Business – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Fri, 15 Feb 2019 17:15:18 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Business – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 The Best Ways to Catch McAfee at RSA Conference 2019 https://securingtomorrow.mcafee.com/business/the-best-ways-to-catch-mcafee-at-rsa-conference-2019/ https://securingtomorrow.mcafee.com/business/the-best-ways-to-catch-mcafee-at-rsa-conference-2019/#respond Thu, 14 Feb 2019 16:00:29 +0000 https://securingtomorrow.mcafee.com/?p=94126

In just a few weeks, San Francisco will be taken over by cybersecurity professionals and vendors at Moscone Center for the 2019 RSA Conference. There’s a lot packed into the conference—that’s why we’re breaking down the best ways to see McAfee in action. So take out your calendars and make note of the events below. […]

The post The Best Ways to Catch McAfee at RSA Conference 2019 appeared first on McAfee Blogs.

]]>

In just a few weeks, San Francisco will be taken over by cybersecurity professionals and vendors at Moscone Center for the 2019 RSA Conference. There’s a lot packed into the conference—that’s why we’re breaking down the best ways to see McAfee in action. So take out your calendars and make note of the events below.

McAfee Leadership Takes the Stage

CSA Summit Keynote: Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation
Monday, March 4 | 11:35 am – 11:55 am | Moscone Center

Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee

Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International

As a leader in their industry, MGM is transforming into a digital business by aggressively adopting the cloud to make their employees more engaged and productive and to deliver modern experiences to their customers. Join Rajiv Gupta, SVP of McAfee’s Cloud Business, and Scott Howitt, SVP and CISO for MGM Resorts International, to hear how MGM is protecting their enterprise data across the whole spectrum of their evolving infrastructure, from on-prem, to the device, to their SaaS, IaaS and PaaS cloud instances. More, here.

 

Session: #Ransomware – The Rise, Death and Resurrection of Digital Extortion
Monday, March 4 | 4:45 pm – 5:15 pm | Session Code: SEM-M03

John Fokker

Head of Cyber Investigations

Raj Samani

Chief Scientist, McAfee Fellow

 

Hear from cybercrime experts on the successes and lessons learned from the No More Ransom initiative, an online portal that has prevented millions of dollars in ransom payments to cybercriminals. Recent statistics point to a decrease in the number of ransomware variants. So, is ransomware dead? Not so fast. Get up to speed on what’s new in the ongoing effort to combat the threat of ransomware. More, here.

Keynote: Lightning in a Bottle, or Burning Down the House?
Tuesday, March 5 | 8:35 am – 8:55 am | RSA, West Stage

Dr. Celeste Fralick 

Chief Data Scientist 

Steve Grobman

Senior Vice President and Chief Technology Officer

 

Fire. In the wild, it’s a force for destruction. Controlled, it powers civilization’s forward evolution. But containing phenomena—natural or manmade—is a devilish challenge. Today’s regulatory hotspots include AI and quantum computing, because innovations that strengthen defenses can also fuel targeted threats. The weaponization of AI to amplify cyberattack impacts is enough to give anyone pause, so discussion of export controls on these and other technologies is a worthy conversation. What is the path forward to advance and protect human progress? How do we nurture sparks of innovation without burning bridges to the future? More, here.

Session: Using Machine Learning to Improve Security Predictions
Tuesday, March 5 | 11:00 am – 11:50 am | Session Code: SPO2-T06

Grant Bourzikas

Chief Information Security Officer (CISO) & Vice President of McAfee Labs Operations

 

 

 

Organizations are overwhelmed by data and dependent on outdated (nonpredictive) tools and methods. Security companies can’t keep up with the frequency of attacks, 50% of which are missed by traditional antivirus programs. In this session, McAfee’s CISO will share his experiences, providing valuable information for security organizations to predict attacks by relying on data science and machine learning. More, here.

Session: Mulitparty Vulnerability Disclosure: From Here to Where?
Wednesday, March 6 | 9:20 am – 10:10 am | Session Code: PDAC-W03

As the world grows ever more dependent on complex technological systems, the risk of broadly impactful vulnerabilities in software and hardware is driving the need for improvements in how the global ecosystem addresses identification and disclosure of those vulnerabilities. This panel will discuss what works, what doesn’t, and suggest a path forward that can benefit everyone globally. More, here.

Moderator: John Banghart, Senior Director, Venable

Panelists: Kent Landfield, Chief Standards and Technology Policy Strategist, McAfee LLC

Art Manion, Vulnerability Analysis Technical Manager, CERT Coordination Center

Audrey Plonk, Director, Global Security Policy, Intel Corporation

Session: Law Enforcement: The Secret Weapon in the CISO’s Toolkit
Friday, March 8 | 11:10 am – 12:00 pm | Session Code: AIR-F03

John Fokker

Head of Cyber Investigations

 

 

 

This session will show you how to get the most out of working with law enforcement agencies (LEA) before, during or after a security breach. Learn why partnering with law enforcement can be a valuable strategic asset in the CISO’s ever-expanding toolbox of security measures. More, here.

Hack Your Way Through the Crowds at the McAfee Booth

We’re hosting a fun and interactive Capture the Flag challenge at our RSA booth to test the investigative and analytical skills of RSA attendees. Contestants will be given various challenges and will receive “flag” details on how to complete each challenge as quickly and accurately as possible. Want to know who is in the lead? Don’t worry, we’ll have a live scoreboard. The winner of the RSA Capture the Flag contest will get bragging rights and a cool prize to take home. Visit us at booth #N5745 in the North Hall.

Cloud Security BarCade Challenge

Tuesday, March 5 | 6:00 pm – Midnight | Coin-Op Game Room, San Francisco | 508 4th Street

We’re hosting an epic cloud security networking event at Coin-Op Game Room in San Francisco! What’s the challenge? Come out to see us and find out. There will be prizes, games, food, networking, and more. Register here.

RSA After-Hours Social & Cloud Security Panels

Wednesday, March 6 | 6:30 pm – 11:00 pm | Mourad, San Francisco | 140 New Montgomery Street

We’re bringing the cloud community together for a night of networking at Mourad, so grab your peers and head over to the after-hours social. We will have a DJ, awesome food, creative libations, and a VIP area upstairs for a private whiskey tasting. Throughout the night, we’ll be hosting cloud security panels, where you’ll hear perspectives from industry experts on the current security landscape, best practices, and how to elevate your cloud security posture. Register here and join us as we close out RSA at the after-hours social of the year.

There’s a lot to look forward to at RSA 2019, so be sure to stop by booth #N5745 in the North Hall for demos, theater sessions, and more. Feel free to use code XSU9MCAFEE for a free RSAC expo pass. Also, be sure to follow @McAfee for real-time updates from the show throughout the week.

The post The Best Ways to Catch McAfee at RSA Conference 2019 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/the-best-ways-to-catch-mcafee-at-rsa-conference-2019/feed/ 0
Kicking off 2019 with Recognition Across the McAfee Portfolio https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/ https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/#respond Tue, 12 Feb 2019 14:00:01 +0000 https://securingtomorrow.mcafee.com/?p=94143

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude […]

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

]]>

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude of technologies. Excellence that we believe is validated by our larger peer and analyst community.

We’ve just announced that McAfee was named a Gartner Peer Insights Customers’ Choice for another two technologies. Our customers have recognized us as a January 2019 Gartner Peer Insights Customers’ Choice for Secure Web Gateway for McAfee Web Protection, McAfee Web Gateway, and McAfee WebGateway Cloud Service. In addition, for the second year in a row McAfee’s MVISION Cloud (formerly McAfee Skyhigh Security Cloud) was named a January 2019 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers. In 2018, McAfee was the only vendor named a Customers’ Choice in the Cloud Access Security Brokers market.

Our team at McAfee takes great pride in these distinctions, as customer feedback is essential in shaping our products and services. We put our customers at the core of everything we do and this shows pervasively across our portfolio. We believe our position as a Gartner Peer Insights Customers’ Choice for Secure Web Gateway, Data Loss Prevention, SIEM, Endpoint Protection and Cloud Access Security Broker (CASB) is a testament to the strength of our device-to-cloud strategy. This adds up to recognition’s in the last year in five different markets.

We also think it’s a signal of the way enterprises are approaching security – with the innovative technology solutions and integrated strategies that must evolve to fight a threat that is constantly evolving, too.

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/feed/ 0
The Exploit Model of Serverless Cloud Applications https://securingtomorrow.mcafee.com/business/cloud-security/the-exploit-model-of-serverless-cloud-applications/ https://securingtomorrow.mcafee.com/business/cloud-security/the-exploit-model-of-serverless-cloud-applications/#respond Mon, 11 Feb 2019 15:00:02 +0000 https://securingtomorrow.mcafee.com/?p=94091

Serverless platform-as-a-service (PaaS) offerings are being deployed at an increasing rate for many reasons. They relate to information in a myriad of ways, unlocking new opportunities to collect data, identify data, and ultimately find ways to transform data to value. Figure 1. Serverless application models. Serverless applications can cost-effectively reply and process information at scale, returning […]

The post The Exploit Model of Serverless Cloud Applications appeared first on McAfee Blogs.

]]>

Serverless platform-as-a-service (PaaS) offerings are being deployed at an increasing rate for many reasons. They relate to information in a myriad of ways, unlocking new opportunities to collect data, identify data, and ultimately find ways to transform data to value.

Figure 1. Serverless application models.

Serverless applications can cost-effectively reply and process information at scale, returning critical data models and transformations synchronously to browsers or mobile devices. Synchronous serverless applications unlock mobile device interactions and near-real-time processing for on-the-go insights.

Asynchronous serverless applications can create data sets and views on large batches of data over time. We previously needed to have every piece of data and run batch reports, but we now have the ability to stagger events, or even make requests, wait some time to check in on them, and get results that bring value to the organization a few minutes or an hour later.

Areas as diverse as tractors, manufacturing, and navigation are benefiting from the ability to stream individual data points and look for larger relationships. These streams build value out of small bits of data. Individually they’re innocuous and of minimal value, but together they provide new intelligence we struggled to capture before.

The key theme throughout these models is the value of the underlying data. Protecting this data, while still using it to create value becomes a critical objective for the cloud-transforming enterprise. We can start by looking at the model for how data moves into and out of the application. A basic access and data model illustrates the way the application, access medium, CSP provider security, and serverless PaaS application have to work together to balance protection and capability.

Figure 2. Basic access and data model for serverless applications.

A deeper exploration of the security environment—and the shared responsibility in cloud security—forces us to look more carefully at who is involved, and how each party in the cloud ecosystem is empowered to see potential threats to the environment, and to the transaction specifically. When we expand the access and data model to look at the activities in a modern synchronous serverless application, we can see how the potential threats expand rapidly.

Figure 3. Expanded access and data model for a synchronous serverless application.

Organizations using this common model for an integrated serverless PaaS application are also gaining information from infrastructure-as-a-service (IaaS) elements in the environment. This leads to a more specific view of the threats that exist:

Figure 4. Sample threats in a serverless application.

 

By pushing the information security team to more carefully and specifically consider the ways the application can be exploited, they can then take simple actions to ensure that both development activities and the architecture for the application itself offer protection. A few examples:

  • Threat: Network sniffing/MITM
  • Protection: High integrity TLS, with signed API requests and responses

 

  • Threat: Code exploit
  • Protection: Code review, and SAST/pen testing on regular schedule

 

  • Threat: Data structure exploit
  • Protection: API forced data segmentation and request limiting, managed data model

The organization first must recognize the potential risk, make it part of the culture to ask the question, “What threats to my data does my change or new widget introduce?” and make it an expectation of deployment that privacy and security demand a response.

Otherwise, your intellectual property may just become the foundation of someone else’s profit.

The post The Exploit Model of Serverless Cloud Applications appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/the-exploit-model-of-serverless-cloud-applications/feed/ 0
Your Mobile Phone: Friend or Foe? https://securingtomorrow.mcafee.com/business/endpoint-security/your-mobile-phone-friend-or-foe/ https://securingtomorrow.mcafee.com/business/endpoint-security/your-mobile-phone-friend-or-foe/#respond Wed, 06 Feb 2019 16:00:29 +0000 https://securingtomorrow.mcafee.com/?p=93999

Where would we be without our mobile phones?  Our kids, boss, friends – so many people reach out to us via our mobile phone.  And unfortunately, hackers have also started reaching out – in major ways. The severity of attacks on mobile devices is often underestimated. It is now common to have employees use their […]

The post Your Mobile Phone: Friend or Foe? appeared first on McAfee Blogs.

]]>

Where would we be without our mobile phones?  Our kids, boss, friends – so many people reach out to us via our mobile phone.  And unfortunately, hackers have also started reaching out – in major ways. The severity of attacks on mobile devices is often underestimated. It is now common to have employees use their phones for work-related tasks when they are not within the perimeter of their corporate firewall, giving cybercriminals the opportunity to access sensitive information if and when they hack into an employee’s phone. Let’s take a closer look at some of the common mobile threats that put your business at risk and how to prevent them.

App-Based Threats

Although new mobile malware declined by 24% in Q3 2018, per our latest Quarterly Threats Report, app-based threats still dominate the threat landscape. Malicious actors use social engineering techniques by asking users to update their applications by uninstalling the real app and re-installing a malicious one. With one click, malware can be installed on your mobile device.

Many app-based threats can evolve into more insidious attacks and can go beyond exploiting your personal information. An attacker’s initial goal is to get access and all they need is one vulnerable employee to fall victim to an app-based threat. Once the attacker gains access to an employee’s personally identifiable information (PII) or credentials, they can hijack accounts, impersonate the employee, and trick other employees into divulging even more sensitive corporate data.

Late last year, the McAfee Mobile Research team discovered an active phishing campaign that uses text messages (SMS) to trick users into downloading and installing a fake voice-message app. The app allowed cybercriminals to use infected devices as network proxies without the users’ knowledge.

This year, we expect to see an increase in underground discussions on mobile malware—mostly focused on Android—regarding botnets, banking fraud, ransomware, and bypassing two-factor authentication security.

Risky Wi-Fi Networks

Using public Wi-Fi is one of the most common attack vectors for cybercriminals today. With free public Wi-Fi widely available in larger cities, it has become a convenient way to access online accounts, check emails, and catch up on work while on the go. The industry has seen network spoofing increase dramatically in the past year. To put this into perspective, picture a hacker setting up a rogue access point in a public place like your local bank. A hacker will wait for you to connect to Wi-Fi that you think is a trusted network. Once the hacker gains access, they’re connected to your mobile device. They’ll watch remotely as you access sensitive information, revealing log-in credentials, confidential documents, and more.

Whether you are at home or working remotely, network security needs to be a high priority.

Device Attacks

Cybercriminals have various ways of enticing users to install malware on their mobile devices. Ad and click fraud is a growing concern for device attacks, where criminals can gain access to a company’s internal network by sending an SMS phish. These types of phishing attempts may start as adware, but can easily spread to spyware to the entire botnet.

Another growing concern with mobile device threats is when malware is hidden in other IoT devices and the information obtained by the hacker can be used as an entry point to your mobile device or your company network. With IoT malware families rapidly being customized and developed, it’s important for users to be aware and know how to protect themselves.

How to Better Protect Your Mobile Device

 

Mobile devices have all the organizational information that traditional endpoints have. McAfee® MVISION Mobile lets you protect against threats to your employees and your data on iOS and Android devices like you do on your PCs. With MVISION Mobile, you can manage the defense of your mobile devices alongside your PCs, IoT devices, servers, and cloud workloads inside McAfee ePolicy Orchestrator (McAfee ePO) with unified visibility into threats, integrated compliance reporting, and threat response orchestration.

The most comprehensive mobile device security is on the device itself, and MVISION Mobile delivers unparalleled on-device protection. Visit our web site for more information, and a product tour.

The post Your Mobile Phone: Friend or Foe? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/your-mobile-phone-friend-or-foe/feed/ 0
Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/ https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/#respond Tue, 05 Feb 2019 15:00:38 +0000 https://securingtomorrow.mcafee.com/?p=93996

Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared. “Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to […]

The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.

]]>

Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared.

“Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to new ways of serving up information to customers,” says Butler, whose firm provides a full range of cybersecurity services, from one-time red team engagements to managing security operations, primarily for midsize enterprises. “It’s exciting what technology can do to transform what we do with computers. … We’re seeing a huge uptake in collaboration technology, with a lot of customers moving to AWS [Amazon Web Services].”

But Butler acknowledges his clients’ fears—putting sensitive data in the cloud introduces new risks. “Our job is to help customers leverage digital transformation positively without having to worry about the risks, [such as] breaches and brand reputation damage,” he says. “We’ve had to focus on how we protect them in [the cloud and] those areas of their business—areas that have traditionally been quite dark.”

The Challenge of Securing the Cloud

“Setting up security for the cloud can be quite technical,” Butler explains. “There are a lot of configuration options. … Yes, the cloud brings a lot of speed and scale, but one wrong configuration and suddenly you have an AWS S3 bucket available to the broader public with all of your confidential information on it. The cloud brings benefits, but it also brings new and different risks.”

Confidently Securing the Cloud with Help from McAfee

As one of the longest-running cybersecurity companies in Australia, Loop Secure has been a McAfee partner for over a decade. For its clients moving operations into the cloud, the firm primarily uses McAfee solutions to help them reach their security objectives—easily and effectively. For instance, for a midsize services client, Loop Secure implemented McAfee® Virtual Network Security Platform (McAfee vNSP), a complete network threat and intrusion prevention system (IPS) built for the unique demands of private and public clouds. Using McAfee vNSP allowed the company to apply the same robust security policies to endpoints within AWS as on premises.

“What McAfee brings to the table is a comprehensive portfolio, scale, and focus,” Butler explains. “Like us, McAfee focuses only on cybersecurity. That’s important. … To us, the McAfee ‘Together is Power’ mantra means that with McAfee we have a broader team—our people plus McAfee people and products—all dedicated to keeping our clients’ data and environments safe.”

Many of Butler’s clients use McAfee endpoint, networking, and/or web protection solutions and McAfee ePolicy Orchestrator® (McAfee ePO™). In the near future, Butler looks forward to offering them McAfee MVISION, an innovative, integrated, open system from device to cloud. McAfee MVISION could simplify security for these Loop Secure customers by providing consolidated visibility, comprehension, and control across their entire digital estate.

With the acceleration of cloud adoption by its clients and McAfee’s device-to-cloud approach, “The future’s pretty exciting for both us and McAfee,” Butler says.

View below for a short video interview with Patrick Butler. Get your questions answered by tweeting @McAfee_Business.

The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/feed/ 0
California Consumer Privacy Act https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/ https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/#respond Mon, 04 Feb 2019 14:00:17 +0000 https://securingtomorrow.mcafee.com/?p=93964

This blog was written by Gerald Jones Jr. More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights. Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of […]

The post California Consumer Privacy Act appeared first on McAfee Blogs.

]]>

This blog was written by Gerald Jones Jr.

More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights.

Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of 2018 (CCPA), in June. Amid pressure to act or swallow a more stringent bill initiated by a private California resident, the CCPA broadens the scope of privacy rights for Californians. It includes data access rights and a limited private right of action, or the right to file a lawsuit.

The CCPA takes effect in January 2020 (or July 2020, if the California Attorney General implements additional regulations) and is widely regarded as the foremost privacy law in the United States. Yet the CCPA may have broader implications. The range of companies falling within the Act’s scope, i.e., not just the usual suspects in the technology industry, might pressure Congress into enacting a federal privacy regime, which would pre-empt the CCPA.

The Act grants consumers greater control over their personally identifiable information and prods companies doing business in the state to prioritize the practice of sound data governance. Here are some key takeaways under the CCPA:

  • It impacts companies doing business in California that meet one of the following thresholds:
    • Has annual gross revenues greater than $25 million; or
    • Receives or shares the personal information of 50,000 or more California consumers for monetary or other valuable consideration; or
    • Receives 50% or more of its annual revenue from selling consumer personal information.
  • “Personal Information now explicitly includes IP addresses, geolocation data, and unique identifiers such as cookies, beacons, pixel tags, browsing history, and another electronic network information. Consumer Information includes information that relates to households.
  • The California Attorney General will enforce the law, though Californians have a private right of action limited to circumstances where there is an unauthorized access to nonencrypted personal information or “disclosure of personal information because of a business failure to implement and maintain reasonable security procedures.”
  • Violators of the law are subject to civil penalties of up $2500 per each unintentional violation—failing to cure a violation within 30 days of receiving noncompliance notification from the California Attorney General—and a maximum of $7,500 for each intentional violation (not acknowledging the request for data, for example) if the civil action is brought by the California Attorney General.

What Does This All Mean?

Regulators are working on guidance, and there is still time for amendments to be made on the law, so things might change before the law goes into effect. Residents of the European Economic Area have been exercising their data subject access rights since late May. Now, Californians will join them in being able to similarly ask about the data that CCPA-applicable companies hold about them. The CCPA gives companies a 45-day window to comply with an individual’s request for access to data or deletion (a Data Subject Access Request, or DSAR) in contrast to the GDPR’s 30 days.

Companies may need to prepare for an increase in DSARs and implement new features to comply with the law, like providing two communication methods for consumers electing to exercise their rights (web portal, email address, toll free telephone number, or another viable mode of communication) and provide a conspicuous link on the company’s website that informs the consumer of her CCPA rights.

The California Legislature’s reference to Cambridge Analytica makes it apparent that legislators expect businesses to exercise transparency in their consumer data use practices. Even without legislative nudging, companies are slowly recognizing value in sound privacy and data governance practices. Companies no longer see privacy as a mere compliance checkbox, but instead as a competitive advantage that simultaneously builds consumer confidence.

We may see more changes to the California law, and we likely will see other laws come in to play both in the United States and abroad (Brazil, China, India, etc.), but companies with privacy in their DNA will have an edge over companies scrambling to meet compliance efforts.

The post California Consumer Privacy Act appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/feed/ 0
What You Need to Know About DNS Flag Day https://securingtomorrow.mcafee.com/business/what-you-need-to-know-about-dns-flag-day/ Thu, 31 Jan 2019 17:37:02 +0000 https://securingtomorrow.mcafee.com/?p=94009

This blog was written by Michael Schneider, Lead Product Manger. The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive […]

The post What You Need to Know About DNS Flag Day appeared first on McAfee Blogs.

]]>

This blog was written by Michael Schneider, Lead Product Manger.

The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive to their best knowledge and will be flexible if the data doesn’t fully match a specification. Senders should adhere to specifications and comply with protocol specifications, as laid out in Request for Comment documents (RFCs) by the Internet Engineering Task Force.

DNS was released as RFC 1035 in 1987 and was superseded by EDNS in 1999 with RFCs 2671 and 6891. EDNS, or extension mechanisms for DNS, aimed to flexibly deploy new features into the DNS protocol, including protection against DNS flooding attacks amongst other performance and security enhancements. These attacks can cause a major outage for cloud-based infrastructure, which happened in 2016 with the DDoS attack on DNS provider Dyn.

To avoid such attacks and improve DNS efficiency, several DNS software and service providers—like Google, Cisco, and Cloudflare—have agreed to “coordinate removing accommodations for non-compliant DNS implementations from their software or service,” beginning Feb. 1, 2019, or DNS Flag Day.

Before DNS Flag Day, if an EDNS server requested a name resolution from a non-EDNS resolver, it would first send an EDNS query. If there was no response, the server would then send a legacy DNS query. That means that the timeout for the first query would need to be reached before the legacy DNS query was sent, generating a delayed response. These delays ultimately make DNS operations less efficient.

But with the new changes introduced for DNS Flag Day, any DNS server that doesn’t respond to EDNS will be seen as “dead” and no additional DNS query will be sent to that server. The result? Certain domains or offerings may no longer be available, as name resolution will fail. Organizations should plan to provide a bridge between their internal DNS and a provider’s DNS to ensure that the EDNS protocol is used. They should also work with their vendors to verify that EDNS is part of DNS communication and obtain a version of the respective product that complied with the requirements of EDNS.

The DNS Flag Day protocols are a disruptive move, as they break from Postel’s law—servers can no longer automatically accept every query. But as with most internet-related innovations, progress requires a little disruption.

The post What You Need to Know About DNS Flag Day appeared first on McAfee Blogs.

]]>
The Shifting Risk Profile in Serverless Architecture https://securingtomorrow.mcafee.com/business/cloud-security/the-shifting-risk-profile-in-serverless-architecture/ https://securingtomorrow.mcafee.com/business/cloud-security/the-shifting-risk-profile-in-serverless-architecture/#respond Fri, 11 Jan 2019 16:00:49 +0000 https://securingtomorrow.mcafee.com/?p=93675

Technology is as diverse and advanced as ever, but as tech evolves, so must the way we secure it from potential threats. Serverless architecture, i.e. AWS Lambda, is no exception. As the rapid adoption of this technology has naturally grown, the way we approach securing it has to shift. To dive into that shift, let’s […]

The post The Shifting Risk Profile in Serverless Architecture appeared first on McAfee Blogs.

]]>

Technology is as diverse and advanced as ever, but as tech evolves, so must the way we secure it from potential threats. Serverless architecture, i.e. AWS Lambda, is no exception. As the rapid adoption of this technology has naturally grown, the way we approach securing it has to shift. To dive into that shift, let’s explore the past and present of serverless architecture’s risk profile and the resulting implications for security.

Past

For the first generation of cloud applications, we implemented “traditional” approaches to security. Often, this meant taking the familiar “Model-View-Controller” view to initially segment the application, and sometimes we even had the foresight to apply business logic separation to further secure the application.

But our cloud security model was not truly “cloud-native.”  That’s because our application security mechanisms assumed that traffic functioned in a specific way, with specific resources. Plus, our ability to inspect and secure that model relied on an intimate knowledge of how the application worked, and the full control of security resources between its layers. In short, we assumed full control of how the application layers were segmented, thus replicating our data center security in the cloud, giving up some of the economics and scale of the cloud in the process.

Figure 2. Simplified cloud application architecture separated by individual functions.

Present

Now, when it comes to the latest generation of cloud applications, most leverage Platform-as-a-Service (PaaS) functions as an invaluable aid in the quest to reduce time-to-market. Essentially, this means getting back to the original value proposition for making the move to cloud in the first place.

And many leaders in the space are already making major headway when it comes to this reduction. Take Microsoft as an example, which cited a 67% reduction in time-to-market for their customer Quest Software by using Microsoft Azure services. Then there’s Oracle, which identified 50% reduction in time-to-market for their customer HEP Group using Oracle Cloud Platform services.

However, for applications built with Platform-as-a-Service, we have to think about risk differently. We must ask ourselves — how do we secure the application when many of the layers between the “blocks” of serverless functions are under cloud service provider (CSP) control and not your own?

Fortunately, there are a few things we can do. We can start by having the architecture of the application become a cornerstone of information security. From there, we must ask ourselves, do the elements relate to each other in a well understood, well-modeled way?  Have we considered how they can be induced to go wrong? Given that our instrumentation is our source of truth, we need to ensure that we’re always in the know when something does go wrong – which can be achieved through a combination of CSP and 3rd party tools.

Additionally, we need to look at how code is checked and deployed at scale and look for opportunities to complete side by side testing. Plus, we must always remember that DevOps, without answering basic security questions, can often unwittingly give away data in any release.

It can be hard to shoot a moving target. But if security strategy can keep pace with the shifting risk profile of serverless architecture, we can reap the benefits of cloud applications without worry. Then, serverless architecture will remain both seamless and secure.

The post The Shifting Risk Profile in Serverless Architecture appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/the-shifting-risk-profile-in-serverless-architecture/feed/ 0
McAfee 2018: Year in Review https://securingtomorrow.mcafee.com/business/mcafee-2018-year-in-review/ https://securingtomorrow.mcafee.com/business/mcafee-2018-year-in-review/#respond Fri, 28 Dec 2018 18:37:54 +0000 https://securingtomorrow.mcafee.com/?p=93538

2018 was an eventful year for all of us at McAfee. It was full of discovery, innovation, and progress—and we’re thrilled to have seen it all come to fruition. Before we look ahead to what’s in the pipeline for 2019, let’s take a look back at all the progress we’ve made this year and see how McAfee […]

The post McAfee 2018: Year in Review appeared first on McAfee Blogs.

]]>

2018 was an eventful year for all of us at McAfee. It was full of discovery, innovation, and progress—and we’re thrilled to have seen it all come to fruition. Before we look ahead to what’s in the pipeline for 2019, let’s take a look back at all the progress we’ve made this year and see how McAfee events, discoveries, and product announcements have affected, educated, and assisted users and enterprises everywhere.

MPOWERing Security Professionals Around the World

Every year, security experts gather at MPOWER Cybersecurity Summit to strategize, network, and learn about innovative ways to ward off advanced cyberattacks. This year was no different, as innovation was everywhere at MPOWER Americas, APAC, Japan, and EMEA. At the Americas event, we hosted Partner Summit, where head of channel sales and operations for the Americas, Ken McCray, discussed the program, products, and corporate strategy. Partners had the opportunity to dig deeper into this information through several Q&A sessions throughout the day. MPOWER Americas also featured groundbreaking announcements, including McAfee CEO Chris Young’s announcement of the latest additions to the MVISION product family: MVISION® Endpoint Detection and Response (MVISION EDR) and MVISION® Cloud.

ATR Analysis

This year was a prolific one, especially for our Advanced Threat Research team, which unveiled discovery after discovery about the threat landscape, from ‘Operation Oceansalt’ delivering five distinct waves of attacks on victims, to Triton malware spearheading the latest attacks on industrial systems, to GandCrab ransomware evolving rapidly, to the Cortana vulnerability. These discoveries not only taught us about cybercriminal techniques and intentions, but they also helped us prepare ourselves for potential threats in 2019.

Progress via Products

2018 wouldn’t be complete without a plethora of product updates and announcements, all designed to help organizations secure crucial data. This year, we were proud to announce McAfee MVISION®, a collection of products designed to support native security controls and third-party technologies.

McAfee MVISION® Endpoint orchestrates the native security controls in Windows 10 with targeted advanced threat defenses in a unified management workflow to visualize and investigate threats, understand compliance, and pivot to action. McAfee MVISION®  Mobile protects against threats on Android and iOS devices. McAfee MVISION® ePO, a SaaS service, is designed to eliminate complexity by elevating management above the specific threat defense technologies with simple, intuitive workflows for security threat and compliance control across devices.

Beyond that, many McAfee products were updated to help security teams everywhere adapt to the ever-evolving threat landscape, and some even took home awards for their excellence.

All in all, 2018 was a great year. But, as always with cybersecurity, there’s still work to do, and we’re excited to work together to create a secure 2019 for everyone.

To learn more about McAfee, be sure to follow us at @McAfee and @McAfee_Business.

The post McAfee 2018: Year in Review appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-2018-year-in-review/feed/ 0
McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention https://securingtomorrow.mcafee.com/business/data-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-enterprise-data-loss-prevention/ https://securingtomorrow.mcafee.com/business/data-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-enterprise-data-loss-prevention/#respond Tue, 18 Dec 2018 18:00:25 +0000 https://securingtomorrow.mcafee.com/?p=93246

I am excited to announce that McAfee has been recognized as a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention. I believe our position as a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention is a testament that our device-to-cloud DLP integration of enterprise products helps our customers stay […]

The post McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention appeared first on McAfee Blogs.

]]>

I am excited to announce that McAfee has been recognized as a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention. I believe our position as a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention is a testament that our device-to-cloud DLP integration of enterprise products helps our customers stay on top of evolving security needs, with solutions that are simple, flexible, comprehensive and fast, so that our customers can act decisively and mitigate risks. McAfee takes great pride in being recognized by our customers on Gartner Peers Insights.

In its announcement, Gartner explains, “The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, considering both the number of reviews and the overall user ratings.” To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

 

 

 

For this distinction, a vendor must have a minimum of 50 published reviews with an average overall rating of 4.2 stars or higher during the sourcing period. McAfee met these criteria for McAfee Data Loss Prevention.

Here are some excerpts from customers that contributed to the distinction:

“McAfee DLP Rocks! Easy to implement, easy to administer, pretty robust”

Security and Privacy Manager in the Services Industry

“Flexible solution. Being able to rapidly deploy additional Discover systems as needed as the company expanded was a huge time saving. Being able to then recover the resources while still being able to complete weekly delta discovery on new files being added or changed saved us tens of thousands of dollars quarterly.”

IT Security Manager in the Finance Industry

“McAfee DLP Endpoint runs smoothly even in limited resource environments and it supports multiple platforms like windows and mac-OS. Covers all major vectors of data leakages such as emails, cloud uploads, web postings and removable media file sharing.”

Knowledge Specialist in the Communication Industry

“McAfee DLP (Host and Network) are integrated and provide a simplified approach to rule development and uniform deployment.”

IT Security Engineer in the Finance Industry

 “Using ePO, it’s easy to deploy and manage the devices with different policies.”

Cyber Security Engineer in the Communication Industry

 

And those are just a few. You can read more reviews for McAfee Data Loss Prevention on the Gartner site.

On behalf of McAfee, I would like to thank all of our customers who took the time to share their experiences. We are honored to be a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention and we know that it is your valuable feedback that made it possible. To learn more about this distinction, or to read the reviews written about our products by the IT professionals who use them, please visit Gartner Peer Insights’ Customers’ Choice.

 

  • Gartner Peer Insights’ Customers’ Choice announcement December 17, 2018
The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

The post McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Enterprise Data Loss Prevention appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/data-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-enterprise-data-loss-prevention/feed/ 0
Giving Your Endpoint the Gift of Security This Holiday Season https://securingtomorrow.mcafee.com/business/endpoint-security/giving-your-endpoint-the-gift-of-security-this-holiday-season/ https://securingtomorrow.mcafee.com/business/endpoint-security/giving-your-endpoint-the-gift-of-security-this-holiday-season/#respond Tue, 18 Dec 2018 14:00:18 +0000 https://securingtomorrow.mcafee.com/?p=93238

Suddenly, it’s December, and the beginning of the holiday season. Your coworkers are now distracted with getting in their PTO, flying home to be with family, and completing their shopping lists. But the holiday season isn’t always filled with cheer, it’s got some scrooges too – cybercriminals, who hope to take advantage of the festive […]

The post Giving Your Endpoint the Gift of Security This Holiday Season appeared first on McAfee Blogs.

]]>

Suddenly, it’s December, and the beginning of the holiday season. Your coworkers are now distracted with getting in their PTO, flying home to be with family, and completing their shopping lists. But the holiday season isn’t always filled with cheer, it’s got some scrooges too – cybercriminals, who hope to take advantage of the festive fun to find vulnerabilities and infect unsecured devices. And with many employees out of office, these hackers could potentially pose a serious threat to an organization’s endpoints, and thereby its network. As a matter of fact, there are a few key reasons as to why your organization’s endpoints may be in danger during the holidays. Let’s take a look.

Business Shutdowns

Most companies close down for a handful of days during the holidays, if not a full week or two. That means less people manning the IT station, executing updates, and defending the network if cybercriminals manage to find a way inside. A lack of personnel could be just the opportunity cybercriminals need to take advantage of an open entry point and swoop data from an organization essentially undetected.

Holiday Spirit, Relaxed Attitude

For the employees that do stay online during the holidays, attitudes can range from relaxed to inattentive. Unless their product or service directly relates to the holidays and shopping, businesses tend to be quiet during this time. And with many coworkers out, employees tend to have less reason to be glued to their computer all the time. This could mean cyberattacks or necessary security actions go unattended – irregular activity may not seem as obvious or a necessary software update could go unresolved a little too long. What’s more – the lax attitude could potentially lead to a successful phishing attack. In fact, phishing scams are said to ramp up starting in October, as these cybercriminals are eager to time their tricks with the holiday season. In order to accurately identify a phishing scheme, users have to be aware and have their eyes on their inbox at all times. One false move could potentially expose the entire organization, creating a huge problem for the reduced staff on hand.

Holiday Travel = Public Wi-Fi

Workplace mobility is a great new aspect of the modern age – it permits employees more flexibility and allows them to work from essentially anywhere in the world. But if employees are working out of a public space – such as a coffee shop or an airport – they are likely using public Wi-Fi, which is one of the most common attack vectors for cybercriminals today. That’s because there are flaws in the encryption standards that secure Wi-Fi networks and cybercriminals can leverage these to hack into a network and intercept or infect users’ traffic. If an employee is traveling home for the holidays and using public Wi-Fi to get work done while they do, they could potentially expose any private company information that lies within their device.

BYOD in Full Force

Speaking of modern workplace policies, Bring Your Own Device (or BYOD) – a program that allows employees to bring their own personal devices into work – is a common phenomenon these days. With this program, employees’ personal devices connect to the business’ network to work and likely access company data.

That means there is crucial data living on these personal devices, which could be jeopardized when the devices travel outside of the organization. With the holidays, these devices are likely accompanying the employees on their way to visit family, which means they could be left at an airport or hotel. Beyond that, these employees are more likely to access emails and company data through these mobile devices while they are out of the office. And with more connected devices doing company business, there are simply more chances for device and/or data theft.

Staying Secure While Staying Festive

Now, no one wants their employees to be online all the time during the holidays. Fortunately, there are actions organizations can take to ensure their employees and their network are merry and bright, as well as secure. First and foremost, conduct some necessary security training. Put every employee through security training courses so they’re aware of the risks of public Wi-Fi and are reminded to be extra vigilant of phishing emails during this time. Then, make sure all holes are patched and every update has been made before everyone turns their attention to yuletide festivities. Lastly, if an employee is working remotely – remind them to always use a VPN.

No matter who’s in the office and who’s not, it’s important to have always-on security that is armed for the latest zero-day exploits – like McAfee Endpoint Security. You can’t prevent every user from connecting to a public network or one that is set up for phishing, but you can ensure they have an active defense that takes automatic corrective actions. That way, employees can enjoy the time off and return to a safe and secure enterprise come the new year.

To learn more about endpoint security and McAfee’s strategies for it, be sure to follow us at @McAfee and @McAfee_Business.

 

The post Giving Your Endpoint the Gift of Security This Holiday Season appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/giving-your-endpoint-the-gift-of-security-this-holiday-season/feed/ 0
McAfee Advanced Threat Defense Incorporates the MITRE ATT&CK Framework to Help You Get the Play-by-Play Narrative on Adversaries https://securingtomorrow.mcafee.com/business/security-operations/mcafee-advanced-threat-defense-incorporates-the-mitre-attck-framework-to-help-you-get-the-play-by-play-narrative-on-adversaries/ https://securingtomorrow.mcafee.com/business/security-operations/mcafee-advanced-threat-defense-incorporates-the-mitre-attck-framework-to-help-you-get-the-play-by-play-narrative-on-adversaries/#respond Mon, 17 Dec 2018 14:00:29 +0000 https://securingtomorrow.mcafee.com/?p=93104

In the cybersecurity space, there’s a lot of talk about the “attacker advantage.” As a defender, you’re all too familiar with the concept. Every day, you and your team try to gain ground over adversaries who seem to get the jump on your defenses by exploiting the latest points of vulnerability. Gaining a better understanding […]

The post McAfee Advanced Threat Defense Incorporates the MITRE ATT&CK Framework to Help You Get the Play-by-Play Narrative on Adversaries appeared first on McAfee Blogs.

]]>

In the cybersecurity space, there’s a lot of talk about the “attacker advantage.” As a defender, you’re all too familiar with the concept. Every day, you and your team try to gain ground over adversaries who seem to get the jump on your defenses by exploiting the latest points of vulnerability. Gaining a better understanding of your adversaries and their work through the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework can help bolster your defenses. Available to everyone at no cost, ATT&CK is a shared knowledgebase of information about the techniques, tactics, and processes (TTPs) used in real-world campaigns.

What’s great about ATT&CK is that it not only gets into the details about how cybercriminals mastermind actual attacks, it also helps you strategize your defenses, align your security priorities, and make crucial adjustments to your arsenal. Ultimately, it helps you detect and respond more quickly and effectively when adversaries strike.

Additionally, since ATT&CK has been incorporated into security certification training courses, your junior analysts can upgrade their skill set. By gaining familiarity with the way adversaries act, your analysts can hone their threat-hunting abilities.

Another advantage is that everyone across your entire organization can speak the same language when communicating about security. The ATT&CK framework is a jargon-free zone. As a security professional, you can impart information to your peers and other stakeholders in ordinary, everyday language.

In close collaboration with the MITRE community, McAfee recognizes the value of the ATT&CK framework. With the latest release of McAfee Advanced Threat Defense, our advanced sandboxing analytics solution, we have mapped the ATT&CK framework directly to the reporting feature. McAfee Advanced Threat Defense offers a wide spectrum of easy-to-read, detailed reporting options—from summary reports for action prioritization to mapping results to the ATT&CK framework to analyst-grade malware data. We’ve made it really easy for analysts to quickly switch from identified TTPs in the McAfee Advanced Threat Defense MITRE ATT&CK report to the ATT&CK framework itself for a deeper dive into the specifics of any given attack or identified adversaries.

Apart from the all-important benefit of accelerating detection and response, incorporating the ATT&CK framework also helps analysts demystify their results when communicating with management and the executive team. When everyone uses a common framework to describe the realities of their risk, the whole organization can benefit by reaching consensus about security priorities.

To learn more about McAfee Advanced Threat Defense and the MITRE ATT&CK framework, check out these resources:

MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation.

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Copyright ©2018 McAfee, LLC

The post McAfee Advanced Threat Defense Incorporates the MITRE ATT&CK Framework to Help You Get the Play-by-Play Narrative on Adversaries appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/mcafee-advanced-threat-defense-incorporates-the-mitre-attck-framework-to-help-you-get-the-play-by-play-narrative-on-adversaries/feed/ 0
McAfee India Hosts NASSCOM’s ‘Cyber Security Gurukul’ – An Exclusive Initiative for Women Professionals https://securingtomorrow.mcafee.com/business/mcafee-india-hosts-nasscoms-cyber-security-gurukul-an-exclusive-initiative-for-women-professionals/ https://securingtomorrow.mcafee.com/business/mcafee-india-hosts-nasscoms-cyber-security-gurukul-an-exclusive-initiative-for-women-professionals/#respond Thu, 13 Dec 2018 21:28:59 +0000 https://securingtomorrow.mcafee.com/?p=93095

The Cyber Security Gurukul Series is an initiative by the ‘Women Wizards Rule Tech (W2RT)’, a unique program designed exclusively for Women professionals in Core Technologies by noted industry body NASSCOM. Focused specifically on the IT-ITES/BPM, Product and R&D Firms, the key aim of this initiative is to enable women with deeper knowledge various technologies […]

The post McAfee India Hosts NASSCOM’s ‘Cyber Security Gurukul’ – An Exclusive Initiative for Women Professionals appeared first on McAfee Blogs.

]]>

The Cyber Security Gurukul Series is an initiative by the ‘Women Wizards Rule Tech (W2RT)’, a unique program designed exclusively for Women professionals in Core Technologies by noted industry body NASSCOM. Focused specifically on the IT-ITES/BPM, Product and R&D Firms, the key aim of this initiative is to enable women with deeper knowledge various technologies and thereby nurture them as leaders for tomorrow. It is an initiative McAfee is proud to partake in, which is why on December 4th, McAfee India hosted close to 40 female professionals from many organizations, including McAfee, as a part of NASSCOM’s Cybersecurity Gurukul series.

The half a day session started with a keynote from Venkat Krishnapur, VP Engineering & Managing Director, McAfee India. Addressing the group on “Countering Emerging Threats by Building Security DNA of your Organization”, the session discussed how the exponential growth of connected devices over the past few years has made organizations and individuals prone to cyberattacks more than ever before. Venkat also covered other key topics, such as the increase in the number of cyberattacks, variety and evolution of malware, importance of cloud security in today’s day and age, and how security organizations such as McAfee invest in both technology and people

Following Venkat’s keynote session, Sandeep Kumar Singh, Security Researcher and SSA Lead, McAfee India, hosted a two-hour session for the attendees. The session touched upon various facets of “Introduction to Security Deployment Lifecycle” why it’s imperative for organizations to invest in SDL, the key ingredients of a successful security program, and a walkthrough of key SDL activities. Sandeep also spoke to the group about how choosing a career in cybersecurity will give them a competitive edge, as a shortage of professionals in this field remains a critical vulnerability for organizations and nations alike.

Overall, the event was quite the hit with attendees – as proven by demos, quizzes, and an interactive Q&A session. Sharing their feedback on the event , one of the participants said:

“The Cyber Security session which I attended today at McAfee India will go a long way in helping us enhance our knowledge and skills. The presentation given by Sandeep was excellent and the slides prepared by him were crisp and clear. We’d like to thank NASSCOM for arranging these sessions and we are looking for more such classroom sessions coming on our way.”

Sessions and programs such as these will go a long way in ensuring that organizations are helping pave way for women to enhance their skills, as well as give them an edge in their career development. McAfee is proud to play a role in influencing the overall India/APAC digital security ecosystem through it’s thought leadership.

