Advanced Threat Defense

General Dynamics Fidelis Cyber security Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today’s sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence with our Network Defense and Forensics Services, delivered by an elite team of security professionals with decades of hands-on experience, and our award-winning Fidelis XPS™ Advanced Threat Defense Products , which provide visibility and control over the entire threat life cycle.

Network Visibility, Analysis, and Control

Designed to handle the most demanding network environments, Fidelis XPS is the industry’s only network security appliance with the power to deliver network visibility, analysis, and control over all ports and all channels in real-time, to defend against advanced threats and prevent the possibility of a data breach on multi-gigabit-speed networks. Unlike other solutions whose payload decoders require the entire file to be presented before analysis may begin, Fidelis XPS’ patented Deep Session Inspection platform conducts full session inspection on partial sessions, making it the only network security solution to see, study, and stop advanced threats on direct-to-internet traffic in real-time.

fidelis

Fidelis XPS enables your organization to:

• Gain proactive situational awareness through visibility over the entire life cycle of the threat with actionable threat intelligence feeds and malware detection engine

• Control both proxied and direct-to-internet traffic

• Inspect all network traffic including attachments and compressed files, for sensitive content

• Stop unauthorized traffic based on content, users, application, and/or protocol

• Visibility and control over malware and non-malware based threats, post-intrusion command-and-control, lateral propagation and exfiltration

• Visibility and control over all ports and protocols

• Scalablity up to tens of Gbps

• Network memory and correlation through recording of rich metadata on all sessions

• An open, flexible platform with ability to create custom rules and consume third- party threat intelligence to identify threats

Deployment of Fidelis XPS Network Appliances

Fidelis XPS, has a two-tiered Deep Session Inspection architecture that consists of multiple policy sensors placed around the network to detect and/or prevent advanced threats/attacks and the exfiltration of data, and a central management console, Fidelis XPS CommandPost™, to distrib- ute policies and then collect and organize alerts. Each of these components is delivered as a preconfigured network or virtual appliance.
deploy

Fidelis XPS Collector:

Fidelis XPS Collector enables storage, query, and correlation of all sessions on the network, whether or not the session has been identi- fied as malicious through storing session metadata derived by Fidelis XPS sensors, which are capable of decoding all sessions on high capacity networks.

•Gain deep and persistent visibility on all traffic at key monitoring points.

•Monitor all stages of the threat lifecycle and detect malicious sessions designed to evade security tools that rely on knowledge of the threat or it’s behavior for identification.

Fidelis XPS Direct:

The Fidelis XPS Direct sensor monitors and enforces policy across all 65,535 ports on the network. Deployed at the network egress point, the Fidelis XPS Direct sensor can see and manage all direct- to-internet traffic at multi-gigabit-speed.

•Choose implementation as an out-of-band sniffer, or as an inline layer 2 bridge.

•Sessions with policy violations can be prevented by

terminating individual network sessions using TCP poisoning or by dropping traffic, depending on the configuration.

Fidelis XPS Edge:

The Fidelis XPS Edge sensor is designed to monitor and enforce policy for traffic flowing to the internet via all ports, and via ICAP- enabled web servers— consolidating the function of Fidelis XPS Direct and Fidelis XPS Web into a single network appliance that is perfectly suited for a remote office environment.

•Delivers comprehensive visibility and control for all outbound net- work traffic to meet the needs of organizations with decentralized network egress points and the requirement to deploy market- leading network security at the remote office level.

•Simplifies deployment at the internet gateway by consolidating network security functionality into a single sensor.

Fidelis XPS Internal:

The Fidelis XPS Internal sensor provides an unprecedented level of visibility into and control of how information is used and misused across the enterprise by monitoring internal network traffic at gigabit speed without endpoint installations. It enables policy enforcement on both inter-departmental transfers within the organization and on potentially sensitive transfers out of the data center.

•Monitors and enforces policy for internal traffic while logging authorized data extracts and preventing unauthorized access.

•Supports Oracle and DB2 databases, SMB/CIFS/SAMBA file transfers, and LDAP queries.

Fidelis XPS Mail:

The Fidelis XPS Mail sensor monitors and enforces policy for SMTP e-mail traffic, gracefully handling e-mail including quarantine, sender notification, and redirect to e-mail encryption solutions.

•Choose implementation as a mail transfer agent (MTA) accepting traffic from internal mail servers and delivering to the organization’s mail gateway, or as a Milter to inspect traffic flowing through an existing MTA.

•Messages with policy violations can be managed by preventing delivery, quarantining for further review, or redirecting to another mail gateway for secure delivery. Sender notification of the policy violation is configurable.

Fidelis XPS Web:

The Fidelis XPS Web sensor monitors and enforces policy for traffic flowing through ICAP-enabled proxy servers. Sessions with policy violations are prevented by terminating the session or by redirection to a policy page.

•Provides SSL traffic inspection (when paired with a proxy server with SSL termination capability).

•Redirects users to configurable policy page when transmission is prevented.

Fidelis XPS provides five different types of sensors (Fidelis XPS Direct, Fidelis XPS Edge, Fidelis XPS Internal, Fidelis XPS Mail, Fidelis XPS Web) and full session metadata recording (via Fidelis XPS Collector), with all systems managed by the Fidelis XPS Command Post management console. All sessions with policy violations are detected by the sensors and forwarded to CommandPost for centralized alert management, issue tracking, and storage. In addition, all policy management, user administration, and system configuration are handled from CommandPost.

