The 2022 ATT&CK Evaluations for Managed Services Call for Participation is now open. Click here to learn how to participate.
Home  >  Enterprise  >  Participants  >  Fidelis  > Carbanak+FIN7 Configuration


Fidelis Endpoint Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE Engenuity comments are included in italics.


Product Versions

  • Fidelis Endpoint Release 9.3.6
  • Product Description

    Fidelis Endpoint delivers both an on-premise and a cloud-based SaaS solution for Endpoint Detection and Response for Windows, macOS, and Linux endpoints. The solution provides contextual visibility and insights into endpoint activity, both in real-time and retrospectively, by collecting process data, user activity, registry events, file system activity, memory data, and more. This deep insight alerts incident responders of malicious activity to enables fast investigation and attack containment. Fidelis Endpoint further enables security teams to jumpstart investigations by providing memory analysis, vulnerability scans, and system inventory. Improve SOC efficiency and effectiveness by automating responses using available scripts and playbooks. This can include the ability to isolate endpoints, terminate processes, remove files, and to develop and deploy custom scripts.

    Because endpoint threats are mapped to the MITRE ATT&CK™ framework, analysts can see the tactics and techniques in use to quickly determine the proper response. Untrusted executables are automatically sent to the Fidelis cloud sandbox, and they can be integrated into process blocking rules by IOC, file hash, and YARA.

    In addition to alerts and behavior data, Fidelis Endpoint collects information from all devices to establish enterprise-wide security risk assessment. This assessment is based on installed software inventory and vulnerability analysis, as well as storage of all executables and scripts with sandbox analysis, and on USB activity, and more. To more quickly mitigate threats found on an asset, the live console provides incident responders direct, remote access into an endpoints disk, files and processes.

    Product Configuration

    For the MITRE evaluation, the standard installation of the Fidelis Endpoint platform was tested. Once installed, recommended configuration steps were performed via the application user-interface:

    • Enabled Fidelis Insight behavior rules feed
    • Enabled Anti-virus detection engine
    • Enabled Advanced Malware Detection policies
    • Enabled Behavior monitoring
    • Collecting Scripts and Executables set to collect a copy of each unique executed binary and decrypted/deobfuscated script detonated on the endpoints