The appliance helps security teams evaluate all session metadata, regardless of whether or not it was previously identified as malicious. This provides analysts with deep, continuous and historical visibility on all traffic at key monitoring points, allowing them to quickly and more accurately identify anomalous patterns to detect new attacks designed to evade traditional security tools.
In addition, analysts can use common attack indicators to understand the full scope of an incident, helping to better protect their organizations against advanced persistent threats.
Working in conjunction with Fidelis XPS sensors and Fidelis XPS CommandPost, the Fidelis XPS Collector provides a simple architecture that is not storage-intensive. The tools combined capabilities give security teams the ability to detect malicious sessions designed to evade security tools that rely on previous knowledge of the threat or its behavior for identification.
This added insight allows analysts to identify and assess if past incidents might be part of the same campaign, even if those incidents had not been originally flagged due to the lack of a corresponding rule. Armed with this information, they can create tuned rules to prevent future attacks that are part of the ongoing campaign.
Fidelis XPS Collector features further enhance the Fidelis XPS network security product family use cases:
Advanced threat defense – allows for enhanced defense by providing the ability to quickly correlate sessions that may have triggered a policy-driven rule and by quickly identifying other systems that may have been breached as part of the same attack.
Intelligent network forensics – improves forensic capabilities by the access to session metadata and its powerful query capabilities.
Data breach prevention – enhances the ability to look for files that may have been exfiltrated.
Cloud services security – stores information about all applications, which allows for the detection of unauthorized use of cloud-based services.