Description: There really is little, if anything, that XPS cannot do in the digital forensics detection, analysis, prevention and response arena.
Price: Starts at $100,000
SC Labs Reviews
Reviews from our expert team
With last year’s acquisition of Resolution1 Security, Fidelis Cybersecurity expanded its network solutions portfolio to offer comprehensive endpoint detection and response. At the core, Resolution1 is one that has led a charmed – though somewhat complicated-life. It started as a product of AccessData, spun off as Resolution1 Security, and was subsequently acquired by Fidelis. Fidelis has started to integrate Resolution1 into XPS and will continue to expand both platforms to provide greater visibility and detection to stop threats. It is one of the real success stories of this market space and we have been keenly following it since before the product was publicly available.
At a glance
Product Fidelis XPS
Price Starts at $100,000.
What it does Full-featured next-generation active breach protection system.
What we liked This tool does it all in the active breach arena. It is cleanly conceived and is modular so you can configure and deploy specifically for your unique environment.
This is the 800-pound gorilla, if for no other reason than there really is little, if anything, that Fidelis solutions cannot do in the digital forensics, detection, analysis, prevention and response arena. Resolution1 started life as a stitched together suite under a single user interface and as it matured, those products really became a single, tightly integrated system, complementing Fidelis XPS as the endpoint piece, with a huge amount of capability.
Fidelis XPS comes together in the XPS Command Post. This is a centerpiece that connects with the XPS Sensors which feed the XPS Collector, and, if you wish, a SIEM. The Collector is at the heart of the analytics. It really is a big database that consumes and organizes rich metadata. This is more efficient than full packet storage and the tool is smart enough to ensure that the metadata it stores fully categorizes what the source packets were.
The sensors detect threats in real time, communicate with the Command Post and feed extracted metadata to the Collector. Threat intelligence – both from the Fidelis Threat Research Team and over 50 other sources -perform execution-based malware analysis and communicate with the CommandPost as well.
Even though malware is a key focus for XPS, the product finds much more than malware. It finds attacker behavior. That means if you don’t know about a particular piece of malware you can still distinguish bad behavior. But, just in case you are dealing with a known strain, there is a seamless integration with VirusTotal.
Additionally, the tool is especially adept at detecting evasion techniques and there are lots of decoders so that just about whatever protocol is in use, Fidelis XPS can deal with it.
It is best applied in a complicated environment where there are enough endpoints, servers and subnets to make threat management difficult. It shines where the problem sets are the toughest to solve. While its predecessor might be thought of as an analyst’s tool, this is a real-time detection and prevention tool with a heavy dose of analytics, analyst capability and an indispensable SOC presence in complicated environments.