Advanced Persistent Threats

Modern attacks are constantly evolving to evade firewalls and penetrate the perimeter. Enterprises have evolved with a patchwork of systems strung together that create more complexity than the problems they solve. Security teams don’t have the visibility across networks and endpoints, automation to maximize resources and lack the capability to detect and respond to cyber threats facing them today.

Our APT Solution is built to deliver automated detection and response across networks and endpoints. Engineered to deliver comprehensive visibility, alert validation and increased response, in real-time and in the past, thereby improving the effectiveness and efficiency of security teams.

Our EDR is designed for automated detection and response to today’s advanced cyber threats. It equips organizations to confidently detect, respond to, and resolve security incidents in a fraction of the time it takes using traditional approaches.

  • Deeper Visibility and Context means Deeper Insight:

Gain visibility into all threat activity at the endpoint. Monitor endpoints (in real-time and retrospectively) on and off the network. Record key events and see a timeline of suspected incidents.

  • Detect Threats Faster:

Drive real-timedetection through the use of behavioral rulesand indicators provided by the Fidelis Threat Research Team as well as Fidelis AV. Third-party feeds and custom rules can also be leveraged for threat detection. Security teams can additionally hunt for threats directly on the endpoint, in both the file system and memory using OpenIOC and Yara.

  • Automate Endpoint Response:

Respond to endpoint activity faster by integrating with SIEMs, NGFWs, and more, and by accessing a large library of response scripts with flexibility to create your own. Easily create response workflows to automatically kick off remediation or deep analysis when suspicious activity is detected.

  • Enhance your Endpoint Protection:

Detect and prevent both known and unknown malware by utilizing signatures as well as advanced heuristic scanning. Follow a detection event back through the process tree through the integration of Fidelis AV and the Endpoint Collector. Easily add hashes or generate YARA rules from endpoint event data to create robust process blocking rules.

This solution automates threat detection and response while also mitigating data leakage. It bi-directionally scans all network traffic regardless of port or protocol to reveal the network and application protocols,files, and content. It captures the complete content of any violating network communication for further investigation as well as capturing and storing metadata of all traffic for retrospective analysis.

Automated detection is achieved through real-time network analysis that reveals compromises at all stages of the attack life cycle. It can also apply newly received threat intelligence to the stored metadata and detect attacks and data theft attempts that have happened in the past. This provides a unique perspective into the past and provides valuable insights to prevent such attacks in the future. By leveraging machine learning classifiers, auto generated domain names and frequent/rare values of any network attribute can be highlighted and exposed.

  • See More, Inspect More
  • Detect Threats and Data Theft in Progress
  • Eliminate Alert Fatigue
  • Respond Faster to Breaches

Coupling proactive, intelligent deception with accurate detection technologies yields much better results than traditional approaches relying only on traffic monitoring. Intelligent deception incorporates a variety of mechanisms to lure attackers and to provide all the necessary information about attacker activities as they occur in real-time. With this approach, a multiplicity of deception assets, “decoys”, are deployed throughout the organization’s network. The decoys are both customizable and general purpose, able to entice and sidetrack attackers and malware.

Today’s attackers tend to be highly intelligent and sophisticated. Therefore, in order for deception to be effective, decoys have to be both attractive and credible.

They must:

  • Publish themselves on the network
  • Respond when approached (e.g. responding to pings or NetBIOS queries)
  • Interact with the surrounding environment such as being registered to Active Directory, DNS servers, etc.
  • Create a trail of breadcrumbs on endpoints leading to decoys using mini traps, shared folders, file links, etc.
  • Emulate actual services running on real servers.
  • Present a TCP stream like servers they emulate including the exact OS flavor (e.g. Windows, Linux, etc.).
  • Hold data like the network they are emulating (e.g. directories, file names, web pages, etc.).
  • Contain ports and services that are open or closed like a real environment using TCP drop, Accept, Reject, etc.
  • Automated and programmatic configurations based on the network being monitored
  • Manual configuration and tuning of all facilities within the deception environment to allow for more advanced and on-the-fly settings.

Web & Phishing Isolation

Our web isolation solution executes all web content in our cloud-based, always-on secure browsers, not on your user’s devices. That’s why our customers report total elimination of web malware infections, 95%-plus declines in credential loss, and material declines in the amount of corporate data leakage. All of this with no change to the browsing experience.

 

  • Web Isolation
  • Document Isolation
  • Email Link Isolation

     >>   For more info, download the product brochure

SSL Visibility

All-in-one network appliance designed to analyze and control SSL traffic and deal with various security threats without the hassles of re-configuring existing network appliances already deployed on your network.

Our SSL Visibility Solution can integrate with both inline appliances and other network devices by providing a serious of models based on 100M/1G/10G network interface and processing capability. We offer maximum reliability with a built-in bypass card and an optional SSL acceleration card to guarantee fast SSL traffic processing. Our TST (TCP Session Transparency) technology provides strong and selective traffic decryption and seamless network transmission while monitoring entire traffic transparently comes from all network ports.

It is an essential network appliance that provides session-based analysis about the entire network flow including SSL-encrypted traffic which was a previously impossible target through L7 analysis.

     >>   For more info, download the product brochure

Privileged Accounts & Identity Management (PAM-PIM)

Our Solution provides a security blanket that sites on top of all Network infrastructure, Security Infrastructure, Operating Systems and Databases. All IT Administrators like Sysadmins, Database Administrators, as well as Application Administrators are allowed to logon to their respective systems only by using a unique user-id & password and OTP(one time password) provided to them. Once logged in, view/modify access is providing on “need to know” and “need to do” basis.

Further, activities carried out are recorded and complete audit trails are maintained. The solution provides a secure umbrella around the data stored in various systems.

  • Single sign on
  • Dual factor authentication
  • Password vault
  • Granular access control
  • S.M.A.R.T. audit trails
  • One admin control
  • Virtual grouping
  • Live dashboard
  • Agentless Approach
  • Non-Java based architecture
  • All components are developed by ARCON
  • Support for more than 200+ connectors out of the box for Password Management, & Session Recordings
  • Enterprise Grade Password Vault
  • Workflow Support
  • Text & Video Based recordings
  • Strong Authentication Support for Biometric, Inbuilt OTP, Radius
  • Application White-listing and Blacklisting for windows and Command Controls for SSH

     >>   For more info, download the product brochure

In contrast to legacy auditing solutions, our IT System Auditing solution delivers visibility and control across all of your on-premises and cloud-based IT systems in a unified way. This IT audit platform provides a single-pane-of-glass view across the entire IT infrastructure that enables IT teams to quickly detect suspicious behavior and investigate it thoroughly, with Endless integration possibilities with a RESTful API

  • Auditing for Active Directory
  • Auditing for Exchange
  • Auditing for SQL Server
  • Auditing for File Servers
  • Auditing for VMware
  • Auditing for Windows Server