Attendees enjoyed breakfast with a view as Fidelis’ UK Director Andrew Bushby presented “The Best of Both Worlds: A New Approach to Network Security” at The Shard, London on 4 April 2017.
Taking to the floor, Andrew highlighted the challenges facing traditional intrusion prevention systems (IPS). Originally designed to identify attacks targeting known vulnerabilities, traditional IPS have stood still while attackers have moved on using unexpected pathways to target clients and distributed endpoints. He explained that traditional IPS look solely at a packet level. Comparing the system to number plate recognition, he stated that the system could recognise the number plate but the driver could be driving another car, therefore the threat is not identified.
Helping to solve this problem, Fidelis created its Next Generation Intrusion Prevention System (NGIPS). Unlike traditional IPS, its solution reassembles and analyses network sessions - and not just packets – looking at the content of communication in real time across all ports and protocols. Andrew explained that it looks at the ‘outermost wrapper’ then works its way down from there enabling deep session inspection.
Furthermore, the solution detects attacker behaviour including lateral movement and the staging of data for exfiltration. It then automatically applies this new intelligence to rich metadata from networks and endpoints so that it is possible to detect attacks in the past and see additional context. This includes, what code has been run, the network connections it has been talking to and what files have been run. According to Andrew, the solution asks endpoints to look for established threats, isolates them, investigates, then cleans up. The NGIPS is said to help organizations optimise their security stack by consolidating the second layer of defence.
According to Fidelis, the integrated forensics issued with each alert shows what was happening before and after the alert, helping to shrink the time to detect, validate and treat alerts from days to minutes. Moreover, it provides validated alerts which helps solve the problem of alert fatigue often experienced within IT teams.
Andrew Bushby then went on to discuss the benefits of Fidelis Cloud. This Fidelis service maintains the infrastructure from the cloud allowing organisations to focus on security. Alternatively, Fidelis Enterprise enables on-premise deployment. This has been designed for organisations who prefer to maintain and manage all appliances and software.
Further reading about Fidelis’ Next Generation Intrusion Prevention system can be found here.