More Related Content Similar to Secure Your Data with Fidelis Network® for DLP (20) More from Fidelis Cybersecurity (13) Secure Your Data with Fidelis Network® for DLP2. © Fidelis Cybersecurity
Agenda
Introductions
Fidelis Overview
Integrated DLP vs Enterprise DLP
Metadata for Detection & Response
Visibility, DSI, Content & Context
Network DLP Demonstration
Questions & Answers
Kevin Harvey, CISSP
Senior Principle Security Engineer
Federal/DoD
Fidelis Cybersecurity
Tom Clare
Product/Technical Marketing
Fidelis Cybersecurity
2
3. © Fidelis Cybersecurity
Leader inAutomated Detection & Response
3
GLOBAL PRESENCE
• Established 2002
• HQ in Washington, DC
• Fortune 100 & DoD enterprise proven
• 12 of the Fortune 50
• 24 of the Fortune 100
• Backed by Marlin Equity Partners
PATENTED INNOVATION
• Fidelis Elevate Platform
• Network Detection and Response
• Endpoint Detection and Response (EDR)
• Data Loss Prevention (DLP)
• Deception
• Discovery and Classification of
Data and Assets
• Gartner Cool Vendor 2017 for Deception
• Gartner Visionary 2017 for DLP
4. © Fidelis Cybersecurity
Automate Detection and Response
with The Fidelis Elevate™ Platform
4
Accuracy. Clarity. Certainty.
• Gain threat visibility into networks,
endpoints and cloud environments
• See north-south traffic, lateral movement,
and traffic going in and out of your
network
• Automate detection and response to
reduce exposure and risk to data
• Respond to threats at the endpoint
• Mitigate data leakage and exfiltration
• Reduce dwell time with an active post-
breach defense
5. © Fidelis Cybersecurity
Fidelis Network DLP Leadership
Rated 4.9 for Network DLP (1-5 scale, 5 the highest rating)
“Fidelis Network is one of the most fully featured network DLP products in the enterprise DLP
market and operates at speeds of 20 Gbps and above. The strength of this product is its wide
range of deployment and throughput options, as well as port and protocol independence, and
no reliance on a proxy architecture.”
”Fidelis Network covers a number of DLP detection methods and can also analyze metadata
content. Fidelis Network has additional features to better determine malicious content, such as
payload analysis and sandboxing of files.”
“Fidelis Network CommandPost (K2) is feature-rich, with advanced configuration options,
logical event tracking and alert options. Fidelis also offers the capability to split ownership on
rules, which can be valuable for change control management of authoring and editing of DLP
rules, particularly in very large organizations.”
Gartner: Critical Capabilities for Enterprise DLP, Published 10 April 2017 - ID G00308328
6. © Fidelis Cybersecurity
Shift to Integrated DLP Solutions
By 2022, 60% of organizations will involve line-of-business
owners when crafting their data loss prevention (DLP) strategy, up
from 15% today.
By 2020, 85% of organizations will implement at least one form of
integrated DLP, up from 50% today.
By 2022, a majority of DLP market revenue will be driven by
integrated DLP products, as opposed to enterprise DLP systems.
6
Source - Magic Quadrant for Enterprise Data Loss Prevention,
Published 16 February 2017 - ID G00300911
Authors - Brian Reed, Deborah Kish
7. © Fidelis Cybersecurity
Integrated DLP
7
Endpoint
EDR
Network
NTA
CASB
SWG
w/ICAP
SEG
Cloud
Platform
SaaS Apps
Native DLP
Features
Integrated
DLP
Compliance
IP Data Protection
Sensitive
Data Use
Monitoring
Integrated
DLP
8. © Fidelis Cybersecurity
Analyst Perspective
8
Network Endpoint Cloud Platform SaaS Apps Web, Email &
Cloud
Gateways
Operating
Systems
Compliance for
Data-in-Motion,
Final DLP Pass
IP Data
Protection in
Use, On/Off
Networks
First Pass DLP First Pass DLP First Pass DLP Encryption
TLS Encrypted
Traffic Visibility
Application
Conflicts,
Feature Parity,
Control Factor
28% of 2018
Workload,
Trending Down
(44% in 2013)
59% of 2018
Workload,
Trending Up
SWG + ICAP
CASB API &
Proxy, MTA,
Limited Vis.
Not Always MS
OS and Files
NTA Visibility
Metadata
All Ports &
Protocols
EDR Visibility
Metadata
Policy Control &
Scripts
TAPs coming
soon…MS
Azure first, then
AWS tbd
Uniformity
Challenge
TLS at SWG Data Migration
to Cloud
DLP needs content & context to determine risk and threats.
9. © Fidelis Cybersecurity
DLP + Detection & Response
9
Endpoint
EDR
Network
NTA
CASB
SWG
w/ICAP
SEG
Cloud
Platform
SaaS Apps
Native DLP
Features
Integrated
DLP
Network DLP w/Email & Web Sensors
Deep Session Inspection (DSI)
Sand Boxing & Payload Analysis
ML Anomaly Detection & Threat Intelligence
Threat Prevention & Detection
Real-time & Retrospective Analysis
Metadata
10. © Fidelis Cybersecurity
Metadata – Fidelis Collector
Have I seen this document of interest on the network before? Query: Search all network
sessions for the past three months for my document of interest based on hash, title, author,
create date or other attributes.
