Traditionally, network forensics tools have been about capturing and recording all the packets traversing the network and adding some analysis capabilities to enable investigation of security incidents after they occur.
Intelligent network forensics is about being selective about capturing, visualizing, and recording sessions of interest. Fidelis XPS allows an organization to find incidents more quickly, and in the process reduce costs, increase network bandwith, automate incident response, and attain proactive situational awareness. With powerful features such as real-time visualization of network activity and granular control over event capture, Fidelis XPS gives network forensics and incident response teams the ability to not only detect a threat on the way into the network, but the ability prevent it by cutting off the channel used to send the stolen information home.
Fidelis XPS provides real-time session-level visibility and control for outbound and optionally bi-directional communications, allowing an organization to take action in real-time to a detected threat and enable:
Granular Control over Capture--Fidelis XPS features include the ability to record network sessions of interest, allowing an organization to quickly study details about the session. This quick access to data makes for easy exchange with other security products built to decipher and identify malware code. Fidelis XPS’ granular controls allow an organization to:
Automated Incident Response—Fidelis XPS’ granular controls allow for several mitigation options including the ability to prevent network sessions, giving an organization the ability to automate incident response by stopping the spread of an attack within their network. Fidelis XPS’ robust controls allow an organization to:
Decreased Forensics Program Costs—By deploying Fidelis XPS, organizations can attain a rapid return-on-investment through the decreased expenses associated with an intelligent network forensics approach, enabling an organization to: