IDS System: Fidelis XPS
OverviewFidelis is Providing Tools for Network Forensics and Advanced Thread Mitigation (ATM) Dealing with advanced threads, detect network sessions with particular kind of content. Fidelis XPS, detect specific network content, which can be embedded in different Layers. For Example with Fidelis XPS it is possible to extract Java-Script from PDF Documents that is RAR packed and transferred via standard Internet Protocols like HTTP, HTTPS, SMTP or other content.
Fidelis is more a network investigation toolkit then a ready to run IPS. It can be used to build a powerful data leak protection solution, or collect for deep network forensics direct packets in PCAP format. Fidelis can deal with Probes that gets the packets via TAP/CSPAN/RSPAN or Mirror-Ports or alternative with INBAND-Probes. With the INBAND-Probes Fidelis XPS can craft Reset-Packets (TCP-RST or UDP-RST) to close the sessions on both sides of the Fidelis XPS probe. Fidelis supports different chained decoding paths like IP -> TCP -> SMTP -> BASE64 -> RAR -> PDF -> Content / Signature / Keywords. With this Fidelis XPS is a unique to the Market System and DN-Systems is Fidelis Consulting Partner.
Fidelis XPS sensors can be deployed at network egress points, internal network segments, branch/remote offices, or any combination of the above. Deployments range from one to many sensors and all are managed by CommandPost, an intuitive, web-based graphical user interface for policy creation, alert management, sensor administration and configuration, and user/group administration.
The policies assigned to each sensor can be managed from a single CommandPost, yet uniquely tailored to the requirements of the network location in which the sensor is deployed. All sessions with policy violations are detected by the sensors and forwarded to CommandPost for centralized alert management, issue tracking, and storage.
Alerts are intelligently grouped in the radar by CommandPost’s. This grouping shows alerts of a similar nature and may be based on combinations of user, type of information, and channel. A user can click on any event or cluster to drill down into alert details for further analysis and action.
The Fidelis XPS CommandPost allows organizations and users to separate views, tasks, and other administrative activities by roles, alert management groups, sensor assignments, and customized views. In this way, alert viewing and management, policy administration, and report generation can be segregated by a user’s business area, region, roles, and/or responsibilities.
Fidelis XPS Direct:
The Fidelis XPS Direct sensor monitors and enforces policy across all network (TCP/UDP) ports on the network. Deployed at the network egress point, the sensor can see and manage all direct-to-internet traffic at multi-gigabit speed.
Fidelis XPS Edge:
The Fidelis XPS Edge sensor is designed to monitor and enforce policy for traffic flowing to the internet via all ports, and via ICAP-enabled proxy servers— consolidating the function of Fidelis XPS Direct and Fidelis XPS Proxy into a single network appliance that is perfectly suited for a remote office environment.
- Delivers comprehensive network visibility and control for all outbound network traffic to meet the needs of organizations with decentralized network egress points and the requirement to deploy comprehensive information protection at the remote office level.
- Simplifies deployment at the internet gateway by consolidating network data breach prevention functionality into a single sensor.
Fidelis XPS Internal:
The Fidelis XPS Internal sensor provides an unprecedented level of network visibility into and control over how information is used and misused across the enterprise by monitoring internal network traffic at multi-gigabit-speed without endpoint installations. It enables policy enforcement on both inter-departmental transfers within the organization and on potentially sensitive transfers out of the data center.
- Monitors and enforces policy for internal traffic while logging authorized data extracts and preventing unauthorized access.
- Supports protocols typically only seen inside the network (and unavailable in traditional network “DLP” products) including Oracle and DB2 database access, SMB/CIFS/SAMBA file transfers, and directory queries.
Fidelis XPS Proxy:
The Fidelis XPS Proxy sensor monitors and enforces policy for traffic flowing through ICAP-enabled proxy servers. Sessions with policy violations are prevented by terminating the session or by redirection to a policy page.
- Provides SSL traffic inspection (when paired with a proxy server with SSL termination capability).
- Redirects users to configurable policy page when transmission is prevented.
Fidelis XPS Mail:
The Fidelis XPS Mail sensor monitors and enforces policy for SMTP e-mail traffic, gracefully handling e-mail including quarantine, sender notification, and redirect to e-mail encryption solutions.
- Choose implementation as a mail transfer agent (MTA) accepting traffic from internal mail servers and delivering to the organization’s mail gateway, or as a Milter to inspect traffic flowing through an existing MTA.
- Messages with policy violations can be managed by preventing delivery, quarantining for further review, or redirecting to another mail gateway for secure delivery. Sender notification of the policy violation is configurable.
Fidelis XPS Connect:
Fidelis XPS Connect extends business critical content-awareness to the entire enterprise by leveraging Fidelis XPS' core architecture, including purpose-built document decoding, content analysis, and content policy definition technologies.
- Minimize development time, effort, and expense via Simple Content Inspection Protocol (SCIP), a network based, programmatic interface.
- Easily add business-critical content awareness to complementary security solutions to enforce policy-based decisions regarding the storage, transfer, or movement of enterprise data.
SSL-InspectorSecure Sockets Layer (SSL)-encrypted communications have enabled a variety of secure, web-based communications, online transactions, and VPN services. However, the privacy benefits provided by SSL can quickly be overshadowed by the risks it brings to the enterprise—network-based threats, such as spam, spyware, viruses, phishing, identity theft, data leakage of confidential information, and other forms of cyber crime easily evade detection by traditional network security monitoring methods when concealed by SSL encryption.
The Fidelis SSL Inspector appliance is a transparent SSL proxy that allows organizations to identify threats hidden within SSL encrypted communications with no impact to existing network configurations and performance. Working seamlessly with our flagship network security solution, the Fidelis Extrusion Prevention System® (Fidelis XPS), the Fidelis SSL Inspector provides organizations with a best-in-class approach to network security. By removing the serious blind spots in network security, content inspection, and threat detection created by SSL, and leveraging the Fidelis XPS Deep Session Inspection architecture, the combined solution extends the unparalleled visibility and control of Fidelis XPS to the increasingly high volume of encrypted traffic that may be entering and/or leaving the network.
Fidelis SSL Inspector allows Fidelis XPS and its Deep Session Inspection architecture to be deployed with the highest levels of flow analysis and SSL visibility while still maintaining multi-gigabit, line-rate network performance, enabling:
DN-Systems is a Fidelis XPS Partner and Reseller This brings all the benefits from testing in our own lab, to consulting and re-selling of your new Fidelis XPS IDS/XPS solution out of one hand, with one single point of contact.