The Fidelis XPS architecture uses five steps to
analyze network traffic to prevent unwanted outbound network traffic. These
steps are executed in real time, even on gigabit-speed networks.
Step One: Packet Capture Fidelis XPS captures all of the packets flowing
along the wire for analysis. Fidelis XPS can be configured in two modes to
analyze and prevent extrusions on your network.
Step Two: TCP Reassembly TCP sessions must be assembled to be able to
execute deep session and payload inspection.
Step Three: Channel Control A channel is the envelope(s) or wrapper(s)
that enables content to flow over the network. Channels include, but may also be
independent of, specific ports and protocols. Channels differ from protocols
because they can run on top of a protocol, as when webmail uses http as its
transport, or can tunnel themselves inside of other protocols, as in instant
messaging over http. Channels also include application-specific functionality,
like attachments, and can also include sender, recipient and time attributes.
Simply looking at a protocol does not necessarily identify the channels running
Step Four: Payload Decoding Custom built by Fidelis Security Systems,
Fidelis XPS payload decoders analyze the session for document type rules and
expose the content inside the documents for analysis. This requires
uncompressing files, encoding data formats, and stripping away formatting to
view the core content.
Step Five: Content Recognition and Analysis The content is analyzed to
determine if sensitive information is included. More sophisticated than exact
matching, the Fidelis XPS statistical and pattern-recognition content analyzers
identify critical or sensitive information based on its characteristics,
enabling organizations to quickly begin protecting critical data without the
cumbersome and time-consuming registration and maintenance processes required by
exact matching-based solutions These analyzers process information in real time,
allowing Fidelis XPS to accurately identify digital assets before they leave the
When an extrusion is found, Fidelis XPS either drops the network packets or
resets the network session (based on the configuration), preventing the
extrusion from occurring. In addition, Fidelis XPS reports all extrusion
attempts to its management console, CommandPost, providing a single point for
alerting and a database of full forensic information for investigation of
Fidelis XPS can be deployed inline or out-of-band—both with full prevention
capabilities. Neither configuration requires change to desktops, servers, or
network devices, speeding implementation while maintaining network performance.
As a result, customers can begin reducing their risk of extrusions immediately,
without installation and configuration challenges common in competitive
Out-of-band: Fidelis XPS is the only solution able to implement content-based
prevention without requiring an inline network device. When deployed
out-of-band, a copy of all network traffic is passed to a Fidelis XPS sensor
through a network tap in real time at wire speed. Prevention is achieved by
injecting TCP reset packets, which instruct the sender and recipient to reset
the network connection.
Inline: When inline, a sensor sits in the network
path with all network traffic flowing directly through it. Prevention is
achieved by dropping any packet or data transfer that violates policy and/or
sending TCP reset packets.
Threats and Environment
Opti-Tech to learn more
FIDELIS Quick Start