Fidelis Breakfast Briefing highlights

Posted by Katie Sadler on 06-Apr-2017

Attendees enjoyed breakfast with a view as Fidelis’ UK Director Andrew Bushby presented “The Best of Both Worlds: A New Approach to Network Security” at The Shard, London on 4 April 2017.

FidelisEvent4Apr_1.jpg

Taking to the floor, Andrew highlighted the challenges facing traditional intrusion prevention systems (IPS). Originally designed to identify attacks targeting known vulnerabilities, traditional IPS have stood still while attackers have moved on using unexpected pathways to target clients and distributed endpoints. He explained that traditional IPS look solely at a packet level. Comparing the system to number plate recognition, he stated that the system could recognise the number plate but the driver could be driving another car, therefore the threat is not identified.

Helping to solve this problem, Fidelis created its Next Generation Intrusion Prevention System (NGIPS). Unlike traditional IPS, its solution reassembles and analyses network sessions - and not just packets – looking at the content of communication in real time across all ports and protocols. Andrew explained that it looks at the ‘outermost wrapper’ then works its way down from there enabling deep session inspection.

FidelisEvent4Apr_2.jpg

Furthermore, the solution detects attacker behaviour including lateral movement and the staging of data for exfiltration. It then automatically applies this new intelligence to rich metadata from networks and endpoints so that it is possible to detect attacks in the past and see additional context. This includes, what code has been run,  the network connections it has been talking to and what files have been run. According to Andrew, the solution asks endpoints to look for established threats, isolates them, investigates, then cleans up. The NGIPS is said to help organizations optimise their security stack by consolidating the second layer of defence.

According to Fidelis, the integrated forensics issued with each alert shows what was happening before and after the alert, helping to shrink the time to detect, validate and treat alerts from days to minutes. Moreover, it provides validated alerts which helps solve the problem of alert fatigue often experienced within IT teams.

FidelisEvent4Apr_5.jpg

Andrew Bushby then went on to discuss the benefits of Fidelis Cloud. This Fidelis service maintains the infrastructure from the cloud allowing organisations to focus on security. Alternatively, Fidelis Enterprise enables on-premise deployment. This has been designed for organisations who prefer to maintain and manage all appliances and software.

Further reading about Fidelis’ Next Generation Intrusion Prevention system can be found here.

 

Topics: cyber security, Next Generation Intrusion Prevention, Fidelis

Recent Posts

Securing The Future

Cyber Insights

Stay up to date on the latest developments in cybersecurity with the Cognosec blog. 

Remember:

  • We help organizations reduce cyber risks and become resilient to attacks by assessing their processes, procedures and systems for non-compliance and vulnerabilities. 

  • We assess, design, implement and manage solutions that protect critical IT infrastructure and data assets.

  • We are a NASDAQ-listed, agile EMEA company operating across the public and private sectors.

Subscribe to Cognosec News