• Like

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Fidelis XPS: Network Security Appliance for Advanced Threat Defense


Built on a patented Deep Session Inspection® platform, Fidelis XPS™ is the industry’s only network security appliance with the power to deliver network visibility, analysis, and control over all ports …

Built on a patented Deep Session Inspection® platform, Fidelis XPS™ is the industry’s only network security appliance with the power to deliver network visibility, analysis, and control over all ports and all channels in real-time, to defend against advanced threats and prevent the possibility of a data breach on multi-gigabit-speed networks.

Fidelis XPS identifies inbound and outbound threats using a combination of deep, real-time inspection of all applications and content traversing the network coupled with dynamic threat intelligence, selective network forensics, and integrated static and dynamic malware detection and analysis technology. Fidelis XPS gives security teams broad visibility over all network threats (both malware and non-malware based), across all network ports and protocols, at multi-gigabit speeds.

The Fidelis XPS solution increases the probability of detecting advanced threats by providing a level of visibility over all phases of the threat life cycle and enables security practitioners to discover, investigate and remediate advanced threats quicker, more efficiently and more cost effectively than they can do using other toolsets and techniques. Because the Fidelis XPS technology decodes and analyzes the applications and content flowing over the network in real-time (while the network sessions are occurring), it can take an action, such as a selective recording action or a blocking action, on a network session before the session completes. The system includes a flexible, open rules engine that security teams can use to identify and track custom threats that were designed specifically to target their organizations.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Fidelis XPS: Advanced Threat Defense 1
  • 2. Comprehensive Advanced Threat Defense Solution Expertise Fidelis XPS Insight™ Threat Intelligence Services Products Network Defense and Forensic Services Fidelis XPS Network Security Products Enterprise Endpoints 2 Enterprise Network Approved for External Release, January 2013 Internet
  • 3. Fidelis XPS Advanced Threat Defense Products (Policy Definition, Forensic Analysis) Rules and Threat Intelligence SIM / SEM / SIEM Malware Execution Forensics Alert Metadata Fidelis XPS CommandPost (Non-Selective Network Memory) Query Results Fidelis XPS Collector Fidelis XPS Insight™ Malware (Dynamic Threat Intelligence, Malware Analysis) Rich Session Metadata Rules and Threat Intelligence Alerts and Recorded Sessions Fidelis XPS Sensors (Real-Time Decoding, Threat Detection) Enterprise Network Network TAP or Fidelis SSL Inspector 3 Perimeter Security (FW, IPS, Proxy…)
  • 4. Fidelis XPS Deep Session Inspection® Architecture Fidelis XPS CommandPost Dynamic Threat Intelligence Alerts, Events, Reports Configuration Management, Policy Definition, Forensic Investigation and Analysis Real-Time Content Analysis, Malware Detection Real-Time Protocol and Application Decoding Real-Time Session Reassembly (RAM) 4 Network Packets Real-Time Threat Detection (Policy Enforcement) Rich Session Metadata Storage (Non-Selective Network Memory) Fidelis XPS Collector Real-Time Content Decoding Fidelis XPS Sensors
  • 5. Fidelis XPS Threat Detection Architecture Fidelis Insight Broad Spectrum Threat Intelligence and Rule Set Custom Threat Intelligence and Rule Set •  Network session reassembly •  Network protocol and application decoding Network Traffic •  Content extraction, decompression, deobfuscation •  Content, channel and location analysis •  Non-selective session metadata extraction and storage Deep Session Inspection 5 Feedback Full Virtual Execution •  Emulation •  Cryptanalysis Extracted Objects Session Analysis Results Rich Session Metadata •  Static analysis •  Unpacking •  Session based threat detection policy logic •  Historical analysis •  Cross-session correlation Threat Detection Layer OR Visibility and Control over all Phases of the Threat Life Cycle
  • 6. Fidelis XPS Insight™ Threat Intelligence A continuous stream of high quality threat intelligence available for use by Fidelis XPS products –  Automatically consumed from Fidelis’ Internet cloud service infrastructure by Fidelis XPS CommandPost and operationalized by Fidelis XPS sensors Contains multiple forms of dynamic threat intelligence –  Phishing, malware and botnet command and control locations –  Known and suspected malware content signatures –  Advanced threat detection rules written by the Fidelis Threat Research Team Derived from a number of sources using a variety of techniques –  Active Internet scanning, heuristics, behavioral exploit detection, sandbox execution, signature matching, domain registration monitoring, DNS root server activity monitoring, malware reverse engineering, active command and control server validation, primary and secondary threat research… Included with Fidelis XPS maintenance service –  No additional charge for access to Fidelis XPS Insight 6
  • 7. Fidelis XPS Malware Detection Stack Highlights Multi-stage malware detection stack –  Uses both static (inspection based) and dynamic (execution based) technologies to identify malware –  Identifies malware and malware-associated command and control (C2) communication Very high detection rate with extremely low false positives across all malware types –  Packed malware –  Known malware and variants –  Polymorphic, customized and zero-day malware High speed, multi-threaded engine can keep up with enterprise network speeds –  Hundreds of analyzed objects per second Can be deployed in-line or out-of-band –  Can block previously identified malware in either mode 7
