Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

3/5/2019
11:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Fidelis Cybersecurity Delivers Innovations to Provide Full Visibility of the Cyber Terrain

Fidelis Elevate is the first platform of its kind to enable organizations to calculate their vulnerable attack surface and respond accordingly to build a robust defense.

March 5, 2019 (BETHESDA, MD) – Fidelis Cybersecurity, a leading provider of threat detection, threat hunting, and response solutions, today announced the latest release of the Fidelis Elevate™ platform. This unified platform addresses the challenges that security professionals face when hunting for threats via traditional methods such as logs, events, and alerts. Organizations can now collect network and endpoint metadata of content and context to provide real-time and retrospective analysis for detection, threat hunting, and response across complex on-premises, cloud, and hybrid environments with speed, accuracy, and clarity. 

This new release includes major innovations across the Fidelis Network ®, Endpoint  and Deception offerings. When used together as a platform, users gain unmatched insight into their organization’s cyber terrain, including identification of the vulnerable attack surface. Fidelis fully integrates, automates, and orchestrates robust capabilities for asset discovery and classification, network data loss prevention, network threat detection and response, endpoint detection and response, forensics, and deception.

"When speaking with CISOs across the globe, they mention several interlinked challenges - improving visibility of what's really going on in their hybrid environments, getting a handle on the never-ending flood of false positives, and reducing the number of security tools in their stack that still leave blind spots for their teams to deal with," said Nick Lantuh, President and CEO, Fidelis Cybersecurity. "Collecting logs, events, and alerts actually slows their ability to detect, hunt, and respond properly. Instead, organizations need rich, indexable metadata that provides the necessary content and context for deep visibility, an understanding of their cyber terrain, and the ability to rapidly and accurately respond. Ultimately if you don’t know your terrain, then you don’t know what to defend…and if you don’t know what to defend, then there is no way for you to ensure a robust defense."

The Fidelis Elevate platform now offers the ability to continuously discover, classify, and assess assets, including laptops, desktops, servers, enterprise IoT, shadow IT, and legacy systems. Fidelis Endpoint discovers all software installed on these assets, while continually running vulnerability assessments and alerting on any installed vulnerability. Fidelis Network maps all communications surrounding each device to visualize potential attack paths between assets. These newly integrated capabilities combined with rich meta data provide security professionals with the visibility and context needed to take action in reducing the attack surface and effectively protect vulnerable assets. 

The release also cements Fidelis as a leader in the emerging deception technology space, offering the widest range of decoys available, as well as becoming the first vendor to offer a network security platform that integrates a fully functional deception product. Fidelis decoys offer customers more features and management than any other vendor. With this expansion, the company now provides a full range of deception layers, including solutions for organizations that desire a safe and smart deception alarm system, as well as researchers who desire to learn TTPs and analyze code for attribution and mitigation from real OS VM decoys. 

Key platform innovations by product line include:

Fidelis Network:

  • Discover, Profile and Classify Your Network Terrain: Fidelis continuously discovers and classifies network assets, including enterprise IoT, shadow IT, and legacy systems. Whenever network threats are detected, the knowledge of the asset under attack is critically important and usually not available to the network sensor – until now. 
  • Gain Visibility of Threats Hidden in Encrypted Traffic: Fidelis can profile encrypted TLS traffic and can uncover problems with certificates, weak encryption, and the ability to apply a patented approach to determine human vs. machine browsing activity. The TLS dashboard presents a view into encrypted traffic running in your environment which can uncover malicious usage.

Fidelis Endpoint:

  • Identify Assets, Software Inventory, and Vulnerabilities: Fidelis Endpoint now provides details on software name, publisher, version, and install date. Customers can now cross-reference this information with known vulnerabilities to map their vulnerable endpoint attack surface. Copies of first seen executable files and scripts are also collected, addressing the problem of malicious software that will often delete files to hide traces and evade detection.  
  • Endpoint Prevention: Fidelis Endpoint provides process blocking with OpenIOC hashes or YARA rules for increased prevention independent of AV engine choice. The Fidelis AV feature is optional, which allows Fidelis Endpoint to coexist with any AV engine and add complimentary process blocking based on threat intelligence feeds.

 

Fidelis Deception:

  • Flexible Decoys via Emulation and/or Real OS VMs: Decoy servers support both emulation and real OS VMs in customer environments and licensing enables wide spread use, not just specific VLANs.  Fidelis Deception is unique with its continuous asset profiling and classification of a customer’s cyber terrain to automate decoy creation and deployment.

 

  • High Performance Network Sensors: The latest version of Fidelis Deception is fully integrated with Fidelis Network Sensors which provide a 5X improvement in performance to 10G network speeds. Deception also shares the same UI and alert / conclusion database as Fidelis Network to allow visibility and management of all alerts from Fidelis Elevate into a single pane of glass.

"Fidelis Elevate provides a security ecosystem that gives our customers visibility across their entire environment to hunt for unknown threats that are missed by traditional security solutions," said Lantuh. "The data at the core of security stacks is shifting away from logs and events and towards metadata because of its richness which is more conducive to the application of machine learning and data science. Our ability to access content while providing context in real-time, combined with our understanding of network, cloud and endpoint terrain means that we help customers accurately and quickly detect, hunt and respond to advanced threats like no one else."

Fidelis Elevate is part of a wider portfolio of product and service offerings including Managed Detection and ResponseIncident ResponseSecurity Assessments and Threat Research as a Service.

The latest release of Fidelis Elevate will be generally available on March 29th.

To learn more about the Fidelis Elevate and our services, visit us at RSA booth 1441, online at www.fidelissecurity.com, or request a demonstration.

About Fidelis Cybersecurity

Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy.

By integrating bi-directional network traffic analysis across your cloud and internal networks with email, web, endpoint detection and response, and automated deception technology, the Fidelis Elevate™ platform captures rich metadata and content that enables real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment. Fidelis solutions are delivered as standalone products, an integrated platform, or as a 24x7 Managed Detection and Response service that augments existing security operations and incident response capabilities. Fidelis is trusted by Global 1000s and Governments as their last line of defense. Get in the hunt. For more information go to www.fidelissecurity.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Who replaced the "Scroll Lock" key with a "Screen Lock" key?
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-11644
PUBLISHED: 2019-05-17
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premi...