Secure Your Data with Fidelis Network® for DLP
1 like556 views
The document provides an overview of Fidelis Cybersecurity's Network Data Loss Prevention (DLP) solutions, highlighting their advanced capabilities in automated detection and response to data threats across various environments. It emphasizes the transition towards integrated DLP solutions, which are expected to dominate market revenue by 2022. Key features include deep session inspection, real-time threat analysis, and enhanced visibility into network traffic to mitigate data loss and enhance security management.
Secure Your Data with Fidelis Network® for DLP
- 1. Live Demonstration – Ensure Data Protection with Fidelis Network®
- 2. © Fidelis Cybersecurity Agenda Introductions Fidelis Overview Integrated DLP vs Enterprise DLP Metadata for Detection & Response Visibility, DSI, Content & Context Network DLP Demonstration Questions & Answers Kevin Harvey, CISSP Senior Principle Security Engineer Federal/DoD Fidelis Cybersecurity Tom Clare Product/Technical Marketing Fidelis Cybersecurity 2
- 3. © Fidelis Cybersecurity Leader inAutomated Detection & Response 3 GLOBAL PRESENCE • Established 2002 • HQ in Washington, DC • Fortune 100 & DoD enterprise proven • 12 of the Fortune 50 • 24 of the Fortune 100 • Backed by Marlin Equity Partners PATENTED INNOVATION • Fidelis Elevate Platform • Network Detection and Response • Endpoint Detection and Response (EDR) • Data Loss Prevention (DLP) • Deception • Discovery and Classification of Data and Assets • Gartner Cool Vendor 2017 for Deception • Gartner Visionary 2017 for DLP
- 4. © Fidelis Cybersecurity Automate Detection and Response with The Fidelis Elevate™ Platform 4 Accuracy. Clarity. Certainty. • Gain threat visibility into networks, endpoints and cloud environments • See north-south traffic, lateral movement, and traffic going in and out of your network • Automate detection and response to reduce exposure and risk to data • Respond to threats at the endpoint • Mitigate data leakage and exfiltration • Reduce dwell time with an active post- breach defense
- 5. © Fidelis Cybersecurity Fidelis Network DLP Leadership Rated 4.9 for Network DLP (1-5 scale, 5 the highest rating) “Fidelis Network is one of the most fully featured network DLP products in the enterprise DLP market and operates at speeds of 20 Gbps and above. The strength of this product is its wide range of deployment and throughput options, as well as port and protocol independence, and no reliance on a proxy architecture.” ”Fidelis Network covers a number of DLP detection methods and can also analyze metadata content. Fidelis Network has additional features to better determine malicious content, such as payload analysis and sandboxing of files.” “Fidelis Network CommandPost (K2) is feature-rich, with advanced configuration options, logical event tracking and alert options. Fidelis also offers the capability to split ownership on rules, which can be valuable for change control management of authoring and editing of DLP rules, particularly in very large organizations.” Gartner: Critical Capabilities for Enterprise DLP, Published 10 April 2017 - ID G00308328
- 6. © Fidelis Cybersecurity Shift to Integrated DLP Solutions By 2022, 60% of organizations will involve line-of-business owners when crafting their data loss prevention (DLP) strategy, up from 15% today. By 2020, 85% of organizations will implement at least one form of integrated DLP, up from 50% today. By 2022, a majority of DLP market revenue will be driven by integrated DLP products, as opposed to enterprise DLP systems. 6 Source - Magic Quadrant for Enterprise Data Loss Prevention, Published 16 February 2017 - ID G00300911 Authors - Brian Reed, Deborah Kish
- 7. © Fidelis Cybersecurity Integrated DLP 7 Endpoint EDR Network NTA CASB SWG w/ICAP SEG Cloud Platform SaaS Apps Native DLP Features Integrated DLP Compliance IP Data Protection Sensitive Data Use Monitoring Integrated DLP
- 8. © Fidelis Cybersecurity Analyst Perspective 8 Network Endpoint Cloud Platform SaaS Apps Web, Email & Cloud Gateways Operating Systems Compliance for Data-in-Motion, Final DLP Pass IP Data Protection in Use, On/Off Networks First Pass DLP First Pass DLP First Pass DLP Encryption TLS Encrypted Traffic Visibility Application Conflicts, Feature Parity, Control Factor 28% of 2018 Workload, Trending Down (44% in 2013) 59% of 2018 Workload, Trending Up SWG + ICAP CASB API & Proxy, MTA, Limited Vis. Not Always MS OS and Files NTA Visibility Metadata All Ports & Protocols EDR Visibility Metadata Policy Control & Scripts TAPs coming soon…MS Azure first, then AWS tbd Uniformity Challenge TLS at SWG Data Migration to Cloud DLP needs content & context to determine risk and threats.
- 9. © Fidelis Cybersecurity DLP + Detection & Response 9 Endpoint EDR Network NTA CASB SWG w/ICAP SEG Cloud Platform SaaS Apps Native DLP Features Integrated DLP Network DLP w/Email & Web Sensors Deep Session Inspection (DSI) Sand Boxing & Payload Analysis ML Anomaly Detection & Threat Intelligence Threat Prevention & Detection Real-time & Retrospective Analysis Metadata
- 10. © Fidelis Cybersecurity Metadata – Fidelis Collector Have I seen this document of interest on the network before? Query: Search all network sessions for the past three months for my document of interest based on hash, title, author, create date or other attributes. Who else has sent or received this document of interest? Query: Search all network sessions for the past three months for my document of interest based on hash, title, author, create date or other attributes. What other data has this user sent? Query: Map out all data from this user, what was sent and where it went. Where has the phrase “Tractor Beam” been seen on the network within the last month? Tag sessions containing phrase or keywords of interest. Query: Search for tagged sessions. What documents contain specific header/footer text? Query: List all network sessions in the last 30 days that contained a document with a header/footer that contains specific text. 10
- 11. © Fidelis Cybersecurity Key Requirements OfA Network DLP Solution • Conduct session-level (not packet-level) inspection of network traffic across all 65,535 network ports • Provide network visibility into protocols, channels, and applications in use • Be able to extract enterprise human-readable content and related metadata contained in the session and any attachments and compressed files for analysis • Provide multiple sophisticated content analysis technologies to detect sensitive and/or protected information • Policy engine with rules to determine network sessions that violate policy • Ability to prevent network sessions violating policy across all 65,535 ports. 11
- 12. © Fidelis Cybersecurity Fidelis Network® 12 Gain visibility into CONTENT over ALL PORTS & PROTOCOLS to DETECT threats and PREVENT data loss.
- 13. © Fidelis Cybersecurity Fidelis Network® See Deeper into Applications and Content Flowing Over the Network • Patented Deep Session Inspection® as well as Deep Packet Inspection - across all ports and protocols • Capture and store all meta data traffic that is searchable by threat hunters or automated analytics • Automatically decode and analyze traffic to detect and prevent threats as well as unauthorized data transfers Automate Threat Detection and Mitigate Data Theft • Real-time network analysis to uncover initial compromise, suspicious hosts, malware, compromised host • Retroactive analysis against stored meta data based on indicators derived from threat intelligence, machine learning, sandbox results, and Fidelis research • Confirm and stop data theft by content inspection of all outgoing network activity 13
- 14. © Fidelis Cybersecurity Fidelis Network® Eliminate Alert Fatigue • Automatically validate, correlate, and consolidate network alerts against every endpoint in your network • Suspicious network data, rich content, and files analyzed by multiple defenses, security analytics and rules are included as pre-staged evidence – in one view Respond Faster to Breaches • Gain more context around an investigation with real-time and retrospective analysis across the kill chain to ensure a faster, more effective response Prevent Threats and Data Leakage • Gateway and internal sensor locations allow for the dropping of sessions • Mail sensor allows you to quarantine, drop, re-route and remove attachments • Web sensor enables you to redirect web pages and drop sessions 14
- 15. © Fidelis Cybersecurity Deep Content Decoding and Analysis Deep, Recursive Content Decoding and Analysis Detects content-level threats that are invisible to other network security systems Able to apply threat intelligence over a larger detection surface 15 Network Packets Session Buffers (RAM) Content Buffers (RAM) Content Buffers (RAM) Non-Selectively “Exploding” Recursively Embedded Content Objects in RAM Session Reassembly Content Decoders and Analyzers Content Decoders and Analyzers Protocol and Application Decoders and Analyzers
- 16. © Fidelis Cybersecurity Configuration, Investigation, Analysis, Response, Integration Deep Session Inspection® Metadata and Tags D E E P S E S S I O N I N S P E C T I O N ® Content Analysis, Malware Detection Deep Content Decoding Protocol and Application Decoding Full Session Reassembly Real-Time Threat Detection Network Non- Selective Network Memory Fidelis K2 FidelisCollector Fidelis Sensors 16
- 17. © Fidelis Cybersecurity Deep Content Visibility Visibility into Deeply Embedded Network Content (Inbound and Outbound) 17 PDF DeflateText Malware ExcelText ZIP PPT MIME HTTP Text Gmail Malicious Inbound Content Classified Sensitive Outbound Content
- 18. © Fidelis Cybersecurity Comprehensive Data Protection Across Different Types of Traffic 18 Fidelis Network Direct Sensor Fidelis Network Mail Sensor Fidelis Network Internal Sensor Fidelis Network Web Sensor Gateway sensor, all port visibility Datacenter sensor, handles SMB, DB transactions Enables graceful quarantine, prevention of email traffic Web traffic only, traffic fed from Proxy via ICAP
- 19. © Fidelis Cybersecurity Automated Endpoint Validation & Response (With Fidelis Network® Integration) • Highlight the importance of an alert with endpoint activity validation • Automatically prioritize important alerts • Answer critical analytic questions ahead of time (compared to non-validated alerts) • Be certain that the alerts you are looking at are actionable • Automate response with playbooks and rapid, surgical remediation capabilities 19
- 20. Demonstration
- 21. © Fidelis Cybersecurity Questions and Next Steps • Review the Product Web Page & Videos https://www.fidelissecurity.com/products/network • Request a Demonstration • Network: https://www.fidelissecurity.com/products/network/demo • Elevate: www.fidelissecurity.com/products/security-operations-platform/demo • Free Elevate Assessment www.fidelissecurity.com/fidelis-elevate-security-assessment 21
- 22. Thank You!