The post McAfee India Hosts NASSCOM’s ‘Cyber Security Gurukul’ – An Exclusive Initiative for Women Professionals appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-india-hosts-nasscoms-cyber-security-gurukul-an-exclusive-initiative-for-women-professionals/feed/ 0
A Quick Introduction to the MITRE ATT&CK Framework https://securingtomorrow.mcafee.com/business/endpoint-security/a-quick-introduction-to-the-mitre-attck-framework/ https://securingtomorrow.mcafee.com/business/endpoint-security/a-quick-introduction-to-the-mitre-attck-framework/#respond Tue, 11 Dec 2018 21:12:46 +0000 https://securingtomorrow.mcafee.com/?p=93048

If you’re an avid reader of threat trends or a fan of red team exercises, you’ve probably come across a reference to the MITRE ATT&CK framework in the last few months. If you have ever wondered what it was all about or if you’ve never heard of it but are interested in how you can […]

The post A Quick Introduction to the MITRE ATT&CK Framework appeared first on McAfee Blogs.

]]>

If you’re an avid reader of threat trends or a fan of red team exercises, you’ve probably come across a reference to the MITRE ATT&CK framework in the last few months. If you have ever wondered what it was all about or if you’ve never heard of it but are interested in how you can improve your security posture, this blog is for you.

To start with, let’s explain what MITRE is. MITRE is a nonprofit organization founded in 1958 (and funded with federal tax dollars) that works on projects for a variety of U.S. government agencies, including the IRS, Department of Defense (DOD), Federal Aviation Administration (FAA), and National Institute of Standards and Technology (NIST). It is not a professional third-party cybersecurity testing agency, which is a common misconception. Its focus is to provide U.S. government agencies with essential deliverables—such as models, technologies and intellectual property—related to U.S. national security, including cybersecurity, healthcare, tax policy, etc. In the cybersecurity landscape, MITRE is mostly known for managing Common Vulnerabilities and Exposures (CVEs) for software vulnerabilities. Note that CVEs are pre-exploitation/defense, whereas the MITRE ATT&CK model is focused on post-exploitation only.

Your next question is probably around what MITRE ATT&CK is and what makes it a model or a framework. The name stands for: Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). It is a curated knowledgebase and model for cyberadversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target. The tactics and techniques looked at in the model are used to classify adversary actions by offense and defense, relating them to specific ways of defending against them. What began as an idea in 2010 during an experiment has since grown into a set of evolving resources for cybersecurity experts to contribute to and apply for red teaming, threat hunting, and other tasks. Security practitioners can harden their endpoint defenses and accurately assess themselves by using the model and the tools to help determine how well they are doing at detecting documented adversary behavior.

If you’ve been in the security realm for a while, this may remind you somewhat of Lockheed Martin’s Cyber Kill Chain. It stated that attacks occur in stages and can be disrupted through controls established at each stage. It was also used to reveal the stages of a cyberattack. To understand the overlap of the two models, take a look at this figure:

In the figure above we see that the MITRE ATT&CK matrix model is essentially a subset of the Cyber Kill Chain, but it goes in depth when describing the techniques used between the Deliver and Maintain stages. The Cyber Kill Chain, including the MITRE ATT&CK model, might look like a linear process, but it actually isn’t. It’s rather a branching and looping chain, but we have shown it in a linear fashion to make it easier to understand.

At McAfee, we embrace the MITRE model as a fabulous and detailed way to think about adversarial activity, especially APTs post-compromise, and are applying it to different levels and purposes in our organization. Specifically, we are engineering our endpoint products using the insights gained from MITRE ATT&CK to significantly enhance our fileless threat defense capabilities. Additionally, we are using it to inform our roadmaps and are actively contributing to the model by sharing newly discovered techniques used by adversaries. We are partnering with MITRE and were recently a core sponsor of the inaugural MITRE ATT&CKcon in the Washington, D.C. area.

Over the next few weeks, I’ll continue to go deeper into how MITRE ATT&CK matrix testing works, how you can use it, how it’s different from other testing methods, and how McAfee is investing in it.

The post A Quick Introduction to the MITRE ATT&CK Framework appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/a-quick-introduction-to-the-mitre-attck-framework/feed/ 0
McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-endpoint-protection-platforms/ https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-endpoint-protection-platforms/#respond Fri, 07 Dec 2018 17:47:10 +0000 https://securingtomorrow.mcafee.com/?p=92988

We are excited to announce that McAfee has been recognized as a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms.  McAfee takes great pride in this distinction, as we feel that real-world feedback from our customers is the driving force behind the recognition and that they have spoken loudly about the value they […]

The post McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms appeared first on McAfee Blogs.

]]>

We are excited to announce that McAfee has been recognized as a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms.  McAfee takes great pride in this distinction, as we feel that real-world feedback from our customers is the driving force behind the recognition and that they have spoken loudly about the value they are receiving from our products.

In its announcement, Gartner explains, “Since October 2015, more than 100,000 reviews across more than 300 markets have been posted to Gartner Peer Insights. In markets where there is enough data, Gartner Peer Insights recognizes the vendors who are the most highly rated by their customers through the Customers’ Choice distinction. This peer-rated distinction can be a useful complement to expert opinion, as it focuses on direct peer experiences of implementing and operating a solution.” To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors.

 

 

 

For this distinction, a vendor must have a minimum of 50 approved ratings with an average overall rating of 4.2 stars or higher. McAfee received 651 reviews and an average 4.4 rating out of 5 total for the Endpoint Protection Platforms market as of November 19th, 2018.

Here are some excerpts from customers that contributed to the distinction:

“This is what an Endpoint Security Solution should look like”

 Cyber Security Analyst in the Government Industry

“McAfee ENS has been a complete game changer in the world [of] endpoint security.”

Infrastructure and Operations in the Retail Industry

“Seamless upgrade from legacy products to ENS, ePO is probably the best management console I’ve used for any product I’ve used”

Sr. Desktop Engineer in the Services Industry

And those are just a few. You can read more reviews for McAfee Endpoint Security on our web site and on the Gartner site.

On behalf of McAfee, I would like to thank all of our customers who took the time to share their experiences. We are delighted to be a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms and we believe that it is your valuable feedback which made it possible. To learn more about this distinction, or to read the reviews written about our products by the IT professionals who use them, please visit Gartner Peer Insights Customers’ Choice announcement page.

 

  • Gartner Peer Insights’ Customers’ Choice for Endpoint Security and Protection Software announcement November 19, 2018

 

The Gartner Peer Insights Customers’ Choice logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

The post McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-named-a-2018-gartner-peer-insights-customers-choice-for-endpoint-protection-platforms/feed/ 0
Extending Security to the Public Cloud is the Easy Part https://securingtomorrow.mcafee.com/business/extending-security-to-the-public-cloud-is-the-easy-part/ https://securingtomorrow.mcafee.com/business/extending-security-to-the-public-cloud-is-the-easy-part/#respond Thu, 06 Dec 2018 16:00:57 +0000 https://securingtomorrow.mcafee.com/?p=92929

“The biggest challenge of securing the public cloud isn’t technical.” That’s the opinion of an IT security analyst at a large U.S. government contractor. He should know. In the last year, his company rolled out a multi-tiered cloud environment, with instances in Amazon Web Services (AWS) as well as on premises. For this company, which […]

The post Extending Security to the Public Cloud is the Easy Part appeared first on McAfee Blogs.

]]>

“The biggest challenge of securing the public cloud isn’t technical.”

That’s the opinion of an IT security analyst at a large U.S. government contractor. He should know. In the last year, his company rolled out a multi-tiered cloud environment, with instances in Amazon Web Services (AWS) as well as on premises.

For this company, which administers federal and state programs that directly assist a broad sector of the American population, leveraging the public cloud made sense. Using the cloud would reduce total cost of ownership (TCO), provide clients and end users with easier access to their information via web-based portals, and enable quickly ramping up or scaling down bandwidth requirements to support the widely fluctuating number of users across projects. However, cybersecurity was a critical concern.

Fast, easy deployment of cloud protection and highly granular policies

Before launching its first contracted project using a public cloud, the company thoroughly researched its cloud security options. Based on its research, the company decided to implement McAfee Cloud Workload Security to bolster the security of data within AWS. “With McAfee Cloud Workload Security, we can get very granular with our policies,” the systems analyst said. “It is a very powerful tool in [the cloud] environment. We are able to be very proactive in pushing out to endpoints [in the cloud] what they need.”

By bridging native AWS API driven data sources such as GuardDuty with a cloud workload protection platform like McAfee Cloud Workload Security (CWS), tenants of AWS can use the data-rich sources of AWS within CWS manage and secure mission critical workloads with advanced security from a single console.

Since the company’s security team already relied on the McAfee integrated security platform and McAfee ePolicy Orchestrator (McAfee ePO) management console, deploying McAfee Cloud Workload Security was simple and took less than a week. Once the solution and its components were implemented, the company had end-to-end visibility into all cloud workloads and their underlying platforms plus insights into weak security controls, unsafe firewall and encryption settings, and indicators of compromise (IoCs).

Small IS team easily adds management of cloud protection

The company supports its 15,000 professionals and 35,000 endpoints with an information security team of only five people spread across three locations. Such a lean staff is possible primarily thanks to McAfee ePO. Adding cloud protection to the company’s security arsenal required no additional staff. The team simply extended its ability to easily set policies and monitor and manage endpoint protection from on premises into the cloud.

“Whether on premises or in the cloud, we can easily add or customize policies to meet the security needs of each specific contract and project,” the systems analyst said. “McAfee has made it very easy to bring in new workloads.” For example, one of the company’s projects involves multiple federal agencies and multiple types of workloads. These workloads include SQL and Oracle databases, imaging software (since volumes of documents must be stored digitally for years), and agency-specific and contract-specific applications.

The real challenge of securing the cloud

So, what is the difficult part of securing the public cloud?

According to the systems analyst, “The biggest challenge is overcoming the perception that the cloud can’t be secured. We have had to educate both internally and externally that we can extend our existing threat defenses beyond our physical infrastructure to the public cloud. Education is ongoing, but our success thus far at securely leveraging the public cloud is converting the naysayers.”

To read a case study and learn about how the company relies on McAfee to secure the cloud, click here. To watch a video of the systems analyst talking about his experience with McAfee, please view below.

The post Extending Security to the Public Cloud is the Easy Part appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/extending-security-to-the-public-cloud-is-the-easy-part/feed/ 0
Are You Sharing in this Cyberwarfare? https://securingtomorrow.mcafee.com/business/are-you-sharing-in-this-cyberwarfare/ https://securingtomorrow.mcafee.com/business/are-you-sharing-in-this-cyberwarfare/#respond Mon, 26 Nov 2018 16:00:08 +0000 https://securingtomorrow.mcafee.com/?p=92802

If your organization is, you can win on a couple fronts… In traditional warfare, information sharing is key. The notion of sharing insight on your opponent is extremely valuable and cannot be underestimated. The basic principles in Sun Tzu’s The Art of War state you must know yourself and know your opponent to be successful. […]

The post Are You Sharing in this Cyberwarfare? appeared first on McAfee Blogs.

]]>

If your organization is, you can win on a couple fronts…

In traditional warfare, information sharing is key. The notion of sharing insight on your opponent is extremely valuable and cannot be underestimated. The basic principles in Sun Tzu’s The Art of War state you must know yourself and know your opponent to be successful. Cyberwarfare is no different. Information is obtained and exchanged to gain the upper hand. Translating to cybersecurity, you must know your vulnerabilities; understand the attackers’ tactics; and leverage a vulnerability (system or user), deception, hiding tactics, and strike efforts at an unexpected time and location. Sharing this insight is crucial to establishing detection and protection strategies. Just start with your current infrastructure sharing insight. Imagine your IT and security functions working together to protect your environment. Consider if critical vulnerability information is shared with your endpoint security or if network security blocks suspicious users or devices to detect and confine highly vulnerable devices. Maximizing your IT infrastructure to coordinate efforts will deter the creative attacker.

Basics of cybersharing

Cybersharing discussions begin with essential cybersharing framework components that address the why and the what:

  • Identify the problem to be solved
  • List the functions or products involved
  • Simply describe what you want to happen
  • Map these actions to one of four key capabilities (receive an event, ask a question, take action, and publish an event)

Using a robust cybersecurity sharing framework takes the technical heavy lifting out of integrations, allowing you to focus on what’s important. Cybersharing begins with understanding the problem you are trying to solve (such as blocking a non-compliant endpoint from your network), knowing what products are involved (endpoint solution or a Network Access Control solution), understanding what you want to have happen (if an endpoint is incorrectly configured, be sure to restrict its network access), and mapping these to framework capabilities (ask the endpoint a question on its configuration status, transmit this status to the Network Access Control solution, and depending on the status, allow or block). It’s really that simple, automated, and effective.

(on the side) Integrating security tools can improve your response time by 20% (MSI Research, 2018).

Highs and lows of cybersharing

Cybersharing is not a new concept. The industry has been working on it for a while with many stakeholders. Many initiatives have come and gone in the past—the industry has always clamored for it, but it has often fallen into the “too hard” or “too expensive” bracket. Until now. There is now a belief among security vendors that we cannot do everything with just one vendor. Sharing is essential to defending our environments and defeating our adversaries.

A cybersharing option to consider

Sharing can be difficult and time-consuming. Just getting the connection to share the information may require writing to a proprietary API, which means lots of maintenance and manual efforts to add new connections. And once you have the connection, the information flow is daunting. Imagine a world where you simply share within your environment without the need to write to proprietary APIs or write with prescribed data structures.

Enter Data Exchange Layer (DXL). DXL is an established and proven communication layer, allowing security functions and tools to share and collaborate information based on a messaging topic. It’s like real-time tweets, only in this context the “tweet” would be a piece of security information and the “followers” would be your security products.

Over 4,000 organizations are participating in OpenDXL, the open source initiative using DXL to interconnect security functions to coordinate defenses. This interconnection can be a one-to-many-systems ratio or a one-to-one. It may be a simple exchange of specific threat intelligence or threat insight with a recommended response. We feel open sourcing this framework is key to information sharing—no ties to a vendor, no lock-in, and no restrictions on who or what products can integrate with DXL.

Everything you need to get started is on OpenDXL.com—from the components, to pre-built development environments in Docker containers, to documentation and pre-built integrations (including in many cases the source code). Get started and elevate your security program today.

Taking cybersharing to new heights

It’s time to join the DXL challenge—the first cybersharing contest of its kind. We’re introducing a recognition program, DXL Super Stars, to share these critical DXL integrations that improve security efficiency and efficacy. Join the cybersharers and win cash! Don’t delay—submissions must be in by late January.

 

The post Are You Sharing in this Cyberwarfare? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/are-you-sharing-in-this-cyberwarfare/feed/ 0
McAfee Leads the Charge to Embrace and Expand the MITRE ATT&CK Framework https://securingtomorrow.mcafee.com/business/security-operations/mcafee-leads-the-charge-to-embrace-and-expand-the-mitre-attck-framework/ https://securingtomorrow.mcafee.com/business/security-operations/mcafee-leads-the-charge-to-embrace-and-expand-the-mitre-attck-framework/#respond Tue, 20 Nov 2018 16:00:04 +0000 https://securingtomorrow.mcafee.com/?p=92795

In October, I was privileged to attend the two-day MITRE ATT&CK™ conference, where participants and attendees voiced their support for the ATT&CK framework. The event, sponsored by McAfee, served as a forum for sharing insights and best practices for using ATT&CK as a way to describe and demystify the complexities of today’s cyberattacks. MITRE is […]

The post McAfee Leads the Charge to Embrace and Expand the MITRE ATT&CK Framework appeared first on McAfee Blogs.

]]>

In October, I was privileged to attend the two-day MITRE ATT&CK™ conference, where participants and attendees voiced their support for the ATT&CK framework. The event, sponsored by McAfee, served as a forum for sharing insights and best practices for using ATT&CK as a way to describe and demystify the complexities of today’s cyberattacks. MITRE is well known for its threat-based research in cybersecurity, including highly adopted standards and tools like STIX/TAXII and Common Vulnerability Exposure (CVE).

What is the MITRE ATT&CK framework? Why is it so important to the security community?

ATT&CK is a publicly accessible knowledgebase of adversary tactics and techniques based on real-world observations. For the first time ever, the vendor-agnostic ATT&CK framework enables us to standardize the threat intelligence-sharing process and describe how adversaries prepare for, launch, and execute their attacks. Armed with this knowledge, both security vendors and customers can work toward improving their detection and prevention methods.

What makes ATT&CK so robust is the large community of contributors. By making ATT&CK content available to every practitioner worldwide, MITRE has created a growing community that is fostering innovation in open source tools, products, and services based on the framework.

Best of all, ATT&CK provides a common, easy-to-understand language that can be consumed in bite-size chunks. It enables practitioners to explain complex concepts to management and customers by relating the security risks to business.

How are organizations using the ATT&CK framework?

Speakers representing a wide spectrum of organizations—from the government, private sector, and security arena—shared ways in which they are benefitting from ATT&CK:

  • Building industry-specific threat profiles and doing adversary emulation through red teaming: By acting like real-life adversaries, red teams perform penetration testing using threat-specific techniques to detect network and system vulnerabilities and to test the efficacy of security tools. This enables organizations to answer questions that are critical for their security operations team:
    • Is my organization a target, and what kinds of groups are targeting us?
    • How do these adversarial groups operate?
    • Have we seen the adversary before?
    • What is their motivation? What is the potential impact to my organization?

By using ATT&CK, red teams, who are doing the attacking, can easily communicate with and share their findings with blue teams, who are doing the defending.

  • Red team automation at the unit, or atomic test, level: Recently, several assessment tools have emerged that automate testing of detection and prevention on a granular level against a wide range of adversarial techniques identified by ATT&CK. Gartner expects that these tools will gain ground in security operations and may supplant traditional penetration testing.1
  • Operationalization of intelligence at a tactical level: Large companies with mature security operations organizations are using ATT&CK as a framework to drive their ongoing security operations center (SOC) activities. Specifically, they are using ATT&CK in the following ways:
    • Improving their detection capabilities by engineering new content to feed into their security information and event management (SIEM) solution, intrusion detection system (IDS), and intrusion prevention system (IPS)
    • Creating hypotheses for hunting adversaries on the network
    • Tracking adversary groups using tactics, techniques, and procedures (TTPs) for SOC processes, such as network security management, forensics, and others
    • Combining ATT&CK with vulnerability management and configuration management to drive overall risk management initiatives, such as prioritizing security architecture and control gaps

What is our role in driving ATT&CK forward?
McAfee is collaborating closely with MITRE in extending their ATT&CK techniques and aligning our products to show coverage and context based on this framework. Both participants and attendees at the conference agreed that ATT&CK is a necessary component for a viable enterprise security strategy.

At our booth, we demonstrated how we have incorporated ATT&CK into McAfee MVISION Endpoint Detection and Response (MVISION EDR), which is scheduled for Q1 2019 availability. Visitors were impressed with how detection is based on and mapped to the ATT&CK framework, allowing a faster, more consistent process to determine the phases of a threat, assess associated risk, and prioritize response.

With our expanded expertise in EDR, threat intelligence, threat hunting, and the cloud, we have identified multiple opportunities to further our collaboration with MITRE.

We also plan on becoming even more involved with the MITRE ATT&CK community through active participation in practitioners’ forums and events like this conference. We are launching new initiatives to enable us to contribute to the ATT&CK knowledgebase by publishing and sharing our research and learnings about new adversarial techniques, incident response methodologies, and red teaming processes.

If you were unable to attend, you can view videos of the ATT&CK conference sessions on YouTube.

To learn more about MITRE ATT&CK, check out resources that we have published on this topic:

 

1 Gartner, 2018. “BAS and Red Teams Will Kill the Pentest.” https://blogs.gartner.com/augusto-barros/2018/02/14/bas-and-red-teams-will-kill-the-pentest/.

 

The post McAfee Leads the Charge to Embrace and Expand the MITRE ATT&CK Framework appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/mcafee-leads-the-charge-to-embrace-and-expand-the-mitre-attck-framework/feed/ 0
Why Traditional Database Security Doesn’t Protect Data https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/why-traditional-database-security-doesnt-protect-data/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/why-traditional-database-security-doesnt-protect-data/#respond Wed, 14 Nov 2018 17:23:45 +0000 https://securingtomorrow.mcafee.com/?p=92703

If we asked database administrators, security teams, and risk teams about their definition of what database security is, the answers would vary widely. Each team views the definition based on their own requirements, but the one answer that most likely won’t appear is: “To protect data.” Traditionally, database security has always been seen as a […]

The post Why Traditional Database Security Doesn’t Protect Data appeared first on McAfee Blogs.

]]>

If we asked database administrators, security teams, and risk teams about their definition of what database security is, the answers would vary widely.

Each team views the definition based on their own requirements, but the one answer that most likely won’t appear is: “To protect data.”

Traditionally, database security has always been seen as a means to protect the database systems from vulnerabilities, missing patches, simple misconfigurations, or SQL injections. While this certainly holds true in today’s environments too, we cannot ignore the fact that requirements for securing a company’s most valuable asset—its data—have changed.

Adding data to database security

With the increase in regulatory compliance requirements such as PCI-DSS, HIPAA, SOX, and GDPR, enterprises are asking more and more from their data protection solutions. Data is seen as the new oil—a way to fuel companies. Protecting data must be at the core of every strategy. Where better to start than the one place most data resides, the database?

Database security solutions in today’s data- and compliance-driven environments must not only allow companies to measure the level of security of their databases but must provide the ability to locate personal identifiable data, business critical data, and any other data that is of value to the organization.

In addition, any data that is discovered must be monitored, in real time, 24/7. Long gone are the days when audit logs were sufficient or simple network monitoring was considered adequate. Data is the world’s greatest asset and companies must invest in protecting their own data as well as their customers’ data.

As-a-service: a world of shared responsibilities

Database(s)-as-a-service is one of the fastest growing markets within the world of cloud. It provides organizations with unparalleled amounts of scalability and compute power while at the same time removing many of the challenges that we would see as traditionally related to database security (vulnerability and patch management, for example). In the shared responsibility world of the cloud, the one constant is data. Customers are always responsible for protecting and monitoring their data.

Too many data breaches are successful because the exfiltration of data was made possible by either very little or no real-time monitoring of the data. Traditional database security is not designed to protect data, it’s designed to protect the database from malicious SQL injections or vulnerabilities. One might argue that is data protection. But in reality, database security in today’s data-driven environments must allow organizations to monitor anyone and anything that accesses the “crown jewels,” in real time, with the ability to stop unauthorized access to data.

McAfee helps fill that gap by offering software-based database security solutions that allow the monitoring of database instances across both on-premises solutions and the cloud. Non-intrusive, lightweight, and easy to deploy, McAfee database security solutions allow customers to enjoy all the benefits of moving to a hybrid cloud enterprise database environment while retaining control over security, risk, and data protection.

For more information, visit the database security product information page.

The post Why Traditional Database Security Doesn’t Protect Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/why-traditional-database-security-doesnt-protect-data/feed/ 0
NIST’s Creation of a Privacy Framework https://securingtomorrow.mcafee.com/business/nists-creation-of-a-privacy-framework/ https://securingtomorrow.mcafee.com/business/nists-creation-of-a-privacy-framework/#respond Wed, 31 Oct 2018 19:50:12 +0000 https://securingtomorrow.mcafee.com/?p=92370

On Tuesday, Oct. 16, the National Institute of Standards and Technology (NIST) held its “Kicking off the NIST Privacy Framework: Workshop #1” in Austin, Texas. I was honored to be asked to participate. This was the first in a series of public workshops focusing on the development of a useful and voluntary Privacy Framework, like […]

The post NIST’s Creation of a Privacy Framework appeared first on McAfee Blogs.

]]>

On Tuesday, Oct. 16, the National Institute of Standards and Technology (NIST) held its “Kicking off the NIST Privacy Framework: Workshop #1” in Austin, Texas. I was honored to be asked to participate. This was the first in a series of public workshops focusing on the development of a useful and voluntary Privacy Framework, like the NIST Cybersecurity Framework (CSF).

Event participation was outstanding. NIST’s initial registration for the event was filled in less than 90 minutes. Realizing they needed a bigger room, NIST moved to a space that nearly doubled the potential attendance. When the reopening of the registration was announced, it was filled in less than an hour. Many well-known names in the privacy field attended, with the audience primarily consisting of privacy consultants, lawyers, and other professionals trying to figure out how the Privacy Framework fits into their future.

NIST previously brought together both public and private sector individuals interested in solving problems that face us all. The CSF was a highly successful effort to develop a lightweight, valuable, and adoptable framework focused on improving the “security programs” of organizations. While initially developed in response to presidential executive order 13636, the CSF was never meant to be a government document. Speaking to critical infrastructure and cybersecurity organization representatives at the first Cybersecurity Framework meeting, previous NIST director Dr. Pat Gallagher said, “This is not NIST’s framework, this is yours.” He was absolutely right.

Over the next year, more than 3,000 professionals participated in CSF workshops, responded to requests for information, and provided comments on work-in-progress drafts. The result was something that achieved the CSF’s initial goals: It’s beneficial to all sectors and is usable by a range of organizations from small businesses to some of the largest corporations on the planet. The CSF is having a positive global influence with its adoption by various countries. It’s also assisting in the global alignment of cybersecurity languages and practices.

NIST has established many of the same goals for the Privacy Framework. These goals include:

  1. Developing the Privacy Framework through a consensus-driven, open, and highly transparent process
  2. Establishing a common language, providing for a consistent means to facilitate communication across all aspects of an organization
  3. Ensuring it is adaptable and scalable to many differing types of organizations, technologies, lifecycle phases, sectors, and uses
  4. Developing a voluntary, risk-based, outcome-based, and non-prescriptive privacy framework
  5. Ensuring it is usable as part of any organization’s broader corporate risk management strategy and processes
  6. Taking advantage of and incorporating existing privacy standards, methodologies, and guidance
  7. Establishing it as a living document that is updated as technology and approaches to privacy change and as stakeholders learn from implementations

During the Privacy Framework Kickoff, I was pleased to hear questions that were similar to what I heard during the initial CSF Kickoff. There was real tension in the room during the CSF Kickoff—a sense of not knowing how it was going to impact organizations’ cybersecurity-related responsibilities. The same tension was present during the Privacy Framework Kickoff conversations. We are just beginning to try to understand a solution that doesn’t yet exist.

It’s hard to see the result of a Privacy Framework from where we sit today. How can we develop and position a framework like this to be valuable for both U.S. and global businesses? What is intended for this effort? What are potential definition needs? What is harm? What new technology could influence this? How do we position this for the next 25 years of privacy, not just the past five?

We have started down a path that will likely take more than a year to complete. I envision the emerging Privacy Framework as addressing best practices in privacy while being compatible with and supporting an organization’s ability to operate under the various domestic and international legal or regulatory regimes. The Privacy Framework should not be focused on the legal aspects of privacy, but rather on what organizations need to consider in their own privacy programs. This is a journey just begun. From my perspective, the workshop on Oct. 16 was an outstanding start to the development of a consensus-driven Privacy Framework. I look forward to the active discussions and work ahead.

The post NIST’s Creation of a Privacy Framework appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/nists-creation-of-a-privacy-framework/feed/ 0
MPOWER Americas Cybersecurity Summit 2018 is a Wrap! https://securingtomorrow.mcafee.com/business/mpower-americas-cybersecurity-summit-2018-is-a-wrap/ https://securingtomorrow.mcafee.com/business/mpower-americas-cybersecurity-summit-2018-is-a-wrap/#respond Thu, 25 Oct 2018 22:57:54 +0000 https://securingtomorrow.mcafee.com/?p=92266 This year’s MPOWER Americas was packed with innovative keynote speakers, the MPOWER Partner Summit, tons of sessions, technical deep dives, demos, an Innovation Fair, and much more. Take a look at some of the highlights from this year’s event! “Together is Power” in Action at Partner Summit On Tuesday, we hosted Partner Summit, our first […]

The post MPOWER Americas Cybersecurity Summit 2018 is a Wrap! appeared first on McAfee Blogs.

]]>
This year’s MPOWER Americas was packed with innovative keynote speakers, the MPOWER Partner Summit, tons of sessions, technical deep dives, demos, an Innovation Fair, and much more. Take a look at some of the highlights from this year’s event!

“Together is Power” in Action at Partner Summit

On Tuesday, we hosted Partner Summit, our first event associated with MPOWER 2018. During the event, head of channel sales and operations for the Americas, Ken McCray, took the stage and discussed the road map going forward and new opportunities for partners. He emphasized the important role partners play in McAfee’s strategy to provide threat defense and data protection from device to cloud.

During Partner Summit, we also announced the addition of 17 new partners and 16 newly certified integrations to the Security Innovation Alliance. The program now includes 152 partners worldwide and highlights the need for the cybersecurity industry to work together to handle the challenges of today’s changing cyberthreat landscape.

Before the day came to a close, we announced the winners of our distinguished Partner Awards, which recognizes partners who demonstrate the embodiment of three foundational pillars of the McAfee Partner Program: strategic relationships, profitable partnerships, and driving better customer outcomes.

Day One of MPOWER Americas 2018

MPOWER officially kicked off when McAfee CEO, Chris Young, welcomed attendees and urged everyone to think about the road map to the future we’re building together. He explored three key factors defining that map: the constantly evolving threatscape, the ever-shifting technology landscape, and regulators working to protect individuals and their data as threats and technology evolve.

MVISION EDR and MVISION Cloud Announced on MPOWER Mainstage

At MPOWER, Chris Young announced the latest additions to the MVISION product family: MVISION Endpoint Detection and Response (MVISION EDR), an offering that provides new endpoint security capabilities, and MVISION Cloud, which is based on technology gained via the acquisition of Skyhigh Networks in early 2018.

Vice president and general manager of corporate products, Raja Patel, and principal engineer Ismael Valenzuela took the mainstage to demonstrate how MVISION EDR, as a cloud-native solution, helps human responders detect, remediate, and investigate threats with more speed and agility. Raja Patel said that the goal of MVISION EDR is to reduce the time it takes to detect and respond to threats.

Senior vice president of the cloud security business unit, Rajiv Gupta, then introduced MVISION Cloud. He explained that it’s a cloud-native platform that integrates seamlessly with cloud service providers, giving businesses the comprehensive control they need to enable employees, developers, and partners to be productive, while satisfying customers and accelerating business.

Day One keynotes wrapped up with a compelling talk by acclaimed journalist and historian Walter Isaacson. He was then joined by McAfee CMO, Allison Cerra, for a fireside chat. They discussed innovation, collaboration, and networking.

Day Two of MPOWER Americas 2018

Chris Young started Day Two of MPOWER talking about how MVISION’s management-led, cloud-delivered tools answer the call of today’s constantly evolving threatscape. He emphasized that MVISION optimizes our customers’ resources so they can spend more time running their security programs and fighting adversaries

Following Chris Young’s closing remarks, Sir Tim Berners-Lee, the inventor of the World Wide Web, shared an inspiring keynote and was then joined by Rob Sloan from the Wall Street Journal for an insightful conversation about data, privacy, and how we can continue to secure the World Wide Web.

Saving the best for last, senior vice president and CTO, Steve Grobman, took the stage to reveal Project Apollo, a pipeline to ingest, redact, and analyze 116 million data points in just five minutes. He said Project Apollo will help McAfee customers increase situational awareness and visibility so they can derive actionable insights by combining what’s coming from their own environment with threat intelligence data collected by over 1 billion McAfee sensors from networks, endpoints, the perimeter, and the cloud worldwide.

Advanced Threat Research Team Reveals Operation Oceansalt

On the last day of MPOWER, our Advanced Threat Research team revealed their latest discovery: Operation Oceansalt, a new cyberespionage campaign targeting South Korea, the United States, and Canada. It uses a 2010 data reconnaissance implant from the hacker group APT1, or Comment Crew, a Chinese military-affiliated group.

Thank you everyone who attended MPOWER Americas 2018. We hope to see you next year!

 

The post MPOWER Americas Cybersecurity Summit 2018 is a Wrap! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mpower-americas-cybersecurity-summit-2018-is-a-wrap/feed/ 0
New Wave of Browser Hijackers and How to Protect Your Environment https://securingtomorrow.mcafee.com/business/new-wave-of-browser-hijackers-and-how-to-protect-your-environment/ https://securingtomorrow.mcafee.com/business/new-wave-of-browser-hijackers-and-how-to-protect-your-environment/#respond Tue, 23 Oct 2018 17:50:50 +0000 https://securingtomorrow.mcafee.com/?p=92145 We recently received customer submissions related to a phishing campaign that was redirecting users to a browser hijacker. It became clear, after analysis, that these cases were related to a technical support scam in which the attacker uses scare tactics—such as displaying fake error messages and phone numbers—to trick the user into thinking they are […]

The post New Wave of Browser Hijackers and How to Protect Your Environment appeared first on McAfee Blogs.

]]>
We recently received customer submissions related to a phishing campaign that was redirecting users to a browser hijacker. It became clear, after analysis, that these cases were related to a technical support scam in which the attacker uses scare tactics—such as displaying fake error messages and phone numbers—to trick the user into thinking they are infected with malware and paying for unnecessary technical support. This has special relevance for both consumer and corporate users since businesses rely heavily on emails. Phishing emails are one major contributor to security breaches.

As shown in the picture below, the user receives an email asking them to click on a box to display a message. When the user clicks the message, they are redirected to a URL prompting for user credentials.

The malicious URL is revealed by hovering over the message box, as shown in the screenshot below. These URLs tend to be available for a short time and are frequently changed in the phishing email.

The user may be redirected to a website like the one displayed below. Users may be tricked into providing their credentials.

This behavior resembles ransomware, since the user is unable to exit the browser as it enters full-screen mode. The user may also hear audio, which has also been observed with some ransomware variants. If you are unable to close the tab or the browser, open the task manager using Ctrl + Alt + Delete, locate the browser, and then terminate the process.

The screenshot below illustrates another example with some slight changes.

All domains involved in this campaign were purchased from Namecheap. The email accounts used to propagate this phishing attack are legitimate accounts that were compromised. Email hashes cannot be provided since they contain customer information.

How does McAfee protect users from technical support scam threats?

The malicious HTML embedded in the email has DAT coverage as “Phish-EmailFraud.icu” and it is included in current DATs. Users can also use a combination of other McAfee products to protect their environment and their employees. Some of the products available are McAfee SiteAdvisor and McAfee Security for Microsoft Exchange.

McAfee SiteAdvisor

By using McAfee SiteAdvisor, the user collects the malicious URLs and adds them to the blocked sites list. This prevents other users from mistakenly providing their credentials if they receive the phishing email.

This can be achieved by accessing the Block and Allow List Policy in McAfee ePolicy Orchestrator (McAfee ePO) and adding the URL as illustrated below.

McAfee Endpoint Security 10.5 product guide:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26799/en_US/ens_1050_help_0-00_en-us.pdf

McAfee Security for Microsoft Exchange

McAfee Security for Microsoft Exchange can be used to block the sender’s email address and prevent the phishing email from being sent to additional employees. This variant was taking advantage of a local user account to send the phishing emails. By using McAfee Security for Microsoft Exchange, users can blacklist their email addresses so they are not sent malicious emails.

McAfee Security for Microsoft Exchange 8.6.0 product guide:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27213/en_US/msme_860_pg_en-us.pdf

What else can you do?

Any suspicious URLs can also be checked on the TrustedSource site. This will help determine if McAfee is aware of the URL and already providing coverage as illustrated below.

The URLs associated with this phishing attack have been classified as high risk in TrustedSource and McAfee SiteAdvisor.

How do I submit a malicious URL to McAfee?

Send an email to sites@mcafee.com and they will gladly work with you.

 

For more information on phishing attacks, please visit the following links:

Knowledge Center article: How to recognize and protect yourself from phishing

Blog: How to Spot Phishing Lures

Blog: Don’t get hooked – phishing email advice for your employees

The post New Wave of Browser Hijackers and How to Protect Your Environment appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-wave-of-browser-hijackers-and-how-to-protect-your-environment/feed/ 0
Securing the Social Security Number to Protect U.S. Citizens https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/ https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/#respond Wed, 10 Oct 2018 13:01:19 +0000 https://securingtomorrow.mcafee.com/?p=91724 With cyber criminals having more flexibility in funding and operations than ever before, U.S. citizens are vulnerable not only to breaches of security but also of privacy. In the United States, no article of personal information is meant to be more private or secure than the Social Security Number (SSN). This is for good reason. […]

The post Securing the Social Security Number to Protect U.S. Citizens appeared first on McAfee Blogs.

]]>
With cyber criminals having more flexibility in funding and operations than ever before, U.S. citizens are vulnerable not only to breaches of security but also of privacy. In the United States, no article of personal information is meant to be more private or secure than the Social Security Number (SSN). This is for good reason. The SSN has become a common identifier in the U.S. and is now integrated into many identification processes across different institutions.

The SSN is also the gateway to all sorts of other personal information – health records, financial positions, employment records, and a host of other purposes for which the SSN was never designed but has come to fulfill. What do all these pieces of information have in common? They are meant to be private.

Unfortunately, the unforeseen overreliance on the SSN as an identifier has left citizens’ identities vulnerable. The reality is that the SSN can easily be stolen and misused. It is a low-risk, high-reward target for cybercriminals that is used for fraudulent activities and also sold in bulk on the cybercrime black market. This has resulted in major privacy and security vulnerabilities for Americans, with some estimates saying that between 60 percent and 80 percent of all SSNs have been stolen. For example, Equifax and OPM breaches exposed probably millions of SSNs.

This is not a new problem.

Twenty-five years ago, computer scientists voiced concerns about sharing a single piece of permanent information as a means of proving a person’s identity. The issue has only recently gained national attention due to major breaches where cyber criminals were able to access millions of consumers’ personal online information. So, why hasn’t there been any significant measure put in place to safeguard digital identities?

A major reason for a lack of action on this issue has been a lack of incentives or forcing functions to change the way identity transactions work. But it’s time for policymakers to modernize the systems and methods that identify citizens and enable citizens to prove their identity with minimal risk of impersonation and without overtly compromising privacy.

The good news is that the U.S. has the technology pieces to put in place a high-quality and high security identity solution for U.S. citizens.

There are reasonable and near-term steps we can take to modernize and protect the Social Security Number to create better privacy and security in identification practices. McAfee and The Center for Strategic and International Studies (CSIS) recently released a study on Modernizing the Social Security Number with the aim of turning the Social Security Number into a secure and private foundation for digital credentials. The report’s ultimate recommendation is to replace the traditional paper Social Security card with a smart card — a plastic card with an embedded chip, like the credit cards that most people now carry. Having a smart card rather than a paper issued SSN would make the SSN less vulnerable to misuse.

A smart card is a viable solution that already has the infrastructure in place to support it. However, there are other potential solutions that must not be overlooked, such as biometrics. Biometrics measure personal features such as voice, fingerprint, iris and hand motions. Integrating biometrics into a system that relies on two-factor authentication would provide a security and privacy threshold that would make it very difficult for cybercriminals to replicate.

What is most critical, however, is that action is taken. This is an issue that deserves immediate attention and action. Every day this matter remains unresolved is another day cyber criminals continue their efforts to compromise consumer data in order to impersonate those whose data has been breached.

With the Social Security Number serving as the ultimate identifier, isn’t it time that we modernize it to address today’s evolving privacy vulnerabilities? Modernizing the SSN will help with authentication, will provide more security, and will help safeguard individual privacy. Modernizing the SSN must be a high priority for our policymakers.

The post Securing the Social Security Number to Protect U.S. Citizens appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/feed/ 0
5 Things Your Organization Needs to Know About Multi-Cloud https://securingtomorrow.mcafee.com/business/cloud-security/5-things-your-organization-needs-to-know-about-multi-cloud/ https://securingtomorrow.mcafee.com/business/cloud-security/5-things-your-organization-needs-to-know-about-multi-cloud/#respond Thu, 04 Oct 2018 15:00:55 +0000 https://securingtomorrow.mcafee.com/?p=91778 Cloud awareness and adoption continues to grow as more enterprises take advantage of the benefits that come with multiple cloud platforms. As this trend continues its upward trajectory, we see more tech vendors coming to market with new tools designed to address a variety of different challenges. Whether you are switching up your multi-cloud strategy […]

The post 5 Things Your Organization Needs to Know About Multi-Cloud appeared first on McAfee Blogs.

]]>
Cloud awareness and adoption continues to grow as more enterprises take advantage of the benefits that come with multiple cloud platforms. As this trend continues its upward trajectory, we see more tech vendors coming to market with new tools designed to address a variety of different challenges.

Whether you are switching up your multi-cloud strategy or starting from scratch, here are a few things your organization needs to know first about multi-cloud.

Determine what features will either make or break your multi-cloud strategy

When picking the best multi-cloud structure for your business, be bold. Build a vision for what you need cloud services to do for your company; worry less about “how” and more about the “why” and “what” you need from your providers. The reality is that top cloud providers in IaaS/PaaS and, separately, SaaS spaces are offering extremely versatile capabilities and compelling value. It is important to understand what features are make or break and which ones change the way your organization works when it comes to selecting vendors.

Outside of single requests for a new or different capability, your organization needs to rationalize the different needs for each down to “collections” of related needs. For example, consider SaaS for well-known, repeatable needs first, then look to move or re-deploy capability into IaaS or build natively in PaaS for efficient applications.

Security measurements that are important when architecting a multi-cloud structure

First and foremost, avoid looking at your new cloud infrastructure as a separate environment. It’s not merely a new data center, so an organization also needs to consider how switching to a cloud infrastructure will shift how the organization secures assets. Consider looking to resources like the MITRE ATT&CK matrix and the Center for Internet Security’s Basic and Foundational Controls list as a guide for answering this question: “In the future, how do I maintain unified visibility and security when I incorporate new cloud providers?”

For a successful multi-cloud migration, use your cloud access security layer and a platform that ultimately unifies your policy and threat identification approaches. Identity is another common challenge area. Moving to the cloud at scale often requires your organization to “clean up” your identity directory to be ready and accommodating of shared sign-on. By using an identity management and/or aggregation platform to expose identity to well-known cloud services, you will be able to ease the cloud implementation burden and threat exposure of any given provider.

Ensure compliance

It’s important to know that your organization’s compliance requirements are not mitigated or transmuted simply because the data has left your internal environment and entered the one your cloud provider(s) uses. As your organization matures, the way you manage and align your cloud provider’s capabilities to your compliance requirements should evolve accordingly.

Initially, ensure that your company requires business unit executives to apply or accept the risk of compliance obligations where service providers may not have every requirement. Your legal team should be a part of the initial purchase decisions, armed with technical knowledge to help identify potential “rogue” cloud services and policy guidelines that dissuade employees from adding services “on a credit card” without appropriate oversight.

As your organization gains more experience with the cloud, request that providers share copies of the SSAE16 attestations / audits. This, together with more formal due diligence processes, should become commonplace.  Organizations looking to advance in this space would be well-advised to look at the Cloud Security Alliance’s STAR attestation and the associated Cloud Controls Matrix as a ready accelerator to benchmark cloud providers.

Approaching buy-in from exec/C-level on a multi-cloud strategy

Use of cloud services should reflect the strategic focus of the business. Technology leaders can leverage the benefits of these services to underpin initiatives in efficiency, bringing innovation to market and controlling costs. To strengthen this message, technology department heads should consider the metrics and operations adjustments that will allow them to demonstrate the enhanced value of the cloud beyond just the bottom line. If you are trying to get exec/C-level buy in, consider the following:

  • How will you measure the speed of introducing new capabilities?
  • Are new areas of value or product enhancement made possible through cloud services?
  • How will the organization measure and control usage to hit your cost targets?
  • How do you know whether your organization is getting what you have contracted for from cloud providers?
  • Do you have a mechanism for commercial coverage of the organization when things go wrong?

Protect your organization and secure the cloud

Organizations will often “upgrade” in some areas of basic security (perimeter, basic request hygiene) when making the move to well-known cloud providers. How the overall security posture is affected depends heavily on the level of diligence that goes into onboarding new cloud providers. Implementing critical technical measures like the Cloud Access Security layer and policy around how the cloud is procured and technically implemented should drive basic control requirements.

We previously discussed the challenges of governing cloud and the maturity model that we use with customers to ascertain their readiness for new cloud providers.

As the number of cloud providers scales in the environment, your organization needs to assess and document them based on how much your organization depends on a given service and the sensitivity of the data those services will hold. Services that are prioritized higher on these two fronts should have increased organizational scrutiny and technical logging integration in order to maintain the overall defensive posture of the company.

As with any other technology trend, the missteps in making the transition to business and consumer cloud services have received outsized coverage. Take the time to dive into the “hows” and “whys” of early cloud breaches to avoid becoming a potential victim. A resource like the Cloud Security Alliance’s “Top Threats to Cloud Computing: Deep Dive” and McAfee’s report on “Practical Guidance and the State of Cloud Security” can be a great place to start.

Learning from someone else’s experiences is always highly preferred, though. After all, learning about cloud incident response after the fact can be a hard, costly lesson!

