Security Operations

McAfee enables security operations to collect, enrich, and share data at any scale, rapidly turn data into insights, and quickly investigate and act. The McAfee team provides the latest information on SecOps changes, threats, protection and more.

Security Operations

Time to Close vs. Root Cause – Are we measuring the wrong thing (again)?

This blog was written by Barbara Kay. “Human beings adjust behavior based on the metrics they’re held against. Anything you measure will impel a person to optimize his score on that metric. What you measure is what you’ll get. Period.” – Dan Ariely, Duke University behavioral economist in Harvard Business Review ...

Security Operations

Can you see me now? Unpacking malware for advanced threat analysis.

This blog was written by Stan Golubchik. A recent McAfee blog ‘Malware Packers Use Tricks to Avoid Analysis, Detection’, highlighted the use of packers as an effective way to slow down analysis and decrease detection by antimalware products. As an engineer with a keen interest in malware, I’m very familiar ...

Security Operations

For Three Years Running, McAfee Advanced Threat Defense Places in Radicati’s Top Players Quadrant for APT Protection

In this year’s Radicati APT Protection—Market Quadrant, McAfee Advanced Threat Defense attained a position in the Top Players quadrant for the third year running. The Radicati report assesses advanced persistent threat (APT) solutions from major security vendors and places them in its quadrant based on the depth and breadth of ...

Security Operations

What WannaCry Means for the SOC

In addition to the endpoint and network operational efforts for WannaCry, this outbreak presents great learning and response opportunities for analysts in the security operations center (SOC). Understanding and automating these best practices will set you up to handle evolving WannaCry activities, as well as the next fast-moving attack. Responding ...

Security Operations

Expanding Automated Threat Hunting and Response with Open DXL

Today everyone is talking about security automation. However, what are the right processes and actions to automate safely? What are the right processes and actions to automate that will actually achieve some security outcome, such as improving sec ops efficiency or reducing attacker dwell time? Just look in the latest ...

Security Operations

Security Automation is Here —The Time is Now: 60% of respondents think manual processes are holding back security effectiveness

This blog was written by Barbara Kay. There was a time when automation was a dirty word in security. Now, it is a necessity. A new Enterprise Strategy Group (ESG) survey, sponsored by McAfee and other technology vendors, shows that 3 out of 5 organizations see manual processes as holding ...

Security Operations

OpenDXL Case Study: Sandbox Mania featuring Cuckoo and Wildfire

This blog was written by Barbara Kay. To unleash creativity, my middle school art teacher occasionally offered up all the painting, woodcarving, pottery, and collage resources in the studio, with no guidelines or constraints other than our imaginations and the available class time. The results ranged from the mundane to ...

Security Operations

The Power of an Integrated UEBA/SIEM Solution

This blog post was written by Kristen Jacobsen. If you’ve read our previous blog, “Leveraging UEBA Capabilities in Your Existing SIEM,” you understand how McAfee Enterprise Security Manager can perform many essential UEBA functions leveraging its built-in advanced analytics and behavior modeling. Doing It Better Together For several specific use ...

Security Operations

How Coordinated, Collaborative Security Can Help You Defeat Unknown Malware

This blog was written by Stan Golubchik. In a previous blog, “How to Gain a Competitive Advantage with an Integrated Approach to Security,” we’ve shown you how adding an advanced threat analysis technology to a large enterprise security ecosystem is contributing to its success both operationally and from a business ...

Security Operations

Leveraging SIEM and Security Analytics for Improved Monitoring of Advanced Threats

This blog post was written by Karl Klaessig. For more than a decade, in response to higher volumes of alerts, security information and event monitoring (SIEM) became an integral component of enterprise security programs. However, the increasing sophistication and complexity of attacks are driving the need for advanced analytics—beyond the ...

Subscribe to McAfee Securing Tomorrow Blogs