Fidelis Insight

The Engine Behind the Intelligence.

Go Beyond Signatures and Feeds

Fidelis Insight delivers threat intelligence in several forms and serves as a key element to combine network sensors, endpoint agents, and sandbox techniques into a single, automated threat detection and response solution.
Fidelis Network Alert List

Curating Intel to Drive Detections

Fidelis Insight threat intelligence is sourced from various feeds and curated by the Fidelis Threat Research Team to drive the detection techniques used by Fidelis Network sensors and Endpoint agents.

Threat intelligence is used in numerous ways across Fidelis products including:

  • Policies, which include rules that enable the detection of threats, compliance with industry standards, and detection of data theft.
  • The Malware Detection Engine which is included within the Fidelis Network sensors. This engine was built specifically to identify malicious files and malicious network behavior.
  • Validation rules, which query endpoint events that correspond to every Fidelis Network alert so that analysts know whether the alert requires immediate attention or not.
  • Fidelis Feeds, which cultivate data from several sources including Fidelis internal research, open source providers, Fidelis partnerships, and machine-learning algorithms that are applied to data sent to the Fidelis Content Analysis Platform.
 

The Fidelis Difference:

ThreatBridge

ThreatBridge is a threat intelligence database that consumes intel feeds from just about any source, including Fidelis Insight. Data is normalized and presented in a unified view, and can contain file hashes, IP addresses, URLs, domains, and mutex names. This data is used by Fidelis Endpoint to compare against all endpoint activity in near-real time to identify bad behavior or dangerous actions.

Threat Cache

The Global Threat Cache stores information about executable files, including the number of antivirus engines that know about the file and the number of those engines that determine the file to be malicious. This information is available for all network transactions that include an executable file.

Content Analysis

Fidelis Insight includes the Content Analysis Platform, which includes a sandbox execution environment with active networking that allows samples to call out as they would in normal operations. Analysis is performed and the results associated with the alert created are displayed in the sandbox report that carries the malware score. Scores range from 0 to 100, where 100 indicates high confidence that the file or site is malicious.