Detect & stop intrusions – Fidelis NGIPS

Posted by Katie Sadler on 27-Mar-2017

The Fidelis Next Generation Intrusion Prevention solution (NGIPS) has been designed to detect and stop modern intrusions. In this blog, we find out how this is achieved and discover additional benefits of implementation.

According to Fidelis, its Next Generation Intrusion Prevention solution can be delivered as a service from the cloud. Alternatively, it can be deployed on premise when necessary.

Fidelis explains that Traditional Intrusion Prevention Systems (IPS) were originally designed to protect computers from network based attacks which attempted to exploit known vulnerabilities. However, attackers are no longer server-centric. Instead they use unexpected pathways to target client and distributed endpoints. While attackers innovate, traditional IPSs have stood still. According to Fidelis, they live largely unchanged in scope, generating low-value alerts for security teams while attackers slip past them in pursuit of high-value targets.

How it works…

The Fidelis solution stops attacks by reassembling sessions in real time across all ports and protocols. The company explains that it then recursively decodes the content at line speed. This allows it to see exploits buried deep inside the content that packet-based NGIPS have been missing.

Fidelis-Solution-Overview[1].jpg

Solution benefits…

Using a session-based approach allows it to go beyond packet-based signatures. Consequently, Fidelis can see the entire inbound and outbound communication stream, allowing the solution to detect attacks that slip by packet-focused IPSs.

The Fidelis NGIPS also detects intrusions in real-time and in the past. The company states that new intelligence is automatically applied to rich metadata from networks and endpoints to detect attacks in the past.

Furthermore, the solution focuses on threats rather than just vulnerabilities. According to Fidelis, Yara-based rule sets are used which are better suited than Snort for detecting modern threats. In addition, they also generate fewer false positives.

Elsewhere, out-of-the-box integration automatically validates network alerts. From this, it is possible to see which endpoints are impacted; action can then be taken remotely.

In addition, Fidelis provides integrated forensics with each alert. Therefore it is possible to see what was happening before and after an alert.

The below video by Fidelis provides additional information on the solution:

Upcoming events

If you would like to find out more, register now and join us for the free Fidelis Breakfast Briefing:

Mar_FidelisBreakfastBriefingHeader.png


04 April 2017 | The Shard | London

Join us for the Fidelis breakfast meeting taking place on the 04 April from 08:00 – 10:30 at The Shard, London.

Hear Fidelis’ Andrew Bushby, UK Director, and Adam Burt, Senior Engineer, as they discuss
“The Best of Both Worlds: A New Approach to Network and Endpoint Security.” In this talk you’ll learn how to:

  • Detect intrusions traditional IPSs can’t see
  • Reduce time to respond and resolve threats by 15X
  • Optimise your security stack

Confirm your Attendance

 

Topics: cyber security, Next Generation Intrusion Prevention, Fidelis

Recent Posts

Securing The Future

Cyber Insights

Stay up to date on the latest developments in cybersecurity with the Cognosec blog. 

Remember:

  • We help organizations reduce cyber risks and become resilient to attacks by assessing their processes, procedures and systems for non-compliance and vulnerabilities. 

  • We assess, design, implement and manage solutions that protect critical IT infrastructure and data assets.

  • We are a NASDAQ-listed, agile EMEA company operating across the public and private sectors.

Subscribe to Cognosec News