The post 5 Things Your Organization Needs to Know About Multi-Cloud appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/5-things-your-organization-needs-to-know-about-multi-cloud/feed/ 0
‘Together is Power’ Means Collaboration https://securingtomorrow.mcafee.com/business/together-is-power-means-collaboration/ https://securingtomorrow.mcafee.com/business/together-is-power-means-collaboration/#respond Mon, 01 Oct 2018 16:16:37 +0000 https://securingtomorrow.mcafee.com/?p=91695

Crozer-Keystone Health System in Pennsylvania comprises five hospitals and operates several outpatient centers, a sports club, and a comprehensive physician network of primary-care and specialty practices. Systems Engineer Michael Mize works daily to protect the sensitive data of thousands of patients served by more than 1,000 physicians and 6,000 total employees. Mize has seen first-hand how the threat […]

The post ‘Together is Power’ Means Collaboration appeared first on McAfee Blogs.

]]>

Crozer-Keystone Health System in Pennsylvania comprises five hospitals and operates several outpatient centers, a sports club, and a comprehensive physician network of primary-care and specialty practices. Systems Engineer Michael Mize works daily to protect the sensitive data of thousands of patients served by more than 1,000 physicians and 6,000 total employees. Mize has seen first-hand how the threat landscape has evolved over time and is adapting priorities accordingly.  

To be effective today, security teams must get more efficient. Mize incorporates the advanced capabilities of technology into the SOC to help staff work more productively. For example, by moving to McAfee Endpoint Security (ENS) 10, machine learning will help block malicious threats, freeing up security professionals to focus on higher-level tasks. But Mize also understands the value of building a comprehensive culture of security to create a truly secure environment. “’Together is power’ to me means collaboration,” says Mize. Crozer-Keystone brings this to life by working with other security professionals across the industry but also by focusing on educating its own employees. 

Mize describes a good day as one when users proactively reach out after receiving something they think might be a phishing attempt. Developing this kind of security-first mindset among staff doesn’t come automatically, so it’s good to see results from their training and reinforcement efforts. His team releases a monthly IT security bulletin on specific topics, such as phishing or physical security. In addition, the company provides a toll-free IT Security Incident hotline for reporting any suspicious problems and encourages unusual issues be reported to anyone in IT. 

Crozer-Keystone also partners with other organizations, attending events like MPOWER, to learn more about the security landscape and understand what solutions are available. Mize says it’s important to collaborate with others in the same situation to help his team better understand what they’re doing right, where they can improve and what both parties can do together moving forward. To illustrate this, whenever he encounters an outside organization with a user who has had their email account hacked – via a phishing email that reached his system, for example – he calls their help desk to connect with his peer at their business. He then describes what he’s observed and provides instructions for how he recommends they correct the issue.  

“I do this as a courtesy because we should all be looking out for each other even though it may take a few minutes out of our day. Maybe other security professionals will share this mindset and be more willing to help each other.” 

Hear more from Michael Mize on the impact of growing up with McAfee and how collaboration is making a difference at Crozer-Keystone in this video. 

The post ‘Together is Power’ Means Collaboration appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/together-is-power-means-collaboration/feed/ 0
The Top 3 Reasons to Integrate DLP with a Cloud Access Security Broker (CASB) https://securingtomorrow.mcafee.com/business/data-security/the-top-3-reasons-to-integrate-dlp-with-a-cloud-access-security-broker-casb/ https://securingtomorrow.mcafee.com/business/data-security/the-top-3-reasons-to-integrate-dlp-with-a-cloud-access-security-broker-casb/#respond Wed, 19 Sep 2018 20:00:44 +0000 https://securingtomorrow.mcafee.com/?p=91444 Companies of all sizes are adopting cloud-based services, such as Microsoft Office 365, as a way to give their end-users greater flexibility and easier access to core business applications.  This requires corporate IT departments to reexamine their current data security posture, including Data Loss Prevention policies to better monitor and control sensitive data that are […]

The post The Top 3 Reasons to Integrate DLP with a Cloud Access Security Broker (CASB) appeared first on McAfee Blogs.

]]>
Companies of all sizes are adopting cloud-based services, such as Microsoft Office 365, as a way to give their end-users greater flexibility and easier access to core business applications.  This requires corporate IT departments to reexamine their current data security posture, including Data Loss Prevention policies to better monitor and control sensitive data that are being created in the cloud, traversing from endpoint devices to cloud applications, and vice versa.

For those of you who want to extend your DLP policies to the cloud and create a seamless, unified data protection experience, check out the latest integration between McAfee DLP and McAfee Skyhigh Security Cloud DLP (CASB).   Here’s why:

Your upgrade is painless

With the latest integration of McAfee Endpoint DLP and Skyhigh Security Cloud, existing DLP customers can easily extend current enterprise DLP policies to the cloud via the McAfee ePO console.  Connecting the two solutions can be as easy as one click and as fast as under one minute.

Your DLP detection is consistent

Consistent data protection policies will be created to protect the data, whether it is residing on the endpoint, being shared via the network, or traversing to cloud applications.  This is done via the McAfee ePO console by sharing the on-prem DLP classification tags which help define cloud DLP policies.  These tags are available out-of-the-box.

Your single view for all incident management and reporting

With the McAfee ePO console, you have a single pane of glass management experience.  DLP violations can be viewed in McAfee ePO whether the incident is from an on-prem device or a cloud application.

With the integration, there are additional benefits you can gain including real-time activity monitoring and threat protection against Shadow IT, the ability to identify anomalous behavior using Cloud data, integration with McAfee® Global Threat Intelligence to inspect cloud data, along with out-of-the-box policy templates based on business requirement, compliance regulation, industry, cloud service, and third-party benchmark.

Figure 1. Simple architecture of McAfee DLP and McAfee Skyhigh Security Cloud Integration

With more data being created in and sent to the cloud every day, it is more important than ever to have a set of consistent DLP policies that protects data from any leakage vectors – whether it’s corporate endpoints, unmanaged devices, in the network or in cloud applications.  For a view of the integration in action, check out the video below:

The post The Top 3 Reasons to Integrate DLP with a Cloud Access Security Broker (CASB) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/data-security/the-top-3-reasons-to-integrate-dlp-with-a-cloud-access-security-broker-casb/feed/ 0
Where is Your Security Management Journey Going? https://securingtomorrow.mcafee.com/business/where-is-your-security-management-journey-going/ https://securingtomorrow.mcafee.com/business/where-is-your-security-management-journey-going/#respond Wed, 12 Sep 2018 15:00:11 +0000 https://securingtomorrow.mcafee.com/?p=91453 Navigating security management is an ongoing process and sometimes erratic given the chaotic threat environment.  Maneuvering these often-uncharted cyber seas proves complicated and difficult. Is your cybersecurity vessel capable of sailing through tumultuous tides? Earlier this year we set out to obtain a snapshot of where organizations (McAfee & non-McAfee customers) were in their security […]

The post Where is Your Security Management Journey Going? appeared first on McAfee Blogs.

]]>
Navigating security management is an ongoing process and sometimes erratic given the chaotic threat environment.  Maneuvering these often-uncharted cyber seas proves complicated and difficult. Is your cybersecurity vessel capable of sailing through tumultuous tides?

Earlier this year we set out to obtain a snapshot of where organizations (McAfee & non-McAfee customers) were in their security management capabilities and their desired solutions moving forward through commissioned global research with MSI. It would be fair to say the profile of organizations’ security management capabilities were vast from minimal security management to somewhat integrated and robust. But no matter where you ended on the spectrum, the most consistent pain point was the need to reduce complexity.

What’s alarming is that many IT and security professionals are managing cybersecurity with no management tool, thereby burdening themselves with too many consoles, multiple logins and time-consuming manual efforts.

Top Likes & Asks

The top useful management features were: (1) a holistic, integrated view from a single console, (2) the ability to manage multiple products, and (3) the capabilities to automate deployment and updates.  Future desired improvements were focused on getting the security tools to work together.

  • The desire to integrate tools is key for many (74%) with the top integrations to be with endpoint, server and threat intelligence. And the noted perceived value of integration would be 20% savings in time.
  • Over 77% want automation of repeatable tasks noting a time savings of 25%.
  • 77% want tools to orchestrate between each other.
  • 84% want an advanced dashboard to provide their current security posture.

And if these features are not available it would give reason to replace their current security management with a single management console that includes these capabilities.

Is this your top requests list?

All these features make sense.  Cybersecurity threats have evolved requiring specialized prevention, detection and remediation techniques and tools.  This has created a tools sprawl and isolated technologies with separate management consoles working in silos to accomplish a security function.  At times this leaves a gap where pertinent context is left out or opens another doorway for the attacker.  You have separate sophisticated tools to find advance threats.  You have separate tools to enforce security policy across your enterprise whether it’s updating security software to address the latest threat, changing a data policy or tools to exclusively protect your cloud environment.  Managing many disparate security tools is daunting.  Good news, your tool chest is chuck full but are they working together as a unified security front with no gaps? These wish list items will get you closer to have your security tools working together.

Wishes Do Come True

We are pleased to note that McAfee ePO™ meets these top feature asks and desired improvements. McAfee ePo is a single console security management solution that manages multiple products and automates security policy enforcement across your entire enterprise.  To drive the working together there are over 150 3rd party integrations and ePO manages the data exchange layer (DXL), the communication layer that shares threat intelligence, alerts and triggers actions to resolve.  And to top it off, ePO is now available in a couple of deployment options: on-premise, ePO on AWS as IaaS or MVISION ePO as SaaS.

McAfee ePO is a proven security management solution with nearly 40,000 customers. It continues to evolve as the cybersecurity landscapes changes.   Don’t just hear it from us—let our customers do the talking. Check out below what an Insurance company says about McAfee and McAfee ePO.

The post Where is Your Security Management Journey Going? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/where-is-your-security-management-journey-going/feed/ 0
Moving to a Software-Defined Data Center and Its Impact on Security https://securingtomorrow.mcafee.com/business/cloud-security/moving-to-a-software-defined-data-center-and-its-impact-on-security/ https://securingtomorrow.mcafee.com/business/cloud-security/moving-to-a-software-defined-data-center-and-its-impact-on-security/#respond Thu, 30 Aug 2018 13:00:36 +0000 https://securingtomorrow.mcafee.com/?p=91275 For 57% of enterprise organizations in our latest survey on cloud adoption, IT infrastructure took the form of a hybrid cloud, i.e. a mix of public cloud infrastructure-as-a-service (IaaS) and some form of private cloud data center. At McAfee, we spend a lot of time speaking about the benefits of using public cloud infrastructure providers […]

The post Moving to a Software-Defined Data Center and Its Impact on Security appeared first on McAfee Blogs.

]]>
For 57% of enterprise organizations in our latest survey on cloud adoption, IT infrastructure took the form of a hybrid cloud, i.e. a mix of public cloud infrastructure-as-a-service (IaaS) and some form of private cloud data center. At McAfee, we spend a lot of time speaking about the benefits of using public cloud infrastructure providers like AWS and Azure. We spend less time discussing private cloud, which today is increasingly software-defined, earning the name “software-defined data center” or SDDC.

Infrastructure designed to operate as an SDDC provides the flexibility of cloud with the most control possible over IT resources. That control enables well-defined security controls with the potential to rise above and beyond what many teams are used to having at their disposal in a traditional data center, particularly when it comes to micro-segmenting policy.

To start, the concept of software-defined data center describes an environment where compute, networking, and often storage are all virtualized and abstracted above the physical hardware they run on. VMware handles the largest share of these virtualized deployments, which is a natural extension of their long history of transforming single-purpose servers into far more cost-effective virtual server infrastructure. The big change here is adding network virtualization through their technology NSX, which frees the network from physical constraints and allows it to be software-defined.

In a physical network, your infrastructure has a perimeter which you allow traffic in/out of. This limits your control to the physical points where you can intercept that traffic. In a software-defined network (a critical part of a software-defined data center) your network can be controlled at every logical point in the virtual infrastructure. For a simple example, say you have 100 VMs running in 3 compliance-based groupings. Here is how your policy could be constructed at a high level in an SDDC:

  1. Group 1: PCI compliant storage. Every VM in this group is tagged for Group 1, and network traffic limited to internal IPs only.
  2. Group 2: GDPR compliant application with customer data. Again, each VM is tagged for its group to share the same policy, this time enforcing encryption and read-only access.
  3. Group 3: Mixed-use, general purpose VMs with varying compliance requirements. In this case, each VM needs its own policy. Some may be limited to single-IP access, others open to the internet. A per-VM policy effectively introduces micro-segmentation to your infrastructure.

The point of these basic examples is to clarify the opportunity that a software-defined data center has to fine-tune policy for your assets held on-premises. If you’re also running in AWS or Azure, then what you’ve kept on-premises likely consists of your most sensitive assets, which require the most stringent protection. Controlling policy down to the individual VM gives you this flexibility. Once you’re controlling policy at the VM-level, you can also monitor and control the communication between those VMs (i.e. east-west or intra-VM), stopping lateral threat movement from one VM to another within your data center.

If you’re in a state where certain assets simply can’t enter the public cloud, and you want to make improvements in your resource efficiency and protection strategy, you should consider building out a plan to completely virtualize your data center, including the network. To help you with that strategy, we partnered with VMware and research firm IDC to write a short paper on the security benefits of adopting a software-defined data center. You can read it here to dive deeper into this topic.

The post Moving to a Software-Defined Data Center and Its Impact on Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/moving-to-a-software-defined-data-center-and-its-impact-on-security/feed/ 0
Using Security-First Strategies to Keep Customer Data Safe https://securingtomorrow.mcafee.com/business/using-security-first-strategies-to-keep-customer-data-safe/ https://securingtomorrow.mcafee.com/business/using-security-first-strategies-to-keep-customer-data-safe/#respond Wed, 29 Aug 2018 17:01:53 +0000 https://securingtomorrow.mcafee.com/?p=91301

MGM Resorts International operates 27 resort properties worldwide, including more than 420 bars and restaurants and 282 retail establishments. SVP, Chief Information Security Officer Scott Howitt oversees security for the entire global enterprise, which encompasses 20,000 endpoints, various operating systems, and applications that span the gaming, hospitality, entertainment, food and beverage, retail and hotel industries. […]

The post Using Security-First Strategies to Keep Customer Data Safe appeared first on McAfee Blogs.

]]>

MGM Resorts International operates 27 resort properties worldwide, including more than 420 bars and restaurants and 282 retail establishments. SVP, Chief Information Security Officer Scott Howitt oversees security for the entire global enterprise, which encompasses 20,000 endpoints, various operating systems, and applications that span the gaming, hospitality, entertainment, food and beverage, retail and hotel industries. MGM Resort International’s reputation rests heavily on keeping its customers data safe and secure.

Howitt and his team work relentlessly to block threats and mitigate risk as quickly and efficiently as possible. He has overseen the transformation of MGM Resort International’s security ecosystem and continues to evolve it to stay ahead of ever-changing threats. Implementation of solutions such as McAfee Investigator and use of the Open Data Exchange Layer (OpenDXL) have reduced the time needed to block and remediate threats, keeping its businesses and customers safer. Howitt has also adopted some key strategies on top of these critical tools to help build a culture of security among his team.

Continually adapt and learn

Keeping ahead of zero-day attacks and new advanced threats requires a security infrastructure that continually gets smarter. By bringing in innovative technologies, such as machine learning and AI used by McAfee Investigator, MGM Resorts International’s defenses can adapt and learn to protect, detect, and correct faster.

Leverage technology that advances team learning

Using McAfee’s Investigator tool has also matured the team, helping them learn from each other. By providing greater continuity in the handoffs during an incident response process, everyone has a clearer view of the investigation, leading to increased efficiency. This also makes it easier to transfer knowledge from veteran staff to newer team members via the tool, advancing the team much faster.

Think longer term and build a layered defense architecture

The company has moved over the years from a security environment made up of a collection of point solutions to an adaptive ecosystem of interconnected security solutions and services that work together. McAfee Threat Intelligence Exchange and OpenDXL have supported Howitt in realizing this vision of a comprehensive, layered defense architecture. This approach not only helped build a more integrated security environment, but vendor consolidation saved money and simplified operational overhead.

Use the community

Once a quarter MGM Resorts International gathers representatives from McAfee and its three other major security partners to discuss possible use cases and how to leverage OpenDXL. Howitt admits their partners were hesitant at first to work closely with competitors, but they embraced it when they saw how working together could make their tools more efficient and powerful through collaboration. “… the more collaboration you have, the more likely you are to find better ways to use a tool or make it work better and be more secure,” says Howitt.

Learn more about how MGM Resorts International works with McAfee to make its businesses and customer safer using a security-first approach.

The post Using Security-First Strategies to Keep Customer Data Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/using-security-first-strategies-to-keep-customer-data-safe/feed/ 0
It’s Quiz Time! How Well Do You Know Endpoint Security Best Practices? https://securingtomorrow.mcafee.com/business/endpoint-security/its-quiz-time-how-well-do-you-know-endpoint-security-best-practices/ https://securingtomorrow.mcafee.com/business/endpoint-security/its-quiz-time-how-well-do-you-know-endpoint-security-best-practices/#respond Wed, 29 Aug 2018 15:00:54 +0000 https://securingtomorrow.mcafee.com/?p=91282 How confident are you that you have the best security practices in place across your organization? Like most, you probably have your concerns.  Ever wonder what keeps your peers up at night and how your security practices compare to others? We recently sponsored a SANS survey on endpoint protection and response which surveyed IT professionals who […]

The post It’s Quiz Time! How Well Do You Know Endpoint Security Best Practices? appeared first on McAfee Blogs.

]]>
How confident are you that you have the best security practices in place across your organization? Like most, you probably have your concerns.  Ever wonder what keeps your peers up at night and how your security practices compare to others?

We recently sponsored a SANS survey on endpoint protection and response which surveyed IT professionals who voiced concerns about their endpoints and shared best practices. The SANS Survey revealed striking results about organizations endpoint protection.

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

Not prepared? Lucky for you this is an “open-book” test. Find some cheat sheets and study guides below.

Report: Endpoint Protection and Response: A SANS Survey

Infographic: SANS Survey Key Findings

Blog: Top Three Ways You Can Simplify and Automate Your Endpoint  Protection, Detection and Response Capabilities

The post It’s Quiz Time! How Well Do You Know Endpoint Security Best Practices? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/its-quiz-time-how-well-do-you-know-endpoint-security-best-practices/feed/ 0
Creating Ripples: The Impact and Repercussions of GDPR, So Far https://securingtomorrow.mcafee.com/business/data-security/creating-ripples-the-impact-and-repercussions-of-gdpr-so-far/ https://securingtomorrow.mcafee.com/business/data-security/creating-ripples-the-impact-and-repercussions-of-gdpr-so-far/#respond Tue, 28 Aug 2018 14:00:35 +0000 https://securingtomorrow.mcafee.com/?p=91106 “GDPR is coming, GDPR is coming!” For months this was all we heard – everyone was discussing GDPR’s impending arrival on May 25th, 2018, and what they needed to do to prepare for the new privacy regulation. GDPR – the General Data Protection Regulation – first came to fruition on April 14th, 2016, as a replacement […]

The post Creating Ripples: The Impact and Repercussions of GDPR, So Far appeared first on McAfee Blogs.

]]>
“GDPR is coming, GDPR is coming!” For months this was all we heard – everyone was discussing GDPR’s impending arrival on May 25th, 2018, and what they needed to do to prepare for the new privacy regulation. GDPR – the General Data Protection Regulation – first came to fruition on April 14th, 2016, as a replacement for the EU’s former legislation, Data Protection Directive. At its core, GDPR is designed to give EU citizens more control over their personal data. But in order for that control to be placed back in consumers’ hands, organizations have to change the way they do business. In fact, just five months after the implementation date, we’ve already seen GDPR leave an impact on companies. Let’s take a look at the ramifications that have already come to light because of GDPR, and how the effects of the legislation may continue to unfold in the future.

Even though the EU gave companies two years to ensure compliance, many waited until the last minute to act. Currently, no one has been slapped with the massive fines, but complaints are already underway. In fact, complaints have been filed against Google, Facebook, and its subsidiaries, Instagram and WhatsApp. Plus, Max Schrem’s None of Your Business (NOYB) and the French association La Quadrature du Net have been busy filing complaints all around Europe. “Data Protection officials have warned us that they will be aggressively enforcing the GDPR, and they watch the news reports. European Economic Area (EEA) residents are keenly aware of the Regulation and its requirements, and are actively filing complaints,” said Flora Garcia, McAfee’s lead privacy and security attorney, who managed our GDPR Readiness project.

However, the ramifications are not just monetary, as the regulation has already affected some organizations’ user bases, as well as customer trust. Take Facebook for example – the social network actually attributes the loss of 1 million monthly active users to GDPR, as reported in their second quarter’s earnings. Then there’s British Airlines, who claims in order to provide online customer service and remain GDPR compliant, their customers must post personal information on social media. Even newspapers’ readership has been cut down due to the legislation, as publications such as the Los Angeles Times and Chicago Tribune stopped allowing European readers access to their sites in order to avoid risk. “This is the new normal, and all companies need to be aware of their GDPR obligations. Companies outside of the EEA who handle EEA data need to know their obligations just as well as the European companies,” Garcia says.

GDPR has had tactical repercussions too; for instance, it has changed the communication on the way the IT sector stores customer data. A consumer’s ‘right to be forgotten’ means organizations have to clearly explain how a customer’s data has been removed from internal systems when they select this option, but also ensure a secure backup copy remains. GDPR also completely changes the way people view encrypting and/or anonymizing personal data.

What’s more — according to Don Elledge, guest author for Forbes, GDPR is just the tip of the iceberg when it comes to regulatory change. He states, “In 2017, at least 42 U.S. states introduced 240 bills and resolutions related to cybersecurity, more than double the number the year before.” This is largely due to the visibility of big data breaches (Equifax, Uber, etc.), which has made data protection front-page news, awakening regulators as a result. And with all the Facebook news, the Exactis breach, and the plethora of data leaks we’ve seen this so far this year, 2018 is trending in the same direction. In fact, the California Consumer Privacy Act of 2018, which will go into effect January 1st, 2020, is already being called the next GDPR. Additionally, Brazil signed a Data Protection Bill in mid-August, which is inspired by GDPR, and is expected to take effect in early 2020. The principles are similar, and potential fines could near 12.9 million USD. And both China and India are currently working on data protection legislation of their own as well.

So, with GDPR already creating ripples of change and new, similar legislation coming down the pipeline, it’s important now more than ever that companies and consumers alike understand how a piece of data privacy legislation affects them. Beyond that, companies must plan accordingly so that their business can thrive while remaining compliant.

To learn more about GDPR and data protection, be sure to follow us at @McAfee and @McAfee_Business, and check out some of our helpful resources on GDPR.

 

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

 

The post Creating Ripples: The Impact and Repercussions of GDPR, So Far appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/data-security/creating-ripples-the-impact-and-repercussions-of-gdpr-so-far/feed/ 0
How Human-Machine Teaming Helps Security Operations Deal With Greater Volume of Threats and Data https://securingtomorrow.mcafee.com/business/how-human-machine-teaming-helps-security-operations-deal-with-greater-volume-of-threats-and-data/ https://securingtomorrow.mcafee.com/business/how-human-machine-teaming-helps-security-operations-deal-with-greater-volume-of-threats-and-data/#respond Fri, 24 Aug 2018 14:00:53 +0000 https://securingtomorrow.mcafee.com/?p=91112 Cybersecurity threats are hitting organizations more frequently and from more directions than ever before. Unfortunately, enterprise security teams aren’t growing as quickly as the threats they face, which means infosec professionals have to work more efficiently to keep up. One way to build a more efficient IT security operation is to adopt human-machine teaming solutions […]

The post How Human-Machine Teaming Helps Security Operations Deal With Greater Volume of Threats and Data appeared first on McAfee Blogs.

]]>
Cybersecurity threats are hitting organizations more frequently and from more directions than ever before. Unfortunately, enterprise security teams aren’t growing as quickly as the threats they face, which means infosec professionals have to work more efficiently to keep up.

One way to build a more efficient IT security operation is to adopt human-machine teaming solutions that pair automation and advanced analytics with trained security analysts. Recently McAfee held a series of Security Operations Roadshows in Toronto, Ottawa and Montreal with our partner Interset to highlight some of the benefits human-machine teaming can bring.

At the events, McAfee Vice President and General Manager Jason Rolleston, noted some organizations invest in Security Information and Event Management (SIEM) systems, believing that doing so will protect them from cybersecurity incidents. While investing in a SIEM is a necessary step, it’s only part of building an effective cybersecurity solution.

Once a SIEM is in place, organizations need to build a plan that focuses on particular risks or challenges. Depending on the type of organization, the focus could be on breaches, compliance, or denial of service. Without a focus, analysts won’t be able to handle all the information that’s being thrown at them by the SIEM.

The final phase in a comprehensive cybersecurity plan is adding tools that can help analysts investigate and respond to attacks. Solutions featuring advanced analytics and automation can help analysts pinpoint specific threats quickly, so they can be dealt with before they cause harm to an organization.

Stephan Jou, the Chief Technology Officer at McAfee partner Interset, walked attendees through how analytics and artificial intelligence can complement a SIEM and enhance the capabilities of a security operations team.

Analytics and automation don’t replace humans – they scale them, allowing them to handle more information and better identify threats. Interset’s solutions use mathematical modelling to determine risk, based on data aggregation and real-time monitoring.

For example, an insider threats detection solution would build a behavioural profile for employees within an enterprise, then monitor traffic based on the user, machine, applications, data types, etc. to determine a threat level. If a user was downloading large amounts of data from a remote location, when they typically would not need access to that data, the insider threats product would flag them to a security analyst as a high risk, requiring immediate action.

Given the huge amount of data and sources security teams have to deal with today, there is a growing need for human-machine teaming. McAfee’s Enterprise Security Manager combined with other tools such as McAfee Behavioral Analytics and McAfee Investigator enable enterprise security operations teams to streamline and improve threat detection, while improving response times.

Learn more about combining the unique strengths of humans and machines for better security outcomes.

The post How Human-Machine Teaming Helps Security Operations Deal With Greater Volume of Threats and Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/how-human-machine-teaming-helps-security-operations-deal-with-greater-volume-of-threats-and-data/feed/ 0
Take a Holistic Approach to Reviewing Security Strategy https://securingtomorrow.mcafee.com/business/take-a-holistic-approach-to-reviewing-security-strategy/ https://securingtomorrow.mcafee.com/business/take-a-holistic-approach-to-reviewing-security-strategy/#respond Thu, 23 Aug 2018 21:07:30 +0000 https://securingtomorrow.mcafee.com/?p=91145

The first step in building a culture of security in an organization is embedding it into your vision and values. Creating a foundational commitment to security among all employees establishes a strong first line of defense. With that in place, the next step is reviewing each area of the business to ensure you’re walking the […]

The post Take a Holistic Approach to Reviewing Security Strategy appeared first on McAfee Blogs.

]]>

The first step in building a culture of security in an organization is embedding it into your vision and values. Creating a foundational commitment to security among all employees establishes a strong first line of defense. With that in place, the next step is reviewing each area of the business to ensure you’re walking the talk when it comes to thinking security-first. Knowing where to start can be overwhelming. But using this simple framework will guide you through the critical elements.

Begin with a holistic review of your security strategy

In today’s digital world, businesses are more interconnected and fast-moving than ever. It’s important to take a wide perspective and review all angles of security across governance, people, process, and technology.

  • Governance: Depending on many factors – including company size, industry, geography, ownership structure, and more – the level of data governance at a company can vary greatly. It’s worth evaluating what you have in place and considering adding new structures for data protection for the long term.
  • People: This is an organization’s greatest vulnerability, but also its strongest line of defense. Review your education and training for cybersecurity best practices across all levels and departments, from your most junior staff up to executives, and make sure your people are part of the solution.
  • Processes: This should extend beyond just security-specific processes to broader business-level processes. Review data collection, flows, processing, storage, and handling to understand the scope of securing that data. But also evaluate processes for product design and development, new hire onboarding, and other departmental workflows to identify areas to add new security measures.
  • Technology: This is the backbone of your digital organization, so ensuring your technology is secure is table stakes. It’s important to also assess how the systems are actually used by staff and consider changes if people tend to bypass standard procedures to avoid any inconvenient steps required.

Measure outcomes to gauge effectiveness

While gaining clear visibility into actual security strategies in effect across the organization provides understanding of scope, it’s only the first step. As you craft a plan to strengthen your security and implement changes, measuring the impact is critical to evaluating effectiveness. Start by establishing a baseline metric for each change in your plan, whether it is designing new procedures for data protection, rolling out an updated staff training, adjusting steps in product design to consider security, or replacing a technology system.

As updates are implemented, build a cadence of evaluations into regular workflows. For example, include measurement of outcomes in quarterly review or planning cycles. Check progress against the original baseline, including quantitative measurements when possible as well as qualitative feedback from team members to validate. Use that data to course correct and continuously improve implementation of your strategies.

Throughout each stage of this holistic review process and implementation of changes, continually think about how various roles on each team are affected by implementation of changes. Understanding impact and communicating each person’s responsibility to security on a personal level is key to developing a sustainable culture of security.

Steps for Conducting a Holistic Review of Security Strategy

Thinking about the scope and effectiveness of security measures across every area of the business can be overwhelming. Breaking it down into defined segments helps get started. Use this framework to guide your review.

Download one-pager

The post Take a Holistic Approach to Reviewing Security Strategy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/take-a-holistic-approach-to-reviewing-security-strategy/feed/ 0
Security is Not a One-Person Job https://securingtomorrow.mcafee.com/business/security-is-not-a-one-person-job/ https://securingtomorrow.mcafee.com/business/security-is-not-a-one-person-job/#respond Thu, 23 Aug 2018 17:40:21 +0000 https://securingtomorrow.mcafee.com/?p=91193

Pharmacy benefits management company Prime Therapeutics is responsible for the safety of personal health information for more than 27 million Blue Cross Blue Shield members nationwide. As employees and systems handle this sensitive data in daily interactions with Blue Cross Blue Shield, pharmacists, Medicare and Medicaid and employees, a reliable defense system is critical. With […]

The post Security is Not a One-Person Job appeared first on McAfee Blogs.

]]>

Pharmacy benefits management company Prime Therapeutics is responsible for the safety of personal health information for more than 27 million Blue Cross Blue Shield members nationwide. As employees and systems handle this sensitive data in daily interactions with Blue Cross Blue Shield, pharmacists, Medicare and Medicaid and employees, a reliable defense system is critical. With such a vital responsibility, it’s no surprise to find a security hero among their ranks in Jacob Walls, an information security engineer brought on in 2016 to bolster data loss prevention (DLP).

But Walls recognizes no one team or system can do the job alone. His experience implementing McAfee DLP Endpoint and McAfee Network has taught him much of the work happens outside of the tools and requires meeting with stakeholders to understand the various use cases. He says working to improve Prime Therapeutics’ DLP initiatives gives him the ability to engage with other departments outside of security, which is some of his favorite work. This also provides greater visibility into how the sensitive data moves, where it interacts with people and what potential risks can be addressed to protect that data.

An additional benefit has been increased awareness of security of sensitive data across the employee base. Walls’ team works with different departments collaboratively to design rule sets that address various use cases presented. After implementing the required policies, they continue meeting regularly to get feedback on its effectiveness and update for improvements, as needed. These ongoing interactions raises understanding all around for the need for protections and controls around data.

“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.

Hear directly from Jacob Walls about his experience with McAfee and what a good day at Prime Therapeutics looks like in this video.

The post Security is Not a One-Person Job appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-is-not-a-one-person-job/feed/ 0
It’s Time to Look Differently at Device Security https://securingtomorrow.mcafee.com/business/endpoint-security/its-time-to-look-differently-at-device-security/ https://securingtomorrow.mcafee.com/business/endpoint-security/its-time-to-look-differently-at-device-security/#respond Mon, 20 Aug 2018 13:00:01 +0000 https://securingtomorrow.mcafee.com/?p=90933 It’s easy to write blogs about the challenges we face in our industry. They are pretty easy to name – fragmentation, complexity, the need for a holistic defense strategy that is cohesively managed. As the sprawl of new types of connected devices widens, the challenge of protecting them seems to only grow more complicated. But […]

The post It’s Time to Look Differently at Device Security appeared first on McAfee Blogs.

]]>
It’s easy to write blogs about the challenges we face in our industry. They are pretty easy to name – fragmentation, complexity, the need for a holistic defense strategy that is cohesively managed. As the sprawl of new types of connected devices widens, the challenge of protecting them seems to only grow more complicated. But I am a person who likes to see positive in any situation, and I think it’s time we looked at some of the issues facing the security industry as opportunities instead.

Opportunity 1: It’s time to invest differently in additional security

You may have noticed that some modern devices now include enhanced security controls where adding signature-based anti-malware is no longer required, just like you do not need to buy aftermarket seatbelts for a new car.  But there could be advanced security defenses you do want that are not included.  It’s all in how you invest in additional security.  Modern operating environments, like Microsoft Windows 10 or Amazon Web Services (AWS), now include good baseline security defenses.  The best strategy is to actively leverage and manage these native security controls and augment them with advanced defenses specifically targeting evolving threats that evade the baseline security.

Opportunity 2:  It’s all about your viewpoint, and it needs to be centralized

The future of device security isn’t going to be just about the specific tech du-jour that you can cram onto the device.  It’s going to be about achieving a management and risk analytic experience that delivers a centralized point of understanding and action. Even if you have the best collection of endpoint products, having to log into different consoles to manage native security, next-gen protection, mobile, servers, clouds, etc. adds a layer of complexity you don’t need.  With a mix of both modern and older legacy devices in your environment, the investment in security shifts to how you can efficiently manage the variety of security products and controls across all devices in your environment.

Opportunity 3: Staying up-to-date doesn’t have to be a burden

Outdated software is more likely to have flaws that can be exploited.  Security gaps are often more prevalent in older software, which may not even be supported anymore by the vendor.  We all have or know someone that keeps repairing a car and it gets to a point that it is time for a new car.  The same goes for software – new models come out, and while developers may “patch” old versions for awhile, they come to a point that they stop and focus on new versions.  Managing and updating old software can put a strain on even the best IT team.  However, ensuring that you are always up to date doesn’t have to be a burden.  The shift to SaaS security eliminates the need to maintain complex on-premise infrastructure and provides better choices to keep client products up-to-date, automatically or in a scheduled upgrade plan.

These are just some of the opportunities we are bringing to our customers.  We’re leading a new way forward with McAfee MVISION, significantly simplifying cyber defense by instrumenting both native security controls and McAfee-developed countermeasures across a broad variety of device types. We are also integrating management of multiple devices types into a single threat protection workflow, and enabling always up-to-date security with our new MVISION ePO SaaS service.

The McAfee MVISION portfolio allows you to adopt modern devices without unnecessarily duplicating their built-in base security functions or requiring multiple consoles. It also gives you a single point of visibility and control to defend your critical assets and older devices that require more comprehensive defenses. And it’s doing this across more than just traditional OS-based endpoints; it also includes mobile, servers and embedded IoT. The result is an optimized security, performance and management experience where you have the flexibility to deploy the countermeasures that meet your specific and evolving needs.

Ready to learn more? Watch our webinar: Business Resilience Requires a Defensive High Ground.

The post It’s Time to Look Differently at Device Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/its-time-to-look-differently-at-device-security/feed/ 0
Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee https://securingtomorrow.mcafee.com/business/brazilian-educational-organization-gets-high-marks-for-innovation-leadership-with-integrated-security-from-mcafee/ https://securingtomorrow.mcafee.com/business/brazilian-educational-organization-gets-high-marks-for-innovation-leadership-with-integrated-security-from-mcafee/#respond Wed, 15 Aug 2018 13:00:55 +0000 https://securingtomorrow.mcafee.com/?p=90765 Furthering the cause of education in Brazil is the mission that fuels SOMOS Educação’s laser-focused drive toward technology and innovation—and McAfee is playing a pivotal role in that transformation. As CIO Juliano Pereira points out, “Compared to 99% of the educational organizations in Brazil, we are way ahead of the game”—and, in large part, it’s […]

The post Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee appeared first on McAfee Blogs.

]]>
Furthering the cause of education in Brazil is the mission that fuels SOMOS Educação’s laser-focused drive toward technology and innovation—and McAfee is playing a pivotal role in that transformation. As CIO Juliano Pereira points out, “Compared to 99% of the educational organizations in Brazil, we are way ahead of the game”—and, in large part, it’s a result of embracing McAfee’s connected security ecosystem.

As one of the biggest K through 12 educational groups in Brazil, SOMOS Educação provides a comprehensive portfolio of integrated educational textbooks, digital products, and services, including the administration of preparatory courses and exams. The organization’s push toward innovation is evidenced by its recent migration of instructional systems and applications to the cloud. And, alongside that effort, SOMOS Educação, with enthusiastic support from its board of directors, is making a significant investment in strengthening, unifying, and streamlining its security architecture at every touch point—servers, endpoints, and databases.

CIO Juliano Pereira and lean team of devoted and seasoned IT and security professionals are determined to ensure a more secure and consistent experience for the students who use their services, their parents, and SOMOS Educação’s 5,500 employees, who are distributed across 50 locations nationwide. Personal privacy, data protection, and building a solid and reliable defense against advanced threats like the recent WannaCry ransomware outbreak top their list of security priorities.

To that end, Pereira and his team selected McAfee as the organization’s primary security vendor, primarily because of the McAfee integrated approach to security and the simple, single-pane-of-glass management capabilities via the McAfee ePolicy Orchestrator (McAfee ePO) console. The organization started its journey with McAfee by deploying McAfee Endpoint Security, which provides a single platform with an array of defenses—everything from web protection to ensure safe browsing to scanning that uncovers vulnerabilities to behavioral analysis and machine learning to detect advanced and zero-day threats.

Next on the agenda was implementation of McAfee DLP Endpoint, which has had a marked impact on the organization’s culture and on those who make use of its educational services. Pereira has made a point of informing all the organization’s constituents about these added data security controls as a way of heightening security awareness among employees and giving external users greater peace of mind. “Students and their parents will feel more at ease, and employees will be more mindful about the way they use and transmit data,” says Pereira.

At the heart of SOMOS Educação’s updated security architecture is the McAfee ePO console (video below), which has considerably elevated the security team’s efficiency and capabilities by consolidating management tasks, facilitating enforcement of data protection policies, and offering an unprecedented level of visibility and reporting. As an example, Pereira points out that the McAfee ePO console revealed that McAfee had thwarted 1,065 threats in a week’s time.

Migration of student services to the cloud, which Pereira sees as both inevitable and necessary, prompted him to adopt McAfee Web Protection, which provides consistent protection and policies both on premises and in the cloud.

SOMOS Educação’s journey to innovation and better cybersecurity has just begun, but already the organization has made great strides. Pereira and this team are proud of the progress they’ve made so far and look forward to expanding the depth and breadth of their cutting-edge cybersecurity architecture and to serving as an example for other organizations in the education sector.

“We are at the beginning of our journey, and we still have far to go before we achieve all our goals, but we take pride in the fact that we are leading the way when it comes to cybersecurity. When our schools hear that we are providing them with stronger security, they are really pleased and receptive,” affirms Pereira.

To read the full case study, click here.

The post Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/brazilian-educational-organization-gets-high-marks-for-innovation-leadership-with-integrated-security-from-mcafee/feed/ 0
When You Can’t Unplug on Vacation https://securingtomorrow.mcafee.com/business/endpoint-security/when-you-cant-unplug-on-vacation/ https://securingtomorrow.mcafee.com/business/endpoint-security/when-you-cant-unplug-on-vacation/#respond Mon, 13 Aug 2018 13:00:09 +0000 https://securingtomorrow.mcafee.com/?p=90720 We all need to take a vacation to energize our personal batteries. However, many of us find it hard not to check email or look at the latest update from our executive team.  Until I started working on MVISION Mobile, an enterprise security product which McAfee announced on July 17th, I will admit I didn’t […]

The post When You Can’t Unplug on Vacation appeared first on McAfee Blogs.

]]>
We all need to take a vacation to energize our personal batteries. However, many of us find it hard not to check email or look at the latest update from our executive team.  Until I started working on MVISION Mobile, an enterprise security product which McAfee announced on July 17th, I will admit I didn’t think about my compulsive behavior as a menace to our company.  I hear the flight attendant say, “It’s now safe to turn on electronics and put your phone in airplane mode.”  I immediately hope to check email and maybe go to our internal expense reporting system to see if my Boss received my latest report.  However, mobile devices like our phones, iPads and laptops are the latest and favorite target for attackers.

Mobile devices have all the organizational information that traditional endpoints have.  Let’s take a little divergence from my flight story and talk about why these endpoints are the latest attack target.  It’s rather obvious: they are the path of least resistance.  Billions of dollars have been invested protecting our network infrastructure with various forms of security.  Firewalls, IPS, IDS, WAFs, etc.  But very little has been invested in protecting our mobile devices, and they have the exact same access to data and other valuable information as other devices.  So, if you were a bad guy, what path would you take?

Now back to our story.  As we reach the right altitude on our flight to friends, family or simply a favorite chill out spot, we must think about how important it is to protect mobile devices from attacks.  Attacks happen at machine speed and you need to detect and respond at machine speed.  In other words, you need to protect the device where the attack is happening and not rely on data that may (or may not) be sitting in a cloud.

The good news is there is a solution. McAfee© MVISION Mobile offers protection on device, at the time of attack, without the assistance of signatures or reliance on a network connection. Lab-trained machine learning-based technology has the capability to deliver this type of protection.  In addition to its proven efficacy against zero-day device, network, phishing and application attacks, MVISION Mobile’s machine learning-based engine is capable of detecting previously unknown mobile malware on-device without requiring updates and without the risks of cloud-based lookups.

The only right way to do mobile device security is on the device. Lab-trained with billions of data points and millions of devices, MVISION Mobile delivers unparalleled on-device protection. Also, enterprise solutions must be adaptable to the environment and not force the enterprise to adapt to the solution.  MVISION Mobile is available for any cloud platform, integration with any MDM/EMM solution, has on-premises deployment options and unmatched incident forensics.

For those of you that want to unplug but still maybe check in, McAfee MVISION Mobile provides visibility and mobile threat defense for iOS and Android-based devices to ensure they are safeguarded just like any other device. Unlike cloud-based mobile security solutions that rely on app sandboxing or traffic tunneling, McAfee MVISION Mobile sits directly on mobile devices to provide always-on protection no matter how a device is connected (corporate network, public AP, cellular carrier or even offline).

McAfee MVISION Mobile also analyzes deviations to device behavior and make determinations about indicators of compromise to accurately identify advanced device, application, and network-based attacks. Plus, it extends its visibility and control of mobile assets to McAfee MVISION ePO to round out enterprises single console security management.  New mobile device security capabilities include:

  • Centralized Management: Complements existing endpoint, server and IoT device coverage via a cloud service with visibility and control through McAfee ePO.
  • On-Device Protection: Machine learning-based detection of mobile threats protects users while offline and even during network attacks. Proven zero-day protection.
  • Flexible Deployment: Simple and flexible SaaS or on-premises deployment in any cloud environment.

So no matter what kind of mobile device or where you go online, MVISION Mobile is there to keep you, and the valuable information you access, secure.

The post When You Can’t Unplug on Vacation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/when-you-cant-unplug-on-vacation/feed/ 0
Can your Security Distinguish a Candle from a Fire? https://securingtomorrow.mcafee.com/business/endpoint-security/can-your-security-distinguish-a-candle-from-a-fire/ https://securingtomorrow.mcafee.com/business/endpoint-security/can-your-security-distinguish-a-candle-from-a-fire/#respond Tue, 07 Aug 2018 13:00:48 +0000 https://securingtomorrow.mcafee.com/?p=90742 We’ve all heard it – a smoke detector that goes off with only the slightest of prompts. Light a candle and listen to it go off. Cook (or overcook) a meal, and the beeping sends you running to make sure there isn’t a fire. You of course know that a lit candle and sizzling food […]

The post Can your Security Distinguish a Candle from a Fire? appeared first on McAfee Blogs.

]]>
We’ve all heard it – a smoke detector that goes off with only the slightest of prompts. Light a candle and listen to it go off. Cook (or overcook) a meal, and the beeping sends you running to make sure there isn’t a fire. You of course know that a lit candle and sizzling food are not dangerous, but your smoke detector acts the same as if a five-alarm fire is in progress.

I doubt many of us would keep such an annoying device for very long right? Yet when it comes to endpoint security, some seem content to overlook false alarms and the inaccuracy of their defenses. To be fair, these problems often don’t surface until after you’ve made a purchase and the vendor has convinced you the benefits outweigh any potential downside. Still, that doesn’t remove the wasted time and lost productivity caused by a high number of false positive detections.

So how do you know whether your vendor (or potential vendor) is going to be able to tell a candle from a fire, or a good application from a malicious one? You could set up a test environment and see the results for yourself, but a far easier way is to consider testing by third-parties. AV-Comparatives is one of these third-party testing organizations who has just released their findings for Business Security products tested in the first half of the year. The test examined active real-world malware threats, common business malware and performance, including false positive detections.

McAfee Endpoint Security was certified as an Approved Business Product with a perfect protection rate and “Very low” false positives. 

This product is undoubtedly powerful, and as part of a wider McAfee managed platform it offers a lot.”

To be certified as an “Approved Business Product” by AV Comparatives, the tested products must score at least 90% in the Malware Protection Test, and at least 90% in the overall Real-World Protection Test (over the course of four months), with zero false alarms on common business software. Others in the test did not do as well and were not as consistent in performance in each area resulting in missed threats, and high or very high false positive rates.

