FacebookTwitterLinkedInYouTube


Support Login  |  Partner Login  |  Contact Us
solutions section
Home » Solutions
» Intelligent Network Forensics

Intelligent Network Forensics

Traditionally, network forensics tools have been about capturing and recording all the packets traversing the network and adding some analysis capabilities to enable investigation of security incidents after they occur.

Intelligent network forensics is about being selective about capturing, visualizing, and recording sessions of interest. Fidelis XPS allows an organization to find incidents more quickly, and in the process reduce costs, increase network bandwith, automate incident response, and attain proactive situational awareness. With powerful features such as real-time visualization of network activity and granular control over event capture, Fidelis XPS gives network forensics and incident response teams the ability to not only detect a threat on the way into the network, but the ability prevent it by cutting off the channel used to send the stolen information home.

Fidelis XPS provides real-time session-level visibility and control for outbound and optionally bi-directional communications, allowing an organization to take action in real-time to a detected threat and enable:

Real-time Visualization of Network Activity—Through the Fidelis XPS Information Flow Map™ technology, organizations can see all network activity. Once your network activity can be visualized, then you have the power to take an action. By enabling different levels of visualization—from all network activity or only flows of interest—Fidelis XPS Information Flow Map allows an organization to:

  • Achieve proactive situational awareness;
  • Obtain real-time visibility to content over all ports and protocols;
  • View hosts and subnet network activity in real-time;
  • Gain context with a unified view of applications and content within the flow;
  • Monitor external sites in real-time, including GeoIP and reputational data;
  • Access 24-hour playback and node history.

Granular Control over Capture--Fidelis XPS features include the ability to record network sessions of interest, allowing an organization to quickly study details about the session. This quick access to data makes for easy exchange with other security products built to decipher and identify malware code. Fidelis XPS’ granular controls allow an organization to:

  •  Access all layers of embedded content with point & click;
  • Capture traffic of interest with granular controls over “who, what, where, when, how”;
  • Highlight essential information and provide resulting rationale for the event;
  • Simply extract recorded data for external analysis;
  • Export to SIEM or archive plus full API for automated data access. 

Automated Incident Response—Fidelis XPS’ granular controls allow for several mitigation options including the ability to prevent network sessions, giving an organization the ability to automate incident response by stopping the spread of an attack within their network. Fidelis XPS’ robust controls allow an organization to:

  • Prevent transfers of information based on granular controls of “who, what, where, when, how”;
  • Block malicious communication channels (e.g., Command & Control, propagation);
  • Block malicious payloads based on knowledge from compromised systems;
  • Prevent circulation of the threat within the network.

Decreased Forensics Program Costs—By deploying Fidelis XPS, organizations can attain a rapid return-on-investment through the decreased expenses associated with an intelligent network forensics approach, enabling an organization to:

  • Reduce up-front costs with integrated network appliances that are easy and quick to deploy;
  • Keep deployment, and operational and storage costs minimal through selective forensics recording and centralized storage architecture;
  • Quicken time-to-value through the use of pre-alert visibility and prevention capabilities, mitigating the threat before it occurs reduces incident response needs while protecting the organization from advanced threats;
  • Maximize employee effectiveness with minimal FTE requirements needed to deploy and operate the system including a more efficient way to retrieve forensic information with quick, one-click access to the content.
  • From attack identification and containment, through to mitigation, Fidelis XPS is the solution for Intelligent Network Forensics. Contact us today to learn more. 

It’s Time to Get Intelligent about Forensics: Fidelis XPS

Take a closer look into how Fidelis XPS can make your forensics program more intelligent.

See It: Identify – Fidelis XPS can identify compromised hosts due to transfers of sensitive or protected information and non-normal or high-risk network traffic, granting pervasive network awareness at the session-level.

Study It: Capture – Fidelis XPS can determine the cause of your data breach, analyze it (and, if desired, block rogue network communications), and determine what information was transferred (and, if desired, prevent additional transfers of sensitive or protected information). Then send feeds for event correlation with your SEIM or log management solutions.

Stop It: Eradicate– Fidelis XPS can prevent transfers of sensitive of protected information by blocking malicious communications (e.g., Command & Control, propagation) and malicious payloads based on knowledge from compromised systems.