Content

Fidelis Cybersecurity Deception 9.2.1

Fidelis Deception is one component of the Fidelis Elevate platform,  which combats the spectrum of cyberattacks by providing full visibility across hybrid, cloud and on-premises environments. Elevate automates threat and data theft detection to empower threat hunting and optimize incident response by providing context, speed and accuracy.

By integrating bidirectional network traffic analysis with detection, response and automation Fidelis leverages its Elevate platform to capture rich metadata and content leveraging. As a result, security teams benefit from real-time, retrospective analysis and the tools they need to effectively hunt for threats in their environment.

Fidelis Deception alerts an organization’s cyber terrain by automatically deploying decoys and breadcrumbs that misdirect threats to a deception environment. As networks change, the decoys adapt to match. Each decoy has its own IP and appears to be just another element in a network. Breadcrumbs, which add context to the deception story, lure attackers to the decoys. Registry keys placed on existing networks provide credentials to the fake assets and decoys. Fidelis’s goal is to catch attackers inside the network by luring them into decoys, sophisticated data traps and Active Directory deception. By interacting with and distracting attackers, Fidelis reports on the full attack story via Security Visibility, which uses asset profiling, anomaly detection, forensics and threat/kill-chain analysis to learn TTPs and build a storyboard.

Deception is deployed over a four-step process.

During step one, Fidelis sniffs and identifies assets in an environment.

Decoys are deployed in step two and automatically set up based on real assets are set-up in an adaptive, ongoing process. For example, decoy data servers are deployed alongside the real data servers. The product offers three different decoy options. In emulation mode one server responds as multiple machine types. Each server can accommodate up to 1,000 decoys so that Fidelis Deception can easily scale up and maintain detailed control of everything occurring. The RealOS mode provides additional realism but requires more resources to maintain full-blown operating systems. The product provides Windows and Linux out-of-the-box offerings. An organization also can offer a golden image of a server already in its environment and the tool will make a decoy based on that image.

In the third step, breadcrumbs are deployed in a highly targeted placement so that breadcrumbs match decoys and assets found on the network. Security teams can create several breadcrumb generators and run them in multiple ways. Network deception traps create more noise on the networks to lure attackers and by generating different types of traffic make decoys more enticing.

The final step takes deception to the Active Directory by connecting to a server and planting fake information. Fake users, and ongoing fake information, are placed on the Active Directory server with which the decoys communicate.

Starting price is $19 per user for 501 users. Support offerings include online, phone, email and customer web portal. Professional services like installations, training, incident response and security assessments are offered as well.

Product title
Fidelis Cybersecurity Deception 9.2.1
Product info
Vendor: Fidelis Cybersecurity Price: $19 per user for 501 users. Contact: https://www.fidelissecurity.com/
Strength
The asset discovery and classification, the automated decoy and breadcrumb deployment, the ability to ensure an always-current/adapting deception environment as changes occur within an organization’s real environment, and the ability to provide flexible decoy options – both via emulation and real OS VM.
Weakness
None that we found.
Verdict
Fidelis’s goal is to catch attackers inside the network by luring them into decoys, sophisticated data-traps and Active Directory deception.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds