What does Fidelis Elevate and “deception” technology bring to cybersecurity?
This year, the frequency of computer attacks reached 2,200 per day, according to data from the American National Standards Institute (1). Cyber security incidents are already part of the daily routine, but not only are they increasing in frequency – currently there is an attack every 39 seconds! –, but also in complexity.
Since the beginning of August alone, the Romanian National Cyber Security Directorate has published more than 20 alerts about high-risk threats targeting enterprise environments, such as:
- CISA warning about exploitation of Ivanti EPMM vulnerabilities,
- The APT31 malware targeting air-gapped systems of organizations in Eastern Europe,
- Linux a Abyss Locker Ransomware targeting VMware ESXi servers,
- Vulnerabilities discovered in the CODESYS V3 software development kit, etc.
They are real threats that not many companies can manage effectively. According to the Ponemon Institute (2), this year the average time to detect a security breach is 204 days, plus another 73 days required for remediation. This means almost seven months in which attackers can exploit existing vulnerabilities in various ways.
Fidelis Elevate, a complementary approach to security risks
The Fidelis Elevate platform is specifically designed to ensure protection against advanced cyber threats by addressing events at multiple levels in a complementary manner, for providing the widest possible coverage.
The platform integrates a suite of advanced security tools that ensures protection at the network and endpoint levels and provides visibility over the entire infrastructure, both in on-premises, hybrid and Cloud environments. The security solutions integrated into Fidelis Elevate are complemented by a number of innovative “deception” technologies that allow organizations to develop a proactive approach and reverse the dynamics of cyber attacks, giving security teams the time and information they need to act against them.
To ensure the most comprehensive approach to security challenges, the platform integrates three main modules:
- Fidelis Network
- Fidelis Endpoint
- Fidelis Deception.
Fidelis Network provides extended visibility into users and network traffic, including encrypted traffic, giving companies the ability to quickly detect, neutralize and protect against network intrusion and data exfiltration attempts before they affect business processes.
Fidelis Network uses real-time analytics tools and scans all network traffic (East-West and North-South), on all ports and protocols, to identify threats and indicators that may signal a possible data leak. Proprietary Deep Session Inspection technology provides contextual metadata for all file and content formats, used by built-in Machine Learning algorithms to automate threat detection and response processes. Fidelis Network collects over 300 types of metadata to provide extensive visibility and the most accurate threat detection. It also automatically identifies and classifies all network components and calculates a risk score based on reported vulnerabilities, implemented security rules, threat type and asset criticality level.
The main benefits of using Fidelis Network are:
- Improving the speed and efficiency of the detection process,
- Extending visibility over the entire infrastructure, using an interactive map ranked according to the level of risk and the degree of criticality of the components,
- Increasing the operational efficiency of the security team, by delivering centralized risk assessments and reports,
- Automatic threat detection through real-time traffic analysis and anomaly detection, combined with contextual information and data provided by Threat Intelligence services,
- Reducing the number of false positive alerts, which are automatically validated and correlated,
- Improving threat response time by automatically grouping related alerts and analyzing them through an extensive suite of dedicated tools (sandboxing, DLP etc.).
Fidelis Endpoint provides complete visibility, detection and response across all devices on and off the network, enabling security teams to quickly detect threats and stop attacks and threats before they disrupt business processes and compromise data integrity.
Fidelis Endpoint integrates real-time monitoring and response solutions and retrospective analysis of endpoint behaviors for Windows, Mac and Linux systems. The module automatically detects threat indicators and issues alerts, the data provided speeding up investigations and protective measures. Fidelis Endpoint provides secure, remote access to each endpoint’s disk, files and processes, reducing the detection and response times.
The module can collect data from multiple sources, integrate with SOAR platforms, compare existing data with threat intelligence streams and known vulnerabilities, and isolate compromised equipment.
The main benefits delivered by Fidelis Endpoint are:
- Extended visibility, in real time and retrospectively, of all activities carried out at the level of the terminal equipment,
- Quickly detect and block threats using a single-agent architecture that operates on and off-grid, delivers automated responses, and integrates natively with Fidelis Deception technology to deceive attackers,
- Reduction of investigation time – Fidelis Live Console allows speeding up incident response and intelligence gathering, ensuring full and fast access to registries, processes, files, disks, etc.
- Complete response to advanced threats – the module uses the MITRE ATT&CK framework to provide information about attacker techniques, tactics and procedures, based on which optimal response solutions can be determined,
- Increase operational efficiency – Fidelis Endpoint enables the automation of time-consuming security tasks by creating custom auto-response Playbooks and scripts.
Fidelis Deception alters attackers’ perception of the attack surface by creating false targets and decoy files that prevent them from reaching their goals and slow down their attempts to penetrate protection systems.
Fidelis Deception thus helps companies to get the time needed to understand the techniques, tactics and protocols used by attackers, to counter the attack and prevent future intrusions. The information obtained can be used to improve the speed of detection and the level of protection, as well as to automate response measures, thus ensuring superior cyber resilience.
Fidelis Deception delivers to organizations a series of solid gains that help ensure the continuity of business processes:
- Identification of risk areas and existing vulnerabilities – the module allows establishing the risk level of infrastructure assets, enabling organizations to anticipate attackers’ targets and adopt proactive protection solutions.
- Optimizing security team efforts – Fidelis Deception enables automatic deployment of multiple types of false targets, in tiers, with reduced configuration and administration effort, monitoring alerts generated by decoy files can be performed by any member of the IT team.
- Removing attackers from critical equipment and applications – by misleading and creating false leads, attackers are prevented from discovering key assets within the organization, buying time to take appropriate blocking measures.
- Reducing detection and response times – Fidelis Deception ensures that the time to resolve security events is reduced from weeks and months to hours and minutes by quickly detecting anomalous behavior and operating within the attacker’s decision cycle.
- Obtaining and accumulating relevant threat intelligence – the behavior of false targets is actively analyzed in sandbox environments, enabling organizations to understand the causes of anomalous activities and obtain valid information to improve their proactive cyber defense strategy.
The advantages of the integrated approach
By natively integrating Fidelis Network, Fidelis Endpoint and Fidelis Deception into a coherent security architecture – Fidelis Elevate – organizations get an active XDR platform that helps them detect earlier, respond faster and recover more easily from attack. Fidelis Network gives you deep visibility into networks, across all ports and protocols, and strengthens security operations with proactive and predictive techniques in on-premises, hybrid and Cloud infrastructures. Fidelis Endpoint enables you to quickly spot indicators of endpoint-level compromise, analyze and correlate them with contextual metadata, and automate response measures. Fidelis Deception enables you to take a proactive approach to cyber security by automatically creating false targets, removing attackers – internal or external – from critical infrastructure assets and improving the effectiveness of threat detection at the network and endpoint level.
Safetech Innovations provides full implementation, configuration and customization services for the Fidelis Elevate platform based on each organization’s specific security needs and requirements. In addition, companies can choose to use the Fidelis Elevate platform together with security incident monitoring and response services provided by Safetech Innovations’ STI CERT team, to achieve a higher level of protection, access to superior cybersecurity expertise and reduce the level of loading of internal IT teams.
For more information about our services and commercial proposals, we invite you to contact us by email at [email protected] or by phone at +40 21 316 0565.
1 – https://blog.ansi.org/iso-iec-27032-2023-cybersecurity-guidelines/
2 – https://newsroom.ibm.com/2023-07-24-IBM-Report-Half-of-Breached-Organizations-Unwilling-to-Increase-Security-Spend-Despite-Soaring-Breach-Costs