Intelligent Network Forensics

Traditionally, network forensics tools have been about capturing and recording all the packets traversing the network and adding some analysis capabilities to enable investigation of security incidents after they occur.

Intelligent network forensics is about being selective about capturing, visualizing, and recording sessions of interest. Fidelis XPS allows an organization to find incidents more quickly, and in the process reduce costs, increase network bandwith, automate incident response, and attain proactive situational awareness. With powerful features such as real-time visualization of network activity and granular control over event capture, Fidelis XPS gives network forensics and incident response teams the ability to not only detect a threat on the way into the network, but the ability prevent it by cutting off the channel used to send the stolen information home.

Fidelis XPS provides real-time session-level visibility and control for outbound and optionally bi-directional communications, allowing an organization to take action in real-time to a detected threat and enable:

Granular Control over Capture--Fidelis XPS features include the ability to record network sessions of interest, allowing an organization to quickly study details about the session. This quick access to data makes for easy exchange with other security products built to decipher and identify malware code. Fidelis XPS’ granular controls allow an organization to:

  •  Access all layers of embedded content with point & click;
  • Capture traffic of interest with granular controls over “who, what, where, when, how”;
  • Highlight essential information and provide resulting rationale for the event;
  • Simply extract recorded data for external analysis;
  • Export to SIEM or archive plus full API for automated data access. 

Automated Incident Response—Fidelis XPS’ granular controls allow for several mitigation options including the ability to prevent network sessions, giving an organization the ability to automate incident response by stopping the spread of an attack within their network. Fidelis XPS’ robust controls allow an organization to:

  • Prevent transfers of information based on granular controls of “who, what, where, when, how”;
  • Block malicious communication channels (e.g., Command & Control, propagation);
  • Block malicious payloads based on knowledge from compromised systems;
  • Prevent circulation of the threat within the network.

Decreased Forensics Program Costs—By deploying Fidelis XPS, organizations can attain a rapid return-on-investment through the decreased expenses associated with an intelligent network forensics approach, enabling an organization to:

  • Reduce up-front costs with integrated network appliances that are easy and quick to deploy;
  • Keep deployment, and operational and storage costs minimal through selective forensics recording and centralized storage architecture;
  • Quicken time-to-value through the use of pre-alert visibility and prevention capabilities, mitigating the threat before it occurs reduces incident response needs while protecting the organization from advanced threats;
  • Maximize employee effectiveness with minimal FTE requirements needed to deploy and operate the system including a more efficient way to retrieve forensic information with quick, one-click access to the content.
  • From attack identification and containment, through to mitigation, Fidelis XPS is the solution for Intelligent Network Forensics. Contact us today to learn more.