Endpoint Protection

Move Beyond Signatures and Feeds

Endpoint Protection, Detection and Response – All In One

Keeping the door closed on known threats while also preventing new ones is critical for endpoint defenses. New threats continue to become more evasive using macros and scripts, social engineering and business compromise. Most endpoint protection solutions have weak detection and response features, so shopping with prevention in mind first can result in less than desirable endpoint detection and response (EDR) capabilities. Finding the right EDR solution that works in conjunction with endpoint protection provides the best of both worlds – especially if within the same agent.

Endpoint Protection – Two Primary Challenges to Overcome

Challenge 1

Effective endpoint protection requires moving beyond legacy signature defenses, while avoiding the false positives and manual tuning associated with whitelists, isolation containers, and stand-alone ML anomaly detection.

Challenge 2

Merging endpoint protection with detection features brings multiple buyers to the table – security operations, incident responders and IT management – each with different solution requirements.

Protect Your Endpoints with Multiple Defenses

Fidelis Endpoint® uses several engines to detect and stop malware, including anti-virus (AV) with behavioral, heuristic and signature defenses, including boot sector protection and a global quarantine of detected malware for analysis; process behavior blocking – which runs independently of your choice of AV – using hashes or YARA rules to extend prevention defenses; and process blocking using threat intelligence feeds as a source of hashes to block.

Fidelis Antivirus Engine

Fidelis AV powered by Bitdefender detects malware through signatures and heuristics on Windows systems. It is integrated closely with endpoint activity metadata collection and storage, allowing analysts to see exactly what happened prior to the detection and remediation of malware on a system. Fidelis AV is optional with Fidelis Endpoint, supporting an open choice for AV investment.

Process Behavior Blocking (Advanced Malware Detection)

Fidelis detects and acts upon malware that executes based upon its behavior. While a process is executing, Advanced Malware Detection will monitor and score the activity across multiple dimensions of behavior to identify malicious process behavior. If the score of the process crosses the threshold for malicious behavior it is terminated.

Process Blocking

Easily add hashes for process blocking in order to prevent execution. Fidelis also supports the use of YARA rules to scan executables before allowing execution. Process blocking works independently of AV. You can create advanced rules that use any YARA module to look inside an executable and proactively prevent execution. With this capability, you can prevent the spread or execution of malware across the enterprise, even if hashes change.

Learn more

One Endpoint Agent that Tightly Integrates Malware Prevention, Detection and Remediation

With Fidelis, security analysts can quickly pivot from AV alerts into the endpoint process tree with event details that provide context into the source of malware – leveraging the value of combined prevention and detection in one agent. Malware detection and remediation is integrated tightly so analysts can seamlessly follow the path of the malware back to its origin whenever malware is detected and remediated.

When malware is detected, a sample is automatically sent back to a central repository of detected malware for each customer so they can:

  1. Jumpstart an investigation into the threat
  2. View detection information and details
  3. Download the sample for further analysis and investigation

Address Security and IT Concerns By Integrating Endpoint Protection with Advanced EDR

The continuous string of breaches has proven that endpoint prevention is no longer enough. You also need detection and response capabilities to detect unknown intruders and insider threats. Read our Technical Deep Dive white paper on Fidelis Endpoint to see how you can address concerns of both security operations professionals, who want more data and forensic capabilities, along with IT endpoint management staff, who want minimal user impact and fewer agents on each machine.

Protect Your Endpoints by Monitoring Endpoint Behavior in Real-time

Fidelis Endpoint automatically detects when an IOC (IP address, DNS, process name, URL, MD5, etc.) exists on an endpoint or when a process performs certain behavior and can automatically initiate an appropriate response action or generate alerts that are sent to a SIEM. Endpoints are monitored on and off the network ensuring visibility even when employees work in remote locations.

Threat Intelligence Provides an Additional Endpoint Protection Layer

Given modern targeted attacks’ ability to evade basic defenses, the Fidelis Threat Research team provides and continually updates threat intelligence (Fidelis Insight) for our customers, leveraging cloud-based sandboxing, machine learning anomaly detection, and threat research.

See Fidelis Endpoint® in Action