instead of recording everything and later searching for the “needle in the haystack”, Fidelis XPSrecordsthe “needle” when something outside of policy occurs. With a quick, one-click access, all attributes about the session, the users involved in the transaction, and the session itself can be seen including all layers of encoding and obfuscation.  This quick access to data makes for easy exchange with other security products built to decipher and identify malware code. Fidelis XPS’ granular controls allows an organization to:

• Access all layers of embedded content with point & click;
• Capture traffic of interest with granular controls over “who, what, where, when, how”;
• Highlight essential information and provide resulting rationale for the event;
• Simply extract recorded data for external analysis;
• Export to SIEM or archive plus full API for automated data access.

Automated Incident Response—Fidelis XPS’ robust controls enhance the network security architecture, enabling pro-active prevention of cyber attacks and more efficient incident response.  Fidelis XPS’ granular controls allow for several mitigation options including the ability to prevent network sessions, giving an organization the ability to automate incident response by stopping the spread of an attack within your network. Once Fidelis XPS detects the threat, any network session can be terminated including the attacker’s command and control channel, enabling an organization to:

• Prevent transfers of information based on granular controls of “who, what, where, when, how”;
• Block malicious communication channels (e.g., Command & Control, propagation);
• Block malicious payloads based on knowledge from compromised systems;
• Prevent circulation of the threat within the network.

Decrease Forensics Program Costs—Through the use of intelligent network forensics, organizations can attain a rapid return-on-investment through the decreased expenses associated with the deployment of their forensics and incident response programs with a proactive approach to threat mitigation.  Utilizing Fidelis XPS for intelligent network forensics enables an organization to:

• Reduce up-front costs with integrated network appliance-based products that are easy and quick to deploy;
• Keep deployment and operational costs minimal through selective forensics recording and centralized storage architecture, allowing for reduced storage costs;
• Quicken time-to-value through the use of pre-alert visibility and prevention capabilities—mitigating the threat before it occurs further reduces incident response needs while protecting the organization from advanced threats;
• Maximize employee effectiveness with minimal FTE requirements needed to deploy and operate the system including a more efficient way to retrieve forensic information with quick, one-click access to the content.

From attack identification and containment, through to mitigation, Fidelis XPS is the solution for Intelligent Forensics. Contact us today to learn more about how Fidelis XPS can make your approach to forensics and incident response more intelligent.