It is also worth noting that McAfee Endpoint Security was one of the few vendors in the test with performance rated as “very fast” in all but one tested area of performance (which was still rated as fast by the way). Sometimes better accuracy comes at the cost of performance, but as this test demonstrates, that is not a sacrifice you’ll have to make with McAfee.

The results of this test aren’t an isolated incident either. AV Test.org has tested McAfee for some time and they have found that:

  • McAfee Endpoint Security scored the highest protection scores for the past year
  • McAfee achieved a near perfect usability score for the past year

Is it time you spent less time on false positives and more on actual threats? Do you want to get accuracy without sacrificing speed or performance? Then maybe it’s time to try an endpoint security solution that has a proven nose for spotting a real fire instead of a candle.

Learn more about how McAfee Endpoint Security offers a single point of visibility, comprehension, and control across all your devices.

The post Can your Security Distinguish a Candle from a Fire? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/can-your-security-distinguish-a-candle-from-a-fire/feed/ 0
Gartner Peer Insights Recognition for McAfee SIEM https://securingtomorrow.mcafee.com/business/security-operations/gartner-peer-insights-recognition-for-mcafee-siem/ https://securingtomorrow.mcafee.com/business/security-operations/gartner-peer-insights-recognition-for-mcafee-siem/#respond Wed, 01 Aug 2018 21:03:46 +0000 https://securingtomorrow.mcafee.com/?p=90634 This blog was written by Peter Elliman. I’m proud to say that McAfee has received recognition from our customers with the 2018 Gartner Peer Insights Customers’ Choice for the Security Information and Event Management (SIEM). This is a recognition of high satisfaction from a number of reviews by verified end-user professionals. To ensure fair evaluation, […]

The post Gartner Peer Insights Recognition for McAfee SIEM appeared first on McAfee Blogs.

]]>
This blog was written by Peter Elliman.

I’m proud to say that McAfee has received recognition from our customers with the 2018 Gartner Peer Insights Customers’ Choice for the Security Information and Event Management (SIEM). This is a recognition of high satisfaction from a number of reviews by verified end-user professionals. To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

If you don’t know much about our SIEM product — McAfee Enterprise Security Manager (ESM) — I encourage you to read a blog post published back in March (Is Your SOC Caught in the Slow Lane) for more details. ESM 11 is a modern SIEM, which we define as having an open and scalable data architecture, advanced analytical capabilities and the ability to quickly enrich and share relevant data.

And while Gartner has named McAfee a Leader in the “Magic Quadrant for Security Information and Event Management (SIEM)” over the past 7 years ¹, something that makes us proud, we are most appreciative of our customers who support our technologies and share their opinions through forums like Gartner Peer Insights. We believe the voice and passion of our customers is critical to our success and motivates us each day.

McAfee’s corporate tag line is “Together is Power.” We are stronger when we work together – with customers and partners. Put another way, we recognize that organizations, and in this context, security operations teams, use a wide range of tools, which is why our Security Operations platform, which includes our SIEM, is strengthened by the many partners in our Security Innovation Alliance (SIA). Time to value is important when bringing new tools into customer environment. And while we know many companies want to reduce the number of tools used in their environment, research shows 25% of security events go unanalyzed. And 39% of cybersecurity organizations manually collect, process, and analyze external intelligence feeds. That means there is room for solutions like ESM, which can reduce complexity and improve critical security outcomes, such as mean time to detection and mean time to respond, and efficiently address critical compliance requirements.

Gartner Peer Insights Customers’ Choice distinctions are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights, and overall ratings for a given vendor in the market, as further described here, and are not intended in any way to represent the views of Gartner or its affiliates.

¹Gartner Magic Quadrant for Security Information and Event Management, Kelly M. Kavanagh, Toby Bussa, 4 December 2017. From 2015-16, McAfee was listed as Intel Security, and in 2011, McAfee was listed as Nitro Security since it acquired the company in 2011.   

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Gartner Peer Insights Recognition for McAfee SIEM appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/gartner-peer-insights-recognition-for-mcafee-siem/feed/ 0
Six Things your Enterprise Needs to Learn from the DNC Hacking Indictment https://securingtomorrow.mcafee.com/business/six-things-your-enterprise-needs-to-learn-from-the-dnc-hacking-indictment/ https://securingtomorrow.mcafee.com/business/six-things-your-enterprise-needs-to-learn-from-the-dnc-hacking-indictment/#respond Tue, 17 Jul 2018 20:49:34 +0000 https://securingtomorrow.mcafee.com/?p=90412 All politics aside, the United States Department of Justice on Friday unsealed a judicial indictment against a number of individuals alleged to be from Russia’s intelligence services engaged in activities in 2016. Stepping outside of the context of this party or that party, and politics as a whole – McAfee’s CTO, Steve Grobman noted, “Attribution […]

The post Six Things your Enterprise Needs to Learn from the DNC Hacking Indictment appeared first on McAfee Blogs.

]]>
All politics aside, the United States Department of Justice on Friday unsealed a judicial indictment against a number of individuals alleged to be from Russia’s intelligence services engaged in activities in 2016.

Stepping outside of the context of this party or that party, and politics as a whole – McAfee’s CTO, Steve Grobman noted, “Attribution is amongst the most complex aspects of cyberwar and the US government is in a unique position to make this attribution assessment.  Technical forensics combined with information from trusted intelligence or law enforcement agencies are needed to provide confidence behind identifying actors in an attack or campaign.  These indictments clearly show the US has reason to believe Russia interfered with the election process. “

The level of technical detail also offers practical insight for aspects of organizations’ readiness to react to the threat environment.

1) Nation State Activity is Real

At McAfee, we operate our own Advanced Threat Research.  We employ many professionals whose entire job it is to find ways to break things, to learn how others have already broken things, and to make decisions on the level of risk it represents to our customers and future customers.  Our hope is that our activity is both non-disruptive, ethically conducted, and consistent with our corporate values and our commitments to our customers.  In today’s threat environment, countries throughout the globe are investing in the cyber capabilities to practice intelligence, deception, counter intelligence, and in the past few years, we have documented the crossover from the cyber capability into kinetic effects.

While matters of one service’s actions versus another’s being perceived as “good” or “bad”, a matter of “criminal conspiracy” or “policy” involves many factors and points of view, as a profession it is critical that we recognize this rapidly growing reality for the fact that it is.

This judicial action is another breadcrumb reminding us as enterprise leaders that sophisticated adversaries need resources to act, especially those enterprises involved in services to organizations of public importance.  Organizations should evaluate their customer base, and the services that they provide for relative risks.  Risk has upside opportunity (“Revenue”) but should also prompt questions internally as to whether an organization or subset requires advanced security controls, or more proactive threat detection and resistance measures.

2) Geo-Location is Practically Irrelevant

For many professionals engaged in the early days of information security, we could leverage aspects of connection metadata to make snap judgements about the trustworthiness of requests.  The days of first-jump relays to command and control servers going to a given country’s public IP space or a two- letter country-associated domain are mostly over.

Instead, the organization needs to transition, looking more directly at the behavior of not just users, but of systems, and the access of resources.  At McAfee, we have evolved our own offerings in this space to establish McAfee Behavioral Analytics to discern elevated risks that break established patterns and to put advanced tools like McAfee Investigator in the hands of threat hunters.

Whether using our products or not, today’s enterprise needs to rely on security behaviors that do not look for traditional geographic or demographic identifiers as a means of making a strong determination of trust for access and/or threat identification.

When it comes to identify mis-use, where multi-factor authentication is possible, it should be implemented, with a decreased emphasis on means which are easily open to interception by opponents (like SMS based message codes).  Yubikey, TOTP based generators, and interactive application confirmation by providers like Duo Security are all effective measures to make it more difficult to apply credentials intercepted or cajoled from end users by other means.

3) URL Shorteners can be a Risk Indicator

While for many organizations – especially in the realm of social media analytics – the use of URL shorteners has enabled short-format messaging with business intelligence potential, they are often a means to obscure potentially malicious targets.  The indictment released by the United States Department of Justice highlights the continuing threat that the combination of URL Shortening and the user-focused technique of Spear Phishing continue to present as a means to attack the enterprise.

Aside from education campaigns to help users distinguish legitimate links and to help them become more sensitive to the risk, the organization can also consider web access methods for greater control and recognition of potential threats.

Systems like User Entity Behavioral Analytics (UEBA) can identify outlier websites not otherwise accessed at the organization and the presence or use of unknown URL shorteners can itself be a risk indicator.  The security operations team may want to look at the identification/risk management of certain URL shorteners over time to aid in determining which become commonly seen in the wild in the organization’s recent incidents, and thus could or should be managed in email and web access hygiene.

4) Vulnerability Management is a Key Risk Mitigation

I’ve never known a security professional who skips into the office with their coffee and announces, “I love patching servers.”  Never.  As experienced security leaders, we know how hard it can be to manage the impact to production systems, to identify system owners, to work together to maintain a cadence of patching.  Sometimes, even just the heterogeneous nature of the modern operating environment can be its own challenge!

The alleged activity of the identified conspirators reminds us how critical the public attack surface remains in protecting the enterprise as a whole.  Try as we might, each of our public infrastructure will maintain a footprint.  We “leak” details of our enterprise systems as a necessary byproduct of creating the ability for those systems to technically operate.  DNS Records.  Public IP block ownership.  Routing advertisements.  Job listings.  Employee CVs.  Employee social media profiles.

Vulnerability management requires an organization to think about more than patching.  Your organization’s threat surface has to be considered in a broader sense to manage holistic threat consideration and remediation.  The organization can also use public models as a means to check the organization’s readiness to defend against new vulnerabilities ahead of patching or other long-term remediation.

5) Response Threat Hunting is Hard – Trust Nothing

Despite the best efforts of technical security teams, sometimes intelligence and cues are missed.  The reality is that sophisticated adversaries have sophisticated skills and multiple means to stay engaged.  They also have reason and/or desire to hide from security teams.  As security professionals, we have to put personal ego and hubris aside.  Threat hunting in an incident is a time for humble approaches that recognize the adversaries are at or above our own skill level (and hope that is not the case).

In such a case, we go back to a few core fundamentals: we trust nothing.  We require validation for everything.  Each piece of intelligence goes into the picture, and through our tools to identify additional leads to pursue, and is evaluated for potential remediate actions made possible.  While we have talked at length prior about the cyber kill chain, a fundamental truth illustrated in today’s Department of Justice action is that where advanced activity occurs, the entire environment needs to be suspected and become zero trust.

Can you force each network flow to be validated for a time?  Can someone form the organization vouch for a piece of software or a specific node on the network?  Do your pre-work ahead of time to create the space so that when company brand is on the line, you can use maintenance windows, incident response policies, and similar corporate buffers to buy the “right” to shut down a segment, temporarily block a network flow and see what happens, etc.

6) Your organizational data is in the cloud. Your Incident Response needs to be, too.

The cloud was a key opportunity for the organizations compromised in these activities to continue to lose information.  Indications are that when the identity and initial incident was addressed “on premise”, the cloud systems were not connected to those changes.

Your organization has leveraged the advanced capability and time to market of the cloud.  Our recent survey of organizations worldwide indicates that the typical enterprise class organization has dozens of distinct providers hosting corporate data.  Just as your sensitive information may be stored in those providers, yet is part of your brand value and your delivery strategy, your response plans need to integrate intelligence from those providers – and to those providers – for investigation and mitigation.

Building unified visibility across cloud providers requires a deliberate approach and investment from the organizations.  Incident response procedures should include looking at cloud sources for activity from potential Indicators of Compromise, as well as an incident step of considering what actions are needed to manage the risk in cloud providers.

Your cloud is part of your holistic data and threat stance, it also needs to be part of your remediation and resilience plan.

Nation State Actors Remind us of the Fundamentals

The indictment released by the United States Department of Justice describes a multi-faceted effort that involved target research, user-focused phishing, exploiting vulnerable software, malware, and making use of the disconnect between on-premise and cloud management.

For literally years, McAfee has focused on a platform approach to security in our products.  We offer software with advancements like OpenDXL and an actively managed ecosystem of Security Innovation Alliance offerings.  We make these investments for the simple reason that in order to protect and adapt to continuing threats, your organization needs rapidly available, actionable intelligence.  Your organization’s approach to information security should return periodically to verify fundamental information sharing and basic controls, even as advanced capabilities are implemented.

 

The post Six Things your Enterprise Needs to Learn from the DNC Hacking Indictment appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/six-things-your-enterprise-needs-to-learn-from-the-dnc-hacking-indictment/feed/ 0
MVISION: Managing Device Security in the Sunshine https://securingtomorrow.mcafee.com/business/endpoint-security/mvision-managing-device-security-in-the-sunshine/ https://securingtomorrow.mcafee.com/business/endpoint-security/mvision-managing-device-security-in-the-sunshine/#respond Tue, 17 Jul 2018 04:01:17 +0000 https://securingtomorrow.mcafee.com/?p=90388 It’s time for us to play nice together to mount collective defenses that control the weather and clear the clouds for our device security admins.

The post MVISION: Managing Device Security in the Sunshine appeared first on McAfee Blogs.

]]>
Over the years, cybersecurity vendors have created a storm of complexity to defend devices and put the burden on one load-bearing support beam – the administrator.  The expansion of devices, operating systems, attack surfaces, and forms of attack have spawned a storm system on our devices:  a tsunami of clients, tornado of management consoles, and a monsoon of administrative overhead to keep everything updated and running.

It’s time for us to play nice together to mount collective defenses that control the weather and clear the clouds for our device security admins.  McAfee is leading the way on this mission with McAfee® MVISION, bringing new innovative experiences to the way your security admins manage PC and mobile threat defenses.  McAfee MVISION embraces with open arms native security controls and third-party technologies to deliver a new level of “Together Is Power” integration, eliminating overlaps, overhead, and complexity.

Clearing the Way with MVISION

McAfee believes in efficient security solutions that reduce overhead while still delivering the peace of mind of layered threat defenses.  If you have it in the operating system, then you should be able to use it.  But you should not have to give up one area to gain the other.  The new McAfee® MVISION Endpoint product orchestrates the native security controls in Windows 10 with targeted advanced threat defenses in a unified management workflow to visualize and investigate threats, understand compliance, and pivot to action.  First, the new client simplifies the administrator experience by managing built-in security controls and eliminates the maintenance overhead with automatic updates.  Next, the unified management workflow provides integrated policy configuration, integrated threat event visibility, and integrated compliance.  Finally, it provides the comprehensive threat defense needed against sophisticated attacks with targeted McAfee advanced detection and automated remediation controls.  It enables your security admins to start each day without a cloud in the sky, to see the threats on the horizon, and to focus on reducing security risks on your endpoints.

With more employees working off the corporate network (mobile data, public WiFi, offline… and even in a real storm), McAfee® MVISION Mobile lets you protect against threats to your employees and your data on Apple iOS and Google Android devices like you do on your PC’s.   You can now manage the defense of your mobile devices alongside your PCs, IoT devices, servers, and cloud workloads inside McAfee ePO with unified visibility to threats, integrated compliance reporting, and threat response orchestration.

New task-oriented workspaces inside McAfee® MVISION ePO, a SaaS service, eliminate the console tornado complexity by elevating management above the specific threat defense technologies with simple, intuitive workflows for security threat and compliance control across devices.  In addition, this SaaS service removes the admin overhead of maintaining infrastructure and ensures you are always running the best security available.  This dedicated focus to clear situational awareness and control allows administrators to complete tasks in 50% less time and less chance of creating an undesirable storm for themselves.  And, if you are not ready for SaaS, these simplified, task-oriented workspaces are also available for McAfee ePO deployed on-premise or in Amazon Web Services (AWS) with Quick Start guides that reduce deployments from days to less than one hour.

The McAfee Forecast

We want to be your #1 security partner and not part of the storm you have to fight.  A true partner is flexible and works openly with everyone to clear the way to the best protection for your business.  To McAfee, it doesn’t matter if it is ours or theirs; it’s yours.  “Together is Power” is more than a tag line.  It means that every layer — from devices, operating systems, environments, and security software vendors — should take a stand and work together so we can fight the real storm constantly threatening us:  cyber criminals.  McAfee is working diligently with partners from OS providers to McAfee’s Security Innovation Alliance (SIA) of more than 125 security vendors, even with those seen as competitors.  Sharing information and intelligence openly with McAfee Data Exchange Layer (DXL) and creating integrated augmented defenses enables you to eliminate the storms and see the rainbow in the resulting sunshine.

Simplify.  Integrate.  Comprehend.  Together Is Power.  Together let’s get device security to that beautiful, clear, sunny day.

Learn more in our on demand MVISION webcast.

The post MVISION: Managing Device Security in the Sunshine appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/mvision-managing-device-security-in-the-sunshine/feed/ 0
Top Three Ways You Can Simplify and Automate Your Endpoint Protection, Detection and Response Capabilities https://securingtomorrow.mcafee.com/business/endpoint-security/top-three-ways-you-can-simplify-and-automate-your-endpoint-protection-detection-and-response-capabilities/ https://securingtomorrow.mcafee.com/business/endpoint-security/top-three-ways-you-can-simplify-and-automate-your-endpoint-protection-detection-and-response-capabilities/#respond Fri, 29 Jun 2018 22:33:48 +0000 https://securingtomorrow.mcafee.com/?p=90194 A new SANS 2018 Survey on Endpoint Protection and Response, co-sponsored by McAfee, reports that the top threats to organizations include web-based malware, social engineering and ransomware—all of which focus on user endpoints. So what does that mean when you are trying to protect an ever-changing attack surface?  The survey results point to three best […]

The post Top Three Ways You Can Simplify and Automate Your Endpoint Protection, Detection and Response Capabilities appeared first on McAfee Blogs.

]]>
A new SANS 2018 Survey on Endpoint Protection and Response, co-sponsored by McAfee, reports that the top threats to organizations include web-based malware, social engineering and ransomware—all of which focus on user endpoints.

So what does that mean when you are trying to protect an ever-changing attack surface?  The survey results point to three best practices to help you simplify and automate your endpoint protection, detection and response capabilities.

  1. Users and the web are still your biggest security risks

The top threat vectors for exploited endpoints take advantage of the hapless user: web drive-by (63%), social engineering/phishing (53%) and ransomware (50%). Because these top compromises rely on human actions, it suggests a need for increased monitoring and containment, along with user education. A variety of tools, including next-gen antivirus and automated EDR should assist in this mission.

  1. You’ve got to correlate to automate

The 277 IT professionals who took this survey voiced concerns about their endpoints and all agreed that the need for predictive technologies (such as machine learning) are needed to go from known bad elements to focusing on identification of abnormal behavior.

  1. If an endpoint fell in your forest, would you hear it?

The need for visibility is clear. Being able to feed into the detection and response systems automatically reduces the time to detect and remediate the threat. Though workflow automation and machine learning are key enablers to improve detection, remediation and response, organizations are falling short in their use (less than a quarter of respondents use them).

The takeaway

Improved analysis and automation tools are key to discovery and correction. Next-generation tools bring not only machine learning, but also automation to identify unexpected behavior. Equally important is having tools that provide ease of use for analysts to reduce the skills gap in our industry.

To address these needs we are constantly upgrading our capabilities and just released McAfee® Endpoint Security (ENS) version 10.6 which includes new capabilities to better protect customers from advanced threats. In addition, it’s simpler, with a single agent, single console and automated responses to targeted attacks. Just as important, it has advancements such as machine learning and zero-day containment.

If you haven’t watched our latest video below.

The post Top Three Ways You Can Simplify and Automate Your Endpoint Protection, Detection and Response Capabilities appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/top-three-ways-you-can-simplify-and-automate-your-endpoint-protection-detection-and-response-capabilities/feed/ 0
Taking the Robot out of the Human https://securingtomorrow.mcafee.com/business/taking-the-robot-out-of-the-human/ https://securingtomorrow.mcafee.com/business/taking-the-robot-out-of-the-human/#respond Thu, 28 Jun 2018 07:00:08 +0000 https://securingtomorrow.mcafee.com/?p=90149 This blog post was written by Nick Viney. Artificial intelligence, or simply AI, was merely a dream a number of years ago – now, not only are we seeing it become more common in our everyday lives, it’s beginning to be a very hot topic amongst businesses. Last year, the Boston Consulting Group and MIT Sloan […]

The post Taking the Robot out of the Human appeared first on McAfee Blogs.

]]>
This blog post was written by Nick Viney.

Artificial intelligence, or simply AI, was merely a dream a number of years ago – now, not only are we seeing it become more common in our everyday lives, it’s beginning to be a very hot topic amongst businesses. Last year, the Boston Consulting Group and MIT Sloan Management Review study published a report that found 84% of respondents thought AI will enable them to obtain or sustain a competitive advantage whilst 75% felt AI would allow them to move into new businesses and ventures. Simply put, AI is revolutionising business as we know it.

Many business leaders agree that having AI and a level of self-automation being present in some part of a business, however big or small, is beneficial. However, there are still a number, albeit a small group, of leaders who have voiced their concerns. At the very worst, there is a worry that should AI become too prominent, the worst-case scenario is a humans vs robots with ultimately the human workforce being side-lined. Putting that to one side, the benefits of AI in business is vast and here are a few examples of how I believe AI will be revolutionising the enterprise space in the not too distant future:

Redefining logistics

When AI and robotics were added to the production line, many feared that manual jobs would become solely automated. However what sceptics of robotics don’t realise is that it was implemented to take on the smaller, less critical tasks – like packing, stacking and labelling boxes. Many think the world is on the verge of a technological revolution, or the “The Fourth Industrial Revolution” (4IR) which is a combination of technologies that fuse the physical, digital and biological worlds together – a world where machines can think for themselves.

Similar to production lines, basic data entry and programming roles are becoming much more efficient and cost-effective through AI. Filling vacancies with long-term, fully automated AI-powered computers could be the answer, but in the short term, teaching smart technology to work alongside human talent could be the way forward for businesses and help bridge the skills gap, which takes me onto my next point.

Data Insights

Whilst the access to time and skills is limited and businesses become more and more data-driven, it’s clear that taking two weeks to manually translate raw data has significant implications. With the volume of data being generated on a daily basis, it’s no surprise that inaccuracies occur. Whilst time is eaten by employees tidying data into something that’s meaningful – chances are that by the time it’s complete, it’s already out of date. Sceptics will argue that certain jobs can be done more efficiently by humans, however, this can come at a higher cost in man-hours and more receptive to human error. Jeopardising the security of your business cannot be an exception at any cost.

Improving data security

Cybersecurity is a critical part of enterprises with businesses spending billions of dollars each year in making sure its defences are able to keep out hackers. The job of staying ahead of hackers is incredibly challenging for CTO’s, but the capabilities of AI can certainly help. Whether it’s the latest spyware, DDoS attack patterns or botnets, hackers are constantly evolving and adapting to find new ways in which to breach a company’s data defences. Where we’re seeing AI supporting is having the ability to scour the internet to look for some of these threats ahead of time and before they are used against companies. Human security analysts can only do so much and in many cases, the pace and change to the threat landscape are simply too much. Leveraging AI and deep learning to help human analysts will make things a lot safer for businesses.

Bridging the skills gap

Despite AI’s potential to drive change, there continues to be a shortage of cyber skills. According to a ESG survey of 650 IT cybersecurity professionals this year, 51% claimed they had a “problematic shortage of cybersecurity skills”. The ramifications include increased workload on cybersecurity staff to hire and train juniors as opposed to hiring experienced cybersecurity professionals – leaving less time to deal with cyber crises when they need to. However, this shouldn’t be seen as replacing jobs, but will instead increase the need for workers with more advanced skills. Businesses need to invest in creating a culture of constant learning for their staff where they can learn new skills and attract leading AI practitioners. The introduction of AI could help bridge the gap by widening skills and allowing employees to work alongside machines – leaving AI to manage less critical jobs.

AI should not only create time for innovation and proactive threat hunting but deliver cost savings and increase employee productivity. Like the revolutions that preceded it, 4IR has the potential to improve the quality of life for employees and their employers around the world. With AI taking a leading role in tackling simple and repetitive tasks, the human workforce can focus on roles that are more complex, challenging and require much more critical thinking power. Unfortunately, though we cannot see the future yet, businesses should think more holistically about the advantages of AI and what can be reaped, before competitors do.

To keep up-to-date with the latest cybersecurity news, take a look at the McAfee Security blog here.

The post Taking the Robot out of the Human appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/taking-the-robot-out-of-the-human/feed/ 0
Google Chrome 68 Changes and Their Impact on Data Protection https://securingtomorrow.mcafee.com/business/data-security/google-chrome-68-changes-and-their-impact-on-data-protection/ https://securingtomorrow.mcafee.com/business/data-security/google-chrome-68-changes-and-their-impact-on-data-protection/#respond Tue, 19 Jun 2018 19:00:49 +0000 https://securingtomorrow.mcafee.com/?p=89969 Google announced in November last year that they planned to make changes to Chrome to improve stability of their browser, specifically by blocking third party applications from injecting code into Chrome’s processes1.  In July, with the release of Chrome 68, they will start to enforce this. While the logic behind this is understandable this does […]

The post Google Chrome 68 Changes and Their Impact on Data Protection appeared first on McAfee Blogs.

]]>
Google announced in November last year that they planned to make changes to Chrome to improve stability of their browser, specifically by blocking third party applications from injecting code into Chrome’s processes1.  In July, with the release of Chrome 68, they will start to enforce this.

While the logic behind this is understandable this does come with some less than desirable side effects that will affect data loss prevention (DLP) software providers, including McAfee®.

As part of our endpoint DLP product we offer Web Protection rules that can inspect both file and web form data (text) uploads to websites and optionally prevent a potential data breach by blocking the upload.  However, this is only possible by injecting code into the browser, which is exactly what Google will be preventing.

Google states in the article that Chrome extensions are a modern alternative to running code inside of Chrome processes.  Unfortunately, this approach is not ideal for DLP vendors as Chrome extensions are asynchronous, meaning that the extension is notified of the upload after it has occurred.  Clearly the problem here is that this means that DLP products are not able to block sensitive data per policy in such a scenario.  McAfee has formally requested a suitable API be added to Chrome to allow blocking via extensions but to date we have not received a confirmed response.

While our endpoint DLP product will only be able to monitor and alert on file or text uploads via the Web Protection rule with the release of Chrome 68, the good news is that there are other ways in which potential data breaches via uploads can be blocked or rapidly remediated:

  • McAfee’s endpoint DLP product offers Cloud Protection rules to monitor the local sync folder created by installing the sync agents included with Microsoft’s OneDrive, Google’s Drive (Backup and Sync) and other file sync and share apps
  • McAfee’s Network DLP Prevent product monitors web and email traffic at the network level and can block file uploads
  • McAfee’s Skyhigh Security Cloud product scans a variety of cloud file sync and share collaboration apps for sensitive files and offers remediation options such as quarantining or deleting the sensitive file
  • McAfee’s Network DLP Discover product can scan Microsoft Sharepoint and file server shares for sensitive files with remediation options similar to those found in McAfee’s Skyhigh Security Cloud
  • McAfee’s Web Gateway product can be used to simply block access to sites with poor reputations or sites that do not fall into typical work/business categories
  • McAfee’s Web Gateway Cloud Services can be used in conjunction with McAfee Client Proxy to redirect corporate laptop traffic to our scanning service when the device is not connected to the corporate network

McAfee will continue to review Chrome’s architecture for changes that will enable us to offer blocking capability once more via our endpoint DLP product and will notify if this becomes possible.

1 https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html 

The post Google Chrome 68 Changes and Their Impact on Data Protection appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/data-security/google-chrome-68-changes-and-their-impact-on-data-protection/feed/ 0
How One Healthcare Company Implements DLP to Protect PII and PHI https://securingtomorrow.mcafee.com/business/how-one-healthcare-company-implements-dlp-to-protect-pii-and-phi/ https://securingtomorrow.mcafee.com/business/how-one-healthcare-company-implements-dlp-to-protect-pii-and-phi/#respond Tue, 19 Jun 2018 15:34:25 +0000 https://securingtomorrow.mcafee.com/?p=89960

In 2016, Prime Therapeutics, an American pharmacy benefits management company, hired Jacob Walls to bolster data loss prevention across the enterprise. The company serves 22 Blue Cross Blue Shield health care plans and more than 27 million members nationwide, including one out of every six people covered through US public healthcare exchanges. Since Prime Therapeutics’ […]

The post How One Healthcare Company Implements DLP to Protect PII and PHI appeared first on McAfee Blogs.

]]>

In 2016, Prime Therapeutics, an American pharmacy benefits management company, hired Jacob Walls to bolster data loss prevention across the enterprise. The company serves 22 Blue Cross Blue Shield health care plans and more than 27 million members nationwide, including one out of every six people covered through US public healthcare exchanges. Since Prime Therapeutics’ employees and systems handle both PII and PHI daily as they interact with Blue Cross Blue Shield, pharmacists, Medicare and Medicaid, and employers, a robust DLP defense is essential.

Defining and Implementing DLP Use Cases Throughout the Enterprise

In his role as a senior information security engineer and Prime Therapeutics’ main DLP expert, Walls and his team spend a lot of time engaging with other departments outside of security. First, they work to understand the stakeholders’ DLP-related concerns and define specific use cases to meet their various privacy, compliance, legal, or incident response-related requirements. Then they create rules for the company’s McAfee Network DLP appliance[s] and McAfee DLP Endpoint agents to test and implement.

“Different departments come to us and request the services for a specific use case,” explains Walls. “We’ll usually provide them with metrics around how well a rule set can address their use case… go over false positive rates and things like that to give them a baseline of how effective [DLP] would be.” Then, after implementing the policy, Walls or another engineer will meet regularly with the requestor of the policy to provide feedback on its effectiveness and, as necessary, tweak for improvements.

For instance, the company’s Privacy and Data Distribution department was concerned that users could print sensitive information on unauthorized printers. Using the built-in local printing rules in the McAfee Network DLP appliance, Walls easily addressed the issue, enforcing the printing of sensitive information only to authorized printers. In addition, discussions on effectiveness led to reporting that filters printing by user and content to pinpoint any employees who need additional education or monitoring.

Preventing Sensitive Data Leakage Via Email

Since email is the primary form of communication with entities outside the network, for many specific departments and the enterprise in general, preventing exfiltration of sensitive information via email message or attachment is one of Prime Therapeutics’ most important DLP use cases. This use case was also the main reason for purchasing McAfee Network DLP.

“Using McAfee Data Loss Prevention, we have implemented corporate policies that restrict sensitive information from exiting the network via email unless authorized and encrypted,” notes Walls. “Moving this functionality from the MTA [Mail Transport Agent] to DLP has allowed for true security ownership and has greatly enhanced our capabilities in this area. Additionally, reporting and metrics around the use of email for communicating sensitive information has helped us internally to gauge the level of risk associated with this communication method…The visibility we now have into outbound email communication has been extremely beneficial on multiple fronts.”

Effectiveness and speed are driving indicators of success… The visibility McAfee DLP has given us into both our data at rest and our data in motion has had both an immediate and ongoing positive impact on our business.”

—Jacob Walls, Senior Security Engineer, Prime Therapeutics

How Successful are These DLP Implementations?

“Effectiveness and speed are driving indicators of success,” says Walls, pointing to lack of data leakage incidents and ease of compliance as components of those two indicators. “The visibility McAfee DLP has given us into both our data at rest and our data in motion has had both an immediate and ongoing positive impact on our business.”

A side-benefit of implementing McAfee DLP Endpoint and McAfee Network DLP for Prime Therapeutic has been an increase in awareness across its employee base regarding sensitive data. “Awareness around data-at-rest and the need to place controls around approved locations appears to be growing,” states Walls. “[It] is not limited to specific departments, but rather arises from projects and conversations between all the teams involved. It’s a positive maturing of controls due to greater business awareness of DLP.”

Advice to Those Looking to Implement DLP Solutions

Based on his experience, Walls says he would advise anyone looking at DLP solutions to begin by identifying and prioritizing use cases. “Much of the work around DLP happens outside of the tool and is process-driven,” he elaborates. “Therefore, it’s important to engage with the stakeholders and affected parties even prior to any rule configuration. That said, make sure you know what the DLP solution is capable of, and what it offers for integration and workflow. Doing so up front will save a lot of time and help avoid miscommunication and misaligned expectations.”

Walls also offers words of encouragement. He really enjoys his job, and especially interacting with other areas of the business. “I get great satisfaction in solving a problem and sharing that with the people I’ve solved the problem for,” he claims.

Working with DLP has also shifted Wall’s priorities and expanded his viewpoint. “DLP definitely branches out to other departments and gets you engaged with privacy, with legal—really with your core business,” he says. “I’ve been able to sympathize a little more [and understand better] the desired end results of other departments outside of security. So that’s been helpful.”

“Security is not a one-person job; it can’t be accomplished with one person [or] one company,” concludes Wall. “So we need partners, and we need friends in the industry to work together. The McAfee support team has consistently available, receptive, and responsive to our questions and needs. ‘Together is Power’ is definitely something that McAfee represents for us.”

To watch a video of Jacob Walls talking about his experience with McAfee and information security, watch below. Get your questions answered by tweeting @McAfee_Business.

The post How One Healthcare Company Implements DLP to Protect PII and PHI appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/how-one-healthcare-company-implements-dlp-to-protect-pii-and-phi/feed/ 0
Securing the vulnerabilities of working from home https://securingtomorrow.mcafee.com/business/securing-the-vulnerabilities-of-working-from-home/ https://securingtomorrow.mcafee.com/business/securing-the-vulnerabilities-of-working-from-home/#respond Fri, 15 Jun 2018 11:11:56 +0000 https://securingtomorrow.mcafee.com/?p=89861 This blog post was written by Nick Viney. With more and more businesses offering employees the opportunity to work outside of the office, it’s no surprise that IT departments are becoming increasingly nervous about the dangers of remote working. As this method of boosting staff morale becomes common, sensitive company data has the potential to […]

The post Securing the vulnerabilities of working from home appeared first on McAfee Blogs.

]]>
This blog post was written by Nick Viney.

With more and more businesses offering employees the opportunity to work outside of the office, it’s no surprise that IT departments are becoming increasingly nervous about the dangers of remote working. As this method of boosting staff morale becomes common, sensitive company data has the potential to be in various risky locations outside the remit of the office safe zone. We’ve rounded up some key areas that all businesses should be focusing on to stay ahead of the game especially when their reputation could be at risk.

Recruiting talent and training

Employees that work outside the four office walls, exposes businesses to the risks of data theft and fraud, even from a distance. By assessing the risks associated with all types of remote working, it’s good practice to train and advise staff on the impact of their actions, otherwise, it’s easy to lose sight of rules and procedures.

Due to the ongoing issue of too few people with the ‘right skills’ in the tech sector, the future to success may be to merge human and machine learning. This could not only reduce the gap, but allow businesses to remain on the front foot against cybercriminals. Without it, we’re could be wasting valuable time that could otherwise be used for innovation and proactive threat hunting.

Share responsibility

With emails and the web being the most common form of digital comms in a workplace, staff must be educated on the key giveaway signs in spotting, flagging and reporting anything that looks suspicious. By sharing the responsibility and encouraging employees to flag anything suspect, you’re naturally raising awareness internally and warning others from falling into similar traps – openness is the key, and this way you’re always one step ahead of those with malicious intent.

You must also have trust in the people that work for you. In the “second economy,” trust is key to the success of a business and the prime casualty of conflict. Without it, you may be putting your company, its data and even your other employees at risk. By evolving both technology and organisational culture, businesses would naturally become more cohesive and share responsibilities where no one can do it alone – ‘Together is Power’.

Security

By ensuring that all systems holding any business related data are fully equipped with firewalls and protective software, you’re reducing the risk of data breaches. Teams must work together to ensure tools can operate collectively to protect and detect potential threats. With some data being too sensitive to be outside of the office walls, it’s useful setting up staff accounts with permissions that limit data or deny staff from accessing it remotely.

Security must be taken seriously – from the CEO’s desk to the end user. This is especially prevalent with employees coming and going constantly in a business – Employers must have strategies in place to ensure accounts are deactivated and activated at any given time. Although it’s still early days, we may see GDPR being an opportunity for security transformation across businesses where a culture of privacy is compulsory.

Cloud control

The Cloud has become an integral part of business, however, its advantages come with its own share of high risks. It’s important to note that each additional data storage site increases your exposure to risks, therefore the number of places you’re storing data should be kept at a minimum. By regularly monitoring for any potential threats and implementing a strong security plan with your employees, you’ll have much greater control of your assets. When you have control, especially focused in one dedicated place it’s easier to locate where security is weakest, identify new gaps and mitigate risk quickly.

With the number of businesses offering flexible working increasing, the risk of vulnerabilities is becoming greater. Employers must take responsibility for how staff are administering their first line of defence and consider what policies they need to put in place to concede to these demands in the safest way possible.

To keep up-to-date with the latest cybersecurity news, take a look at the McAfee Security blog here.

The post Securing the vulnerabilities of working from home appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/securing-the-vulnerabilities-of-working-from-home/feed/ 0
Identifying Network Anomalies in Microsoft Azure – Cloud Workload Security and Azure Network Watcher https://securingtomorrow.mcafee.com/business/cloud-security/identifying-network-anomalies-in-microsoft-azure-cloud-workload-security-and-azure-network-watcher/ https://securingtomorrow.mcafee.com/business/cloud-security/identifying-network-anomalies-in-microsoft-azure-cloud-workload-security-and-azure-network-watcher/#respond Thu, 14 Jun 2018 17:04:04 +0000 https://securingtomorrow.mcafee.com/?p=89693 Monitoring the Microsoft Azure virtual network Network Watcher is a native Azure service which provides performance monitoring and diagnostic services for Azure tenants. A plethora of logging and diagnostic data are available through Network Watcher which enable insights to your network performance and health. By combining the diagnostic and monitoring capabilities of Network Watcher with […]

The post Identifying Network Anomalies in Microsoft Azure – Cloud Workload Security and Azure Network Watcher appeared first on McAfee Blogs.

]]>
Monitoring the Microsoft Azure virtual network

Network Watcher is a native Azure service which provides performance monitoring and diagnostic services for Azure tenants. A plethora of logging and diagnostic data are available through Network Watcher which enable insights to your network performance and health. By combining the diagnostic and monitoring capabilities of Network Watcher with the automation and discovery and defense of elastic workloads provided by McAfee Cloud Workload Security (CWS), you now have a comprehensive toolset for end-to-end network visibility.

Network Topology 

Network Watcher enables you to visualize the complete network topology of your application in just a few clicks.

IP Flow Verify

A critical diagnostic tool is being able to check if a flow is allowed or denied to or from a virtual machine. With IP flow verify, you can easily validate whether the flow – ingress and egress – is allowed or denied. This includes combining data from source IP, destination IP, source port, destination port and protocol.

Security Group View

With Network Watcher, you can ensure proper security is present for audit and security measures with programmatic configuration of security groups. You also can increase security posture and more tightly configure firewall rules amongst resource groups by ensuring security groups are in place.

These are just a handful of diagnostic tools facilitated through Network Watcher, which are extensive and robust in data and can be utilized through Azure native APIs. While this context is rich and the logs are comprehensive, it’s critical to be able to quickly and efficiently identify threats and immediately enable actionable workflows that isolate root causes and diminish dwell time. Network Watcher and McAfee’s Cloud Workload Security (CWS) together form a firmly interlocked powerhouse that ensures tight audit controls, proper security control overlay, and effective remediation actions to provide an optimal threat mitigation solution.

McAfee Cloud Workload Security and Azure Network Watcher

As we have established a relative baseline understanding of Network Watcher, let’s peel back another layer to further analyze how Azure traffic flows into the mesh of interoperability with McAfee Cloud Workload Security (CWS).

How does Azure traffic work?

When Network Watcher and the Network Security Groups (NSG) Flow logs are properly enabled, Microsoft Network Watcher captures traffic flows in the Azure cloud. Once the flow logs are enabled for an NSG, Azure Connector collects traffic for successfully provisioned NSGs and VMs associated with them. The discovered traffic will be visible in the traffic visualization section of McAfee CWS.

How does CWS capture Azure Traffic?

  1. During every sync CWS verifies if there are any powered-on Azure instances in a region and if Network Watcher is enabled for that region. If the Network Watcher is not enabled for the region, CWS will enable the Network Watcher and configure that to a storage account.
  2. The next check is on the NSGs in that region. CWS verifies if NSG flow log is enabled for every NSG attached with powered-on instances. If the NSG flow logs are not enabled, CWS will enable NSG flow logs.
  3. Once the Network Watcher and the NSG flow logs are enabled, traffic flow logs are captured in the associated storage account. CWS reads these flow logs from the storage account and determines if there are any network anomalies associated with them.

NSG flow logs allow Network Watcher to view information about the traffic in the NSG. When Network Watcher is enabled, the retention period set by Cloud Workload Security for NSG flow logs is 15 days. You can reconfigure the retention period under Network Watcher in the Azure portal.

For more information on McAfee Cloud Workload Security, please visit the McAfee Cloud Workload Security page for feature and solution documentation.

To learn more about Azure Network Watcher and CWS integration check out the Azure Network Watcher blog post.

The post Identifying Network Anomalies in Microsoft Azure – Cloud Workload Security and Azure Network Watcher appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/identifying-network-anomalies-in-microsoft-azure-cloud-workload-security-and-azure-network-watcher/feed/ 0
Winning the Game at McAfee: How Gamers Become Cybersecurity Workers https://securingtomorrow.mcafee.com/business/winning-the-game-at-mcafee-how-gamers-become-cybersecurity-workers/ https://securingtomorrow.mcafee.com/business/winning-the-game-at-mcafee-how-gamers-become-cybersecurity-workers/#respond Thu, 14 Jun 2018 15:00:18 +0000 https://securingtomorrow.mcafee.com/?p=89028 This blog was written by Jeff Elder. When Austin Ortega was 12, he and his brother fought over who got to play video games like Gorillas and Commander Keen on an old family computer his parents had bequeathed to them. Then one day, they broke it. Their dad brought to their Grapevine, Texas, home a stack […]

The post Winning the Game at McAfee: How Gamers Become Cybersecurity Workers appeared first on McAfee Blogs.

]]>
This blog was written by Jeff Elder.

When Austin Ortega was 12, he and his brother fought over who got to play video games like Gorillas and Commander Keen on an old family computer his parents had bequeathed to them. Then one day, they broke it. Their dad brought to their Grapevine, Texas, home a stack of floppy disks, dropped them in front of the boys, and told them to fix it. They did.

“I think it took like 14 floppy disks. They took a while to install,” says the McAfee technicalsupport engineer, who references gaming in every class he teaches to new employees. “Video games probably pushed a lot of us into an IT job,” says Ortega, 32. “We were sitting in front of a computer for hours, anyway. We might as well get paid for it.”

 

Ninety-two percent of cybersecurity managers say gamers possess skills that make them suited to a career in cybersecurity – and 75% would consider hiring a gamer even if that person had no cybersecurity training or experience.

Welcome to cybersecurity in 2018, where “Winning the Game” is more than a metaphor for beating attackers. Gaming today is part of a strategy to attract scarce workforce talent. And once cybersecurity workers are hired, gaming can help keep them sharp, keep them happy, and keep them, period.

In our recent report, Winning the Game, 950 cybersecurity managers and professionals in organizations with 500 or more employees were surveyed to gain insight into innovation, employee-satisfaction, and gamification.

The corroborating evidence to Ortega’s experience is stacked up like 14 floppy disks:

  • 92% of managers surveyed say gamers possess skills that make them suited for a career in cybersecurity
  • 80% of extremely dissatisfied employees who report their organization does not use gamification say they wish they did.
  • 77% of senior managers say their organization’s cybersecurity would be much safer if they implemented more gamification.

At McAfee, we see that at our company’s main offices in Santa Clara, Calif., and Plano, Texas, and with employees around the world.

“Video games brought me into computers and more technical areas of interest,” says Conor Makinson, a quality assurance engineer in Cork, Ireland. “Personally being one of the ‘young cybersecurity workers,’ I think that some games can really help develop mindsets that are beneficial to working in security.”

This is part of our public outreach to tech workers, a workforce in very high demand. Our chief information security officer told security’s biggest trade show about the benefits of gamification last week. “I’m a gamer,” said Grant Bourzikas at a session on recruiting talent at the RSA Conference in San Francisco. “I hate losing a game three times in a row. I have to win, and my wife is mad because we’re late, but I am focused.” Bourzikas looks for that focus and tries to channel it in our security operations center, where games are part of the work.

All those hours trying to beat a game may have actually been an investment in your career. (Hear that Mom and Dad?)

And building games may take Ortega’s floppy disk challenge into the 21st century. “I actually made flash games, first-person shooter games, and role-player games when I was in high school, and it definitely increased my interested in tech and coding,” says Catherine Gabel, demand generation specialist in Silicon Valley who joined McAfee it its Skyhigh Networks acquisition.

Gaming, like its dark-arts cousin hacking, has global reach. Nam Nguyen, a McAfee sales engineer, grew up gaming in South Vietnam, beginning at age 10. “I spent all of my lunch money on it.” He sees great potential for gamifying cybersecurity. “You have to find out new ways to beat the game, and the same is true in cybersecurity.”

