- What are the benefits of a company / organization updating to a Modern Intrusion Prevention System compared to an existing traditional Intrusion Prevention System (IPS)?
Fidelis’ Next Generation Intrusion Prevention systems (NGIPS) provides organizations with a number of benefits over traditional Intrusion Prevention Systems (IPS). Firstly we are able to truly inspect the content of the network session, not just packets. Secondly we don’t focus on initial exploit but all phases of the intrusion. Finally we don’t just detect intrusions in real time, we can also evaluate threats in the past.
This gives us a unique level of network visibility. We see more and are able to act in real time to prevent the threat but more than this, we are able revisit the past to understand what has happened. This allows us to take new threat indicators and check to see if any have previously made it through the front-door.
We then take this to the next step by automatically validating an attack on the endpoint to show us if an exploit has made it to the machine. We can see what happened when it was executed, - files created, network connections made, processes started, everything we need to fight the attacker, from investigation through to resolution.
It’s also key to realise that NGIPS helps organizations optimise their security stack by consolidating the second layer of defence much in the same way as next generation firewalls have consolidated capabilities in the first line of defence.
- What is the average time scale for detection using Fidelis’ Modern Intrusion Prevention System?
In short, instead of days or weeks, Fidelis automates the process so you can go from alert to resolution in minutes. We have customers that find they can investigate 15 x more alerts in the time it would have taken them to investigate a single alert using a traditional approach. - How does the Fidelis solution respond to threats? Does it require manual a response from security teams?
Because we’re analysing the network sessions in real time and because we have “eyes on the endpoint” Fidelis provides much more information about each alert. We can tell you exactly what was happening before and after the alert – on the network and the endpoints, in addition, we give access to all associated files. We can show you if something similar has happened across your network and/or endpoints and much more. And we do it all within a few clicks and a few seconds. Without Fidelis, getting this information would take days or weeks, relying on experienced analysts teams, and in many cases it wouldn’t even be possible to get it.
Thus it’s a combination of prevention for known and unknown threats, automation and also providing the best tools and intelligence for investigation and response for the most complex threats, to make sure you can kick attackers out of your environment in a fraction of the time it takes using traditional approaches. - Does the solution provide analysis about alerts / threats?
The benefit of the solution is not only that it highlights alerts but also validates and shows the extent of lateral movement. We also provide details on the threat, scope of threat and tactics using Fidelis’ curated threat intelligence. - Once detected and a response activated, what defence is then put in place?
Once we have learnt about new threats these can be added to the known threat list and prevented in future, we also able to hunt for previous cases of these threats. - And finally, what are your five top tips for companies / organizations who’s objective it is to withstand a significant cyber-attack?
- Put the best network defence in place possible, both a NG Firewall , and a NGIPS that inspects not only content but also provides context
- Have capabilities to not just prevent, but investigate and respond (something will get through at some time)
- Have a response plan that been tested and re-tested
- Keep systems patched to the latest levels
- Educate your staff on what to do in the event of receiving a phishing email, or other cyber threat, company policies and what not to do!
