Adaptive Threat Prevention – Reducing Attack Discovery to Containment in Milliseconds

In the “Verizon 2013 Data Breach and Investigations Report” 80% of cases (examined by Verizon) a breach wasn’t detected for at least weeks, if not months or years.  Once a detection was made the data suggests that in 79% of cases it took days, weeks or months to contain, which is significant because an attacker can ex-filtrate a lot of data in that time.

Companies and governments of all sizes are struggling with the advanced malware used in low prevalence and targeted attacks. While detection leads the list of challenges, false positives, protection, and timely response and repair represented huge frustrations—and huge costs as well.

These challenges can be laid at the door of traditional, unintegrated, defense-in-depth designs. While you may have multiple antivirus (AV) engines and protection for each threat vector, too often these products operate in functional silos. This situation creates two problems: higher costs and risk.

Unintegrated security operations remain reactive and complex, un-automated, and non-optimized. This inefficiency creates a high ongoing operational cost for security while leaving data and networks exposed to determined attackers. Disconnected security technologies give sophisticated attackers ample space and white noise to enter, hide, and persist within your organization.

We all know that AV alone is not enough to detect and contain today’s advanced attacks – it takes coordinated systems working as one!  What if you could detect a piece of malware at the gateway and instantly enable protection at every endpoint connected to the system?  Or what if an endpoint detected a highly targeted, low prevalence piece of malware that had no AV signature, but due to other factors (i.e. it was running to from the temp file, packed suspiciously and it was using a revoked certificate) it could be determined as a malicious file and then immediately block the execution of that file, not on just that one endpoint, but on every endpoint connected to this system immediately?  Oh and for good measures, update the organization’s reputation service to block that file from every endpoint executing in your environment, all in real time.  Pretty powerful, right?

This system isn’t some far fetch science experience or skunk works project, it is here now.  McAfee Threat Intelligence Exchange collects and shares forensic-quality information and makes protective decisions over the wire in real time.  McAfee Threat Intelligence Exchange is the first solution to use the McAfee data-exchange layer, a bidirectional communications fabric enabling security intelligence and adaptive security through product integration simplicity and context sharing.

With McAfee Threat Intelligence Exchange, security teams gain actionable insights and security management efficiencies through the real‑time exchange of threat intelligence. We know that revealing a threat only useful if you can take action against it. McAfee Threat Intelligence Exchange automatically blocks threats that are determined to be risky to your organization and significantly optimizes adaptive threat prevention to narrow the gap from encounter to containment from days, weeks, and months down to milliseconds.

Interested in an in-depth look into McAfee Threat Intelligence Exchange check out this whitepaper titled, “Advanced Targeted Attacks: It Takes a System”:

Leave a Comment

14 − two =