Fidelis Deception is one component of the Fidelis Elevate platform, which combats the spectrum of cyberattacks by providing full visibility across hybrid, cloud and on-premises environments. Elevate automates threat and data theft detection to empower threat hunting and optimize incident response by providing context, speed and accuracy.
By integrating bidirectional network traffic analysis with detection, response and automation Fidelis leverages its Elevate platform to capture rich metadata and content leveraging. As a result, security teams benefit from real-time, retrospective analysis and the tools they need to effectively hunt for threats in their environment.
Fidelis Deception alerts an organization’s cyber terrain by automatically deploying decoys and breadcrumbs that misdirect threats to a deception environment. As networks change, the decoys adapt to match. Each decoy has its own IP and appears to be just another element in a network. Breadcrumbs, which add context to the deception story, lure attackers to the decoys. Registry keys placed on existing networks provide credentials to the fake assets and decoys. Fidelis’s goal is to catch attackers inside the network by luring them into decoys, sophisticated data traps and Active Directory deception. By interacting with and distracting attackers, Fidelis reports on the full attack story via Security Visibility, which uses asset profiling, anomaly detection, forensics and threat/kill-chain analysis to learn TTPs and build a storyboard.
Deception is deployed over a four-step process.
During step one, Fidelis sniffs and identifies assets in an environment.
Decoys are deployed in step two and automatically set up based on real assets are set-up in an adaptive, ongoing process. For example, decoy data servers are deployed alongside the real data servers. The product offers three different decoy options. In emulation mode one server responds as multiple machine types. Each server can accommodate up to 1,000 decoys so that Fidelis Deception can easily scale up and maintain detailed control of everything occurring. The RealOS mode provides additional realism but requires more resources to maintain full-blown operating systems. The product provides Windows and Linux out-of-the-box offerings. An organization also can offer a golden image of a server already in its environment and the tool will make a decoy based on that image.
In the third step, breadcrumbs are deployed in a highly targeted placement so that breadcrumbs match decoys and assets found on the network. Security teams can create several breadcrumb generators and run them in multiple ways. Network deception traps create more noise on the networks to lure attackers and by generating different types of traffic make decoys more enticing.
The final step takes deception to the Active Directory by connecting to a server and planting fake information. Fake users, and ongoing fake information, are placed on the Active Directory server with which the decoys communicate.
Starting price is $19 per user for 501 users. Support offerings include online, phone, email and customer web portal. Professional services like installations, training, incident response and security assessments are offered as well.