  • 8. Fidelis XPS Malware Detection Stack In Cloud Virtual Execution Rich execution forensics Emulation Polymorphic, customized and zero-day malware Cryptanalysis On Fidelis XPS Sensor Static Algorithmic Analysis Pattern Based Signature Analysis Malware Unpacking Deep Session Inspection Network Traffic 8 Known malware and variants Packed malware Previously observed malware, command and control communication
  • 9. Fidelis XPS Malware Detection Stack Details Virtual Execution Full virtual execution in a realistic, Internet-connected virtual client environment; identifies suspicious/malicious execution behavior; rich execution forensics Emulation Emulates the execution behavior of Windows and DOM (browser) executables; identifies suspicious/malicious execution behavior Cryptanalysis Static (mathematical) and dynamic (execution based) decryption (plain text cryptanalysis, reduced masks, decrypter emulation…) Static Algorithmic Analysis Specialized, dynamically updated programs that detect malware using stateful static analysis techniques Pattern Based Signature Analysis Pattern based content signatures (anchored and unanchored bytecode sequences, full and partial file hashes, checksums with offsets…) Malware Unpacking Deep Session Inspection Network Traffic 9 Recognition and decomposition of file objects packed with thousands of packers, installers and “gray” compression utilities Protocol, application and decoding and analysis; content delimitation, decompression,, deobfuscation and extraction; command and control communication detection; session blocking
  • 10. Fidelis XPS Malware Visibility Malware flowing over unknown TCP-based protocols Malware flowing over known protocols other than HTTP or SMTP Deeply embedded / compressed / packed / malware Fidelis XPS Vector HTTP Web Malware Protection Systems HTTP SMTP Email Malware Protection Systems SMTP FW / IPS / AV Fidelis XPS sees malware that’s invisible to other network based malware protection systems 10
  • 11. Fidelis XPS Collector Stores rich “metadata” (descriptive information) extracted from every network session by the Fidelis XPS sensors –  All network sessions, whether they triggered an XPS rule or not… Metadata includes protocol, application and content level attributes of the session –  E.g. the names and MD5 hashes of every file contained in every container transferred during the session, no matter how deeply embedded, encapsulated and/or compressed the files may have been Adds an element of non-selective network memory to the Fidelis XPS solution –  Important when looking for threats that were not recognized as malicious when they occurred (e.g. to identify previously compromised endpoints) Provides a much richer “index” of stored session information than “netflow” style sensors, NBA products or full packet capture systems –  When looking for threats, you are searching the index –  Richer index = better threat detection 11
  • 12. Fidelis XPS Vector Fidelis XPS Insight Threat Intelligence Threat Intelligence Fidelis XPS Vector Malware Virtual Execution Engine Malware Malware Analysis Results (Execution Forensics) Malware Integrated Malware Detection Engine and Management Console Perimeter Security (FW, IPS, Proxy…) •  Fidelis XPS sensor focused on network based malware detection •  High detection rate across all malware types (known, variants, customized, zero-day) and all network ports, protocols and applications •  Simple, plug and play user experience •  Low total cost of ownership (low TCO) •  Software-upgradeable to Fidelis XPS Direct 12
  • 13. Fidelis SSL Inspector All Traffic (Clear and SSL-Encrypted) Fidelis SSL Inspector All Traffic in Clear (Unencrypted) Fidelis XPS CommandPost Session Metadata Policies Alerts Fidelis XPS Collector Fidelis XPS Sensor Gives Fidelis XPS sensors visibility over all SSL/TLS encrypted traffic –  Identifies and decrypts everything over SSL (HTTP, POP3, SMTP….) – over any port Can be deployed with little or no impact on endpoints –  Transparent to endpoints when provisioned with a resigning certificate that is trusted by endpoints 13
  • 14. Deep Visibility into Embedded Content 14
  • 15. Fidelis XPS Summary Network based advanced threat defense system –  Enables organizations to discover, investigate and contain threats that bypass other network security systems Uses a multi-dimensional approach to identifying threats on the network –  Deep protocol, application and content decoding and analysis of inbound and outbound network traffic –  Content, channel and location based dynamic threat intelligence –  Integrated malware detection stack –  Selective and non-selective network memory Gives broad-spectrum visibility (and control) over all phases of the threat lifecycle –  Infiltration, command and control, lateral propagation, data exfiltration –  Increases the probability of seeing the threat at some point during its evolution 15
  • 16. Fidelis XPS Product Benefits Higher probability of detecting advanced threats – Broad-spectrum visibility over the entire threat life cycle – Content, channel and location based threat intelligence – Deep visibility into embedded content – Integrated malware detection stack – Selective and non-selective network memory Reduced exposure via rapid incident response – Real-time architecture and open policy engine enable faster incident response cycle and reduced exposure/loss – Reduce time-to-discovery and time-to-containment Network forensics at a lower total cost of ownership – Non-selective network memory with network, protocol, application and content level metadata 16
  • 17. Request more information about Fidelis XPS solutions Learn More 17 Request a Demo Contact us