Go Beyond Signatures and Feeds
Curating Intel to Drive Detections
Fidelis Insight threat intelligence is sourced from various feeds and curated by the Fidelis Threat Research Team to drive the detection techniques used by Fidelis Network sensors and Endpoint agents.
The Fidelis Difference:
ThreatBridge is a threat intelligence database that consumes intel feeds from just about any source, including Fidelis Insight. Data is normalized and presented in a unified view, and can contain file hashes, IP addresses, URLs, domains, and mutex names. This data is used by Fidelis Endpoint to compare against all endpoint activity in near-real time to identify bad behavior or dangerous actions.
The Global Threat Cache stores information about executable files, including the number of antivirus engines that know about the file and the number of those engines that determine the file to be malicious. This information is available for all network transactions that include an executable file.
Fidelis Insight includes the Content Analysis Platform, which includes a sandbox execution environment with active networking that allows samples to call out as they would in normal operations. Analysis is performed and the results associated with the alert created are displayed in the sandbox report that carries the malware score. Scores range from 0 to 100, where 100 indicates high confidence that the file or site is malicious.