Fidelis XPS

Advanced Breach Detection

General Dynamics Fidelis Cybersecurity Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today’s sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence with our Network Defense and Forensics Services, delivered by an elite team of security professionals with decades of hands-on experience, and our award-winning Fidelis XPS™ Advanced Threat Defense Products , which provide visibility and control over the entire threat life cycle.

Network Visibility, Analysis, and Control

Designed to handle the most demanding network environments, Fidelis XPS is the industry’s only network security appliance with the power to deliver network visibility, analysis, and control over all ports and all channels in real-time, to defend against advanced threats and prevent the possibility of a data breach on multi-gigabit-speed networks. Unlike other solutions whose payload decoders require the entire file to be presented before analysis may begin, Fidelis XPS’ patented Deep Session Inspection platform conducts full session inspection on partial sessions, making it the only network security solution to see, study, and stop advanced threats on direct-to-internet traffic in real-time.

fidelis

Fidelis XPS enables your organization to:

• Gain proactive situational awareness through visibility over the entire life cycle of the threat with actionable threat intelligence feeds and malware detection engine

• Control both proxied and direct-to-internet traffic

• Inspect all network traffic including attachments and compressed files, for sensitive content

• Stop unauthorized traffic based on content, users, application, and/or protocol

• Visibility and control over malware and non-malware based threats, post-intrusion command-and-control, lateral propagation and exfiltration

• Visibility and control over all ports and protocols

• Scalablity up to tens of Gbps

• Network memory and correlation through recording of rich metadata on all sessions

• An open, flexible platform with ability to create custom rules and consume third- party threat intelligence to identify threats

Deployment of Fidelis XPS Network Appliances

Fidelis XPS, has a two-tiered Deep Session Inspection architecture that consists of multiple policy sensors placed around the network to detect and/or prevent advanced threats/attacks and the exfiltration of data, and a central management console, Fidelis XPS CommandPost™, to distrib- ute policies and then collect and organize alerts. Each of these components is delivered as a preconfigured network or virtual appliance.

deploy

Fidelis XPS Collector:

Fidelis XPS Collector enables storage, query, and correlation of all sessions on the network, whether or not the session has been identi- fied as malicious through storing session metadata derived by Fidelis XPS sensors, which are capable of decoding all sessions on high capacity networks.

•Gain deep and persistent visibility on all traffic at key monitoring points.

•Monitor all stages of the threat lifecycle and detect malicious sessions designed to evade security tools that rely on knowledge of the threat or it’s behavior for identification.

Fidelis XPS Direct:

The Fidelis XPS Direct sensor monitors and enforces policy across all 65,535 ports on the network. Deployed at the network egress point, the Fidelis XPS Direct sensor can see and manage all direct- to-internet traffic at multi-gigabit-speed.

•Choose implementation as an out-of-band sniffer, or as an inline layer 2 bridge.

•Sessions with policy violations can be prevented by

terminating individual network sessions using TCP poisoning or by dropping traffic, depending on the configuration.

Fidelis XPS Edge:

The Fidelis XPS Edge sensor is designed to monitor and enforce policy for traffic flowing to the internet via all ports, and via ICAP- enabled web servers— consolidating the function of Fidelis XPS Direct and Fidelis XPS Web into a single network appliance that is perfectly suited for a remote office environment.

•Delivers comprehensive visibility and control for all outbound net- work traffic to meet the needs of organizations with decentralized network egress points and the requirement to deploy market- leading network security at the remote office level.

•Simplifies deployment at the internet gateway by consolidating network security functionality into a single sensor.

Fidelis XPS Internal:

The Fidelis XPS Internal sensor provides an unprecedented level of visibility into and control of how information is used and misused across the enterprise by monitoring internal network traffic at gigabit speed without endpoint installations. It enables policy enforcement on both inter-departmental transfers within the organization and on potentially sensitive transfers out of the data center.

•Monitors and enforces policy for internal traffic while logging authorized data extracts and preventing unauthorized access.

•Supports Oracle and DB2 databases, SMB/CIFS/SAMBA file transfers, and LDAP queries.

Fidelis XPS Mail:

The Fidelis XPS Mail sensor monitors and enforces policy for SMTP e-mail traffic, gracefully handling e-mail including quarantine, sender notification, and redirect to e-mail encryption solutions.

•Choose implementation as a mail transfer agent (MTA) accepting traffic from internal mail servers and delivering to the organization’s mail gateway, or as a Milter to inspect traffic flowing through an existing MTA.

•Messages with policy violations can be managed by preventing delivery, quarantining for further review, or redirecting to another mail gateway for secure delivery. Sender notification of the policy violation is configurable.

Fidelis XPS Web:

The Fidelis XPS Web sensor monitors and enforces policy for traffic flowing through ICAP-enabled proxy servers. Sessions with policy violations are prevented by terminating the session or by redirection to a policy page.

•Provides SSL traffic inspection (when paired with a proxy server with SSL termination capability).

•Redirects users to configurable policy page when transmission is prevented.

Fidelis XPS provides five different types of sensors (Fidelis XPS Direct, Fidelis XPS Edge, Fidelis XPS Internal, Fidelis XPS Mail, Fidelis XPS Web) and full session metadata recording (via Fidelis XPS Collector), with all systems managed by the Fidelis XPS Command Post management console. All sessions with policy violations are detected by the sensors and forwarded to CommandPost for centralized alert management, issue tracking, and storage. In addition, all policy management, user administration, and system configuration are handled from CommandPost.

How Does Deep Session Inspection® Work?

Fidelis XPS was designed specifically to see, study, and stop advanced threats enabling the prevention of data exfiltration. Its patented Deep Session Inspection technology employs a unique five-step process to ana- lyze network traffic–giving you the visibility, analysis, and control options you need to stop data from leaving the network. Combining accuracy with speed, the steps are executed in memory (not on disk) so that advanced threats and data breaches can be prevented in real time even on multi- gigabit-speed networks.

When a policy violation is found, Fidelis XPS issues an alert and can also drop the session or inject resets (based on the configuration), preventing data from leaving the network. Fidelis XPS is the only network security solution that can be implemented out-of-band, enabling prevention with no impact on network performance.

howdeep(1)