Bourzikas and Chatelle Lynch, McAfee’s head of human resources, are already looking ahead to seek out the future of cybersecurity talent, and see much of it engaged in gaming. Austin Redlin, 17, agrees. “Gaming did, in fact, spark an interest in computers for me,” he says. “I began to want to understand what everything meant in a computer.”

Redlin is headed to the U.S. Marine Corps’ military occupational specialty school for Communications and IT. Is a career in the cybersecurity industry in his future? Well, it runs in the family. His mom, Deb Redlin, is executive assistant to McAfee Chief Technology Officer Steve Grobman.

Gaming and cybersecurity go hand in hand, the young Redlin said – via snail mail to his mom from Parris Island, South Carolina. Boot camp, even in 2018, is still one place that doesn’t tolerate games.

Jeff Elder was a member of the McAfee Digital Media Team.

The post Winning the Game at McAfee: How Gamers Become Cybersecurity Workers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/winning-the-game-at-mcafee-how-gamers-become-cybersecurity-workers/feed/ 0
Reaching GDPR: A Partner Approach https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/reaching-gdpr-a-partner-approach/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/reaching-gdpr-a-partner-approach/#respond Mon, 11 Jun 2018 16:35:58 +0000 https://securingtomorrow.mcafee.com/?p=89531 As Raj Samani, Chief Scientist and Fellow at McAfee says, “It’s critical that businesses do everything they can to protect one of the world’s most valuable assets: data.” Whether your organization achieved compliance with General Data Protection Regulation (GDPR) by the enforcement date on May 25, or still has a way to go, data will […]

The post Reaching GDPR: A Partner Approach appeared first on McAfee Blogs.

]]>
As Raj Samani, Chief Scientist and Fellow at McAfee says, “It’s critical that businesses do everything they can to protect one of the world’s most valuable assets: data.” Whether your organization achieved compliance with General Data Protection Regulation (GDPR) by the enforcement date on May 25, or still has a way to go, data will continue to play a large and evolving role in every sector and at every company. Samani explains, “The good news is that businesses are finding that stricter data protection regulations benefit both consumers and their bottom line. However, many have short-term barriers to overcome to become compliant, for example, to reduce the time it takes to report a breach.”

With the high cost to achieve compliance standards and even steeper fines if the rules are not met, complying with GDPR can seem daunting. If your organization is still working on meeting the base level regulation, McAfee and our partners have a wide range of materials to assist, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework and a site with all you need to prepare for GDPR requirements. Additionally, McAfee Skyhigh has a detailed action guide to help organizations interpret the legislation and provide guidance on actions that need to be taken regarding data in the cloud.

McAfee doesn’t work alone in our commitment to GDPR and data security. Thanks to McAfee’s Security Innovation Alliance (SIA), we can quickly and effectively help more customers protect their data. These 125+ SIA vendors are committed to working together with our integrated ecosystem to help businesses reach and maintain GDPR standards.

While reaching compliance is the important first step, going beyond the data security fundamentals will quickly become critical to every organization, from commercial to healthcare. It is important to keep in mind that complying with GDPR does not mean you will not be breached. A genuine culture of privacy needs to be created as a core value within each organization. Consumers are increasingly aware of how companies are keeping their data secure and businesses cannot afford to lose customer confidence in relation to data security. Securing consumer’s personal data in a transparent manner can serve as a differentiating factor for any company.

As cybersecurity professionals, it is up to us at McAfee and our Partners to provide the most pertinent GDPR information to each of our customers and help instill the culture of data privacy. The advent of GDPR is the best opportunity in a generation to bring data security up to every customer’s C-Suite and introduce meaningful and lasting change in data security. Together, we can support our customers to achieve GDPR compliance and beyond!

The post Reaching GDPR: A Partner Approach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/reaching-gdpr-a-partner-approach/feed/ 0
Finals Week: Cloud Edition https://securingtomorrow.mcafee.com/business/cloud-security/finals-week-cloud-edition/ https://securingtomorrow.mcafee.com/business/cloud-security/finals-week-cloud-edition/#respond Tue, 05 Jun 2018 23:00:07 +0000 https://securingtomorrow.mcafee.com/?p=89399 It’s almost summertime—where the nights are longer and the water is warmer! Before we head to the beach it’s time to review all the things we learned about the cloud from the past two quarters. For #CloudFinalsWeek we’re asking you to prove your knowledge on the current climate of cloud computing and security. Will you […]

The post Finals Week: Cloud Edition appeared first on McAfee Blogs.

]]>
It’s almost summertime—where the nights are longer and the water is warmer! Before we head to the beach it’s time to review all the things we learned about the cloud from the past two quarters.

For #CloudFinalsWeek we’re asking you to prove your knowledge on the current climate of cloud computing and security. Will you be valedictorian or be headed back to class for summer school? Share your cloud finals score on Twitter after completing the assessment to see if you outranked your peers.

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

Not prepared? Lucky for you this is an “open-book” test. Find some cheat sheets and study guides below.

Report: Navigating a Cloudy Sky

Blog Post: Cloud is Ubiquitous and Untrusted

Good luck!

The post Finals Week: Cloud Edition appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/finals-week-cloud-edition/feed/ 0
Come Talk to McAfee at the Gartner Security and Risk Management Summit https://securingtomorrow.mcafee.com/business/come-talk-to-mcafee-at-the-gartner-security-and-risk-management-summit/ https://securingtomorrow.mcafee.com/business/come-talk-to-mcafee-at-the-gartner-security-and-risk-management-summit/#respond Mon, 04 Jun 2018 18:56:44 +0000 https://securingtomorrow.mcafee.com/?p=89290 This blog was written by Peter Elliman. A wide group of experts from McAfee will be attending the Gartner Security & Risk Management Summit from June 4-7 in National Harbor, Maryland. The summit brings together an estimated 3400 attendees and over 200 exhibitors looking to share their vision, stories and capabilities with a wider range […]

The post Come Talk to McAfee at the Gartner Security and Risk Management Summit appeared first on McAfee Blogs.

]]>
This blog was written by Peter Elliman.

A wide group of experts from McAfee will be attending the Gartner Security & Risk Management Summit from June 4-7 in National Harbor, Maryland. The summit brings together an estimated 3400 attendees and over 200 exhibitors looking to share their vision, stories and capabilities with a wider range of cybersecurity and risk management experts. Personally, I’m looking forward to sessions on Security Operations, Management and Orchestration,

Join us on Tuesday, June 5th from 10:30-11:15, for a session entitled Appetite for Destruction – The Cloud Edition, given by Rajiv Gupta, SVP of the Cloud Security Business Unit and Raj Samani (@Raj_Samani), Chief Scientist and McAfee Fellow. Raj and Rajiv will examine the evolving threat landscape in 2018 and how the cloud will increasingly come under fire.

Looking to hear more about our view on cloud security? One of our system engineers, Will Aranha, a DC native from Skyhigh, now part of McAfee, will give a great session entitled Cloud Security in the Era of “There’s an App for That. While it takes place on Monday, June 4th, the same day this blog was published, swing by the booth if you want a summary or a follow-up on the slides he presented. If you’re reading this in time – head to George’s Hall D by 1:50pm.

Speaking of our booth, I have to encourage you to visit McAfee at booth #436. Talking to experts 1:1 is one of the best ways to get educated and answer questions. My hope is that you’ll walk away with a bigger and broader vision of what McAfee can do. We call it our Device to Cloud protection vision.

Better yet see live demos of both updated and new products. We’ll have 4 stations centered on the following:

Endpoint Security – Protecting against advanced and fileless threats is important, but you also need context on threat trends (not just EDR) and the ability respond quickly and efficiently (a single security management console called ePO makes it easier). Find out what the new McAfee is doing differently in this space.

Evolve Your Security Operations – Wondering why you can’t get more out of your SIEM? Wish you had a few more tier 2 or tier 3 security analysts on staff? See how analytics and machine-learning can transform how every analyst, regardless of their level, can find threats and make decisions faster. Here’s a screen shot from our Mock SOC demo that gives you a taste of how both McAfee Behavior Analytics and McAfee Investigator can transform your team.

McAfee Behavioral Analytics (MBA) screen shot that shows a high-risk user and the reason for the rating. MBA uses machine-learning to model users and organizational behavior.

The beginning of an investigation with McAfee Investigator as shown in the mock SOC demo (the red box highlights a guided investigation). Turns an analyst into a real Sherlock Holmes.

Data Center & Cloud DefenseIf you’re like most enterprises, you’ve got some workloads running in a hybrid cloud. The team here will show you how to make protection fast and easy through things like automated workload and container discovery, cloud-optimized threat defense, and network visibility and micro-segmentation. A recent SANS endpoint survey (a multi-vendor effort) showed the network as 1 of 3 top areas where respondents detected compromises.

McAfee Skyhigh Security Cloud (CASB)Your teams are working the in cloud which makes securing the areas where they work (e.g., Office 365, AWS, Azure, Box, Salesforce, Slack, and others) important. The team will help you better understand everything from DLP to collaboration control policies to detecting compromised accounts in cloud environments.

Click here to find out how MGM Resorts International uses McAfee solutions, including the McAfee SIEM and Investigator products, to significantly reduce detection and response times. Select benefits included:

  • Improved security posture through well-orchestrated integration and intelligence sharing
  • Accelerated time and reduced effort to contain, investigate, and remediate advanced threats
  • Improved collaboration and skills of security investigation team

Stop by our booth (#436) to hear about more customers and use cases. If you can’t make it to the show, I encourage you to reach out to learn more about the innovation occurring at the new McAfee.

The post Come Talk to McAfee at the Gartner Security and Risk Management Summit appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/come-talk-to-mcafee-at-the-gartner-security-and-risk-management-summit/feed/ 0
The Cloud: Crossroads or Fast Lane for Enterprise Databases? https://securingtomorrow.mcafee.com/business/cloud-security/the-cloud-crossroads-or-fast-lane-for-enterprise-databases/ https://securingtomorrow.mcafee.com/business/cloud-security/the-cloud-crossroads-or-fast-lane-for-enterprise-databases/#respond Fri, 01 Jun 2018 15:00:39 +0000 https://securingtomorrow.mcafee.com/?p=89124 As someone who has enjoyed spending time with many a DBA (database administrator) over the years, and for better or worse has spun up a fair few DBMS (Database Management System) himself, I’m excited and also just a little scared of the potential that the hybrid cloud holds. It is exciting to think about all […]

The post The Cloud: Crossroads or Fast Lane for Enterprise Databases? appeared first on McAfee Blogs.

]]>
As someone who has enjoyed spending time with many a DBA (database administrator) over the years, and for better or worse has spun up a fair few DBMS (Database Management System) himself, I’m excited and also just a little scared of the potential that the hybrid cloud holds.

It is exciting to think about all the possibilities hybrid cloud environments bring. Imagine, Database power at scale. Whenever, wherever, elastic with built-in failover and load balancing. No more long provisioning cycles, masses of approvals and justifications to get that new hardware. Everything is available at a moment’s notice and ready to help the business grow. In short, it’s any application developers dream come true and most DBA’s nightmare.

No matter which research, the trend is clear. Enterprise Databases are moving to the cloud, but what will end up lurking in the dark?

The management of DBMS instances in any organization is already challenging as it is. Not knowing exactly how many Databases exist at any given time is far too common, making it next to impossible to manage the risk appropriately. Making sure potential vulnerabilities are patched or at least can not be exploited (SQL Injections, misconfigured instances, weak account passwords etc) is the standard cat and mouse game of every DBA. On top of that, there is data protection. Monitoring and auditing access to the organization’s most valuable data has become one of the biggest challenges organizations face.

Location, Location, Location – Is not important!

Unlike in real estate, location really isn’t important. Monitoring the database workload and how many instances, databases, and servers are spun up must follow the same rigor in the cloud as it does within the on-premise datacenter.

The monitoring of suspicious requests that may indicate malicious behavior to the DBMS  needs to follow the same policies, rules, and possibilities in the cloud as on-premises. Intercepting and stopping malicious connections has to be possible across the whole infrastructure – from on-premises to cloud.

Last but by no means least, auditing and monitoring of sensitive information, whether that is PCI DSS, HIPAA, SOX or PII data must be seamless between on premise and any cloud instance.

Once these cross-locational policies and monitoring capabilities are in place, the hybrid database environment turns indeed into a fast lane, allowing businesses to scale much faster and much more seamlessly than ever before.

McAfee is helping to fill the need in this hybrid environment by offering a software-based Database Security solution that allows the monitoring of database instances across both on-premise and the cloud. Non-intrusive, lightweight and easy to deploy, McAfee’s Database Security allows customers to enjoy all the exciting benefits of moving to a hybrid cloud enterprise database environment, while retaining control over security, risk and data protection.

For more information, head over to the product information page here.

The post The Cloud: Crossroads or Fast Lane for Enterprise Databases? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/the-cloud-crossroads-or-fast-lane-for-enterprise-databases/feed/ 0
McAfee scores 100% in Real World test https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-scores-100-in-real-world-test/ https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-scores-100-in-real-world-test/#respond Thu, 31 May 2018 21:12:56 +0000 https://securingtomorrow.mcafee.com/?p=89255 It’s the security weaknesses you don’t know about or the next zero-day threat that keeps most of us up at night. That’s why when it comes to testing for effectiveness against threats, it’s critical to look at how a defense works to combat current, real world samples. After all, you need to know how your […]

The post McAfee scores 100% in Real World test appeared first on McAfee Blogs.

]]>
It’s the security weaknesses you don’t know about or the next zero-day threat that keeps most of us up at night. That’s why when it comes to testing for effectiveness against threats, it’s critical to look at how a defense works to combat current, real world samples. After all, you need to know how your defenses work against the lion in the wild, not the one in the zoo.

Like a lion in the wild, malware designers watch and look for vulnerabilities in their prey. Similar to the older gazelle at the back of the pack is the zero-day vulnerability that has yet to be patched. So how can you find out if your Endpoint Security is ready for the attack you don’t know is coming?

In a recent test by AV-Comparatives, McAfee Endpoint Security achieved high marks, most notably in the category of real world threats. In fact, it was one of only 3 products to detect 100% of the threats it was presented with. This is largely because of the dual nature of McAfee’s machine learning analysis which looks at what a suspected threat looks like and how it behaves. Integrated with the other layers of McAfee Endpoint Security, threats that attempt to evade detection by masking their appearance will not be able to hide how they behave from dynamic AI analysis.

AV-Comparatives also found that McAfee scored its best false positive rate for malware detection. In particular zero false positives were detected for common business files. That means even more accuracy to ensure you not only detect what others could miss, you also won’t spend time investigating incorrect findings and your users won’t be prevented from working with legitimate files and applications.

So what kind of lion are you preparing for? The one in the zoo, or the wild hunter waiting to pounce? With McAfee Endpoint Security, you can be confident that the vulnerabilities you don’t know about don’t become the opening attackers can leverage. Instead, your environment is defended by a well-coordinated pack.

The post McAfee scores 100% in Real World test appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-scores-100-in-real-world-test/feed/ 0
The New Security Experience https://securingtomorrow.mcafee.com/business/the-new-security-experience/ https://securingtomorrow.mcafee.com/business/the-new-security-experience/#respond Thu, 31 May 2018 17:25:34 +0000 https://securingtomorrow.mcafee.com/?p=89220 Everyone has their limits — limited budget, limited staffing and time — but we seldom take into account the basic limitations imposed on us by something we can hardly control: our minds. But understanding limits helps us work with them, not against them. Following years of hard work and focus, we have now begun to […]

The post The New Security Experience appeared first on McAfee Blogs.

]]>
Everyone has their limits — limited budget, limited staffing and time — but we seldom take into account the basic limitations imposed on us by something we can hardly control: our minds. But understanding limits helps us work with them, not against them. Following years of hard work and focus, we have now begun to introduce a new security experience.

McAfee wants to bring radical efficiency to cybersecurity staffs. That can be achieved in part by developing technologies like the McAfee® Data Exchange Layer (DXL) to bring cross-product and cross-vendor communication to cybersecurity solutions, though we see a place where the needs of our customers can be met even further by honestly addressing the limits of our minds.

How large is the average person’s working memory? Conventional wisdom says we can juggle seven different things at a time, plus or minus two. Even the smartest among us can still remain fairly ignorant about how little we can hold in our heads at any one time.

Some years ago, University of Notre Dame researchers ran a study1 where they instructed people to start a task at a table on one side of a room before walking to a table on the other side of the room to complete it. As humans, we do that kind of thing reasonably well.

But then the researchers partitioned the room, leaving a doorway between the two tables, and completion rates plummeted. The study blamed that common human experience of walking to another room to get something and forgetting what it was once you got there.

Imagine leaving your living room to make popcorn, but the moment you enter the kitchen you can’t remember what you’d been thinking. The study supposed that our minds dehydrate our sense of where we were as we move from one place to another, to better focus on our new location. But context-switching is a lossy operation. If you don’t deliberately carry something over that threshold, you might drop it. Returning to the living room rehydrates that context, and suddenly you remember the popcorn.

Those researchers ran the same study with people in front of computers. When moving from one end to another of a single space on screen, people did well. Place a virtual partition in the virtual space and completion rates tanked equivalently to moving through contexts in the real world.

Some cybersecurity products might look simple, but navigating through simple contexts still costs something, and with stakes much higher than failing to make popcorn. Common cybersecurity workflows — from investigating threats to changing policy — regularly require moving across many more screens than anyone can hold in their head at the same time. This burns vast amounts of cognition.

Simply by disassembling the old cybersecurity experience to bring related information together in a single, high-context workspace — encouraging the user to drive into the right information at the right time — we shift the cognitive load from managing context switches to actually solving cybersecurity problems.

Over the past 18 months, McAfee has shipped several new and innovative experiences designed to accelerate mundane tasks, focusing limited cybersecurity staff on the task at hand. Our most recent launch was an entirely new product, McAfee® Investigator which combines a high-context, guided experience with powerful cloud-based analytics and machine learning, with strong customer outcomes being praised by industry analysts and customers alike. Bringing McAfee’s UX approach to our existing products is also testing well, reducing some common workflows from minutes to seconds.*

While we look forward to sharing more about our efforts in the weeks and months to come, we know all too well that once you move your attention somewhere else, you’ll likely forget most of what you just read here. Still, if you keep just one thing, remember this: McAfee wants to be your number one security partner, not only by offering full protection from device to cloud but also by making cybersecurity workers radically more efficient — to help you avoid dropping crucial clues without even realizing it, like something you went to the other room to get and forgot what it was once you got there.

We see a bright opportunity for a new security experience. At McAfee, we look forward to getting there together.

 

1 “Walking through doorways causes forgetting: Situation models and experienced space” (University of Notre Dame); Radvansky, G.A. & Copeland, D.E. Memory & Cognition (2006) 34: 1150.

*Time reductions are intended as examples of how a given McAfee product, in the specified circumstances and configurations, may provide time savings. Circumstances and results will vary.

The post The New Security Experience appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/the-new-security-experience/feed/ 0
The Ramifications of the Skills Shortage on Cloud Security https://securingtomorrow.mcafee.com/business/cloud-security/the-ramifications-of-the-skills-shortage-on-cloud-security/ https://securingtomorrow.mcafee.com/business/cloud-security/the-ramifications-of-the-skills-shortage-on-cloud-security/#respond Wed, 30 May 2018 15:00:54 +0000 https://securingtomorrow.mcafee.com/?p=89110 Week over week, a new threat against valuable data emerges. Sometimes, adversaries in cybersecurity find ways to infiltrate systems through advanced malware strains. Other times, they’ll find holes in an organization’s infrastructure, which have been accidentally created by a well-intentioned employee. Both occur all too often, but the latter is actually tied to another threat […]

The post The Ramifications of the Skills Shortage on Cloud Security appeared first on McAfee Blogs.

]]>
Week over week, a new threat against valuable data emerges. Sometimes, adversaries in cybersecurity find ways to infiltrate systems through advanced malware strains. Other times, they’ll find holes in an organization’s infrastructure, which have been accidentally created by a well-intentioned employee. Both occur all too often, but the latter is actually tied to another threat facing the cybersecurity industry – the skills shortage.

Mind the gap

The skills shortage is a term those in the industry all are too familiar with. While agile and powerful threats are on the rise, the amount of talented cybersecurity professionals is not – leaving a gaping hole in security strategy that existing employees just can’t fill. In fact, according to McAfee’s recent study Winning the Game, IT leaders report needing to increase their security staff by 24% to adequately manage their organization’s cyberthreats. The absence of adequately trained professionals can leave holes in many aspects of modern-day security infrastructure, with one of the widest specifically involving cloud security.

A clouded education

The cloud is a nuanced area in technology and securely managing it requires specific knowledge – which is why it feels the effects of the skills shortage two-fold. In fact, according to our recent report Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security, more than 25% of organizations using infrastructure as a service (IaaS) or software as a service (SaaS) have experienced data theft from their hosted infrastructure or applications. Furthermore, one in five were infiltrated by advanced attackers targeting their public cloud infrastructures. All too often these attacks originate from user misconfigurations, a lack of updates, or a selection of the wrong technology.

Put two and two together, and these breaches make one thing apparent: organizations are not only lacking cybersecurity talent, but sufficient cloud security talent, which ultimately puts them more at risk of an attack. Mind you, this talent gap is also delaying enterprise migration to cloud computing.

Security skills vs. cloud security skills

However, it’s important to note that the list of skills required for successful cloud security isn’t precisely a carbon copy of what many expect from a cybersecurity professional. Plugging one gap will not always fill the other.

Of course, general security skills – such as incident response, data analysis, and threat hunting –are still crucial when it comes to securing the cloud. But they’re not entirely sufficient. For instance, cloud security professionals and architects need to come to the table with a deep knowledge of identity access management (IAM), deployment automation, and cloud regulatory compliance.

But just like cloud security is a shared responsibility between vendor and customer, so is the cloud security skills shortage between the cybersecurity industry and future professionals. While we must hope that professionals pursue the right training, the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security. And this doesn’t just mean teaching the correct configurations for AWS either, but rather helping these professionals learn about the tenets of cloud adoption, including costs, monitoring, potential barriers, and more.

To plug your cloud security skills gap, the answer is not to hire quickly, but rather hire and train strategically. Evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them. From there, securing IaaS and SaaS solutions shouldn’t seem so cloudy to your IT team.

To learn more about what McAfee is doing to help address the cybersecurity skills shortage, be sure to follow us at @McAfee and @McAfee_Business.

The post The Ramifications of the Skills Shortage on Cloud Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/the-ramifications-of-the-skills-shortage-on-cloud-security/feed/ 0
McAfee earns a Top Product Award from AV-Test! https://securingtomorrow.mcafee.com/business/mcafee-earns-a-top-product-award-from-av-test/ https://securingtomorrow.mcafee.com/business/mcafee-earns-a-top-product-award-from-av-test/#respond Tue, 29 May 2018 01:00:10 +0000 https://securingtomorrow.mcafee.com/?p=89102 McAfee achieved a near perfect score of 17.5 for both McAfee Internet Security (MIS) 20.8, and McAfee Endpoint Security (ENS) 10.5.3, in the areas of protection, performance and usability in the latest round of testing from AV-Test. The AV-TEST Institute, a leading international and independent service provider in the fields of IT security and anti-virus […]

The post McAfee earns a Top Product Award from AV-Test! appeared first on McAfee Blogs.

]]>
McAfee achieved a near perfect score of 17.5 for both McAfee Internet Security (MIS) 20.8, and McAfee Endpoint Security (ENS) 10.5.3, in the areas of protection, performance and usability in the latest round of testing from AV-Test. The AV-TEST Institute, a leading international and independent service provider in the fields of IT security and anti-virus research also honored both products with a Top Product Award.

These results, announced May 28, continue to build on improvements earned over the last several test cycles.  In the latest tests, both MIS and ENS achieved a perfect score of 6 out of 6 in both usability and protection and a near perfect score of 5.5 out of 6 in performance.

Our latest Endpoint Security solutions continue to be market-leading solutions, surpassing other consumer and enterprise platform security vendors in independent scoring around Protection, Performance and Usability.  In fact, both McAfee ENS and MIS was 100% effective against prevalent malware circulating in the past 4 weeks and was virtually 100% effective against 0-day malware attacks as well (a single miss). Both products had ZERO false positives which means you can trust the results you receive from our products. McAfee ENS and MIS also showed virtually no signs of impacting user productivity.

Curious how we fared relative to the competition? You can visit AV Test’s website at https://www.av-test.org/ for all current and past test results.

The post McAfee earns a Top Product Award from AV-Test! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-earns-a-top-product-award-from-av-test/feed/ 0
Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty https://securingtomorrow.mcafee.com/business/cloud-security/enriching-cloud-threat-intelligence-and-visibility-cloud-workload-security-and-aws-guardduty/ https://securingtomorrow.mcafee.com/business/cloud-security/enriching-cloud-threat-intelligence-and-visibility-cloud-workload-security-and-aws-guardduty/#respond Fri, 18 May 2018 21:28:22 +0000 https://securingtomorrow.mcafee.com/?p=88953 This blog was written by Stan Golubchik. Using cloud-native threat intelligence to enhance workload security Risk assessment is crucial in today’s public cloud. In Amazon Web Services (AWS), native monitoring services for ingress and egress network data can shed light on potential network threats and anomalies. A service of AWS, GuardDuty, bridges the capability to […]

The post Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty appeared first on McAfee Blogs.

]]>
This blog was written by Stan Golubchik.

Using cloud-native threat intelligence to enhance workload security

Risk assessment is crucial in today’s public cloud. In Amazon Web Services (AWS), native monitoring services for ingress and egress network data can shed light on potential network threats and anomalies. A service of AWS, GuardDuty, bridges the capability to ingest this data to and from an AWS tenant’s environments for continuous monitoring of the following data sources:

  • VPC Flow Logs
  • AWS CloudTrail event logs
  • DNS logs

With these threat intelligence feeds, GuardDuty can enrich the context of potentially unauthorized and malicious activity within a AWS environment. This context can be visualized through the GuardDuty console, or via the Amazon CloudWatch events, informing the security status of your AWS environment.

While GuardDuty can act as a standalone service with substantial benefit for security and risk assessment in an AWS environment, converging GuardDuty threat intelligence into a broader cloud workload protection platform can provide extended benefits:

  • Automated detection capabilities
  • A single pane of glass for visibility over AWS, along with Azure and VMware
  • Actionable remediation workflows

By bridging native AWS API driven data sources such as GuardDutty with a cloud workload protection platform like McAfee Cloud Workload Security (CWS), tenants of AWS can use the data-rich sources of AWS within CWS manage and secure mission critical workloads with advanced security from a single console.

Discover and protect with Cloud Workload Security

CWS directly integrates with the AWS GuardDuty API – An optimal scenario for visualizing anomalous network activity, and threat events. GuardDuty events which are categorized as low and medium events within AWS are subsequently flagged as medium severity events within the CWS console.

Setting up the connection between GuardDuty and McAfee CWS is straight forward. The pre-requisite configuration requirements are as follows:

  • Enable GuardDuty through your AWS management console.

  • The security credentials used for registering your account within CWS should have GuardDuty permissions assigned for read access to GuardDuty’s threat intelligence and network flow data.

Once the initial configuration has been instantiated, GuardDuty data will immediately be pulled by CWS.  Through the CWS management console (McAfee ePolicy Orchestrator, or ePO), you are able to visualize threat information directly from GuardDuty. The GuardDuty events you will see include:

  • Brute force attacks
  • Port scans
  • Tor communications
  • SSH brute force
  • Outbound DDoS
  • Bitcoin mining
  • Unusual DNS requests
  • Unusual traffic volume and direction

IAM related events are currently not supported. An immediate pivot into an action can be taken at the point GuardDuty provides a severity verdict to a potential threat. Such actions which can be taken include:

  • Shutting down the compromised EC2 instance(s) which have been flagged.
  • Through micro-segmentation, altering firewall settings via security groups i.e. altering the port, protocol, or IP to limit and control network connectivity to any EC2 instance.

For more information on McAfee Cloud Workload Security, please visit the following page for feature and solution documentation: https://www.mcafee.com/us/products/cloud-workload-security.aspx

 

The post Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/enriching-cloud-threat-intelligence-and-visibility-cloud-workload-security-and-aws-guardduty/feed/ 0
WannaCry One Year Later: Looking Back at a Milestone https://securingtomorrow.mcafee.com/business/wannacry-one-year-later-looking-back-at-a-milestone/ https://securingtomorrow.mcafee.com/business/wannacry-one-year-later-looking-back-at-a-milestone/#respond Tue, 15 May 2018 19:55:10 +0000 https://securingtomorrow.mcafee.com/?p=88839 Has it been a year? It seems longer. When the WannaCry ransomware attack hit tens of thousands of individuals and business around the world on May 12, 2017, it wasn’t the first time we had seen ransomware, but its impact was unique and lasting. We’ve all known for decades about hackers, information thefts, computer viruses […]

The post WannaCry One Year Later: Looking Back at a Milestone appeared first on McAfee Blogs.

]]>
Has it been a year? It seems longer.

When the WannaCry ransomware attack hit tens of thousands of individuals and business around the world on May 12, 2017, it wasn’t the first time we had seen ransomware, but its impact was unique and lasting.

We’ve all known for decades about hackers, information thefts, computer viruses etc. But when a hospital’s information system gets locked, and lives are at stake, think pieces about the “Future of Cybersecurity” don’t seem so distant. WannaCry brought the future into the present. Quickly.

In the last year, there seems to have been more dialog about the “downside” of tech as well as the upside. In short, for every positive in IT there is often an (unintended) downside. For example, billions of people love social media, particularly Facebook. But the recent testimony before Congress from Facebook’s CEO brought out the dark side of this technology: privacy issues and even the possibility of political manipulation.

Frequently, IT downsides seem to involve cybersecurity issues, in one way or another.

With WannaCry, the “theory” of threats became personal. If someone is ill and can’t get medical attention, that’s personal. It your pacemaker is hacked, that’s personal. And if your car — self-driving or not — gets its power steering wheel locked by a hacker when you’re going 80 miles an hour, that’s personal.

A Unique Problem

Why was Wanna Cry different? Because it’s the first time we’ve seen worm tactics combined with ransomware on a major scale. The outbreak infected at least 350,000 victims in more than 150 countries.

WannaCry’s success came down to its ability to amplify one attack through the vulnerabilities of many machines on the network, making the impact greater than what we had seen from traditional ransomware attacks.

To quote McAfee’s Chief Scientist Raj Samani: “WannaCry is still being talked about, and I suspect it will be one of those events that will act as a milestone for malware. It took the industry by storm with its propagation method, and challenged the previously held belief that criminals would provide decryption keys once paid the ransom.”

Day Zero Protection

In terms of the company I work for, McAfee, Wanna Cry was a test: a test to see if the cybersecurity software we had been working on for many years would meet the challenges of an attack we had never seen before. I think we met the challenge, and I also learned from that attack.

McAfee technology provided Day Zero protection against the attack, not just at the endpoint but across many aspects of an integrated security architecture. Threats like WannaCry remind us that an integrated cybersecurity approach is the best defense because it enables people to protect, detect and respond to the newest and most challenging threats.

We met the attack in several ways:

  • The latest McAfee Endpoint Security® software running Dynamic Application Containment® (DAC) in secure mode gave full Day Zero protection against WannaCry.
  • ENS®, Threat Intelligence Exchange® (TIE) and Advanced Threat Defense® (ATD) operate together as a zero touch, closed loop security defense system.
  • McAfee Active Response® (MAR) delivered trace data that revealed malicious activity at Day Zero, helping responders identify the attack and update defenses across the environment.

For customers on older endpoint technology, McAfee researchers analyzed samples of the WannaCry ransomware immediately upon detection, and then updated McAfee Global Threat Intelligence® (GTI) and released an emergency DAT and new HIPS signatures for extra coverage. As a company, we spent a lot of time on the phone with customers over the weekend after “WannaCry Friday”—many had questions about their endpoint version.

The Big Picture

In the case of WannaCry, the immediate threat was met. But we also realized it’s important to keep an eye on the big picture. Now, more than ever, the “new threat, new widget” approach must evolve.

McAfee’s philosophy is that an effective defense is built on a dynamic cybersecurity platform that is both open and integrated. Open, so it can quickly accept new technologies that protect against even the most creative adversaries; and integrated in that technologies can work together as a cohesive defense.

Those integrated defenses were on clear display in protecting our customers during the WannaCry episode. Leveraging an automated security system that protects, detects and corrects in real time allows users to both free up resources and thwart advanced attacks. As a result, users no longer have to choose between the best technology or the most manageable – they can have both.

The post WannaCry One Year Later: Looking Back at a Milestone appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/wannacry-one-year-later-looking-back-at-a-milestone/feed/ 0
Cyber Storm: Strengthening Cyber Preparedness https://securingtomorrow.mcafee.com/business/cyber-storm-strengthening-cyber-preparedness/ https://securingtomorrow.mcafee.com/business/cyber-storm-strengthening-cyber-preparedness/#respond Wed, 09 May 2018 15:00:11 +0000 https://securingtomorrow.mcafee.com/?p=88780 This past April, McAfee employees joined with more than 2000 members of the private industry, federal government, and international partners to participate in a three-day cyber exercise called Cyber Storm, led by the Department of Homeland Security (DHS). The goal of the exercise was to simulate discovery and response to a large-scale, coordinated cyber-attack impacting […]

The post Cyber Storm: Strengthening Cyber Preparedness appeared first on McAfee Blogs.

]]>
This past April, McAfee employees joined with more than 2000 members of the private industry, federal government, and international partners to participate in a three-day cyber exercise called Cyber Storm, led by the Department of Homeland Security (DHS). The goal of the exercise was to simulate discovery and response to a large-scale, coordinated cyber-attack impacting the U.S. critical infrastructure, and improve cybersecurity coordination for the nation.

These exercises are part of DHS’s ongoing efforts to assess and strengthen cyber preparedness and examine incident response processes. The Cyber Storm series also strengthens information sharing partnerships among federal, state, international, and private-sector partners. During the three-day exercise, we simulated a cyber crisis of national and international consequence. This exercise gave the McAfee team the ability to test both internal and external incident response processes in a safe venue.

While DHS does not disclose specific details about the scenario for operational security purposes, Cyber Storm VI featured a multi-sector cyber-attack targeting critical infrastructure that produced realistic global events with varied impacts. McAfee was one of over 100 participating public and private sector organizations.

I had the opportunity to be one of the members sitting inside ExCon or exercise control. This was the nucleus of the cyber exercise! It was a busy three days as new incidents were sent out, watching how teams responded, and adjusting if things didn’t go exactly as planned. This simulation allowed us to learn and gave us a unique opportunity to raise our game. We now have more processes in place ready to deal with cyber-attacks if they were to occur. The teams executed well, revealing the strengths of our critical relationships with government agencies and other private sector organizations.

I was particularly impressed how DHS executed and collaborated with all the various organizations participating. Because the participants took it seriously, it made it feel very real. Given the well-founded concerns around cybersecurity and the demands the cyber threat landscape regularly places on us, it was great to see different organizations from different agencies and vertical industry segments coming together when needed. Such large-scale simulation was no easy feat, but the core planning team in conjunction with all the organization planners made it run without a hitch. For more information on Cyber Storm, visit https://www.dhs.gov/cyber-storm.

The post Cyber Storm: Strengthening Cyber Preparedness appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cyber-storm-strengthening-cyber-preparedness/feed/ 0
With More Than 1,200 Cybersecurity Vendors in the Industry, How Do You Stand Out? https://securingtomorrow.mcafee.com/business/with-more-than-1200-cybersecurity-vendors-in-the-industry-how-do-you-stand-out/ https://securingtomorrow.mcafee.com/business/with-more-than-1200-cybersecurity-vendors-in-the-industry-how-do-you-stand-out/#respond Tue, 08 May 2018 15:00:58 +0000 https://securingtomorrow.mcafee.com/?p=88752 Like most who attend RSA, I set a goal for myself to walk through the North and South exhibit halls and stop by every booth to “keep up” with the latest messaging and capabilities across the cyber landscape. I started off the day optimistic and full of enthusiasm. This year, I decided to keep track […]

The post With More Than 1,200 Cybersecurity Vendors in the Industry, How Do You Stand Out? appeared first on McAfee Blogs.

]]>
Like most who attend RSA, I set a goal for myself to walk through the North and South exhibit halls and stop by every booth to “keep up” with the latest messaging and capabilities across the cyber landscape. I started off the day optimistic and full of enthusiasm. This year, I decided to keep track of the booths I visited even if it was just for a brief few seconds. I went to 287 booths in the North Hall and 279 in the South Hall. That’s right: I counted and hit 566 booths in a little over three hours.

What did I learn from this year’s event? Aside from the latest industry buzzwords and jargon, — threat sharing, machine learning, AI, data lakes, SOC automation, attack surface discovery and exploitation — every vendor sounded the same, and you had to go beyond the surface level to find out how they differentiate themselves.

I left disappointed that not once did I hear a vendor talk about helping customers by focusing on their desired outcomes, value and service level agreements.

Our marketing team recently released the following data points, which I believe are telling of where we are as an industry.

More than 1,200 vendors compete in the cybersecurity market today. Conservatively, if each vendor offers an average of three products, with each product carrying an average of five features, that would make the cybersecurity market replete with nearly 20,000 features.

There is no shortage of competition for features in our industry. Look at most cybersecurity vendor websites and you’ll find lots of content around product capabilities. It’s no wonder customers are under assault by relentless adversaries. Each new threat vector requires a new defensive technology, which typically takes the form of a new product (if not a new vendor), complete with its own set of features.

That’s why McAfee focuses on sound architectural principles when designing modernized cybersecurity environments. We provide an open, proactive and intelligent architecture to protect data and stop threats from device to cloud. This allows customers to onboard new defensive technologies quickly to maximize their effectiveness. And, with our open, integrated approach, customers benefit from an overall security system with a whole greater than the sum of its parts. They get the benefit of both worlds: abundant vendor choice within a unified, cohesive system.

RSA 2019 Goals: Find vendors who are talking about solving customer challenges by focusing on outcomes, architecture interoperability, efficacy and efficiencies with some service level agreements mixed in for good measure. I really believe McAfee is setting a new higher standard for the cyber landscape that is essential and meaningful to our customers and the partner ecosystem. Let’s see if anybody else does something similar (or, if anybody else follows suit, or something like that).

The post With More Than 1,200 Cybersecurity Vendors in the Industry, How Do You Stand Out? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/with-more-than-1200-cybersecurity-vendors-in-the-industry-how-do-you-stand-out/feed/ 0
Passwords, Revisited https://securingtomorrow.mcafee.com/business/passwords-revisited/ https://securingtomorrow.mcafee.com/business/passwords-revisited/#respond Mon, 07 May 2018 15:00:10 +0000 https://securingtomorrow.mcafee.com/?p=88745 Ahh, Passwords.  We have work passwords, personal passwords, super secret passwords, even throw away passwords.  Have you ever stopped to wonder how “secure” your passwords actually are?  Thanks to cybersecurity writer and researcher Troy Hunt, you can now check. Troy runs the website ‘;– Have I been pwned? and recently pulled together the data he […]

The post Passwords, Revisited appeared first on McAfee Blogs.

]]>
Ahh, Passwords.  We have work passwords, personal passwords, super secret passwords, even throw away passwords.  Have you ever stopped to wonder how “secure” your passwords actually are?  Thanks to cybersecurity writer and researcher Troy Hunt, you can now check. Troy runs the website ‘;– Have I been pwned? and recently pulled together the data he has been collecting and created a service that manages half a billion passwords that have been seen in various data breaches and a count of how many times each password has been seen.

If your password lives in this database, it is no longer a secret.

So just for fun, let’s explore this data.  Say you’re a fan of the NFL Green Bay Packers.  You’d (of course) never use the password “greenbay”.   Which is good, because it has been used as a password 12,066 times in various breaches.  What about something tricky like “gr33nb@y”?  (Nope – that one has been seen 28 times.)  Throw in some capital letters like “Gr33nB@y”?  (Strike 2.  That’s been seen 8 times.)  Let’s try adding a symbol “Gr33nB@y#1” – that will be unique!  (Nope.  Strike 3.  That’s been seen 9 times.)

Unless your password is a long string of random characters, the probability it has been exposed in breach is pretty good.  And how do you remember a long string of random characters? Hint, hint: a password manager.  And guess what Password Managers – thanks to Troy’s service – can now do?  They can check to see if the password you’d like to use has been used in a breach.

Let’s look at some more passwords.  Sticking with sports theme – say you’re a Boston Red Sox fan – the password “yankeessuck” has been seen 367 times.  Yankees fan?  “redsoxsuck” – 185 times.  How about Premier League  – say an Arsenal fan might go with “chelseasucks” (30 times) and Chelsea fans with “arsenalsucks” (27 times).  Maybe you’re a more optimistic NBA fan – if Golden State is your team, the password “warriorsrule” shows up 35 times.  Cavalier’s fan?  “clevelandrocks” shows up 68 times.

Proud of your home state? Probably don’t want to use it as a password; “newyork” – 93,558 times, “california” – 78,972 times, “florida” – 74,587 times.  Every state makes the list.  Favorite celebrities your go to for passwords?  Well, “beyonce” has been used as a password 20,014 times, “selenagomez” 5,417 times, Dwayne “therock” Johnson – 38,234 times, Cristiano “ronaldo” – 112,121 times.  Countries? “USA” 406 times, “india” 49,222 times, “england” 50,919 times, “spain” 4,060 times (even “españa” with the ñ has been seen 212 times).  Foods?  “hamburger” – 10,864 times; “hotdog” 61,680; “fishandchips” 1,271 times; “sushi” 7,395 times; and (just for Troy) – “vegemite” has been seen 1,845 times.

Looking at a little more mundane passwords, the password “password” appears over 3.3 million times in the breach data.  The password “123456” shows up over 20 million times.  It’s not all English either, the word for “password” in Spanish, “contraseña”, shows up 1,045 times, in German “passwort” shows up 57,177 times, in Russian “пароль” 13,466 times and even the Maori word “kupuhipa” shows up 3 times.

So as much as we would each like to think we are being clever with our passwords and the patterns we create for ourselves to remember them – is safe to say that in a global context, it has likely already been used.  Don’t take my word for it – go look them up for yourself here (but maybe don’t look up a password you’re currently using).

Oh, and before I forget…  You should use a Password Manager.  Really.  You should.

The post Passwords, Revisited appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/passwords-revisited/feed/ 0
How to Boost Security Operations Performance with Human-Machine Teaming Technology https://securingtomorrow.mcafee.com/business/security-operations/how-to-boost-security-operations-performance-with-human-machine-teaming-technology/ https://securingtomorrow.mcafee.com/business/security-operations/how-to-boost-security-operations-performance-with-human-machine-teaming-technology/#respond Thu, 26 Apr 2018 15:00:42 +0000 https://securingtomorrow.mcafee.com/?p=88601 In the lead up to the Security Operations Roadshow in Canada in May, there’s been lots of discussion on the challenges faced by security teams. Security operations teams today struggle with an ever-increasing number of alerts, new zero-day attacks and a lack of skilled resources. Fifty-eight percent of organizations cite employee skills as a key security […]

The post How to Boost Security Operations Performance with Human-Machine Teaming Technology appeared first on McAfee Blogs.

]]>
In the lead up to the Security Operations Roadshow in Canada in May, there’s been lots of discussion on the challenges faced by security teams.

Security operations teams today struggle with an ever-increasing number of alerts, new zero-day attacks and a lack of skilled resources. Fifty-eight percent of organizations cite employee skills as a key security effectiveness gap. Seventy-two percent say analytics is more difficult than two years ago and 70 percent report having many manual processes as a limiting factor (all statistics from Enterprise Strategy Group (ESG) survey, April 2017). These skill-based security gaps pose a significant risk to organizations.

One solution to bridging the skills gap is to give security analysts new tools that automate some processes and allow them to handle larger volumes of data. There is a growing embrace of architectural models such as ESG’s security operations analytics platform architecture (SOAPA), which combines multiple tools and processes to build a more effective security operations function.

While security vendors have long provided traditional protection and detection tools that rely on techniques such as blacklisting, packet inspection, heuristics and rules, there are limitations to these relatively static analysis methods. In the SOAPA architecture, these capabilities are typically part of the foundation that is the common distributed data services layer.

A more sophisticated approach

More advanced analytical methods fit into the SOAPA architecture as part of the security analytics layer. These capabilities often consolidate the outputs from the distributed data services foundation to provide more sophisticated analysis.

The next generation of analytical tools, such as user and entity behavioral analytics (UEBA), leverage machine learning, deep learning, and other artificial intelligence algorithms to enable broader analysis, but also offer more focused results due to sophisticated mathematical modeling. Ottawa-based Interset is one example of a company that provides advanced analytical modeling to detect elevated levels of risk. This allows security analysts to be more “ahead of the curve” in tracking risky behaviors and to be able to respond in a more timely fashion.

Identifying a threat, even with an advanced analytical tool, is only the first step in a security response. Analysts must still understand all the potential risk factors posed by a threat. Identifying these risks in a timely manner can be a challenge. Human-machine teaming – leveraging both automation and intelligence at a machine level – removes this limitation.