How Does Deep Session Inspection® Work?

Fidelis XPS was designed specifically to see, study, and stop advanced threats enabling the prevention of data exfiltration. Its patented Deep Session Inspection technology employs a unique five-step process to ana- lyze network traffic–giving you the visibility, analysis, and control options you need to stop data from leaving the network. Combining accuracy with speed, the steps are executed in memory (not on disk) so that advanced threats and data breaches can be prevented in real time even on multi- gigabit-speed networks.

When a policy violation is found, Fidelis XPS issues an alert and can also drop the session or inject resets (based on the configuration), preventing data from leaving the network. Fidelis XPS is the only network security solution that can be implemented out-of-band, enabling prevention with no impact on network performance.

howdeep(1)



Related Articles

DT Asia 企業IT安全解決方案概述

*****OneIdentity Syslog-Store Box – 集中日誌收集和管理解決方案 syslog-ng Store Box™(SSB)是一種高性能,高可靠性的日誌管理設備,它建立基於syslog-ng Premium Edition的優勢。使用SSB,您可以搜索日誌,透過細粒度資料存取策略保護敏感信息,提供報表以證明合規性並將日誌數據轉發到第三方分析工具。通過利用syslog-ng日誌處理和過濾功能,您可以通過減少數量並提高SIEM數據的質量來提高SIEM解決方案的性能。 syslog-ng Store Box™(SSB)主要特點: – 收集和索引 – 搜索和報告 – 存儲和轉發 – 保障日誌數據安全   ***** Fidelis網絡安全:威脅檢測和反應解決方案 ( Not for China Market ) Fidelis Network: 識別威脅和數據泄漏需要對所有形式的內容進行深入檢查和分析,包括解壓縮和提取深層嵌入的文件。 Fidelis Network可以雙向掃描所有網絡流量,無論任何端口或協議,都可以顯示網絡和應用程序協議,文件和內容。 通過進行實時網絡分析並識別indicate compromises的行為,Fidelis Network為主動發現攻擊者,可疑主機和惡意軟件提供自動檢測。 包括可以放置在整個網絡中的多個傳感器,以實施預防策略。這些傳感器可以根據您的網絡配置和預防容差放置在線或帶外。 Fidelis Network利用我們業界最佳的內容解碼和檢測引擎檢測並防止數據被盜。充分了解滲透嘗試並確保您的敏感數據安全。 Fidelis Endpoint: Fidelis Endpoint提供對所有端點活動的可見性,包括進程操作,登錄用戶,註冊表寫入,文件系統活動和內存。通過應用Fidelis了解威脅情報,自定義警報規則,YARA和OpenIOC格式來分析,警報和收集系統事件,從而檢測威脅。無論端點是在網絡上還是離線,Fidelis的可見性始終處於開啟狀態。 通過執行系統附帶的任務或為您的環境自定義的任務,自動響應任何檢測。響應任務包括端點隔離,創建和使用還原點,進程終止和文件刪除。您還可以快速啟動調查,包括內存分析,漏洞掃描和系統清單。通過與Fidelis Elevate整合,對網絡中檢測到的威脅執行響應操作。 Fidelis Endpoint可以通過Fidelis AV進行增強,因此您可以準確了解威脅的來源。 Fidelis AV提供傳統的簽證和基於啟發式的檢測以及端點上的威脅防護。進程掃描允許用戶通過雜湊或使用易於創建的YARA規則來阻止進程的執行。 Deception: 對所有網絡資產,通信路徑和網絡活動進行分類,以分析您的用戶,服務和資產。結果是包含所有資產的網絡配置文件,包括服務器,工作站,企業物聯網設備和影子-IT。隨著環境中發生的變化,配置文件會不斷調整。 從自動發現環境,利用準確的信息自動生成欺騙層的誘餌。誘餌具有與環境匹配的配置文件,服務和活動,以及用於放置在附近真實資產上的推薦面包屑,以作為誘餌的誘餌。配置選項可用於自定義欺騙層。 […]

Secured file transfer solution

GoAnywhere MFT™ is a managed file transfer solution which automates and secures file transfers using a centralized enterprise-level approach. Incorporating GoAnywhere MFT will save you time and money, improve security and help your organization to meet compliance requirements. Protecting sensitive data is of paramount importance in today’s environment. GoAnywhere MFT will provide a safe and audited method […]

Privileged user monitoring

SHELL CONTROL BOX Shell Control Box is a user monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise device, completely independent from clients and servers – integrating seamlessly into existing networks. SCB is a core component of […]

Syslog Management Solution

SYSLOG-NG STORE BOX The syslog-ng Store Box™ (SSB) is a high-performance, high-reliability log management appliance that builds on the strengths of syslog-ng Premium Edition. With SSB, you can search logs, secure sensitive information with granular access policies, generate reports to demonstrate compliance, and forward log data to 3rd party analysis tools. COLLECT AND INDEX LOG […]

Contact DT Asia Group Hong Kong

Address: Unit 929, Kowloon Bay Industrial Centre,
15 Wang Hoi Road, Kowloon Bay, Hong Kong
Tel: +852 58010001
Emailsales@hk.dtasiagroup.com

Like Our Facebook Page :)