Fidelis XPS Extends YARA-powered Capabilities to Enhance Real-time Malware Command and Control Prevention
- General Dynamics Fidelis Cybersecurity Solutions' industry-leading implementation of technology enables organizations to quickly prevent and detect advanced threats across the entire threat lifecycle.
General Dynamics Fidelis Cybersecurity Solutions has expanded the capabilities of its flagship network security solution, Fidelis XPS™, by building on its unique application of YARA technology. Fidelis XPS' implementation of YARA technology now extends beyond the infiltration phase and into the command and control (C2) communication and lateral propagation phases, delivering a continuous response posture across the entire threat lifecycle.
General Dynamics Fidelis' use of the malware discovery and classification tool, traditionally used with static data, is an industry-first application of the technology for data-in-motion. Enabling both the real-time detection and prevention of malicious cyber activity, Fidelis XPS enables customers to quickly leverage existing, community-driven YARA intelligence to strengthen their security posture, while freeing time and resources for other cybersecurity initiatives.
Analysis of the Asia-Pacific Network Security Market 2015
- Copy, paste, protect™. Fidelis XPS provides an easy-to-use, intuitive user interface for implementing YARA rules quickly. This allows security analysts to immediately defend their enterprise with a simple copy and paste.
- Find advanced threats. The Fidelis Threat Research Team uses the flexibility of YARA-powered malware detection to discover new advanced threats, while continuously sharing this knowledge with the entire Fidelis community via Fidelis Insight policy.
- Enhance situational awareness. Fidelis XPS augments YARA rules with situational awareness, applying context to the content, making the rule more intelligent and actionable. Due to the open nature of YARA, which allows analysts to collaborate and share rules, analysts can easily provide the added context with the security community as it happens, constantly refining and improving upon this collective intelligence.
- Detect malicious C2 communication. The capabilities of the Fidelis XPS YARA decoder has been expanded to detect and prevent malicious C2 communication, including remote access trojan (RAT) communication, from exiting the enterprise in real-time.
- Analyze all network traffic. A key differentiator of Fidelis XPS is that it analyzes all network traffic, not simply portions (e.g., only mail and web), allowing it to identify strange, undocumented communications happening in real-time. With YARA, analysts are also able to quickly classify this malicious traffic and associate it with certain malware C2 communications.
- Detect, classify and prevent. By incorporating YARA, which is typically employed against data-at-rest, with the Deep Session Inspection, which is designed to operate on data-in-motion, Fidelis XPS offers extraordinary file detection, classification and control over objects entering the enterprise, crossing boundaries in the company and leaving the network. Moreover, these real-time capabilities allow Fidelis XPS to do so with the speed needed to prevent an attack.
According to Tom Lyons, vice president of product management for General Dynamics Fidelis Cybersecurity Solutions, "With today's advanced, intelligent and persistent adversaries, it's vital that an organization's defense is one step ahead. However, security analysts do not have the time or resources to do it all on their own, so they must look to the collective intelligence of the security community to strengthen their defenses. We are taking the benefits of YARA one step further by eliminating the time needed to translate rules, instead enabling them to be plugged directly into Fidelis XPS. Through our copy, paste, protect feature we are expanding the reach and effectiveness of the analyst team to immediately go on the offensive against today's threat actors."
Source : General Dynamics Corporation (NYSE: GD) - view original press release