Compressing days into minutes

One example of a human-machine teaming solution is McAfee Investigator, a product which guides security analysts to faster and more effective investigations, and which complements UEBA in the security analytics layer of SOAPA. After receiving high-quality threat leads from a UEBA-based tool, McAfee Investigator can streamline and automate the investigation triage process. McAfee Investigator’s cloud-based data analytics and machine learning engine collects and prioritizes the data in context, enabling analysts to handle more investigations, more accurately. McAfee Investigator reduces the effort and increases the speed with which analysts can determine the risk and urgency of the incident. Analysts can make accurate triage decisions faster and focus on the most significant threats.

By combining the principles of advanced analytics with guided investigations, security operations teams become more effective, efficient and are able to lower the overall risk posture of an organization. This in turn allows staff to spend more time on ensuring the security framework is providing the maximum level of protection and value to the organization.

I’ll be discussing how security teams can adapt to the ever-changing threat landscape in Toronto (May 15), Ottawa (May 16) and Montreal (May 17) at McAfee’s Canadian Security Operations Roadshow. If you’re interested in learning more about human-machine teaming and measures security operations teams can take to improve their operations, please feel free to drop by. To register, please contact Jess McCrossan, marketing manager for McAfee Canada (jess_mccrossan@mcafee.com).

The post How to Boost Security Operations Performance with Human-Machine Teaming Technology appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/how-to-boost-security-operations-performance-with-human-machine-teaming-technology/feed/ 0
McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers https://securingtomorrow.mcafee.com/business/mcafee-vnsp-and-aws-are-winning-combination-for-enterprise-and-federal-customers/ https://securingtomorrow.mcafee.com/business/mcafee-vnsp-and-aws-are-winning-combination-for-enterprise-and-federal-customers/#respond Fri, 20 Apr 2018 15:00:28 +0000 https://securingtomorrow.mcafee.com/?p=88583 Fun Facts: ECS stood up and managed the first security operations center at the White House. Today, ECS manages the world’s largest McAfee installation—employing just about every solution we make—for the U.S. Army. ECS is more than a McAfee Platinum Partner: they’ve built their entire security solution around McAfee products. The company’s unique offering to […]

The post McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers appeared first on McAfee Blogs.

]]>
Fun Facts: ECS stood up and managed the first security operations center at the White House. Today, ECS manages the world’s largest McAfee installation—employing just about every solution we make—for the U.S. Army.

ECS is more than a McAfee Platinum Partner: they’ve built their entire security solution around McAfee products. The company’s unique offering to Enterprise, military, intelligence and federal civilian combines their award-winning managed services powered by McAfee, and high-level competencies across the Amazon Web Services (AWS) product suite.

ECS has earned service delivery certifications for every McAfee product, participating regularly in betas and trials of new software with active input into the development of new products. Its AWS bona fides are equally ambitious: ECS is an AWS Premier Consulting Partner, an Audited Managed Service Partner, and one of the world’s largest AWS resellers.

For the past 17 years, ECS (formerly InfoReliance) has built a managed-services offering that focuses on delivering custom solutions for clients in regulated industries such as government and defense, but the company also has a large and growing roster of high-profile enterprise and commercial customers. ECS focuses its security solutions around the threat defense lifecycle, applying not only McAfee products but complementary solutions from McAfee Security Innovation Alliance.

“Our choice to provide a single-vendor security platform and deliver McAfee at scale is one of the things that makes us unique,” remarks Andy Woods, Director of Managed Cybersecurity at ECS. “It means our organization can have a depth of expertise that’s frankly unmatched by anyone else in the industry. We also believe it’s the best way to be technology-heavy and people-light, and to automate as much of the cybersecurity lifecycle as we can.”

The McAfee Virtual Network Security Platform (vNSP) and its tight synergy with AWS is a large focus of ECS’s business. Tim Gonda, ECS security engineer and vNSP expert, explains: “We feel it is important to recognize that as part of the AWS shared responsibility model, it is up to us to ensure the security of our virtual networks. We leverage vNSP as a way to augment the security of native AWS capabilities. We are able to establish more flexible controls for protecting our own workloads, as well as providing custom-tailored solutions to our clients.”

In one example of a customer’s virtual private cloud (VPC) deployment, the ECS team launched a vNSP controller into the VPC, and deployed sensors per subnet. The application service also included the lightweight, host-based traffic redirector. “One of the biggest differentiators of vNSP versus other products is that it allows us to monitor internal VPC traffic, as well as traffic leaving the VPC, in an extremely lightweight framework,” Gonda comments. “In this example, we managed the lateral traffic within the VPC, as well as traffic going out to the internet, while providing custom filters and rules looking for specific threats on the wire.”

The application of vNSP with AWS-driven VPCs is just one example of ECS’s fearless innovation in today’s marketplace. Woods notes, “We’re proud of our internally developed intellectual properties, such as our iRamp billing system. We developed one of the very first DXL-enabled technologies within the partner community. We were also early adopters of integrated security through McAfee ePO, born out of a need to support clients in regulated industries.”

Woods concludes, “Our clients are focused on value management of their cybersecurity spend and how we can help them reduce their risk not only today but into the future. We deliver security customized security outcomes for every organization we work with. We’re confident in McAfee’s ability to scale along with core competencies on the endpoint, whether on-premises or in the cloud. The connected infrastructure is a key differentiator for us as we deliver managed services to customers across all verticals. For us, ‘Together is Power’ means being able to solve our clients’ cybersecurity problems in the most powerful manner possible, through a single platform of connected technologies.”

The post McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-vnsp-and-aws-are-winning-combination-for-enterprise-and-federal-customers/feed/ 0
How McAfee uses Customer Zero to get to decisions faster https://securingtomorrow.mcafee.com/business/security-operations/mcafee-uses-customer-zero-get-decisions-faster/ https://securingtomorrow.mcafee.com/business/security-operations/mcafee-uses-customer-zero-get-decisions-faster/#respond Mon, 16 Apr 2018 19:00:02 +0000 https://securingtomorrow.mcafee.com/?p=88332 The third in a series of three blogs by Grant and Jason on the process of identifying actionable insights. In this series, we’ve been examining how data is collected, processed and analyzed. And, because of the complexity of the task at that analysis stage, we’ve been looking at the task of augmenting human analyst capability […]

The post How McAfee uses Customer Zero to get to decisions faster appeared first on McAfee Blogs.

]]>
The third in a series of three blogs by Grant and Jason on the process of identifying actionable insights.

In this series, we’ve been examining how data is collected, processed and analyzed. And, because of the complexity of the task at that analysis stage, we’ve been looking at the task of augmenting human analyst capability with automation and machine learning. Learning mechanisms – for humans and machines – are critical to this final step.

At McAfee, our greatest progress thus far in automating insights has been the application of McAfee Behavioral Analytics (MBA) and McAfee Investigator and customer machine learning classifiers using our McAfee Enterprise Security Manager (ESM) data set.  This combination leverages machine learning and deep neural network capabilities to guide analysts to insights that then lead to decisions. We’re now focused on extending these investigation guides at the core of McAfee Investigator, which encapsulate the best thinking and practices of expert threat hunters, so that analysts can gather more relevant intelligence.

Those investigation guides are not just about the questions that good threat hunters ask; they are also about how the best minds answer those questions. Collecting and analyzing the attackers’ objectives, methods, and techniques directly result in operational threat intelligence that leads to conclusions about suspicious activity. For example, do we need to work with our endpoint tools to change the data they throw off and create so that we can be more effective with our investigations later?

To capture these inquiries, we’re tapping into the resources of McAfee Customer Zero, our Security Fusion Center teams. McAfee Product Management, Engineering, and the Office of the CISO are collaborating to expand the investigational use cases that are relevant to actual investigations. We view our own Security Fusion Center as the place to learn, to try things, to fine-tune our products and make them better. In the process, we want to help the Fusion Center teams triage which events matter, to get to root cause and an answer as rapidly as possible.

These are very much human-centric investigations – even with all the AI and machine learning baked in. Human-machine teaming doesn’t try to reduce the role of the person. We’re trying to help the human  do more.

We believe that by collaborating and sharing best practices, augmented by machine capabilities, we can help security teams arrive at insights that lead to decision, faster and with more confidence. And that action, achieved together, is a powerful outcome indeed.

You can look for Grant Bourzikas on Twitter and LinkedIn and at security events like MPOWER, Blackhat, and RSA. Jason Rolleston can also be found at similar events and on Twitter and LinkedIn.

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure.

 

McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.

The post How McAfee uses Customer Zero to get to decisions faster appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/mcafee-uses-customer-zero-get-decisions-faster/feed/ 0
Cloud is Ubiquitous and Untrusted https://securingtomorrow.mcafee.com/business/cloud-security/cloud-is-ubiquitous-and-untrusted/ https://securingtomorrow.mcafee.com/business/cloud-security/cloud-is-ubiquitous-and-untrusted/#respond Mon, 16 Apr 2018 15:00:32 +0000 https://securingtomorrow.mcafee.com/?p=88338 As we release the resulting research and report at the 2018 RSA Conference, the message we learned this year was clear: there is no longer a need to ask whether companies are in the cloud, it’s an established fact with near ubiquitous (97%) acknowledgement.

The post Cloud is Ubiquitous and Untrusted appeared first on McAfee Blogs.

]]>
At the end of 2017, McAfee surveyed 1,400 IT professionals for our annual Cloud Adoption and Security research study.  As we release the resulting research and report at the 2018 RSA Conference, the message we learned this year was clear: there is no longer a need to ask whether companies are in the cloud, it’s an established fact with near ubiquitous (97%) acknowledgement.  And yet, as we dug into the comments and information that industry professionals and executives shared about their use and protection of the cloud, another intriguing theme became clear: companies are investing in cloud well ahead of their trust in it!

For this year’s report, Navigating a Cloudy Sky, we sought respondents from a market panel of IT and Technical Operations decision makers.  These were selected to represent a diverse set of geography, verticals, and organization sizes.  Fieldwork was conducted from October to December 2017, and the results offered a detailed understanding of the current state and future for cloud adoption and security.

Cloud First

More than any prior year – the survey indicated that 97% of organizations worldwide are currently using cloud services, up from 93% just one year ago.  In the past year, a majority of organizations in nearly every major geography have even gone so far as to assert a “cloud first” strategy for new initiatives using infrastructure or technology assets.

Indeed, this cloud-first strategy has driven organizations to take on many different providers in their cloud ecosystem.  As organizations tackle new data use initiatives, intelligence building, new capabilities to store and execute on applications – the growth in cloud is exploding the number of sanctioned cloud providers that businesses are reporting.

In the survey, enterprises are recognizing and reporting at a statistically significant level the explosion in provider count – each a source of potential risk and management need for the organization.  The provider count requires readiness in governance strategy that joins security capabilities and procurement together to protect the data entrusted to each new cloud deployment.  Security operations teams will need enhanced visibility that is unified to compose a picture across so many different environments containing enterprise data.

Data and Trust

This year’s report highlights an intriguing trend – companies are investing their data in cloud providers well in advance of their trust in those providers.  An incredible 83% of respondents reported storing sensitive data in the public cloud – with many reporting nearly every major data sensitive data type stored in at least one provider.

Despite such a high level of data storage in cloud applications, software, and infrastructure, the same business executives are clearly concerned about the continuing ability to trust the cloud provider to protect the data.  While cloud trust continues to gain, and cloud respondents indicated continuing buy-in to using providers and trusting them with critical data and workloads, only 23% of those surveyed said they “completely trust” their data will be secured in the public cloud.

Part of that trust stems from a perception that using public cloud providers is likely to drive use of more proven technologies, and that the risk is not perceived as being any less than in the private cloud.

As cloud deployment trends continue, IT decision makers have strong opinions on key security capabilities that would increase and speed cloud adoption.

  • 33% would increase cloud adoption with visibility across all cloud services in use
  • 32% would increase cloud adoption with strict access control and identity management
  • 28% would increase cloud adoption with control over cloud application functionality

You can download the full report here, and keep following @mcafee_business for more insights on this research.

The post Cloud is Ubiquitous and Untrusted appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/cloud-is-ubiquitous-and-untrusted/feed/ 0
Cloud Protection Moves Into a New Phase https://securingtomorrow.mcafee.com/business/cloud-security/cloud-protection-moves-into-a-new-phase/ https://securingtomorrow.mcafee.com/business/cloud-security/cloud-protection-moves-into-a-new-phase/#respond Mon, 16 Apr 2018 03:50:34 +0000 https://securingtomorrow.mcafee.com/?p=88382 This blog post was written by Sandy Orlando. It’s RSA Conference season and a great time to talk about containers and security. No, not traditional shipping containers. Containers have become developers’ preferred deployment model for modern cloud applications, helping organizations accelerate innovation and differentiate themselves in the marketplace. This is part of the natural progression […]

The post Cloud Protection Moves Into a New Phase appeared first on McAfee Blogs.

]]>
This blog post was written by Sandy Orlando.

It’s RSA Conference season and a great time to talk about containers and security.

No, not traditional shipping containers.

Containers have become developers’ preferred deployment model for modern cloud applications, helping organizations accelerate innovation and differentiate themselves in the marketplace. This is part of the natural progression of the datacenter, moving from the physical, on-premise servers of old, to virtual servers, and then to the public cloud.

According to a report released today by McAfee, “Navigating a Cloudy Sky,” containers have grown rapidly in popularity over the past few years, with 80 percent of those surveyed using or experimenting with them. However, only 66 percent of organizations have a strategy to apply security to containers, so there is still work to be done.

Realistically, most companies will have a mixed, or “hybrid cloud” solution for some time. A big challenge for customers is to maintain security and visibility as they migrate to the public cloud and adopt new technologies like containers.

As containers gain in popularity, getting visibility of their container workloads and understanding how security policies are applied is something that enterprises will need to assess to ensure workloads are secure in the cloud. In the shared security responsibility model laid out by cloud providers, enterprises can leverage the available native controls and the interconnectivity with production workloads and data stores, but will need to actively manage the security of those workloads. Gaining visibility, mitigating risk and protecting container workloads helps build a strong foundation for secure container initiatives.

McAfee is helping to fill the security need in this new environment by offering hybrid cloud security solutions to customers. For example, the release of McAfee Cloud Workload Security (CWS) v5.1 – announced today and available Q2 2018 – gives customers a tool that identifies and secures Docker containers, workloads and servers in both private and public cloud environments.

McAfee CSW 5.1 quarantines infected workloads and containers with a single click, thus reducing misconfiguration risk and increasing initial remediation efficiency by nearly 90 percent.

Previously, point solutions were needed to help secure containers. But with multiple technologies to control multiple environments, security management faced unnecessary complexities. McAfee CWS can span multi-cloud environments: private data centers using virtual VMware servers, workloads in AWS, and workloads in Azure, all from a single interface.

McAfee CWS identifies Docker containers within five minutes from their deployment and quickly secures them using micro and nano-segmentation, with a new interface and workflow. Other new features include discovery of Docker containers using Kubernetes, a popular open source platform used to manage containerized workloads and services, and enhanced threat monitoring and detection with AWS GuardDuty alerts – available directly within the CWS dashboard.

McAfee is the first company to provide a comprehensive cloud security solution that protect both data and workloads across the entire Software as a Service and Infrastructure as a Service spectrum.  So, when you’re talking containers, be sure to include McAfee in the conversation.

And don’t forget to stop by the McAfee booth, North Hall, #3801, if you’re attending RSA.

The post Cloud Protection Moves Into a New Phase appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/cloud-protection-moves-into-a-new-phase/feed/ 0
GDPR Planning and the Cloud https://securingtomorrow.mcafee.com/business/cloud-security/gdpr-planning-cloud/ https://securingtomorrow.mcafee.com/business/cloud-security/gdpr-planning-cloud/#respond Mon, 16 Apr 2018 03:50:05 +0000 https://securingtomorrow.mcafee.com/?p=88491 Data protection is on a lot of people’s minds this week. The Facebook testimony in Congress has focused attention on data privacy. Against this backdrop, IT security professionals are focused on two on-going developments: the roll-out next month of new European regulations on data (the General Data Protection Regulation, or GDPR) as well as the […]

The post GDPR Planning and the Cloud appeared first on McAfee Blogs.

]]>
Data protection is on a lot of people’s minds this week. The Facebook testimony in Congress has focused attention on data privacy. Against this backdrop, IT security professionals are focused on two on-going developments: the roll-out next month of new European regulations on data (the General Data Protection Regulation, or GDPR) as well as the continued migrations of data to the public cloud.

GDPR is mostly about giving people back their right over their data by empowering them. Among other rights and duties, it concerns the safe handling of data, the “right to be forgotten” (among other data subject rights) and breach reporting. But apparently it will not slow migration to the cloud.

According to a McAfee report being released today, Navigating a Cloudy Sky, nearly half of companies responding plan to increase or keep stable their investment in the public, private or hybrid cloud, and the GDPR does not appear to be a showstopper for them. Fewer than 10 percent of companies anticipate decreasing their cloud investment because of the GDPR.

Getting Help for GDPR Compliance

What is the practical impact of all this? Say your CISO is in the early stages of setting up a GDPR compliance program. In any enterprise it’s important to understand the areas of risk. The first step in managing risk is taking a deep look at where the risk areas exist.

McAfee will feature a GDPR Demo1 at the RSA conference in San Francisco this week that will help IT pros understand where to start. The demo walks conference attendees through five different GDPR compliance scenarios, at different levels of a fictional company and for different GDPR Articles, so that they can start to get a feel for GDPR procedure and see the tools which will help identify risk areas and demonstrate the capabilities for each.

Remember, with GDPR end-users are now empowered to request data that they are the subject of, and can request it be wiped away. With the latest data loss prevention software, compliance teams will be able to service these requests by exporting reports for given users, and the ability to wipe data on those users. But a lot of companies need to learn the specific procedures on compliance with GDPR rules.

GDPR could be looked at as another regulation to be complied with – but savvy companies can also look at it as a competitive advantage. Customers are increasingly asking for privacy and control. Will your business be there waiting for them?

The cloud, GDPR and customer calls for privacy are three developments that are not going away – the best stance is preparation.

1 McAfee will be in the North Hall, booth #N3801 (the “Data Protection and GDPR” booth) and also in the South Hall at the McAfee Skyhigh booth, # S1301.

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post GDPR Planning and the Cloud appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/gdpr-planning-cloud/feed/ 0
RSA Influencers Identify Cybersecurity’s Top Issues https://securingtomorrow.mcafee.com/business/rsa-influencers-identify-cybersecuritys-top-issues/ https://securingtomorrow.mcafee.com/business/rsa-influencers-identify-cybersecuritys-top-issues/#respond Sun, 15 Apr 2018 21:00:34 +0000 https://securingtomorrow.mcafee.com/?p=88357 More interest, more news, and more money are swirling through the cybersecurity industry than perhaps ever before. Data breaches make headlines, shape elections, and lead to Congressional hearings. Artificial intelligence tools wow the public and stretch the limits of the imagination. And the 40,000 RSA Conference attendees pouring into San Francisco are not impressed. Cybersecurity […]

The post RSA Influencers Identify Cybersecurity’s Top Issues appeared first on McAfee Blogs.

]]>
More interest, more news, and more money are swirling through the cybersecurity industry than perhaps ever before. Data breaches make headlines, shape elections, and lead to Congressional hearings. Artificial intelligence tools wow the public and stretch the limits of the imagination.

And the 40,000 RSA Conference attendees pouring into San Francisco are not impressed. Cybersecurity is a profession, they say, not a circus.

We reached out to RSA speakers and attendees and asked what they think is the most relevant recent development in cybersecurity. They gave us a variety of answers, many with the central theme that companies and consumers should not believe the hype. Cybersecurity still is – and perhaps always will be – about seasoned professionals patiently applying good tools in a comprehensive way.

“The problem we’re seeing at trade shows recently is there is very little new,” said John Bambenek, a vice president at ThreatSTOP who lectures on cybersecurity at the University of Illinois. “We’re still trying to solve the same old problems in the same ways with newish looking packaging. What’s being overlooked is actually spending the time developing understanding of attacks, threats, and trends so models can be truly informed before making decisions.”

Caroline Wong, Vice President of Security Strategy at Cobalt, agreed. You can’t just turn the latest tools on and watch them vanquish threats. “There’s a big push in DevSecOps for more and more automation, but it’s critical to remember that when it comes to web applications and APIs, manual pen testing is required to discover vulnerabilities in application business logic. Automated scans often miss the most interesting security vulnerabilities.”

 

 

“Automated scans often miss the most interesting security vulnerabilities.”

– Caroline Wong, Cobalt

“Assuming that machine learning models and classifiers will work 100% of the time is setting your SOC up to fail,” wrote McAfee CISO Grant Bourzikas in an RSA blog post titled, “What humans do better than machines.” Bourzikas and McAfee Chief Human Resources Officer Chatelle Lynch will host a session at RSA on how innovation can help companies retain top talent. “Recruiting and retaining a diverse talent pool in cybersecurity today is so competitive,” Lynch said of her session. “Employees want to know they are at a company that strives for the latest innovation.” But that is always within the realm of human-machine teaming at McAfee, Bourzikas says. Shiny new tech must be paired with human analysis.

Many cited human decisions about data regulation – the opposite of whiz-bang security tech – as one of the main issues in cybersecurity today.

“The most important development in cybersecurity is Facebook’s reaction to the imminent enforcement of GDPR,” says Kevin L. Jackson, Founder and CEO of GovCloud Network. “The sound of Facebook’s leadership failure is deafening. The legal battles around data privacy and security will drive whatever happens across the entire cybersecurity landscape, including what technology is deployed.”

 

 

“The sound of Facebook’s leadership failure is deafening.”

– Kevin L. Jackson, GovCloud Network

Kathy Delaney Winger, a Tucson-based lawyer whose areas of practice include cybersecurity, concurred. “Businesses may be surprised to learn that they are obligated to comply with laws such as New York’s cybersecurity regulation and the GDPR – even though they do not fall under the jurisdiction of the enacting entities.”

 

“Far too many small and mid-size businesses simply underestimate the impact that the EU General Data Protection Regulation will have on them,” said Ben Rothke, principal security consultant for Nettitude.

 

 

GDPR preparation doesn’t have to be drudgery. Flora Garcia, a McAfee attorney writing about the regulations, has suggested GDPR can also stand for Great Data Protection Rocks. Data protection could even be a shared global citizenship effort along the lines of environmentalism, she says.

 

The data-protection revolution may even have us rethinking the nature of identity. “The identity industry is moving away from identity,” said Steve Wilson, vice president and principal analyst of Constellation Research, Inc. “What matters in authentication? Not who someone is, but what they are. You need to know something specific about a counter-party, like their age, or their address, or their credit card number, or their nationality, or some mix of these things. You don’t really need to know their identity. This is a very fundamental shift in thinking, and it’s just the beginning of a major regulatory push around data provenance.”

 

“The identity industry is moving away from identity.”

– Steve Wilson, Constellation Research, Inc.

Grounded data-protection hygiene and cybersecurity discipline that looks past the cool factor are not preventing RSA attendees from looking at the very latest threats. “These days, attackers are increasingly focused on cryptocurrencies – stealing them, mining them via cryptojacking or obtaining them as ransom,” said Nick Bilogorskiy, who drives cybersecurity strategy at Juniper Networks and was previously Chief Malware Expert at Facebook. “As companies do not usually have crypto wallets to steal, attackers turn to ransomware because it provides the best bang for the buck and is the logical choice for attackers to monetize business breaches. I expect ransomware and other cryptocurrency malware attacks to grow in popularity this year.”

But even the most quickly evolving threats are enterprises launched by people, aimed at people, and shut down by people. Raj Samani, McAfee’s Chief Scientist, says ransomware and its many forms can be beaten by people – if they get the right help. “The purpose of pseudo-ransomware is typically destruction, but we have seen evidence of its use as a diversionary tactic, and whilst it may appear as traditional ransomware the attackers are unlikely to provide any decryption capability regardless whether the ransom is paid. Either way, with actual ransomware or the decoy tactic, organizations need guidance to mitigate the risk.” Samani is speaking about pseudo-ransomware during his session on the topic at RSA.

Everything in cybersecurity may seem new, baffling, and roiling with change. But people can apply lessons of the past – such as with airport security changes after 9/11 – to find solutions in the future, said McAfee CEO Chris Young. “Smart security changed air travel from top to bottom. We need to bring a cybersecurity paradigm shift that is more collaborative, clear and accessible,” Young said of his RSA keynote on what cybersecurity can learn from those who keep air travel safe.

 

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post RSA Influencers Identify Cybersecurity’s Top Issues appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/rsa-influencers-identify-cybersecuritys-top-issues/feed/ 0
What humans do better than machines https://securingtomorrow.mcafee.com/business/security-operations/what-humans-do-better-than-machines/ https://securingtomorrow.mcafee.com/business/security-operations/what-humans-do-better-than-machines/#respond Fri, 13 Apr 2018 14:00:21 +0000 https://securingtomorrow.mcafee.com/?p=88326 The second in a series of three blogs by Grant and Jason on the process of identifying actionable insights. In the last post in this series, we looked at the process by which data is collected from the operating environment and is then processed and distributed in a consumable manner as information. The collection and […]

The post What humans do better than machines appeared first on McAfee Blogs.

]]>
The second in a series of three blogs by Grant and Jason on the process of identifying actionable insights.

In the last post in this series, we looked at the process by which data is collected from the operating environment and is then processed and distributed in a consumable manner as information. The collection and processing actions are typically automated. However, the last phase, analysis, has been almost exclusively the domain of human analysts until very recently.

And it is that human intervention at the “last mile” for intelligence that presents the challenge when your operating environment is throwing off 1,200, of even 100,000 warning bells a day from a chatty Network IPS.

It would be easy to say that the way forward is to apply artificial intelligence (AI) to this analysis phase and automate our way out of the chokepoint. But the reality is that AI, for the foreseeable future is still going to be insufficient for the task.

In data science, there is a direct correlation between the false positive rate and the true positive rate, resulting in a less than 100% accurate model.  While the execution of machine learning and deep learning is critical in the SOC, it is essential to understand the relationship between Receiver Operating Characteristics (ROC) curves in the SOC. Assuming that machine learning models and classifiers will work 100% of the time is setting your SOC up to fail.  Instead, a better approach is to use different technologies to filter out the noise. Then you can identify signals to gather insights that enable you to make a decision.

What is needed here is a reinforcing loop of education and information between humans and machines: “human-machine teaming” to borrow from our CTO, Steve Grobman. The goal is to augment the person, instead of replacing them.

It’s important to say that there are some things that human analysts can do on their own to get to actionable insights without the assistance of any machine, thank you very much. At McAfee, our security analysts focus on:

  • Prevalence – How pertinent is this information to the enterprise? Is it local threat intelligence? Or used in a specialized way? Is it industry-level threat intelligence? Or global threat intelligence?
  • Age – Understanding “new” signals, whether they are process, scripts, or files in the environment.
  • Diversity – By leveraging prevalence, we apply diversity from sources like McAfee’s Global Threat Intelligence (GTI), which allows for more context across the globe.

Additionally, these traits are essential to SOC processes:

  • Completeness – Do you have sufficient noise collection to capture context and evidence to deliver effective detection?
  • Timeliness – Are you acting on the signals quickly?
  • Accuracy – Do you understand the relationship between true positives, false positives, true negatives, and false negatives?
  • Confidence  – Are you aggregating data and models to understand confidence level and importance of the decisions?

You will always want a lot of signals to investigate that can be created using data science methodologies, because these are often the clues that allow you to start the triage and investigate process.

So this is where automation and machine learning can help to bridge the human labor gap. As you start down that path, what you realize is you’re going to need tools that are easier to manage. The focus becomes enabling your staff to do more. Learning mechanisms – for humans and machines – become a vital part of the equation. The idea is to put the human in the middle of the self-reinforcing data science capabilities like machine learning, deep learning and AI.

In the final post in this series, we’ll look at how McAfee Product Management, Engineering and the Office of the CISO are collaborating to generate that self-reinforcing learning loop.

You can look for Grant Bourzikas on Twitter and LinkedIn and at security events like MPOWER, Blackhat, and RSA. Jason Rolleston can also be found at similar events and on Twitter and LinkedIn.

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure.

 

McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.

The post What humans do better than machines appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/what-humans-do-better-than-machines/feed/ 0
Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection https://securingtomorrow.mcafee.com/business/financial-services-gdpr-200-professionals-told-us-data-protection/ https://securingtomorrow.mcafee.com/business/financial-services-gdpr-200-professionals-told-us-data-protection/#respond Thu, 12 Apr 2018 15:00:14 +0000 https://securingtomorrow.mcafee.com/?p=88293

When the European Union’s (EU) General Data Protection Regulation (DPR) comes into full force May 25, European citizens will receive greater privacy protection and regulators will have a strengthened authority to take action against businesses that breach the new laws. Fines of up to 4% of annual global revenue or €20 million, whichever is greater, […]

The post Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection appeared first on McAfee Blogs.

]]>

When the European Union’s (EU) General Data Protection Regulation (DPR) comes into full force May 25, European citizens will receive greater privacy protection and regulators will have a strengthened authority to take action against businesses that breach the new laws. Fines of up to 4% of annual global revenue or €20 million, whichever is greater, can be levied against any organization that processes personal data of EU residents, regardless of where they are based. Stories with doomsday predictions and generous helpings of fear can be found in many publications.

McAfee recently published an executive summary of our report, Beyond GDPR: Data Residency Insights from Around the World, that focuses on responses from the 200 professionals surveyed in the financial services sector. While there remains work to be done, it’s not all doom and gloom for the financial services industry. More than one quarter (27%) of financial services firms surveyed are already set up to comply with the GDPR requirement for controllers to report a breach to the appropriate authorities within 72 hours of becoming aware of a breach, when compared to just 20 percent of other industries. This is most likely the result of greater preparation, as the financial sector has a higher proportion of firms (28%) that have been working on compliance for three to four years, compared to the global average of just two years.

We believe that the looming threat of GDPR fines is an opportunity to communicate the seriousness of these regulations to your board and executives, and to position the firm as one that cares about personal privacy. And that could help boost the bottom line according to survey respondents – some 80% of financial services respondents believe that organizations that properly apply data protection laws will attract new customers.

Knowing what data is stored where is one of the most important steps of this data protection activity, but here are a few more that we recommend.

Step 1. Know Your Data.

Not only where it is, but what it is, why you are collecting it, and what levels of security and encryption are used to protect it. If you are collecting personal data that is not essential to your service offering, you may want to reconsider what you collect to better manage your risk of exposure, and comply with data-minimization principles.

Step 2. Enforce Encryption.

Effective encryption protects data by making it useless to hackers in the event of a data breach. Use proven encryption technologies, such as Triple Data Encryption Standard (DES), RSA, or Advanced Encryption Standards (AES) to ensure the safe storage of both your employees’ data and customers’ data.

Step 3. Pseudonymize personally identifiable information (PII).

Modifying data prior to processing so that it cannot be tracked back to a specific individual provides another layer of data protection. Pseudonymizing your data allows you to take advantage of Big Data and do larger scale data analysis, and is viewed as an appropriate technical and organizational measure under article 32 of the GDPR.

Step 4. Get Executive Management Involved.

The necessary changes to your data storage, monitoring, management, and security systems can require more human and financial resources than are currently budgeted. The potential of significant fines is an excellent opportunity to get the required support from the highest levels of your organization.

Step 5. Appoint a Project Owner.

Staying compliant with various data protection laws is not something that can be done by an IT staffer in their spare time. Consider appointing a data protection officer or equivalent, to take ownership of both implementation and ongoing management of this project. A data protection officer may be required in any event, depending on the nature of the processing carried out.

Step 6. Review Data Security with Cloud Vendors.

With cloud computing and storage touching most business processes in some fashion, consider conducting an audit of all your vendors’ systems, procedures, and contracts, and the data that they are handling and storing on your behalf. After all, each organization will be held responsible for meeting the GDPR requirements.

Step 7. Foster a Security-Aware Culture.

Human errors are often responsible for data and security breaches. It doesn’t matter that your business follows the strictest security protocol —one error made by one uninformed person could lead to irreparable damages. Consider making sure that all your employees and contractors receive proper and regular training on data security and the handling of customer information.

Step 8. Have a Response Plan.

No system is 100% bulletproof. You need an incident response plan in place to make sure that you can recover as quickly as possible in the event of a data breach. Under GDPR law, you are required as a controller to alert the appropriate authorities within 72 hours of becoming aware of a data breach, and you also need to notify any individuals whose personal data has been compromised.

Step 9.  Go with a Privacy by Design Approach.

The GDPR places a requirement on organizations to take into account data privacy during design stages of all projects.  Companies will want to consider data-protection technologies such as data loss prevention (DLP) and cloud data protection (CASB) from the very beginning of the development. Implement data-protection policies that would help prevent both accidental and malicious data theft by insiders and cybercriminals – doesn’t matter where it resides.

While no one can guarantee that you will not suffer a data loss, following these steps will help you understand where you stand, identify any gaps, and improve your organization’s responsiveness. Loss of customer confidence was the most common concern of financial services organisations (64%), and rapid containment and response is one of the best ways to protect your firm’s valuable reputation. So keep calm, and prepare for GDPR.

Read the full report, Beyond GDPR: Data Residency Insights from Around the World, and learn more about the top data-protection concerns and strategies of more than 800 senior business professionals from eight countries and a range of industries.

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/financial-services-gdpr-200-professionals-told-us-data-protection/feed/ 0
Identifying insights that lead to decisions https://securingtomorrow.mcafee.com/business/security-operations/identifying-insights-lead-decisions/ https://securingtomorrow.mcafee.com/business/security-operations/identifying-insights-lead-decisions/#respond Wed, 11 Apr 2018 21:00:35 +0000 https://securingtomorrow.mcafee.com/?p=88315 The first in a series of three blogs by Grant and Jason on the process of identifying actionable insights. A couple of weeks ago we discussed the process security operations teams go through to separate the signal from the noise. We reviewed the steps that McAfee has undertaken in designing its Security Fusion Centers to […]

The post Identifying insights that lead to decisions appeared first on McAfee Blogs.

]]>
The first in a series of three blogs by Grant and Jason on the process of identifying actionable insights.

A couple of weeks ago we discussed the process security operations teams go through to separate the signal from the noise. We reviewed the steps that McAfee has undertaken in designing its Security Fusion Centers to identify the signals in our own operating environment. Getting the basics of security operations right, understanding our security architecture, and carefully assessing priorities and risk are all vital to honing in on the signals.

But what if even the signals can overwhelm? How do we get security operations out of the slow lane? How do we get to the intelligence — the insights — that lead to decisions?

A study of 500 CISOs from large enterprises across the USA, UK, and Germany, published by Bromium in February, found that the average enterprise-sized security operations center (SOC) receives 4,146 alerts every single day. Now more than 70 percent of those – about 2,900 – are actually false positives. But that still leaves more than 1,200 alerts to investigate on a daily basis. Additionally, from our internal view, we believe that 95% of signals are false positives.

What is needed is a way to narrow the lens aperture and focus on the critical data set that generates accurate signals that are demanding decisions now. As we seem to do repeatedly, the cybersecurity industry takes its cue from the military, which have tackled this problem before.

This chart, published by the U.S. Joint Chiefs of Staff in 2013, describes the process by which data is collected from the operating environment and is then processed and distributed in a consumable manner as information. That information is then analyzed in context of other potentially related information and presented as intelligence. Intelligence, by design, is an insight that may be acted upon.

In cybersecurity, the collection and processing actions are typically automated through various tools like event receivers, SIEM correlation engines, and endpoint detection and response (EDR) systems. The analysis phase, however, has been nearly exclusively the domain of human analysts, because data is often incomplete or lacking context.

How to get these partial data sets to paint the full picture is the trick. We’re often dealing with data that is “dirty.” Complexity is compounded when partial data sets are used to make complex security decisions. Doing the data wrangling to tell a story that estimates or predicts an outcome has been, until very recently, too complex for machines to manage.

Complexity is simplified when the full picture and data set are captured. This is the toughest task in machine learning because we often capture data that can’t be used, data that is valuable but not used, and data that is used partially.

Painting the complete picture by identifying relevant patterns and clues from previous analysis is a complex process consisting of a reinforcing loop of education and information. Learning to spot the most relevant signal requires a teacher and an apt pupil. We’ll have a look at that team in our next blog.

You can look for Grant Bourzikas on Twitter and LinkedIn and at security events like MPOWER, Blackhat, and RSA. Jason Rolleston can also be found at similar events and on Twitter and LinkedIn.

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure.

 

McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.

The post Identifying insights that lead to decisions appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/identifying-insights-lead-decisions/feed/ 0
A Guide to McAfee at RSA 2018 https://securingtomorrow.mcafee.com/business/guide-mcafee-rsa-2018/ https://securingtomorrow.mcafee.com/business/guide-mcafee-rsa-2018/#respond Fri, 06 Apr 2018 17:00:31 +0000 https://securingtomorrow.mcafee.com/?p=88258 As the RSA Conference convenes more than 40,000 April 16-19 at Moscone Center in San Francisco, cybersecurity has perhaps never been so vital, diverse, and wide-ranging. To help make sense of that, McAfee speakers at RSA will look back at influences that shaped this world, ahead to new innovations and management approaches, and deeply into […]

The post A Guide to McAfee at RSA 2018 appeared first on McAfee Blogs.

]]>
As the RSA Conference convenes more than 40,000 April 16-19 at Moscone Center in San Francisco, cybersecurity has perhaps never been so vital, diverse, and wide-ranging. To help make sense of that, McAfee speakers at RSA will look back at influences that shaped this world, ahead to new innovations and management approaches, and deeply into the worst cyber threats of today.

Keynote: CEO Chris Young looks back at airline security flight

What can we learn from the Underwear Bomber and the rule of 3-1-1? Chief Executive Officer Chris Young delivers his sixth RSA keynote Tuesday, April 17th by applying lessons learned fighting terror in the air. “Smart security changed air travel from top to bottom. We need to bring a cybersecurity paradigm shift that is more collaborative, clear and accessible.” Young said of his keynote. Find out what cybersecurity can learn from those that keep air travel the safest form of transportation, bar none. April 17th, 8:55-9:20 a.m., Moscone West, Level 3.

Sessions: Fighting ransomware and nurturing innovation

Christiaan Beek and Raj Samani of the McAfee Advanced Threat Research team uncover the dark world of pseudo-ransomware, where demands for payment mask the devastation of wiper files, and extortion dances with destruction as the world watches. “The purpose of pseudo-ransomware is typically destruction but we have seen evidence of its use as a diversionary tactic, and whilst it may appear as traditional ransomware the attackers are unlikely to provide any decryption capability regardless whether the ransom is paid. Either way, with actual ransomware or the decoy tactic, organizations need guidance to mitigate the risk.” Samani said of his session. Get the point of view of a ransomware hacker as the walls close in during a major campaign takedown. Reserve your seat now for April 16th, 3:35 p.m. (Session code: SEM-M03).

CISO Grant Bourzikas and Chief Human Resources Officer Chatelle Lynch join forces to explain how innovation can help companies retain top talent. “Recruiting and retaining a diverse talent pool in cybersecurity today is so competitive,” Lynch said of her session. “Employees want to know they are at a company that strives for the latest innovation.” Learn how engaging employees (including games!) can make the most of every staff. April 17, 1-1:45 p.m. (Session Code: SPO1-T07).

Expo Hall: Look for McAfee and McAfee Skyhigh

McAfee acquired Skyhigh Networks early this year, adding state-of-the-art cloud security to our existing portfolio. Look for both McAfee and Skyhigh at RSA:

  • McAfee Booth #N3801 (North Hall)
  • McAfee Skyhigh Booth #S1301 (South Hall)

Follow the floor decals between our two booths in the Expo Halls.

McAfee Skyhigh bowling at hipster hangout!

In a private event on Tuesday evening, April 17th, McAfee and our partners will host a full buy-out networking event at the cool boutique bowling alley Mission Bowling in San Francisco’s edgy Mission District neighborhood. This is a private event targeted at security professionals who want to network with their peers and strike up conversations on everything cloud-related, sparing no one but staying out of the gutter. The event will have a hosted bar, raffle, gourmet food, and giveaways. Request an Invite for the April 17th evening event and learn more about McAfee Skyhigh’s RSA events.

More information on the RSA conference here.

The post A Guide to McAfee at RSA 2018 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/guide-mcafee-rsa-2018/feed/ 0
Change is Good When It’s Free, Easy, and Has a Happy Endpoint https://securingtomorrow.mcafee.com/business/endpoint-security/change-good-free-easy-happy-endpoint/ https://securingtomorrow.mcafee.com/business/endpoint-security/change-good-free-easy-happy-endpoint/#respond Fri, 06 Apr 2018 15:00:39 +0000 https://securingtomorrow.mcafee.com/?p=88243 When a company announces a new version of something I rely upon in my personal life, like Apple announcing a new iPhone, I cringe.  Of course, the thought of the latest and best is exciting, but the thought of upgrading – the cost, the hassle – usually makes me wait (longer than my teenage son would like). […]

The post Change is Good When It’s Free, Easy, and Has a Happy Endpoint appeared first on McAfee Blogs.

]]>
When a company announces a new version of something I rely upon in my personal life, like Apple announcing a new iPhone, I cringe.  Of course, the thought of the latest and best is exciting, but the thought of upgrading – the cost, the hassle – usually makes me wait (longer than my teenage son would like).  The same can be said for our customers who are happy using McAfee virus protection to secure their environment.

As a McAfee senior product marketing manager focused on endpoint security and endpoint detection and response solutions for enterprises, I can tell you that today that’s not enough. Cyberthreats continue to evolve, no matter how much we resist change. We must move to a modern endpoint defense solution that can detect zero-day threats, and stop them in their tracks.

Now, wait a minute before you go running for aspirin because you are thinking, “This is going to cost a lot of money! This is going to be complex and hard to manage!” We thought about that. Upgrading may be easier than you think.

The latest McAfee Endpoint Security Solution (ENS) is a free security upgrade that integrates several capabilities that were managed separately before.  Now that cost is out of the way, let’s talk about why there is so much buzz around ENS. Upgrading to the current version means you get a shared ecosystem where collaboration can happen, yet you only have to manage a single agent and significantly fewer policies. It’s the best of both worlds, freeing you to quickly detect, analyze, block, and contain attacks in progress.

This framework is built to centralize even more of your endpoint solutions. Instead of adding complexity and more management tools, you can plug in new capabilities as your business grows. This helps you better identify threats, and respond faster.

McAfee ENS provides a 25% boost in protection1, fully integrated EDR, and a single-agent architecture. If you’re wondering what changes you need to make for your environment, we thought about that too.  We have an upgraded McAfee Endpoint Upgrade Assistant (EUA).  EUA quickly and easily analyzes your environment and provides an easy workflow preparing your endpoints for migration.  When used in conjunction with our Endpoint Security Migration assistant, the security policies and configurations from previous installations are maintained. This allows you to unlock the benefits of ENS without breaking continuity with established security policies.

If you’re still not ready to make the change, consider one more reason.  It’s a great return on your investment. Customers tell us every day that incidents of ransomware have been almost eliminated. They tell us they have fewer management costs, and increased visibility.

Want to hear for yourself? Listen to a webinar replay of our customers discussing his migration experience. Convinced? OK, let’s put that bottle of aspirin down, and go to www.mcafee.com/MovetoENS to get started.

1 A recent study by AV-Comparatives shows that upgrading to McAfee Endpoint Security gives you a 25% higher protection rate than McAfee VirusScan Enterprise against zero-day threats.

The post Change is Good When It’s Free, Easy, and Has a Happy Endpoint appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/change-good-free-easy-happy-endpoint/feed/ 0
Building a Sustainable Model for Cybersecurity Talent https://securingtomorrow.mcafee.com/business/building-sustainable-model-cybersecurity-talent/ https://securingtomorrow.mcafee.com/business/building-sustainable-model-cybersecurity-talent/#respond Wed, 04 Apr 2018 11:02:32 +0000 https://securingtomorrow.mcafee.com/?p=88135 Depending on whose study you believe, there is going to be a shortage of 1.5 million or more cybersecurity professionals in 2020.

The post Building a Sustainable Model for Cybersecurity Talent appeared first on McAfee Blogs.

]]>
Depending on whose study you believe, there is going to be a shortage of 1.5 million or more cybersecurity professionals in 2020. As McAfee re-emerged from Intel as an independent company, we have stood up our own fusion of converged physical and security operations center (SOC) functions in the past nine months. We have been very mindful of both the problem and the opportunity.

Working on building out our SOC capabilities, we’ve needed to hire analysts, advanced threat researchers, and engineers in short order. Then there has been the need to standardize the knowledge and approach to managing cyber threats for one of the world’s leading cybersecurity software companies.

So we have gone through a fairly intense period of training. Everyone has received 80 hours of online training, 40 hours of classroom training, and 40 hours of on-the-job training. We have also hired SOC staff from within our own professional service, engineering teams, and sales engineers.

But all of this can be undone quickly by the pressures of working in an intense, demanding 24/7 environment and by other companies making our people offers that they can’t refuse. McAfee just published a new study on this never-ending challenge, Winning the Game.