Who else has sent or received this document of interest? Query: Search all network
sessions for the past three months for my document of interest based on hash, title, author,
create date or other attributes.
What other data has this user sent? Query: Map out all data from this user, what was sent
and where it went.
Where has the phrase “Tractor Beam” been seen on the network within the last
month? Tag sessions containing phrase or keywords of interest. Query: Search for tagged
sessions.
What documents contain specific header/footer text? Query: List all network sessions in
the last 30 days that contained a document with a header/footer that contains specific text.
10
11. © Fidelis Cybersecurity
Key Requirements OfA Network DLP Solution
• Conduct session-level (not packet-level) inspection of network traffic
across all 65,535 network ports
• Provide network visibility into protocols, channels, and applications in use
• Be able to extract enterprise human-readable content and related
metadata contained in the session and any attachments and compressed
files for analysis
• Provide multiple sophisticated content analysis technologies to detect
sensitive and/or protected information
• Policy engine with rules to determine network sessions that violate policy
• Ability to prevent network sessions violating policy across all 65,535 ports.
11
13. © Fidelis Cybersecurity
Fidelis Network®
See Deeper into Applications and Content Flowing Over
the Network
• Patented Deep Session Inspection® as well as Deep Packet Inspection - across
all ports and protocols
• Capture and store all meta data traffic that is searchable by threat hunters or
automated analytics
• Automatically decode and analyze traffic to detect and prevent threats as well as
unauthorized data transfers
Automate Threat Detection and Mitigate Data Theft
• Real-time network analysis to uncover initial compromise, suspicious hosts,
malware, compromised host
• Retroactive analysis against stored meta data based on indicators derived from
threat intelligence, machine learning, sandbox results, and Fidelis research
• Confirm and stop data theft by content inspection of all outgoing network activity
13
14. © Fidelis Cybersecurity
Fidelis Network®
Eliminate Alert Fatigue
• Automatically validate, correlate, and consolidate network alerts against every
endpoint in your network
• Suspicious network data, rich content, and files analyzed by multiple defenses,
security analytics and rules are included as pre-staged evidence – in one view
Respond Faster to Breaches
• Gain more context around an investigation with real-time and retrospective
analysis across the kill chain to ensure a faster, more effective response
Prevent Threats and Data Leakage
• Gateway and internal sensor locations allow for the dropping of sessions
• Mail sensor allows you to quarantine, drop, re-route and remove attachments
• Web sensor enables you to redirect web pages and drop sessions
14
15. © Fidelis Cybersecurity
Deep Content Decoding and Analysis
Deep, Recursive Content Decoding and Analysis
Detects content-level threats that are invisible to other network security systems
Able to apply threat intelligence over a larger detection surface
15
Network
Packets
Session Buffers (RAM)
Content Buffers (RAM)
Content Buffers (RAM)
Non-Selectively “Exploding” Recursively
Embedded Content Objects in RAM
Session
Reassembly
Content Decoders
and Analyzers
Content Decoders
and Analyzers
Protocol and
Application Decoders
and Analyzers
16. © Fidelis Cybersecurity
Configuration, Investigation, Analysis, Response, Integration
Deep Session Inspection®
Metadata
and Tags
D E E P S E S S I O N I N S P E C T I O N ®
Content Analysis,
Malware Detection
Deep Content
Decoding
Protocol and
Application Decoding
Full Session
Reassembly
Real-Time
Threat
Detection
Network
Non-
Selective
Network
Memory
Fidelis K2
FidelisCollector
Fidelis
Sensors
16
17. © Fidelis Cybersecurity
Deep Content Visibility
Visibility into Deeply Embedded Network Content (Inbound and Outbound)
17
PDF
DeflateText
Malware
ExcelText
ZIP
PPT
MIME
HTTP
Text
Gmail
Malicious
Inbound
Content
Classified
Sensitive
Outbound
Content
18. © Fidelis Cybersecurity
Comprehensive Data Protection Across
Different Types of Traffic
18
Fidelis Network Direct Sensor
Fidelis Network Mail Sensor
Fidelis Network Internal Sensor
Fidelis Network Web Sensor
Gateway sensor, all port visibility
Datacenter sensor, handles
SMB, DB transactions
Enables graceful quarantine,
prevention of email traffic
Web traffic only, traffic fed
from Proxy via ICAP
19. © Fidelis Cybersecurity
Automated Endpoint Validation & Response
(With Fidelis Network® Integration)
• Highlight the importance of an alert with endpoint
activity validation
• Automatically prioritize important alerts
• Answer critical analytic questions ahead of time
(compared to non-validated alerts)
• Be certain that the alerts you are looking at are
actionable
• Automate response with playbooks and rapid,
surgical remediation capabilities
19
21. © Fidelis Cybersecurity
Questions and Next Steps
• Review the Product Web Page & Videos
https://www.fidelissecurity.com/products/network
• Request a Demonstration
• Network:
https://www.fidelissecurity.com/products/network/demo
• Elevate:
www.fidelissecurity.com/products/security-operations-platform/demo
• Free Elevate Assessment
www.fidelissecurity.com/fidelis-elevate-security-assessment
21