The core of Fidelis Security is its patented technology, Deep Session Inspection (DSI), which scrutinizes the content of network sessions across all ports and protocols in real time to detect data policy violations, sensitive information and advanced threats. It processes, reassembles and iteratively decodes all packets for analysis. This recursive approach to information decoding lets Fidelis delve into network protocol tunnels, documents with embedded objects and archived files to uncover sensitive information not otherwise visible.
There are four main components of this product: sandboxing, threat intelligence, data science and the response automation and analytics engine. Sandboxing covers execution analysis, file and web analysis and machine learning-based malware detection. Threat intelligence comes from Fidelis Insight, third-party threat intelligence and customer-defined intelligence. Data science encompasses both statistical analysis and supervised learning models. The response automation and analytics engine provides real-time analysis for efficient detection and response and historical metadata for threat hunting and investigations.
DSI comes equipped with various automated threat hunting tools, including packet protocol investigation. The patented technology groups together all packets and sessions and groups based on commonalities. It then dumps them into a session buffer to look at all ports and protocols. If DSI cannot determine a packet’s protocol, the protocol is classified as unknown. DSI leverages deeply granular inspection of all packets with unknown protocols, looking for different types of obfuscation techniques in real time and across every sensor. With 17 different content analysis engines, Fidelis can isolate and extract individual communication objects for particularized analysis in real time.
Administrators often need to use IPs to identify acting users and their PCs. They can query Active Directory to determine this information and add it to metadata and alert details. Administrators also can deploy decoys onto their environment, enticing bad actors with the promise of sensitive data then alerting security teams once threats engage with their bait.
The dashboard is clean and provides a abundant high-level data. Building policies and rules is intuitive. Putting together different types of indicators of compromise to create rules and policies is straightforward and effective. An embedded OCR scanner added to the mail sensor decodes outgoing mail messages and scans attached images and PDFs.
Pricing is tiered, based on network bandwidth and deployment model, starting at $69,000 annually for a cloud-based, 250MB network. It includes 24/7 global phone, email and web support. Annual support and threat feeds are available for on-premises deployments for 22 percent of the annual license fee.
Tested by Matthew Hreben