In this study of 950 cybersecurity professionals and managers in seven developed economy countries across the globe, we found that there are three clear factors with which organizations can win the game when it comes to cybersecurity. These are:

  • Happy workers
  • Automation
  • Playing more games

In organizations that have experienced a breach in the last 12 months, those staff who are extremely satisfied are, on average, more likely to report fewer hours to identify the breach (11 hours) than those who are dissatisfied (23 hours).

Similarly, automation is also a positive indicator for the ability of an organization to attract and retain top talent. Nearly one-third of respondents cite the opportunity to work with new technology such as automation, machine learning, and AI as a key factor that would attract them to a job and influence their decision to move.

And, there is a correlation between the use of gamification and happier cybersecurity staff. More than half (54 percent) of respondents who are extremely satisfied in their roles say they use “capture the flag” gaming once or more a year, compared to just 14 percent of those employees who are dissatisfied in their roles. (At McAfee, we run table-top exercises every two weeks, and red team exercises monthly.)

So what does this say for building a model for talent development and management that is sustainable for now and for the future?

I think of the staffing challenge as a series of waves that are constantly churning one upon the other. To ride these waves, we need to design talent programs that are nimble at inception.

At the beginning, we build strong teams with interns and new hires focusing on investing in investing in strategic talent. The objective is to invest in talent so the entire organization can be successful – IT/Engineering/SE/Sales/Support. Hopefully, some will stay in the company.  This helps us to strengthen the enterprise by creating more secure aware teams, instilling a security culture that will carry across the business.

But it’s the middle range that is the challenge. As people become more skilled, they become more marketable, and turnover increases. To use a sports analogy: It’s easy to draft rookies. It’s easy to hold onto longtime veterans. It’s hard to keep free agents in a hot market. If you don’t have mid-level free agents, you have to either ask the rookies to play above their experience, or ask the veterans to do their old jobs. To mitigate the churn, we need to invest in talent we identify as strategic, knowing that some of them will go to other firms.

And from a talent management perspective, I think that it is vital to nurture the natural interests and passions that team members possess. We support this natural development process by providing assigned mentoring, outside reading, and outside vendor training. We encourage gaming, creative problem solving, curiosity, and collaboration. Additionally, everyone in the SOC is being required to develop specializations. This encourages a diverse domain of skills and expertise, which is vital to developing a sustainable model for security operations that can adapt as the threat landscape evolves.

As a chief information security officer, I think you have to recognize that this is always going to be an evolving, never-ending adaptation to meet the changing threat landscape and the dynamic flow of people in your organization. Cybersecurity isn’t just an industry; it’s a robust, active ecosystem. The threats landscape never stands still, and neither does the workforce.

A great summation of this comes from Bill Woods, our Director of Information Security for our converged physical and cyber security operations.

“You have to accept the fact that you are never going to have impenetrable systems. It’s always going to be a game of chess. The opposer is always going to be making moves, some of which will hurt you. It’s always going to be a battle. But that is what keeps the job interesting.”

You can look for Grant Bourzikas on Twitter and LinkedIn. To learn more about how McAfee is growing the cybersecurity innovation pipeline and addressing talent management, be sure to attend the session, “Building the Cybersecurity Innovation Pipeline,” presented by Grant Bourzikas, CISO and VP of McAfee Labs Operations, and Chatelle Lynch, Chief Human Resources Officer, at RSA 2018, April 17 in San Francisco, CA.

The post Building a Sustainable Model for Cybersecurity Talent appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/building-sustainable-model-cybersecurity-talent/feed/ 0
How the Rubber Meets the Road in Human-Machine Teaming https://securingtomorrow.mcafee.com/business/rubber-meets-road-human-machine-teaming/ https://securingtomorrow.mcafee.com/business/rubber-meets-road-human-machine-teaming/#respond Fri, 30 Mar 2018 15:00:56 +0000 https://securingtomorrow.mcafee.com/?p=88089 Everywhere you turn today, machine learning and artificial intelligence are being hyped as both a menace to and the savior of the human race. This is perhaps especially true in cybersecurity. What these alluring terms usually mean is simply related to detailed statistical comparisons derived from massive data collections. Let’s look at the terms themselves: […]

The post How the Rubber Meets the Road in Human-Machine Teaming appeared first on McAfee Blogs.

]]>
Everywhere you turn today, machine learning and artificial intelligence are being hyped as both a menace to and the savior of the human race. This is perhaps especially true in cybersecurity.

What these alluring terms usually mean is simply related to detailed statistical comparisons derived from massive data collections. Let’s look at the terms themselves:

  • Machine Learning describes algorithms that can statistically compare patterns and similarities in a set of data and provide useful information without being explicitly programmed to do so.
  • Artificial Intelligence describes programs that go a step further, taking the useful information from machine learning and applying it directly to a pain area to mimic reason and problem-solving and make decisions automatically.
  • Human-Machine Teaming, which our CTO Steve Grobman urges for cybersecurity, describes increasing the number of important security things we can do without explicitly thinking about them or acting on them to such an extent that it frees people to perform strategic analysis and problem-solving.

At McAfee we are urging our customers to take a long and comprehensive view of human-machine teaming that looks beyond the current, cool-factor buzz. You can make it real, make it practical, and make it scalable, but what does that look like? I recently gave an analogy that can help business people understand this topic in a white paper called “Driving Toward a Better Understanding of Machine Learning.” You can download it here.

As a metaphor representing malware threats, I introduced the concept of malicious autonomous cars: self-driving cars that have been programmed to do bad things. For example, posing as taxis, malicious autonomous cars could trick and kidnap people. (Much the way ransomware could masquerade as an email attachment, then “kidnap” your critical user files, and demand payment.)

The machines are learning, and to stay secure we must learn as well. Let’s do it together.

The post How the Rubber Meets the Road in Human-Machine Teaming appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/rubber-meets-road-human-machine-teaming/feed/ 0
The Tortoise and The Hare Part II: May 25th is a Friday, or Great Data Protection Rocks even after Memorial Day https://securingtomorrow.mcafee.com/business/tortoise-hare-part-ii-may-25th-friday-great-data-protection-rocks-even-memorial-day/ https://securingtomorrow.mcafee.com/business/tortoise-hare-part-ii-may-25th-friday-great-data-protection-rocks-even-memorial-day/#respond Thu, 29 Mar 2018 17:00:31 +0000 https://securingtomorrow.mcafee.com/?p=88105 At one point in my career, I was responsible for launching massive websites.  We’d talk about when and how we flip the switch to launch the new website.  At least once during every project someone would ask me who got to flip the switch, as though we would have a dignitary (or them?) do it.  […]

The post The Tortoise and The Hare Part II: May 25th is a Friday, or Great Data Protection Rocks even after Memorial Day appeared first on McAfee Blogs.

]]>
At one point in my career, I was responsible for launching massive websites.  We’d talk about when and how we flip the switch to launch the new website.  At least once during every project someone would ask me who got to flip the switch, as though we would have a dignitary (or them?) do it.  But depending on the year, the flipping on of a website was handled through technology and not very dramatic and not with the fanfare the non-technologists hoped for. (Dimming lights? Fireworks?  It was New York and it was publishing, so there was often beer and wine and maybe T-shirts after, but everyone went home and slept.)

And now we have May 25th coming around the corner. The other day, I got a picture in a text from a colleague of a can of sardines.  It took me a minute to realize the expiration was May 25.  So, other than the sardines, what happens?  Are we done?

First the bad news:  We won’t ever be done.  GDPR requires constant diligence for its principles, recurring reviews of the processes we’ve built; ongoing use of Data Processing Impact Assessments; vigilance on how we process, store, transfer, use personal data; communications with our customers; new contractual language and new things to negotiate; ongoing discussions around security and what is appropriate.  And of course, the biggest question: What will the data regulators do?  Will there be an immediate fine? (My bet is no.)

But now the good news: If you’ve been doing this right and have managed to focus on the concepts of Great Data Protection Rocks and a culture of security, the following things may have happened:

  • You have a much better idea of what data you have, where it is stored, who can get to it, and how it gets used. Hopefully you have deleted some data and have additional automated processes to delete data when it ceases to be needed.
  • You have processes in place to replace things that were being done on the fly. Maybe there’s some documentation and someone officially designated to help with the processes.
  • You know who your vendors are, and more about your high-risk and cloud vendors.
  • You have determined what needs securing and made sure you are securing it “appropriately.”
  • You’ve got a team of people who understand data protection and GDPR – maybe some new friends and some new project partners. A few of them may not have bought in completely (the people who were “voluntold” to help), but just wait.  Something often  seems to happen in the doubter’s personal life that makes them get it – and big time.  Real examples:  Mortgage application reveals massive identity theft that needs to be fixed or they lose the house; soccer coach sends kid’s medical condition info to the whole team’s parents; intern (not at McAfee!) sends spreadsheet of fraternity members’ contact info, but it also contained everyone’s grade-point average.

Perhaps most importantly, your company now has momentum around doing the right thing regarding data protection.  And May 25th will come – too soon, not soon enough, or both! – and the lights won’t dim but there might be T-shirts.

It would be easy to forget GDPR’s lessons. In the United States, Monday, May 28th, is Memorial Day, and we pull out summer clothes, take off to mark the start of summer, and remember our heroes.  But on that Monday and Tuesday and every day after, Great Data Protection will still Rock, and we will still need to look at data, how it’s used, and how our culture can protect it. Just maybe throw out the sardines if they don’t get eaten beforehand (or leave them on the doubter’s desk as a joke).

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post The Tortoise and The Hare Part II: May 25th is a Friday, or Great Data Protection Rocks even after Memorial Day appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/tortoise-hare-part-ii-may-25th-friday-great-data-protection-rocks-even-memorial-day/feed/ 0
Is Your SOC Caught in the Slow Lane? https://securingtomorrow.mcafee.com/business/soc-caught-slow-lane/ https://securingtomorrow.mcafee.com/business/soc-caught-slow-lane/#respond Tue, 27 Mar 2018 04:02:13 +0000 https://securingtomorrow.mcafee.com/?p=87914 Everybody’s got a device. And the data on that device is moving into the public cloud. Massive amounts of data.  In a world of massive amounts of data, who’s the traffic cop? The Security Operation Center (SOC). But these days the daily flow of data traffic resembles a Formula One race car going full out, […]

The post Is Your SOC Caught in the Slow Lane? appeared first on McAfee Blogs.

]]>
Everybody’s got a device. And the data on that device is moving into the public cloud. Massive amounts of data.  In a world of massive amounts of data, who’s the traffic cop? The Security Operation Center (SOC).

But these days the daily flow of data traffic resembles a Formula One race car going full out, and some traffic monitors are a single cop on the beat.

Research shows this analogy is not far off: 25% of security events go unanalyzed. And 39% of cybersecurity organizations manually collect, process, and analyze external intelligence feeds.

Think about this. At the dawn of the Digital Century, more than a third of all companies are approaching cybersecurity manually.

This is not sustainable.

In short, there are simply not enough people to keep up with the security challenges. But it’s not a question of training or hiring more people. The idea is for humans to do less and machines to do more. Automating threat defense has many advantages: speed, the ability to learn, and the ability to collaborate with other solutions. Integration of data, analytics, and machine learning are the foundations of the advanced SOC.

For about a year now McAfee engineers have been developing a new architecture for an existing SIEM tool called McAfee© Enterprise Security Manager version 11 (“McAfee ESM 11”), which can serve as the foundation of a modern SOC.

As cybercriminals get smarter, the need for SOC operations to evolve becomes more important. McAfee ESM 11 can help customers transition their SOC from silos of isolated data and manual investigations to faster operations based on machine learning and behavioral analytics.

What makes ESM 11 different from other SIEM tools is its flexible architecture and scalability.

The open and scalable data bus architecture at the heart of McAfee ESM 11 shares huge volumes of raw, parsed and correlated events to allow threat hunters to easily search recent events, while reliably retaining and storing data for compliance and forensics.

The scalability of McAfee ESM 11 architecture allows for flexible horizontal expansion with high availability, giving organizations the ability to rapidly query billions of events. Additional McAfee ESM appliances or virtual machines can be added at any point to add ingestion, query performance, and redundancy.

ESM 11 also includes the ability to partner. An extensible and distributed design integrates with more than three dozen partners, hundreds of standardized data sources, and industry threat intelligence.

By deploying advanced analytics to quickly elevate key insights and context, analysts and members of a security team tasked with examining cyberthreats can focus their attention on high-value next tasks, like understanding a threat’s impact across the organization and what’s needed to respond.

This human-machine teaming, enabled by McAfee’s new and enhanced security operations solutions like McAfee Investigator, McAfee Behavioral Analytics, and McAfee Advanced Threat Defense, allows organizations to more efficiently collect, enrich and share data, turn security events into actionable insights and act to confidently detect and correct sophisticated threats faster. The strategy was outlined in my last SOC blog.

We’ve been testing these products together at the new McAfee Security Fusion Centers, located in Plano, Texas and Cork, Ireland. These facilities were built last year and are designed to support full visibility and global management of risks, in a simulated environment. The Security Fusion Centers give customers a blueprint for building out their own SOCs.

In short – we are revving up the SOC: critical facts in minutes, not hours. Highly-tuned appliances to collect, process, and correlate log events from multiple years with other data streams, including STIX-based threat intelligence feeds. And the storage of billions of events and flows, with quick access long-term event data storage to investigate attacks.

Let your security travel as fast as your data. And get your SOC out of the slow lane.

The post Is Your SOC Caught in the Slow Lane? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/soc-caught-slow-lane/feed/ 0
Separating the Signal from Noise https://securingtomorrow.mcafee.com/business/separating-signal-noise/ https://securingtomorrow.mcafee.com/business/separating-signal-noise/#respond Tue, 27 Mar 2018 04:01:21 +0000 https://securingtomorrow.mcafee.com/?p=87655 In security operations, we frequently talk about the difficulties in separating the signal from the noise to detect legitimate threats and disregard false alarms. Data overload is a common problem and triage becomes a critical skill to hone and develop. As the chief information security officer (CISO) for McAfee, I am aware at multiple levels […]

The post Separating the Signal from Noise appeared first on McAfee Blogs.

]]>
In security operations, we frequently talk about the difficulties in separating the signal from the noise to detect legitimate threats and disregard false alarms. Data overload is a common problem and triage becomes a critical skill to hone and develop.

As the chief information security officer (CISO) for McAfee, I am aware at multiple levels of the risks that come from a failure to focus on the right thing. If one of our security operations center (SOC) analysts fails to notice multiple login attempts by the same user from different countries in a short span of time, it could cost us both valuable company data and our reputation in the industry.

For these reasons, McAfee announced major enhancements today to our security operations portfolio in our security information and event management (SIEM) and Security Analytics product lines – enhancements that the McAfee Information Security team I am proud to lead helped to road-test. We also announced that our state-of-the-art converged physical and cyber Security Fusion Centers are now fully operational in Plano, Texas, USA and Cork, Ireland – less than a year after we emerged from Intel as a standalone company.

The big deal for the McAfee Security Fusion Centers is that they have a dual mission: 1) to protect McAfee, and; 2) help us build better products. And for myself, I would add a third objective: help our customers to learn from our experiences protecting McAfee. We want to help them build better reference architectures, learn how to communicate with boards of directors and become more innovative in solving cybersecurity problems.

For Job 1, protect the enterprise, we believe in the primacy of fundamentals. We use the National Institute of Standards and Technology (NIST) cybersecurity framework, as well as the Factor Analysis of Information Risk (FAIR) method to quantify our risk posture, and continually manage for the framework’s core functions of Identify, Protect, Detect, Respond, and Recover. It’s critical that we understand what is happening in our environment and that is why we chose to converge our physical and cybersecurity functions into one operations center – a Security Fusion Center. We need to collect data across all aspects of our operating environment. Without that ability, we are flying blind.

Next, we focus on being able to answer a series of vital questions that help us complete the identification functions. We ask:

  1. What is on the network and how are our networks accessible? We must be able to identify our assets. That visibility into what is connected to us is critical. We use tools like Rapid7 Nexpose, McAfee Rogue System Detection, and network access control (NAC) to constantly monitor the network to tell us what is connected to us.
  2. How are we managing access to vital systems and stores of data? We decided from the beginning that we could not take access to information assets for granted. At McAfee, there is no implicit right of access – only explicit privilege. In this age of bring-your-own-device (BYOD), we have set up two-factor authentication when accessing the McAfee network. If your role requires access to sensitive information, “need to know” access is applied, and the employees must and comply with other access control mechanisms like separation of duties, least privilege, and information management.
  3. Where are the vulnerabilities? We need to evaluate risk across our environment from device to cloud. This means more than just audits and vulnerability management. We had to design our systems so that they would be scalable and support our incident response functions like patch management and counter measures in a prioritized manner. We especially rely on McAfee ePO for visibility across on- and off-premises devices.
  4. How is the data protected? This is a matter of understanding where are the crown jewels of our data and what are the risks for exfiltration. It’s vital to set up policies in a very prioritized and strategic manner. Data loss prevention requires thinking through the data, the applications and the users.
  5. How are we doing against the basics? While it is great to have next generation toolsets, it is often the basics that most organizations miss that cause compromises. For example, we are constantly focused on basics like security architecture, access and authentication control, device configuration and baselines, operating system and third-party patch levels, security awareness training, and table-top exercises.  Even at McAfee with the entire product portfolio, we are diligent about instilling the basics across our security operations.
  6. Finally, what signals do we focus on? We need context and insight to answer this. This requires a place where all the data can be collected, enriched and shared. We have been using McAfee Enterprise Security Manager 11.0, which was announced today, for some time now. The open data bus architecture enables our SIEM to ingest a high volume of data, scaling to billions of events, and then enrich that raw data nearly immediately, turning noise into insights. We also appreciate that this architecture allows the SIEM to intelligently share data to any appropriate appliance, application, or data store. This is an evolved security operations infrastructure – it’s a mix of a SIEM platform with User Entity Behavior Analytics (UEBA) and threat investigation, using McAee Behavioral Analytics (MBA) and McAfee Investigator. Our Security Fusion Centers are the first places where all those pieces will be present and working together.

As for Job #2, helping McAfee build better products, by now you can see how we are living out a commitment to be Customer Zero for McAfee. Going forward, we are going to be the first organization to use McAfee’s new products. But we are doing that in a way that will help our customers implement better, faster and more smoothly before they have even seen the product. We’re working out the bugs and we’re working on feature requests with our Product Management and Engineering teams.

This helps us to be better, more innovative, and to solve cybersecurity challenges. It is meant to be a very tight collaboration – a place to try out our products in the real-world. We’re going to get there through collaboration.  From our learnings in the first year, we have observed that diversity is the single most important factor in developing a world class organization.  Diversity of thought challenges typical thinking and results in better outcomes.

In fact, collaboration is personally my number one thing. I wanted to work with the smartest people in the world. I will acknowledge that I am not the smartest person in the room. Somebody is going to know more about security than I do. Embracing that and bringing that all together will make us all stronger and better at our jobs. And that is what we mean when we say, “Together is Power.”

As for my personal third goal, helping all of you to be better, too, that’s why I’m sharing here. We’ll continue this dialogue about how McAfee is protecting itself and, in the process, learning more about helping you with another blog post soon. I’ll be sharing the byline with my colleague, Jason Rolleston, Vice President for Security Intelligence & Analytics.

Let me know what signals you are focused on and how we can help solve problems together.

You can look for Grant Bourzikas on Twitter and LinkedIn and at security events like MPOWER, Blackhat, and RSA.

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure.

 

The post Separating the Signal from Noise appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/separating-signal-noise/feed/ 0
Economic Impact of Cybercrime: Why Cyber Espionage isn’t Just the Military’s Problem https://securingtomorrow.mcafee.com/business/economic-impact-cybercrime-cyber-espionage-isnt-just-militarys-problem/ https://securingtomorrow.mcafee.com/business/economic-impact-cybercrime-cyber-espionage-isnt-just-militarys-problem/#respond Thu, 22 Mar 2018 19:15:56 +0000 https://securingtomorrow.mcafee.com/?p=87616 In a technology-driven age, entrepreneurs, organizations, and nations succeed or fail in large part based on how effectively they develop, implement, and protect technology. One of the most notable aspects of “The Economic Impact of Cybercrime” report released recently is the prominence of cyber espionage, the cyber-theft of intellectual property (IP) and business confidential information. […]

The post Economic Impact of Cybercrime: Why Cyber Espionage isn’t Just the Military’s Problem appeared first on McAfee Blogs.

]]>
In a technology-driven age, entrepreneurs, organizations, and nations succeed or fail in large part based on how effectively they develop, implement, and protect technology. One of the most notable aspects of “The Economic Impact of Cybercrime” report released recently is the prominence of cyber espionage, the cyber-theft of intellectual property (IP) and business confidential information. The report from the Center for Strategic and International Studies (CSIS) and McAfee estimates that the cost of cybercrime to the global economy is around $600 billion annually, or 0.8% of global GDP, and cyber espionage accounts for 25% of that damage, more than any other category of cybercrime. Furthermore, the report argues that “Internet connectivity has opened a vast terrain for cybercrime, and IP theft goes well beyond traditional areas of interest to governments, such as military technologies.”

When we think of cyber espionage, we tend to think of events such as the Chinese military’s theft of the F-35 joint strike fighter’s blueprints from U.S. corporations. Last month, the Associated Press reported a similar event where Russian hackers attacked several U.S. corporations attempting to steal drone technologies used by the U.S. military.

But there are also cases such as 2009 Operation Aurora attacks, in which nation-state hackers allegedly tied to the China’s People’s Liberation Army sought to steal IP and business confidential information from IT, chemical, web services, and manufacturing firms as well as military contractors. There is also the example from the 2004 Nortel Networks cyber-attacks that allegedly compromised IP later used to strengthen the market position of Chinese telecommunications giant Huawei.

Such examples suggest that nation states are seeking to steal IP not only to enhance their military strength, but also to achieve technological leadership throughout the rest of their economies without the investments, human talent, or other foundational elements associated with technical innovation.

Put simply, cyber espionage isn’t just the U.S. military’s problem. Organizations beyond military contractors should assume they could become targets of such cybercrimes.

If enough of a profit motive is there, it’s wise to assume that the hacking expertise and tools to steal IP are within your would-be attackers’ reach. Furthermore, it’s wise to assume that the beneficiaries of commercial cyber espionage are capable of copying your compromised product designs and building them into their own products, just as Chinese government engineers had integrated stolen F-35 design features into China’s J-20 stealth fighter.

The cyber theft of such IP could result in lost market share and revenues for corporations. Such theft could smother a nation’s most promising new startups in their Series A cradles, or drive its most innovative mid-sized companies out of business, erasing wealth and jobs in the process.

The CSIS report identified three key cyber espionage challenges facing organizations and nations today.

Challenges of Detection

 Cyber espionage maintains a lower profile than critical infrastructure attacks, ransomware, mega-consumer data hacks, and identity theft and fraud, and other threats in part because there’s no incentive to report cyber espionage incidents. Victimized companies don’t wish to report them, if indeed they ever become aware of them. The attackers don’t wish to alert their victims or the public to their crimes. Victim organizations still own the compromised IP or business confidential information and could easily attribute declines in market share and revenue to any number of tactical and strategic moves on the part of competitors. Unsurprisingly, such incidents go undiscovered and under reported.

Challenges of Attribution

As in every other area of cybersecurity, the difficulty of attribution makes the policing of cyber espionage complicated if not near impossible. Attacks of this nature are sophisticated and designed to obscure the identity of the actors behind them. Governments are in the best position to determine attribution because they can combine the analysis of technical cyber-attack forensics with analysis of traditional intelligence to identify actors. But holding adversaries accountable isn’t easy given the nature of the required inputs and analysis that enable attribution.

For instance, the U.S. government has accused Chinese hackers associated with the People’s Liberation Army (PLA) of being responsible for half of the cyberespionage activity targeting U.S. “IP and commercially valuable information,” and claimed that this activity had inflicted $20 billion in economic damage by 2014.

But the evidence used to make such attribution determinations is not easily exposed without revealing the means and methods by which cyber threat researchers and government agencies came by it.

Challenges of Definition

The CSIS report revisits the 2015 Barack Obama-Xi Jinping Summit, where the leaders of the U.S. and China agreed that their intelligence communities would cease to conduct “commercial espionage,” while allowing each nation to engage in military-related espionage appropriate to their respective national security interests. The nations comprising the world’s 20 largest economies agreed to a similar “no-commercial espionage” pledge later that year.

Any such agreement obviously requires accountability mechanisms to have an impact. But it also requires that the nations agree to specific and consistent definitions of what constitutes commercial versus military espionage.

CSIS notes that the evidence is mixed as to whether the Chinese government has slowed commercial espionage in accordance with the 2015 agreement.  But the think tank notes that despite high level dialogues and pledges between nations, officials from multiple countries maintain that commercial IP theft continues unabated.

Last month’s Worldwide Threat Assessment of the U.S. Intelligence Community confirmed that China and other nation-state actors are continuing to use cyber-attacks to “acquire U.S. intellectual property and proprietary information to advance their own economic and national security objectives.”

The assessment goes so far as to suggest that because the disruptive technologies of the 21st century are being developed by public and private competitors around the world, any significant loss of U.S. IP in pivotal areas—artificial intelligence, 5G networking, 3D printing, nano-materials, quantum computing, biotech, and advanced robotics—could ultimately weaken U.S. military and economic power, and result in a loss of national competitiveness in the global marketplace, as well as on the battlefield.

Preventing the Theft of our Future

 At its most basic level, the theft of IP and business confidential information is a theft of the future. It’s a theft of future national security, future business for companies, future wealth for a nation’s communities, and future high paying jobs and standards of living for a nation’s citizens.

Because technologies don’t fit neatly within civilian and military sector silos, particularly throughout their lifecycles, it’s important for organizations to take cyber espionage seriously. Even beyond technology providers, any organization producing anything of great value should take care to consider that that great value is valuable to others, and remember that anything of great value must be protected.

Please go here for more information on the report’s assessments.

The post Economic Impact of Cybercrime: Why Cyber Espionage isn’t Just the Military’s Problem appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/economic-impact-cybercrime-cyber-espionage-isnt-just-militarys-problem/feed/ 0
EDR – Not just for Large Enterprises? https://securingtomorrow.mcafee.com/business/edr-not-just-large-enterprises/ https://securingtomorrow.mcafee.com/business/edr-not-just-large-enterprises/#respond Tue, 20 Mar 2018 22:19:41 +0000 https://securingtomorrow.mcafee.com/?p=87194 When you think of Endpoint Detection and Response (EDR) tools, do you envision a CSI-style crime lab with dozens of monitors and people with eagle eye views of what their users and defenses are doing? For many, the idea of EDR seems like something for “the big players” with teams of highly trained people. This […]

The post EDR – Not just for Large Enterprises? appeared first on McAfee Blogs.

]]>
When you think of Endpoint Detection and Response (EDR) tools, do you envision a CSI-style crime lab with dozens of monitors and people with eagle eye views of what their users and defenses are doing? For many, the idea of EDR seems like something for “the big players” with teams of highly trained people. This is based on the historical products and presentations of these tools in days gone by however, it’s no longer true.

What Changed?

For starters, threats and the need to investigate them to prevent a repeat of an outbreak or breach. Malware and attack methods became smarter to put it simply and stopping them became much more difficult. Threats don’t always look like threats anymore. The same type of attack might arrive through the web, email, as a different file type with a different name but with the same intent: avoid detection and compromise your endpoints.

Defenses have evolved as well, but as part of that growth another problem grew with it. More defenses means more reports, alerts and places to go to investigate and then remediate a threat. Economically, most organizations have not put more staff into the mix alongside this change. The “do more with less” mantra hasn’t left the minds of many, and the result is too many security practitioners drowning in noise and overwhelmed with management tools and data. Perhaps that’s why so many resort to simply re-imaging a machine instead of investigating or remediating a threat. It seems easier (and it probably is) for many. See our infographic ‘A Return to Endpoint Protection Platforms’ for more on how the use of disparate point tools increases operational complexity.

Lastly, the need to do things differently happened. The latest Gartner Market Guide for Endpoint Detection and Response shows a strong shift in the number of organizations that now consider EDR a need and plan to invest in it. Security Practitioners are shifting gears as the nature of threats and the need to know how they arrived, what they attempted to do and where else they may have attempted entry occurred.

It Doesn’t Have to Take a Village Anymore

Something else changed as these the landscape evolved – EDR solutions became easier and simpler to work with. EDR is no longer a tool that requires a dozen people or a Security Operations Center (SOC). Dashboard style management with prioritized, at-a-glance data has replaced lengthy reports and overwhelming alert volume. More integrated approaches have also cut down manual processes, replacing them with automated responses and automatic contextual insights. This also cuts complexity when delivered as part of an Endpoint Protection platform (EPP). For more details, watch a video on the role of EDR and Machine Learning and the Return to Endpoint Protection Platform Suites.

It no longer requires extensive training or expertise to use and realize value from EDR solutions. Security Practitioners can now simply log in, click to the heart of a threat and remediate it in a short period of time. Remediation can happen in as little as one click and setting traps, triggers and responses for future threats takes only a few minutes.

McAfee offers an integrated EDR solution that gives prioritized data and alerts with a dashboard view of your environment and makes it easy to click to the eye of a threat in seconds.  One of our customers was able to go from using spreadsheets and manual processes to getting data in seconds.

If you’re ready to see how easy and effective EDR can be, check out this video below to see a Metasploit attack halted with a straight forward investigation.

The post EDR – Not just for Large Enterprises? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/edr-not-just-large-enterprises/feed/ 0
The Ripple Effect of the Hansa Takedown https://securingtomorrow.mcafee.com/business/ripple-effect-hansa-takedown/ https://securingtomorrow.mcafee.com/business/ripple-effect-hansa-takedown/#respond Mon, 19 Mar 2018 18:28:51 +0000 https://securingtomorrow.mcafee.com/?p=86568 For nearly a decade we have witnessed the systemic rise and fall “dark net” markets. Each time a site is taken down by law enforcement, we see other, opportunistic ones capitalize on buyers looking for new places to purchase illegal goods. Last year we explored the takedowns of the popular black markets AlphaBay and Hansa […]

The post The Ripple Effect of the Hansa Takedown appeared first on McAfee Blogs.

]]>
For nearly a decade we have witnessed the systemic rise and fall “dark net” markets. Each time a site is taken down by law enforcement, we see other, opportunistic ones capitalize on buyers looking for new places to purchase illegal goods. Last year we explored the takedowns of the popular black markets AlphaBay and Hansa and saw a noticeable hesitation. Something about these takedowns had an impact, if even short term, among buyers and sellers on dark net markets. After examining the flow of crime across the dark web following these two sites under siege, we have found that these takedowns had noticeable impact.

AlphaBay was a massive marketplace and has been the top market since the year following the Silk Road takedown. Once AlphaBay was stopped last year, we began tracking cybercriminal response and saw the migration to smaller markets, including Hansa, which had an influx of of new vendors and buyers shortly after AlphaBay disappeared. This is similar behavior to what we saw after the Silk Road takedown. Orphaned users needed a new home and migrated to newer markets such as Dark Market Reloaded, Evolution, Silk Road 2.0, and eventually AlphaBay. Some of these turned out to be scams—as seen with Evolution—or were subject to law enforcement takedowns—as was the case with Silk Road 2.0 with Operation Onymous. Dark net markets are no strangers to risk.

Although AlphaBay was a large takedown, it had a similar impact to many dark net market exits before it. However, the follow-up Hansa takedown was an unexpected blow and likely a heavy psychological hit. Criminals predictably flocked to several other markets, including Hansa. Law enforcement was ready for them as they had hijacked the two administrators’ accounts, migrated the market to a different infrastructure and got full control of Hansa for almost a month over the course of the operation. During this period, law enforcement successfully worked on a trap that undermined the trust of a lot of buyers and sellers. Criminals were unaware, migrating from market to market and assuming they were untouchable in a game of wack-a-mole. They were proven wrong. By using a variety of methods, the law enforcement agencies involved identified a large portion of vendors and buyers, disrupting both confidence and trust.

After it was publicly announced that Hansa was under the control of law enforcement, panic started to spread in the dark net market community and on social media. Even vendors on other markets were no longer trusted. Reports on Reddit came out that their PGP keys were somehow changed, creating much confusion. In the eyes of the paranoid, everyone was compromised. In spite the increased distrust, many markets survived, including one of the largest dark markets today, Dream Market. However, migration to these markets was slow. The seemingly business-as-usual takedown of AlphaBay, followed up by the complete takeover of Hansa, had made its mark.

Dark markets continue to grow and survive. As long as the profitability of dark net markets is viable, they will continue to emerge. Stolen digital data, which drives much of the profits, will continue to be a key motivator. As long as there is a market, we must secure our data. This effort starts by being diligent about protecting our assets.

There are a few key ways to reduce risk. For businesses and individuals, this includes maintaining proper procedures and practices that ensure good security hygiene. Never share data unless the requester is trusted and sharing is absolutely necessary. And always use a security infrastructure that safeguards the data centers or cloud storage your organization uses to collect and store crucial data.

To learn more about our fight against cybercrime, be sure to follow us at @McAfee and @McAfee_Labs.

The post The Ripple Effect of the Hansa Takedown appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/ripple-effect-hansa-takedown/feed/ 0
NSP Finds Common Ground in a Time of Change https://securingtomorrow.mcafee.com/business/cloud-security/nsp-finds-common-ground-time-change/ https://securingtomorrow.mcafee.com/business/cloud-security/nsp-finds-common-ground-time-change/#respond Fri, 16 Mar 2018 21:51:18 +0000 https://securingtomorrow.mcafee.com/?p=86295 As enterprise customers move from the private to the public cloud, they are looking for safety and uninterrupted coverage, but also multi-platform availability and inter-operativity with other products The public cloud offers convenience, cost savings, and the opportunity to shift capital infrastructure spending to an operational expense model. But it also introduces a new level […]

The post NSP Finds Common Ground in a Time of Change appeared first on McAfee Blogs.

]]>
As enterprise customers move from the private to the public cloud, they are looking for safety and uninterrupted coverage, but also multi-platform availability and inter-operativity with other products

The public cloud offers convenience, cost savings, and the opportunity to shift capital infrastructure spending to an operational expense model. But it also introduces a new level of risk, where a vulnerability in publicly-accessible software can enable an attacker to breach the cloud and infiltrate sensitive information, or accidentally expose customer data to other tenants using the same service.

The real world complicates matters further: the journey from the private cloud to the public cloud is often in stages: customers may use a combination of both (i.e. hybrid cloud). Futher, there are big changes happening in the Security Operation Center (SOC) in the multi-cloud environment, with automation increasing and many controls becoming virtual. Customers ask, “How do I respond? How do protect myself?”

A big part of the answer is Intrusion Detection and Prevention Systems (IDPS) software. According to Gartner, by year-end 2020, 70% of new stand-alone IDPS placements will be cloud-based (public or private) or deployed for internal use cases, rather than the traditional placement behind a firewall.1 Download the full Gartner MQ here for more perspective.

Another part of the equation usability. Customers need a cybersecurity product that works for their needs: their specific cloud vendor, their platform, and integration with their other cybersecurity solutions. Also, virtualized security solutions must be flexible and scalable, and, even more importantly, they must function seamlessly with software-defined networking platforms.

We believe that McAfee’s latest IDPS release – the McAfee® Network Security Platform (NSP) – has the answers to many of these questions. NSP discovers and blocks sophisticated threats in cloud architectures with accuracy and simplicity. It’s a complete network threat and intrusion prevention solution that protects systems and data wherever they reside across datacenter, cloud, and hybrid enterprise environments, utilizing multiple signature-less detection technologies.

It’s also important to remember that different customers use IDPS products in different ways. The latest NSP release allows customers to use the software in the way they want. For example:

Cloud Infrastructure Security: NSP (and Virtual Network Security Platform, or vNSP, designed specifically for the cloud) support both Azure and Amazon Web Services (AWS) — today’s leading public cloud services — delivering complete threat visibility of data going through an internet gateway and into east-west traffic. A customer can restore threat visibility and security compliance into public cloud architectures with a platform that delivers true east-west traffic inspection.

Decrypting SSL traffic with dynamic keys: Traditional decrypting technologies are ineffective with encrypted traffic using dynamic keys like the Elliptic Curve Diffe-Hellman Exchange (ECDHE) key, thus creating blind spots in network traffic. NSP now provides a unique solution2 for decrypting dynamic SSL keys like ECDHE (this is a first in the industry). This patent-pending solution scales with workloads delivering high performance.

Ease of Use: With NSP, users have greater control on the host. The console and enhanced graphical user interface put users in control of real-time data with a “single pane of glass,” delivering centralized, web-based management. NSP is the first and only IDPS solution to combine advanced threat prevention and application awareness into a single security decision engine, plugging infrastructure gaps. It’s also a distributed platform that is not performance-hogging.

Platform: vNSP supports AWS and Azure in public cloud workloads on both Windows and Linux.

Integration: NSP works with other McAfee products, as well as the Data Exchange Layer (DXL), which shares data with non-McAfee products.

Open Source Support: NSP supports SNORT, the open source community pushing out AV signatures.

Marketplace: Customers can now access vNSP on the AWS and Azure marketplaces. (available as Bring Your Own License [BYOL]).

Another question we hear from customer is about “machine learning,” which is an important part of the future of cybersecurity in a world of increasing threat complexity. McAfee’s NSP uses machine learning, employing self-learning systems from historical data, including data from other McAfee products, such as Advanced Threat Defense and Endpoint. This is part of the evolution into ML.

Things are changing. The private and public cloud are dynamic. NSP finds common ground.

We believe it’s understandable why Gartner has placed McAfee in the Leaders quadrant in IDPS for the 11th year in a row. Grab a copy of the full report here.

12018 Gartner Magic Quadrant for Intrusion Detection and Prevention Systems

2Available in NSP only (not vNSP).

Gartner Magic Quadrant for Intrusion Detection and Prevention Systems, Craig Lawson, Claudio Neiva, 10 January 2018. From 2014-17, McAfee was included as Intel Security (McAfee). Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post NSP Finds Common Ground in a Time of Change appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/nsp-finds-common-ground-time-change/feed/ 0
Cryptojacking is Soaring, and “Stegware” Makes it a Stealth Bomber https://securingtomorrow.mcafee.com/business/cryptojacking-soaring-stegware-makes-stealth-bomber/ https://securingtomorrow.mcafee.com/business/cryptojacking-soaring-stegware-makes-stealth-bomber/#respond Fri, 16 Mar 2018 21:26:55 +0000 https://securingtomorrow.mcafee.com/?p=86281 With Bitcoin becoming resource-intensive to mine, and several cryptocurrency platforms arising as alternatives, more bad actors are jumping into cryptojacking: the unsolicited use of your device to mine cryptocurrency. This is becoming a dangerous threat that sometimes targets web systems, while other times infiltrates consumer or enterprise devices. When a consumer device is targeted by […]

The post Cryptojacking is Soaring, and “Stegware” Makes it a Stealth Bomber appeared first on McAfee Blogs.

]]>
With Bitcoin becoming resource-intensive to mine, and several cryptocurrency platforms arising as alternatives, more bad actors are jumping into cryptojacking: the unsolicited use of your device to mine cryptocurrency. This is becoming a dangerous threat that sometimes targets web systems, while other times infiltrates consumer or enterprise devices.

When a consumer device is targeted by cryptojacking, immediate effects appear because of the mining operation. Sometimes the system performance is not consistent with the expected user workload. Similarly, when the attack targets an enterprise device such as a server, these indicators will be there, although maybe harder to identify. In fact, when the mining script is correctly configured, a throttled CPU usage might be concealed as a slightly higher server usage in accordance with theoretically higher demand. Verifying these facts? Not an easy task.

The purpose of a cryptojacking attack is essentially revenue, so it makes sense that high-value assets (involving significant CPU or GPU resources) will be targeted. Recent reports reveal that manufacturing and financial services industries together constitute more than 55% of the systems affected by cryptojacking attacks (1). In one recent example, the Smominru Monero botnet has produced around $3 million running a mining operation with more than 500k compromised hosts (2).

Several cryptojacking attacks are using steganography, which is used as a mechanism to conceal and deliver the malicious mining script.

With security solutions maturing, bad actors need to think about new strategies to convey the attacks. That’s where “stegware”, malware hidden with steganography, comes in handy. As previously discussed (3), steganography is a very good vehicle for concealing an attack. In the case of cryptojacking, delivering the mining script is all the attacker requires. For that purpose, carriers such as an image file are used to hide the script. Then, taking advantage of either vulnerabilities (or features) already present in the services exposed by servers, the image is planted and the mining script can be executed. This technique is so effective that in some cases, bad actors won’t use actual steganography, just a fake image file, which is enough to bypass security solutions.

In a similar way, web-based cryptojacking attacks are poisoning hundred of websites (by either taking advantage of web server exploits or via “malvertising”) to mine cryptocurrency when a user visits a webpage. Essentially, an image (for example an ad) is placed somewhere so the mining script can be extracted and executed via the user device resources. Fortunately, popular browsers have already implemented measures to detect this activity and shut it down.

But even with monitored devices such as servers, differentiating between a legitimate increased server demand and a cryptojacking attack may not always be that simple. If the mining script is correctly configured, an infected server process using a slightly higher amount of CPU would be on a gray area, but not necessarily spotted as an anomaly.

 Collateral Damage

The fact that a mining script is extensively consuming resources such as CPU or GPU constitutes a potential risk to the system and its components. When devices are stressed by the extra load of mining, CPU, GPU and heat dissipation mechanisms are more active than usual. This increases energy consumption and could rapidly deteriorate system components. Although this is not the purpose of cryptojacking, we can’t ignore the consequences, as it may constitute a sort of “denial of service” when critical infrastructure is compromised. A cryptojacking botnet compromising servers may not disrupt a business, but it surely introduces some challenges to the operation.

Less Headache, More Benefits

In comparison with ransomware, cryptojacking might be more attractive to cybercriminals. Essentially, both attacks will produce revenue. However, while a ransomware attack becomes obvious once the ransom is requested, a stealthy cryptojacking has better chances of being undetected (especially when steganography is assisting the attack). Also, if a cryptojacking attack is discovered, it’s very hard to trace it back to the source, because of the intrinsic anonymity of cryptocurrency. Add to that the fact that the victim may not have enough incentive to go after the author (since “no damage” was produced), and it’s clear why this attack provides more benefits and fewer headaches than ransomware.

Staying Alert

Because no evident damage is produced, fighting cryptojacking requires a trained eye. Look for anomalies related to either performance, overheating, or failing components. The more data you have, the better you will be able to spot an attack. Determining the cause of a device or server being stressed is not easy, but that’s where you should start. Also, other indicators such as unknown processes or unknown images being downloaded can help you trace the path to a mining script.

The post Cryptojacking is Soaring, and “Stegware” Makes it a Stealth Bomber appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cryptojacking-soaring-stegware-makes-stealth-bomber/feed/ 0
The Tortoise and the Hare of GDPR, Part I: Don’t Panic https://securingtomorrow.mcafee.com/business/data-security/tortoise-hare-gdpr-part-dont-panic/ https://securingtomorrow.mcafee.com/business/data-security/tortoise-hare-gdpr-part-dont-panic/#respond Thu, 15 Mar 2018 15:00:49 +0000 https://securingtomorrow.mcafee.com/?p=85294 In preparation for May 25, data-driven companies (and really, that’s most of us) have started doing business differently, bracing for the enforcement date of the General Data Protection Regulation (GDPR). And all companies with customers and employees who are residents of the European Union should be handling personal data carefully after that: Violations can result […]

The post The Tortoise and the Hare of GDPR, Part I: Don’t Panic appeared first on McAfee Blogs.

]]>
In preparation for May 25, data-driven companies (and really, that’s most of us) have started doing business differently, bracing for the enforcement date of the General Data Protection Regulation (GDPR). And all companies with customers and employees who are residents of the European Union should be handling personal data carefully after that: Violations can result in fines of up to 4% of annual global revenues or €20 million (whichever is greater).

When we reached the milestone of 100 days until May 25, one of our McAfee legal interns put up a countdown clock on an internal website. Lots of words have been spent on hair-on-fire, panic mode fretting about the fines – and anyone who tells you that they know exactly what to do to avoid getting fined is selling you a false promise.

As we get to this homestretch, I think it’s important to pause a minute and make sure we are looking at the forests as well as the trees.  GPDR doesn’t tell us to encrypt this but not that, but it does tell us we need a cultural change around data protection. An attitude of Great Data Protection Rocks (GDPR – get it?) works together with McAfee’s concept of a culture of security  to introduce better and constantly improving practices.

