Network Analytics

Network analytics
When you detect an attack you need to investigate it. But to investigate it you need historical data. Logs and NetFlow data provide a start but they are not enough to trace threats back to their source.

The reality is that most advanced attacks are detected after attackers have already compromised your environment. Security teams rarely have enough data to reconstruct how the attackers broke in or what they stole. Retroactive detection and analysis is critical to finding and stopping advanced attacks. But full packet capture solutions were historically the only choice for security teams that wanted a high-fidelity record of historical network activity. These solutions require costly storage and forensic experts to provide analysis necessary to retrace attackers’ footprints.

Key Challenges We Address

  • findCreated with Sketch.

    Detecting Multi-Stage Attacks

  • PreventDataTheftCreated with Sketch.

    Applying Threat Intel to Historical Data

  • Created with Sketch.

    Reconstructing a Timeline of the Attack

How We Do It

Fidelis makes detailed network analytics affordable by collecting and storing rich content-level metadata from your network traffic. This provides a much lighter, faster and less expensive way to analyze historical data.

Captures Content-Level Metadata

Our Deep Session Inspection™ decodes and analyzes content in real-time, no matter how deeply embedded it is. It reassembles packets into session buffers in RAM, and recursively decodes and analyzes the protocols, applications and content objects in those session buffers in real-time - while the sessions are occurring. This allows us to “see deeper” into applications and, in particular the content that’s flowing over the network.

Detects and Investigates Retroactively

Investigate what attackers have done in the past. When you get new intelligence you can apply it to historical data to see if you have been compromised in the past. Fidelis provides a lighter, faster and less expensive way to analyze historical data because it only captures and stores rich content-level metadata.

Establish a Timeline of the Attack

Sensors deployed on your network continuously monitor and record key events so you can establish a timeline for suspected incidents by correlating alerts with events that happened in the past.

Automated Analytics

Intelligence provided by Fidelis analyzes historical data to investigate past events so you can rapidly detect threats in your environment, even when they happened in the past. You can also apply your own intelligence or commercial threat feeds.

Visibility Across All Ports and Protocols

We capture network traffic on all ports and protocols, including misuse of protocols and services on non-standard ports.

Detect Multi-Vector Attacks

Identify “low and slow” attacks that develop over time. By correlating seemingly unrelated events, Fidelis can identify when attackers move laterally, establish command and control footholds and prepare to steal data.

Accelerate Investigation Cycles

Simplify the most time consuming investigative task – gathering data - and make it much easier to get to the bottom of what is happening so your experts can focus on what’s important.

Pivot from Detection to Investigation

Pivot directly from real-time detection to historical investigation and analysis with a single solution and a single interface.

Full-Packet Capture for Alerts

When an alert triggers we perform full packet capture so you have the actual files and attachments that were transferred when the alert triggered.

Proactively Hunt for Attackers

Rapidly search historical network data for signs attackers are (or have been) active in your environment – including content-level metadata about files that have crossed your network in the past.

White Paper:
 Rapid Detection & Response Model

Learn how you can accelerate your ability to detect, investigate and stop attacks using a model based on proven strategies and methodology used effectively on the front lines by incident responders.

Learn more about Detecting Attacks

Schedule a Demo

We think that our network analytics solution is pretty unique. But don’t take our word for it. Schedule a demo and be your own judge.

See the Product in Action

NetworkCreated with Sketch. Fidelis Network

Analyze all of your network traffic at multi-gigabit speeds. Fidelis Network detects the tools and tactics of advanced attackers including advanced malware, exploits, command and control activity and data theft techniques that bypass traditional network security systems.

Learn more about Fidelis Network