Home >
Enterprise >
Participants >
Fidelis > Carbanak+FIN7 Configuration
|
Fidelis Endpoint Configuration
Product Versions
Product Description
Fidelis Endpoint delivers both an on-premise and a cloud-based SaaS solution for Endpoint Detection and Response for Windows, macOS, and Linux endpoints. The solution provides contextual visibility and insights into endpoint activity, both in real-time and retrospectively, by collecting process data, user activity, registry events, file system activity, memory data, and more. This deep insight alerts incident responders of malicious activity to enables fast investigation and attack containment. Fidelis Endpoint further enables security teams to jumpstart investigations by providing memory analysis, vulnerability scans, and system inventory. Improve SOC efficiency and effectiveness by automating responses using available scripts and playbooks. This can include the ability to isolate endpoints, terminate processes, remove files, and to develop and deploy custom scripts.
Because endpoint threats are mapped to the MITRE ATT&CK™ framework, analysts can see the tactics and techniques in use to quickly determine the proper response. Untrusted executables are automatically sent to the Fidelis cloud sandbox, and they can be integrated into process blocking rules by IOC, file hash, and YARA.
In addition to alerts and behavior data, Fidelis Endpoint collects information from all devices to establish enterprise-wide security risk assessment. This assessment is based on installed software inventory and vulnerability analysis, as well as storage of all executables and scripts with sandbox analysis, and on USB activity, and more. To more quickly mitigate threats found on an asset, the live console provides incident responders direct, remote access into an endpoints disk, files and processes.
Product Configuration
For the MITRE evaluation, the standard installation of the Fidelis Endpoint platform was tested. Once installed, recommended configuration steps were performed via the application user-interface:
- Enabled Fidelis Insight behavior rules feed
- Enabled Anti-virus detection engine
- Enabled Advanced Malware Detection policies
- Enabled Behavior monitoring
- Collecting Scripts and Executables set to collect a copy of each unique executed binary and decrypted/deobfuscated script detonated on the endpoints