But the 100 days are flying by, and things aren’t perfect – what to do? First, take a deep breath, you can’t get anything done if you’ve fainted.  Second, remind yourself of the strategic principles and the core intent of the GDPR: honoring the fundamental rights of the data subject to have control over their information and to have it properly cared for when it is outside their control.  Questions to ask your organization, including:

  • Is there a current data-loss prevention project in place or planned for this year? Data-loss prevention too often gets thought of as a security project, but the best implementations have security folks partnering with privacy and legal team members as well as business stakeholders.
  • Does your cloud service provider have a privacy policy? Do you know who your cloud providers are, even?  The cloud-hosting providers like AWS and Azure are obviously to be considered, and don’t forget Box and Google Drive and other file storage, but you also need to consider the human resources applications, the recruiting vendors, and the other companies that help support your businesses from the cloud.
  • What key security and business processes should be reviewed for applicability and current state of capability? Mo reminds us to stop and define “key.”  This is the sort of soul-searching that every company needs to do for itself, and make hard decisions (that you should check back on) as to what is most important.

There are a lot of things I like about Mo’s series, including the calm tone, but what I like most is that it basically says if you aren’t sure what to do, start somewhere, and here are some ideas that will help you with the larger picture.  Some folks with lots of resources (and yes, the Data Protection authorities) might be horrified that some places haven’t started on GDPR compliance, but this is a journey and we all have different starting points.  I bump into a lot of people who are still finding their way in the GDPR fog when I get outside McAfee.

And even for those of us who have been working on GDPR readiness for a long time (and it feels like a really, long time to me right now – I’m much more of a hare), we must think about the long haul.  Changing culture takes time, and it’s a big shift to a culture of security and data protection for many organizations.  We need champions, new language, new processes, new policies, and procedures.  If we keep breathing and keep thinking about the big picture, and keep working together on the hard questions, we’ll get there.

You can find much more free GDPR educational material on our website.

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post The Tortoise and the Hare of GDPR, Part I: Don’t Panic appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/data-security/tortoise-hare-gdpr-part-dont-panic/feed/ 0
A Brief History of Cloud Computing and Security https://securingtomorrow.mcafee.com/business/brief-history-cloud-computing-security/ https://securingtomorrow.mcafee.com/business/brief-history-cloud-computing-security/#respond Wed, 14 Mar 2018 19:30:31 +0000 https://securingtomorrow.mcafee.com/?p=85316 According to recent research1, 50% of organizations use more than one public cloud infrastructure vendor, choosing between Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and a series of others. 85% of those using more than one cloud infrastructure provider are managing up to four1, seeking the best fit for their applications and hedging […]

The post A Brief History of Cloud Computing and Security appeared first on McAfee Blogs.

]]>
According to recent research1, 50% of organizations use more than one public cloud infrastructure vendor, choosing between Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and a series of others. 85% of those using more than one cloud infrastructure provider are managing up to four1, seeking the best fit for their applications and hedging against downtime and lock-in to specific providers. Naturally, with any trend in cloud adoption, the practice of Shadow IT plays into this fragmentation.

As we look at an evolution like this, it is helpful to first understand historical precedent that lead us to this point in time, to learn from the past and remind ourselves of the progress made by others that we now enjoy. Let’s take a brief trip through history, here with cloud computing, to see how we arrived at our multi-cloud reality.

The Space Age and Dreamers

Around the same time, John F. Kennedy inspired the United States with his decisive proclamation that “We choose to go to the moon!”, leaders in computer science were dreaming of a terrestrial future with similar aspirational bounds. While working at the U.S. Pentagon’s Advanced Research Projects Agency (ARPA, now known as DARPA), then Director of the Information Processing Techniques Office J. C. R. Licklider wrote a memo to his colleagues describing a network of computers which spoke the same language and allowed data to be transmitted and worked on by programs “somewhere else”2. From his 1963 memo:

‘Consider the situation in which several different centers are netted together, each center being highly individualistic and having its own special language and its own special way of doing things. Is it not desirable, or even necessary for all the centers to agree upon some language or, at least, upon some conventions for asking such questions as “What language do you speak?”’3

‘The programs I have located throughout the system…I would like to bring them in as relocatable binary programs…either at “bring-in time” or at “run-time.”’ 3

“With a sophisticated network-control system, I would not decide whether to send the data and have them worked on by programs somewhere else, or bring in programs and have them work on my data. I have no great objection to making that decision, for a while at any rate, but, in principle, it seems better for the computer, or the network, somehow, to do that.”3

Here he is describing the pre-cursors to the internet, and our now ubiquitous TCP/IP communication language that allows a myriad of connected devices to speak with each other and the cloud. His prediction for bringing in programs at “run-time” is all-too-familiar today with our browser-based access to the cloud applications we use, and the foresight even to predict that the physical location of those programs would not matter – leaving it up to a computer, or network to decide how to allocate resources properly.

Shared resources also sparked concern for Licklider:

“I do not want to use material from a file that is in the process of being changed by someone else. There may be, in our mutual activities, something approximately analogous to military security classification. If so, how will we handle it?” 3

While we have solved the challenge of collaborative editing in cloud applications today, his sights pointed to an issue which would eventually become of paramount importance to the information security community – how to handle sensitive data held in a location you do not physically own.

  1. C. R. Licklider’s predictions quickly transformed to reality, and through further efforts at ARPA resulted in the first iteration of the internet, or ARPANET. His inspiration to the development of the internet and cloud computing is undeniable, and like the title of his memo quoted above, “Memorandum For Members and Affiliates of the Intergalactic Computer Network”, aspires to greatness beyond what many think is possible.

Virtual (Computing) Reality

In parallel to the effort made by ARPA and many university collaborators to connect computing devices together, IBM was developing a way to make their large, “mainframe” computers more cost efficient for their customers. In 1972 they released the first iteration of virtualized computing, the VM/370 operating system.4 From the 1972 program announcement:

VM/370 is a multi-access time-shared system with two major elements:

  • The Control Program (CP) which provides an environment where multiple concurrent virtual machines can run different operating systems, such as OS, OS/VS, DOS and DOS/VS, in time-shared mode.
  • The Conversational Monitor System (CMS) which provides a general-purpose, time-sharing capability.4

Running multiple operating systems through the control program, akin to today’s concept of a hypervisor, on one mainframe computer dramatically expanded the value customers could gain from these systems, and set the stage for virtualizing data center servers in years to come. Time-sharing through the CMS gave users an ability to log in and interact with the individual VMs, a concept still used today in virtualization software and anytime you log in to access a cloud service.

Through the 80’s and 90’s, the rise of personal computers took much attention away from the development of mainframe and early datacenter computing environments. Then in 1998, VMware filed a patent for a “Virtualization system including a virtual machine monitor for a computer with a segmented architecture”5 which was “particularly well-adapted for virtualizing computers in which the hardware processor has an Intel x86 architecture.”5 – starting sales of their technology a year later. While others entered the virtualization space at the same time, VMware quickly took the lead by focusing on the difficult task of virtualizing the widely used x86 architecture, expanding the value of many existing datacenter infrastructure investments.

Cloud computing would likely not exist without the resource efficiency of virtualization. Commercial offerings like Amazon Web Services (AWS), Microsoft Azure, and others achieve their economies of scale through virtualized infrastructure, making high-end computing affordable (and sometimes free) for just about anyone.

With no ties to hardware, the abstraction from physical location Licklider predicted begins to meet reality. Applications can exist anywhere, be accessed from anywhere, and be moved as needed, allowing cloud operators to update underlying hardware without downtime for the services they run. Abstraction from physical location also enables virtualized software and infrastructure to exist far from you – and your country. The predicament of cross-border data regulation is a developing issue, with the E.U.’s General Data Protection Regulation (GDPR) taking arguably the broadest reach to date.

Everything Over the Internet

If you’re an enterprise organization running a datacenter in the late 90’s, starting to virtualize your infrastructure makes economic sense. With 20/20 vision we see in retrospect this also created an excellent business model for commercial vendors to build out virtualized infrastructure and offer software to others, who would be willing to pay less upfront for access than to host and maintain it themselves. Salesforce.com jumped on this opportunity early, taking on the likes of Oracle and SAP for the CRM market in 1999.

In 2003, engineer Benjamin Black proposed a new infrastructure for Amazon.com which was “…completely standardized, completely automated, and relied extensively on web services for things like storage.”6 also mentioning “the possibility of selling virtual servers as a service.”6 CEO Jeff Bezos took notice, and in his own retrospect, commented that:  

“…we were spending too much time on fine-grained coordination between our network engineering groups and our applications programming groups. Basically, what we decided to do is build a [set of APIs] between those two layers so that you could just do coarse-grained coordination between those two groups.”7

“On the surface, superficially, [cloud computing] appears to be very different [from our retailing business].” “But the fact is we’ve been running a web-scale application for a long time, and we needed to build this set of infrastructure web services just to be able to manage our own internal house.”8

That infrastructure build-out eventually turned into a commercial service in 2006, with the launch of Elastic Compute Cloud (EC2) from Amazon Web Services (AWS). From their 2006 announcement:

“Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud…designed to make web-scale computing easier for developers. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use.”9

 The early success of Salesforce.com, Amazon, and several others proved the economic model of delivering services over the internet, firmly cementing cloud computing as a viable method to interact with software and computing infrastructure. Rapid growth in cloud services resulted in vast amounts of data landing in the hands of organizations who did not own it – and couldn’t practically be held liable for how it was accessed. Cloud Access Security Brokers (CASBs) were first proposed in 2012, offering visibility over where cloud data was located, protection for it within services, and access controls. While CASB is a logical countermeasure to cloud data loss and compliance, many IT organizations are still in the early stages of testing.

Enter the Multi-Cloud

With the release of Microsoft Azure in 2010 and Google Cloud Platform in 2011, attractive alternatives to AWS entered the market and spurred experimentation. It was inevitable for competition to arise, but created a scenario where choosing just one provider wasn’t necessary, or even beneficial. Linux provider Redhat puts it well:

“You might find the perfect cloud solution for 1 aspect of your enterprise—a proprietary cloud fine-tuned for hosting a proprietary app, an affordable cloud perfect for archiving public records, a cloud that scales broadly for hosting systems with highly variable use rates—but no single cloud can do everything. (Or, rather, no single cloud can do everything well.)”10

Fault tolerance can also come into play, with select but major cloud outages proving that adding redundancy across multiple cloud providers can be a sound enterprise strategy. The most pertinent question that has arisen out of this trend however, is how to manage it all? Manual configuration of multiple cloud environments is naturally going to be a time-consuming effort. To speed deployment time, the concept of infrastructure-as-code (alternatively “programmable infrastructure”) was developed, evolving the nature of cloud computing once again. Author Chris Riley describes the concept:

“…instead of manually configuring infrastructure you can write scripts to do it.  But not just scripts, you can actually fully incorporate the configuration in your application’s code.”11

Commercial vendors like Puppet Labs, Chef, and Ansible have built technology on this premise, allowing for automated deployment across multiple cloud providers. For security, the challenge of fragmentation is similar, but so are the solutions. Data and applications need to be protected from external and internal threats, even misconfiguration. AWS, Azure, and Google all have well-documented divisions in the shared security responsibility between themselves and the customer.

That brings us to today, where deployment automation tools are leading the way in bringing consistent management to IT and DevOps teams. Security technology is developing in-step, adapting to infrastructure-as-code by becoming a part of automated deployment process as code itself. We invite you to learn more about how you can automate security in a multi-cloud environment by exploring the scenarios on this page.

If you’re thinking about the next stage in cloud computing’s evolution, hit us up on Twitter @Mcafee_Business and let us know what’s on your mind.

 

References
1 https://www.businesswire.com/news/home/20170912005444/en/2017-State-Enterprise-Multi-Cloud-Report-Cloud-Fragmented
2 https://www.internetsociety.org/internet/history-internet/brief-history-internet/#Origins
3 http://www.kurzweilai.net/memorandum-for-members-and-affiliates-of-the-intergalactic-computer-network
4 http://www.davidsgallery.info/Viewpoint/Resources/VM370-BlueLetter-Aug1972.pdf
5 https://patents.google.com/patent/US6397242
6 http://blog.b3k.us/2009/01/25/ec2-origins.html
7 https://www.programmableweb.com/news/amazon-and-economics-web-services/2008/06/02
8 http://www.roughtype.com/?p=1126
9 https://aws.amazon.com/about-aws/whats-new/2006/08/24/announcing-amazon-elastic-compute-cloud-amazon-ec2—beta/
10 https://www.redhat.com/en/topics/cloud-computing/what-is-multicloud
11 https://devops.com/meet-infrastructure-code/
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post A Brief History of Cloud Computing and Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/brief-history-cloud-computing-security/feed/ 0
A Map of the Most Dangerous Sources of Cybercrime https://securingtomorrow.mcafee.com/business/map-dangerous-sources-cybercrime/ https://securingtomorrow.mcafee.com/business/map-dangerous-sources-cybercrime/#respond Tue, 06 Mar 2018 22:14:08 +0000 https://securingtomorrow.mcafee.com/?p=85068 This blog post was written by James Andrew Lewis, senior vice president at the Center for Strategic and International Studies (CSIS).  Now that 3 companies and 13 individuals from Russia have been indicted for U.S. election interference, the general American populace has insight into a problem that has been growing for years: Russia has little […]

The post A Map of the Most Dangerous Sources of Cybercrime appeared first on McAfee Blogs.

]]>
This blog post was written by James Andrew Lewis, senior vice president at the Center for Strategic and International Studies (CSIS). 

Now that 3 companies and 13 individuals from Russia have been indicted for U.S. election interference, the general American populace has insight into a problem that has been growing for years: Russia has little respect for the law.  In fact, based on a recent study on the Economic Impact of Cybercrime CSIS undertook with McAfee, Russia leads the world in cybercrime. This reflects both the skill of its hacker community and its disdain for western law enforcement.

The complex and close relationship between the Russian state and organized crime means that Russia provides a sanctuary for the most advanced cybercriminals, who focus on the financial sector. The best cybercriminals in the world live in Russia, and as long as they do not travel to countries where they could be arrested, they are largely immune from prosecution. For example, one of the cybercriminals who hacked Yahoo at the behest of Russian intelligence services, compromising millions of accounts and transferred the PII to the Russian government, also used the stolen data for spam and credit card fraud for personal benefit.

Yet Russia is hardly the only country specializing in cybercrime; China, North Korea, and Iran are right up there. The combination of massive budgets, access to talent and protection from law enforcement make nation-states the most dangerous source of cybercrime, which our report estimates takes about a $600 billion toll on the global economy.

Next to Russia, we believe North Korea is the next most important nation for cybercrime. Both hack banks for financial gain. In 2015-2016, for instance, a cybercrime campaign targeted dozens of banks in the SWIFT network, stealing tens of millions of dollars from banks in developing countries. The North Korean Reconnaissance General Bureau (RGB) has been linked to these attacks, which provided a lucrative way to supplement the North Korean government’s access to foreign currency.

Recognizing the difficulty of pulling off large-scale thefts from a single major western bank, the RGB targeted smaller, less sophisticated banks in developing countries like Bangladesh, Vietnam, and Ecuador. In Bangladesh, they used the victim banks’ credentials to send what looked like legitimate SWIFT fund transfer requests These requests at first appeared legitimate to the receiving banks, since they were sent from legitimate partner banks through the established channels, so in some cases, the money was transferred.

North Korea also has turned to cryptocurrency theft to help fund its regime. North Korean hackers have targeted at least three South Korean cryptocurrency exchanges in 2017. Cryptocurrencies are a particularly valuable target for North Korea, who are able to use Bitcoin’s anonymity to circumvent international sanctions. Some researchers have speculated that North Korean actors have also been involved in attempts to surreptitiously install Bitcoin mining software on hacked computers, hijacking networks of compromised systems to mine for cryptocurrencies. The Pyongyang University of Science and Technology has begun offering its computer science students classes in Bitcoin and Blockchain, confirming the growing interest in cryptocurrencies for North Korea.

Hackers in North Korea and Russia, whether affiliated with the state or not, account for much of the cybercrime that occurs in the world. Until these nation-states change their behavior, either by stopping state support for hacking or by enforcing laws against criminal hackers, cybercrime will remain a major international problem.

The post A Map of the Most Dangerous Sources of Cybercrime appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/map-dangerous-sources-cybercrime/feed/ 0
What do cybersecurity and the board game Battleship have in common? https://securingtomorrow.mcafee.com/business/cybersecurity-board-game-battleship-common/ https://securingtomorrow.mcafee.com/business/cybersecurity-board-game-battleship-common/#respond Fri, 02 Mar 2018 22:49:34 +0000 https://securingtomorrow.mcafee.com/?p=84947 A long day of encouraging a customer to reconsider their lack of desire to develop a plan, build a security architecture that included automation and orchestration –  with the ability to measure value vs. just adding tools as needed – led to a very late-night drive home. I was encouraged the customer invited me back […]

The post What do cybersecurity and the board game Battleship have in common? appeared first on McAfee Blogs.

]]>
A long day of encouraging a customer to reconsider their lack of desire to develop a plan, build a security architecture that included automation and orchestration –  with the ability to measure value vs. just adding tools as needed – led to a very late-night drive home. I was encouraged the customer invited me back to prove my case, but it was one of those days that left me shaking my head. In reflecting on the day and all the discussions, I kept thinking back to how many times both sides used the words “cybersecurity strategy.”

Clearly, strategy is one of those words that takes on different meaning depending on the context. A thought that came to mind on my drive home was that cybersecurity is very much like the board game Battleship. Both involve strategy, and operate in a “static model”.  In the game Battleship, as you may recall, the game play is simple: each player arranges five ships—an aircraft carrier, battleship, cruiser, submarine, and destroyer—on a ten-by-ten grid of squares and attempts to “sink” his opponent’s ships by calling out the squares where he believes his enemy’s ships are hiding. Most players approach the game as essentially one of chance, targeting squares at random and hoping for a “hit.” In the Battleship game, once the player positions and arranges their ships they cannot move them so in turn they become static targets. One could say the same holds true for our classic cyber security defenses. Once we position all our defensive sensors across our environments they remain static.

But is there a better strategy? In Cybersecurity we tend to deploy strategy in a similar fashion. We establish a perimeter, network and internal protections with Firewalls, Security Gateways, IPS’s, Endpoint Security etc., and wait for the adversary to guess where to attack us. They then refine their method until they achieve their objective. Clearly it is time for a change in cybersecurity game theory.

One concept that has not been yet fully explored is that of the Moving Target Defense (MTD). Not a new concept by any means, early research dates back to prior to 2011, however it is one I believe requires much more attention by the industry. The Department of Homeland Security (DHS) defines MTD as the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts. DHS believes in this concept so much they have invested Research & Development money to advance the idea past the concept stage.

MTD assumes that perfect security is unattainable. Given that starting point, and the assumption that all systems are compromised, research in MTD focuses on enabling the continued safe operation in a compromised environment and to have systems that are defensible rather than perfectly secure.

MTD will enable us to create, analyze, evaluate and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency.

In an ideal case, I envision a scenario where an administrator would have the ability to set via policy variable time intervals to “move or shift” an entire network environment, or enclave including applications along with changing privileged account credentials, and leave a ghost network (think honeynet) in its place to capture forensics data for further review and analysis. There are several new innovative cybersecurity companies out there that have developed unique and forward-thinking deception technologies. I look forward to seeing what the art of the possible is in this space in the near future!

Good luck and good hunting…. Here is to you never having to say, “you sunk my battleship!”

The post What do cybersecurity and the board game Battleship have in common? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cybersecurity-board-game-battleship-common/feed/ 0
MWC 2018: Digital and Mobile Security in the 5G IoT Era https://securingtomorrow.mcafee.com/business/mwc-2018-digital-mobile-security-5g-iot-era/ https://securingtomorrow.mcafee.com/business/mwc-2018-digital-mobile-security-5g-iot-era/#respond Tue, 27 Feb 2018 08:01:30 +0000 https://securingtomorrow.mcafee.com/?p=84704 Mobile World Congress 2018 is upon us and the big news includes the launch of a bunch of new devices, including the Sony Xperia XZ2 Compact, Samsung Galaxy S9, Sony Xperia XZ Premium 2 and Samsung Galaxy Tab S4.

The post MWC 2018: Digital and Mobile Security in the 5G IoT Era appeared first on McAfee Blogs.

]]>
Mobile World Congress 2018 is upon us and the big news includes the launch of a bunch of new devices, including the Sony Xperia XZ2 Compact, Samsung Galaxy S9, Sony Xperia XZ Premium 2 and Samsung Galaxy Tab S4.

In addition to these and dozens of other devices launching at this year’s event in Barcelona, we are seeing the acceleration of the trend for domestic and industrial smart devices, voice-controlled digital assistants and other internet of things (IoT) enabled smart devices.

Google, for example, is using MWC 2018 as a platform to publicise Google Assistant and the Google Home smart speaker, though one thing we still haven’t heard enough about are the many new security threats and issues surrounding new smart devices, digital assistants and IoT technologies.

Biometric Authentication, 5G Realities and IoT security

Another notable trend at MWC 2018 has been the focus from Samsung and some of the other major mobile players on improved forms of biometric authentication, with Samsung releasing a much-improved Iris Scanner as part of the new Galaxy S9 range.

It’s certainly a really positive move to see this focus on identity authentication at this year’s show, with a notable shift at this year’s event from the hype surrounding virtual and augmented reality and voice-controlled smart homes to far more realistic and practical concerns around security, biometrics and the real-world use cases of superfast 5G networking tech.

Much of the conversation around 5G, of course, is still dominated around how edge computing and low latency in 5G networks will actually translate into valuable and useable services for consumers and businesses alike.

These new 5G use cases dominated the IoT news at MWC 2018, with numerous exhibitors talking up their latest 5G IoT applications and concepts. And almost by default digital security has also become one of the hottest topics in Barcelona this year, as small developers and the major multinational mobile brands alike wake up to the fact that security is of paramount importance across the entire IoT supply chain

Evolving Digital Security for the 5G IoT Era

Firms are realising that their digital security strategy has to evolve at the same pace as the many new developments in the current buzzword bingo card such as 5G IoT, artificial intelligence (AI) and machine learning.

Failure to undertake the appropriate due diligence in these new emerging technologies open them up for significant penalties when the inevitable data breaches occur.

In addition to the focus on improving mobile handset security and raising awareness of digital security issues in the smart home, the onus for 5G network level security really needs to shift back to the telecommunications companies themselves.

The 5G Security Challenge for Telecoms

The bottom line is this: the security of 5G networks presents a fundamental challenge to the telecommunications industry at large. Something that the hype machine surrounding 5G at MWC 2018 generally fails to highlight, for obvious reasons!

The promise of 5G-enabled services in smart cities, connected cars and across the burgeoning e-health sector, for example, is clear. Yet the fact that network-wide security and security across the IoT value chain is fundamental to these types of applications and services operating safely is still too often overlooked.

Driverless cars, smart surgery and IoT applications across the manufacturing sector are good examples to cite, where digital security is crucial.

All of which is why we as an industry have to work better together – from digital security specialists through to 5G IoT app and hardware developers through to the multinational telecommunications companies themselves – to ensure that we are doing all we can to meet the security challenges and the many increasingly sophisticated attacks that are sure to come in the 5G era.

The post MWC 2018: Digital and Mobile Security in the 5G IoT Era appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mwc-2018-digital-mobile-security-5g-iot-era/feed/ 0
Why is the Technology Industry Shirking its Security Responsibilities? https://securingtomorrow.mcafee.com/business/technology-industry-shirking-security-responsibilities/ https://securingtomorrow.mcafee.com/business/technology-industry-shirking-security-responsibilities/#respond Sat, 24 Feb 2018 09:00:57 +0000 https://securingtomorrow.mcafee.com/?p=84689 No sooner have we had time to recover from the post-CES jet-lag in January than Mobile World Congress 2018 rolls around. These two events have cemented themselves into the mobile and consumer technology industries’ calendars as key opportunities to showcase the latest hardware and software products and services, amidst a flurry of media hype and […]

The post Why is the Technology Industry Shirking its Security Responsibilities? appeared first on McAfee Blogs.

]]>
No sooner have we had time to recover from the post-CES jet-lag in January than Mobile World Congress 2018 rolls around. These two events have cemented themselves into the mobile and consumer technology industries’ calendars as key opportunities to showcase the latest hardware and software products and services, amidst a flurry of media hype and eager expectation from early adopters worldwide. So what’s in store for the technology industry and its eager consumers in 2018?

If anything, CES this year was a little flat, with little to see in the way of real innovation. This year’s show was a year of ‘iteration’ not ‘innovation’, particularly in the IT security industry, where the conversation at the show was dominated by promises of ‘security by design’ but no real demonstration of this. I was personally very interested to find out more about the latest smart safe that was unveiled at the show, billed as “a smarter way to keep valuables safe”.

Here was a new IoT device that, if anything, surely had to have the best digital security baked into it by design, no?

Unfortunately, that particular internet-connected safe turned out to be something of a damp squib, mainly because it proved to be incredibly easy to crack open. One BBC Tech reporter reported a worrying error that failed to trigger a theft alert. We simply banged on the top of the safe and it opened. What is more remarkable is that this vulnerability is well known,  I had an issue with a smart safe of my own when the battery ran out and of course I lost my key.  One quick search on YouTube revealed banging on the top of the safe would work, and guess what… it actually did! So much for ‘digital peace of mind’…

That’s merely one example of a slightly broken product that clearly needs a little more development before it hits the market. But that single widely-publicized security snafu was, unfortunately, tellingly symptomatic of an industry-wide trend of shirking responsibility for consumers’ digital (and physical) security.

All too often, digital and mobile security is still considered to be an afterthought, by hardware manufacturers and software developers alike, which is simply no longer viable. Particularly given the context of the increasing number and sophistication of cyber-attacks on mobile devices. See, for a very good example of this, the results of McAfee’s latest Mobile Threat Report 2018 – to be released at MWC 2018 – which reveals an explosion in mobile malware and dramatic changes in the mobile landscape over the last year.

If smartphone manufacturers genuinely wish to charge consumers in excess of £1000 for handsets, and provide finance plans to fund them then simply put, we need to know they are trustworthy. Shifting the blame onto the user, rather than building adequate methods of prevention into our business models is not acceptable.

So onto Mobile World Congress 2018 in Barcelona this year, we will be making some major announcements regarding a number of strategic partnerships with some of the world’s telecoms giants, designed to keep mobile users and the data on their increasingly number of smart devices safe, both in the home and on the go.

After all, it’s not that flash £1000 phone in your pocket that the real cybercrimals are after. It’s the data that’s stored within it, that can potentially give them complete access to your bank account, your confidential business data and more. And as the number of devices we have in our homes, our bags, our cars and our offices continues to proliferate, so does the number of attack vectors that cybercriminals can use to fraudulently obtain money.

The post Why is the Technology Industry Shirking its Security Responsibilities? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/technology-industry-shirking-security-responsibilities/feed/ 0
A Model for Human and Machine Interaction: Human-Machine Teaming Grows up https://securingtomorrow.mcafee.com/business/model-human-machine-interaction-human-machine-teaming-grows/ https://securingtomorrow.mcafee.com/business/model-human-machine-interaction-human-machine-teaming-grows/#respond Fri, 23 Feb 2018 18:00:58 +0000 https://securingtomorrow.mcafee.com/?p=84665 Security operation centers (SOCs) are struggling to keep up with attackers, and artificial intelligence (AI) has failed to deliver significant improvements. The industry has been successful at applying AI to malware detection and user and entity behavior analytics (UEBA) using deep neural networks and anomaly detection. But other core SOC jobs such as monitoring, triage, […]

The post A Model for Human and Machine Interaction: Human-Machine Teaming Grows up appeared first on McAfee Blogs.

]]>
Security operation centers (SOCs) are struggling to keep up with attackers, and artificial intelligence (AI) has failed to deliver significant improvements. The industry has been successful at applying AI to malware detection and user and entity behavior analytics (UEBA) using deep neural networks and anomaly detection. But other core SOC jobs such as monitoring, triage, scoping, and remediation remain highly manual. Some repetitive and low-value tasks can be assisted with automation, but tasks that require analysis and creativity are hard to capture in code. Even worse: Imagine trying to automate the investigation of an undiscovered attack technique.

Automation and current AI solutions depend upon a human observing and understanding a threat, then building a model or writing code. The time gap between the human observing a phenomenon and the machine helping is the reason why attackers often have the upper hand. In order to get ahead, we need to make AI systems learn and interact directly with practitioners at the SOC.

The idea behind human-machine teaming (HMT see [1] and [2]) is to put the human in the AI algorithm loop. In a SOC context, the human has the intuition to find a new attack technique and the creativity to investigate it using company tools. Using human input, the machine gathers information and presents it back in a summary to manage the human cognitive workload. As a result of the human-machine interaction, the machine learns to better proceed in new scenarios, while the human continues to adapt, focusing on higher-value tasks.

Several products put the human in the loop, but few empower the human to perform high-order cognitive tasks.

Research shows that unsupervised anomaly detection can be improved by asking the human to examine alerts when classification confidence is low. This approach improves detection by 4X and reduces false positives by 5X [3]. More importantly, the system teaches itself to address adversaries’ changing tactics.

Our assessment of the current SOC tools landscape shows that several products put the human in the loop, but very few empower the human to perform high-order cognitive tasks. In order to understand where we stand as an industry and what the gap is, we clustered tools into four groups.

Most cybersecurity products today deliver HMT1 and HMT2 capabilities. McAfee Investigator delivers HMT3 and our engineers are working toward HMT4.

On the vertical axis, we have ascending levels of cognitive tasks that humans bring to the team, while on the horizontal axis we have machine capabilities. An assumption of this model is that a human is not able to exercise high-order tasks if she also has to perform low-level functions. This is similar to a Maslow pyramid psychology model. As the machine starts to interact with the human at a higher level of cognition, the team becomes more effective and the degree of human-machine teaming increases from HMT0 to HMT4.

Most of the products in the industry today revolve around the first two iterations of human-machine teaming, known as HMT1 and HMT2. In these scenarios, humans interact with products by analyzing data and providing explicit orders on how to drill down and gather additional data. In some products, humans are able to elevate their work by getting insights and applying their intuition and context to them.

What is clearly missing are products that can take directional feedback, for instance: “Get me evidence that supports potential lateral movement on this case”. We are also missing products that can learn by  observing the human at work, for instance, learning to dismiss the alerts that humans have investigated and dismissed in the past.

At McAfee we are using this HMT maturity model as a guide to building better features and tools for the SOC. We recently launched McAfee Investigator [4] to help triage alerts faster and more effectively. Investigator, which uses a question answering approach to leverage expert knowledge [5], can take directional feedback from the human to pivot an investigation (HMT3). Our goal is to develop Investigator to a point where it can learn directly from practitioners (HMT4).

Learn more about human-machine teaming here.

 

[1] S. Grobman, “Why Human-Machine Teaming Will Lead to Better Security Outcomes,” 13 July 2013. [Online]. Available: https://securingtomorrow.mcafee.com/executive-perspectives/human-machine-teaming-will-lead-better-security-outcomes/
[2] B. Kay, “News from Black Hat: Humans Collaborate and Team with Machines to Work Smarter,” 25 July 2017. [Online]. Available: https://securingtomorrow.mcafee.com/business/news-black-hat-humans-collaborate-team-machines-work-smarter/
[3] K. Veeramachaneni, I. Arnaldo and V. Korrapati, “AI^2 : Training a big data machine to defend,” IEEE 2nd International Conference on Big Data Security on Cloud, 2016.
[4] “McAfee Investigator,” [Online]. Available: https://www.mcafee.com/us/products/investigator.aspx
[5] F. M. Cuenca-Acuna and I. Valenzuela, “The Need for Investigation Playbooks at the SOC,” 2017. [Online]. Available: https://www.sans.org/summit-archives/file/summit-archive-1496695240.pdf   
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.
McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure.

The post A Model for Human and Machine Interaction: Human-Machine Teaming Grows up appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/model-human-machine-interaction-human-machine-teaming-grows/feed/ 0
To See Mugshots of Today’s Bank Robbers, Look at a World Map https://securingtomorrow.mcafee.com/business/see-mugshots-todays-bank-robbers-look-world-map/ https://securingtomorrow.mcafee.com/business/see-mugshots-todays-bank-robbers-look-world-map/#respond Wed, 21 Feb 2018 14:18:59 +0000 https://securingtomorrow.mcafee.com/?p=84590

In Depression-era America, bank robbers John Dillinger, Baby Face Nelson, and Pretty Boy Floyd were household names. Newspapers detailed their heists, radios narrated their getaways, wanted posters plastered their mug-shot scowls from coast-to-coast. Every detail of their bank robberies and personal lives was seized upon, scrutinized, circulated, and discussed. Eight decades later, bank robbery is […]

The post To See Mugshots of Today’s Bank Robbers, Look at a World Map appeared first on McAfee Blogs.

]]>

In Depression-era America, bank robbers John Dillinger, Baby Face Nelson, and Pretty Boy Floyd were household names. Newspapers detailed their heists, radios narrated their getaways, wanted posters plastered their mug-shot scowls from coast-to-coast. Every detail of their bank robberies and personal lives was seized upon, scrutinized, circulated, and discussed.

Eight decades later, bank robbery is a digital, systematic crime practiced – with methods constantly improved – by organized syndicates. The stubbled faces of Dillinger, Nelson, and Floyd have been replaced by shapes on the world map tracing the borders of Russia, North Korea, and Iran. A former NSA Deputy Director said publicly in March that “nation states are robbing banks.”

A 2015-16 campaign stole hundreds of millions of dollars from banks in the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network. SWIFT network banks in. That campaign, which targeted developing countries, was linked to the North Korean Reconnaissance General Bureau (RGB), security analysts believe. In 2017 North Korean hackers targeted at least three South Korean cryptocurrency exchanges, capitalizing on Bitcoin’s anonymity to circumvent international sanctions. The Pyongyang University of Science and Technology has begun offering its computer science students classes in Bitcoin and blockchain.

The best cybercriminals in the world live in Russia, where they are largely immune from prosecution. For instance, one of the cybercriminals who hacked Yahoo at the behest of Russian intelligence services, compromising millions of accounts, used the stolen data for spam and credit card fraud for personal benefit. Iran’s DDOS attack on leading U.S. banks exemplify its coercive strategy to exert influence through disruption and destruction.

Hackers in these countries, whether affiliated with the state or not, account for much of the cost of global cybercrime. The latest strategy of their sophisticated operations is to target the “seams” between well-defended networks, exploiting weak points in the global financial network to pull off massive heists and in some cases further their national rhetoric.

To combat these operations, major international financial institutions are investing in defense, better fraud prevention, and transaction authentication. One report says that banks spend three times as much on cybersecurity as non-financial institutions to fight what has become a systematic risk to financial stability.

In the 1920s and ‘30s, the world sat back and watched John Dillinger, Baby Face Nelson, and Pretty Boy Floyd do their dirty work as the FBI slowly closed in. We can’t do that today. Governments, financial institutions, companies with banking records, and anyone with an ATM card should be invested in stopping financial cybercrime.

Banks have banded together to share information in near real time in order to protect the stability of the broader electronic financial system on which the world economy to heavily depends. Ultimately, they have determined that no one organization can go it alone with faced with such organized and well-funded adversaries. With the stability of the global financial system in play, unprecedented collaboration has become the new norm, we at McAfee embrace the same spirit by building all of our technology to facilitate the sharing of critical data across hundreds of technology partners. It appears sharing and collaboration will be the only way to counter this new breed of adversary and no one can go it alone anymore. The banks are leading  the way in this new reality of Together is Power.

For more information, follow us on @McAfee.

The post To See Mugshots of Today’s Bank Robbers, Look at a World Map appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/see-mugshots-todays-bank-robbers-look-world-map/feed/ 0
The Many Forms of IP Theft Add Up to Big Losses https://securingtomorrow.mcafee.com/business/many-forms-ip-theft-add-big-losses/ https://securingtomorrow.mcafee.com/business/many-forms-ip-theft-add-big-losses/#respond Wed, 21 Feb 2018 14:16:38 +0000 https://securingtomorrow.mcafee.com/?p=84600 U.S. military drone technology surfaces on the black market and is bought by arms dealers. A pharmaceutical company based in Eastern Europe obtains trade secrets divulging the recipe for a popular prescription medication. A business that rejected an architect’s bid nevertheless uses part of that plan in construction. An advance copy of a much-anticipated “Game […]

The post The Many Forms of IP Theft Add Up to Big Losses appeared first on McAfee Blogs.

]]>
U.S. military drone technology surfaces on the black market and is bought by arms dealers. A pharmaceutical company based in Eastern Europe obtains trade secrets divulging the recipe for a popular prescription medication. A business that rejected an architect’s bid nevertheless uses part of that plan in construction. An advance copy of a much-anticipated “Game of Thrones” episode is sold to rabid fans on social media.

Welcome to the wide world of intellectual property theft, which accounts for one of the largest slices of overall global cybercrime. Unlike ransomware, crimes targeting financial institutions, or state-supported hacking, IP theft takes many forms – large and small, sophisticated and crude, strategic and unintentional – making it especially difficult to address. When it involves military technology, IP theft creates risks to national security. When it involves unlicensed use of creative assets, the losses can be invisible to the victim. Yet a resulting decline in revenue has an impact.

How serious is the global issue of IP theft? Diplomacy at the highest level prioritizes addressing IP theft above addressing state-run espionage. At the 2015 summit between Presidents Xi Jinping of China and Barack Obama of the United States, the leaders agreed that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”  Interestingly, the language of this agreement was drafted by the U.S. to allow continued espionage.  China and the U.S. tacitly agreed that they could continue to spy on each other if there was a national security justification. The resulting 2015 Obama Xi agreement on commercial cyber espionage may have “saved” the U.S. perhaps as much as $15 billion a year.

Putting a value on IP is an art.  How much is spent on research and development does not determine the value of IP,  Companies can estimate what the IP would fetch on the market if offered for sale or licensing.  Companies can estimate the future revenue stream their IP will produce, but there may be a long lag between theft and the introduction of a competing product.  One way to measure the cost of intellectual property theft is to look for competing products that take market share from the rightful owners. If hackers steal intellectual property from a small or medium sized enterprise, such as their product designs, it can be a fatal experience.

McAfee’s estimate puts the value of all IP in the U.S  at $12 trillion, with an annual increase of between $700 billion and $800 billion annually.  Based on our earlier analyses, and assuming that loss rates from IP theft track other kinds of cybercrime and the effect of the Obama-Xi agreement, the annual losses for the U.S. of between $10 billion and $12 billion from cybercrime targeting IP and perhaps $50 billion to $60 billion globally.

These figures may not reflect the full global loss. IP theft is everywhere, in many different forms.

For more information, download the latest Economic Impact of Cybercrime report, and follow us on @McAfee.

The post The Many Forms of IP Theft Add Up to Big Losses appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/many-forms-ip-theft-add-big-losses/feed/ 0
Inside the Capabilities and Detection of UDPoS Malware https://securingtomorrow.mcafee.com/business/inside-capabilities-detection-udpos-malware/ https://securingtomorrow.mcafee.com/business/inside-capabilities-detection-udpos-malware/#respond Sat, 17 Feb 2018 00:18:40 +0000 https://securingtomorrow.mcafee.com/?p=84569 Imagine a job that changes every day of your life, where you get to do something new each week – that’s what it’s like working in the cybersecurity industry. For me, this is ideal—smarter adversaries, new challenges, and the constant struggle to predict and prepare for the future of security in information technology makes this feel […]

The post Inside the Capabilities and Detection of UDPoS Malware appeared first on McAfee Blogs.

]]>
Imagine a job that changes every day of your life, where you get to do something new each week – that’s what it’s like working in the cybersecurity industry. For me, this is ideal—smarter adversaries, new challenges, and the constant struggle to predict and prepare for the future of security in information technology makes this feel a lot less like work. However, it’s important to remember that we do this only because people are getting hurt, often literally. And that’s a sobering and humbling perspective. In many scenarios, a successful campaign can have drastic effects on the victims’ lifestyles and finances. In today’s example, the victims, point-of-sale systems, are being attacked by a POS malware and are being targeted for identity and financial theft.

This particular attack leveraged a POS malware dubbed UDPoS, aptly named for its somewhat uncommon data exfiltration method over UDP, specifically via DNS queries. Although this malware is definitely not the first of its kind (see Multigrain POS malware, DNSMessenger), it certainly is an uncommon technique, and intelligent in that many organizations deprioritize DNS traffic for inspection as compared to HTTP and FTP. Coupled with the fact that UDPoS allegedly leverages a popular remote desktop service known as LogMeIn, and you have a malware campaign that could have a broad reach of victims (in this case unpatched or dated POS systems), and a unique ability to avoid detection for data exfiltration.

Although uncommon, and perhaps somewhat covert in its ability to transmit data over DNS, this malware does offer an upside for defenders — attackers will continue to use protocols which do not employ encryption. The move to SSL or other encryption methods for data exfiltration has been surprisingly inconsistent, meaning detection is relatively simple. This makes the need for communication and visibility of these kinds of techniques essential.

As defenders, McAfee’s Advanced Threat Research team actively monitors the threat landscape and tracks both new and current techniques for every stage of malware—from reconnaissance to infection, lateral movement, persistence, command and control, and exfiltration. We will stay closely tuned to determine if this technique grows in popularity or evolves in capabilities.

We are constantly playing a game of cat and mouse with the adversaries. As we adapt, protect, and attempt to predict new methods of malicious activity, we can be certain the same efforts are being made to evade and outsmart us. Our challenge as a security community is to work together, learn from each other, and apply these learnings toward recognizing and mitigating new threats, such as the DNS exfiltration method employed by UDPoS.

To learn more about UDPoS malware and others like it, be sure to follow @McAfee and @McAfee_Labs on Twitter.

The post Inside the Capabilities and Detection of UDPoS Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/inside-capabilities-detection-udpos-malware/feed/ 0
Satori Botnet Turns IoT Devices Into Zombies By Borrowing Code from Mirai https://securingtomorrow.mcafee.com/business/satori-botnet-turns-iot-devices-zombies-borrowing-code-mirai/ https://securingtomorrow.mcafee.com/business/satori-botnet-turns-iot-devices-zombies-borrowing-code-mirai/#respond Fri, 09 Feb 2018 20:33:50 +0000 https://securingtomorrow.mcafee.com/?p=84407 Like a zombie rising from the dead, a new botnet is reemerging from the remains of Mirai malware. Specifically, modern-day threat actors are breathing life into a fast-evolving botnet called Satori by repurposing some of the source code from Mirai. And now, Satori is creating zombies of its own, as its been found hijacking internet-connected devices […]

The post Satori Botnet Turns IoT Devices Into Zombies By Borrowing Code from Mirai appeared first on McAfee Blogs.

]]>
Like a zombie rising from the dead, a new botnet is reemerging from the remains of Mirai malware. Specifically, modern-day threat actors are breathing life into a fast-evolving botnet called Satori by repurposing some of the source code from Mirai. And now, Satori is creating zombies of its own, as its been found hijacking internet-connected devices and turning them into an obedient botnet army that can be remotely controlled in unison.

Satori, as of now, is a work in progress. But that also means it’s evolving rapidly. Satori knows that agility equates to survival — we’ve seen it adapt to security measures and transcend its former self time and time again. Researchers have even taken down the main Satori C&C server, only to find the botnet remerge shortly after.

So it’s no surprise that it recently reemerged stronger than ever before. The current version has been found targeting software associated with ARC processors, which are used in a variety of IoT devices. Once it finds a weakness in an IoT device, Satori checks to see if default settings have been changed, and gains control of any machine that still has them. From there, it connects to the larger network and gains control of other devices that may be on it. So far, Satori has only managed to enslave a small number of devices. But once its army becomes large enough, it can be summoned to pump out masses of e-mail spam, incapacitate corporate websites, or even bring down large chunks of the internet itself.

Apparently, Satori doesn’t just take code from Mirai, it takes cues too – as these efforts are reminiscent of the infamous Mirai DDoS attack. But we can take cues from Mirai too in order to prepare for a potential Satori attack. First and foremost, every owner of an IoT device must change the default settings immediately – a necessary security precaution that many don’t take, which gave Mirai the firepower it needed in the first place. From there, users should disable telnet access from the outside and use SSH for remote administration if needed. However, this responsibility falls on the shoulders of manufacturers too, as they should enforce these settings by default. If both users and vendors follow these simple security steps, we can stunt Satori’s growth and stifle its Mirai-inspired ambitions entirely.

To learn more about the Satori botnet, and others like it, be sure to follow @McAfee and @McAfee_Labs on Twitter.

The post Satori Botnet Turns IoT Devices Into Zombies By Borrowing Code from Mirai appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/satori-botnet-turns-iot-devices-zombies-borrowing-code-mirai/feed/ 0
McAfee Endpoint Security – Why You Don’t Have to Take Our Word for It. https://securingtomorrow.mcafee.com/business/mcafee-endpoint-security-dont-take-word/ https://securingtomorrow.mcafee.com/business/mcafee-endpoint-security-dont-take-word/#respond Mon, 05 Feb 2018 20:00:23 +0000 https://securingtomorrow.mcafee.com/?p=84242 It’s an unfortunate fact that evaluating security vendors today can often mean sifting through a sea of marketing hype to understand which products should be added to your short-list. Exclusive claims about what makes one product different from another may be vague, hard to find or even harder to believe. That’s why when it comes […]

The post McAfee Endpoint Security – Why You Don’t Have to Take Our Word for It. appeared first on McAfee Blogs.

]]>
It’s an unfortunate fact that evaluating security vendors today can often mean sifting through a sea of marketing hype to understand which products should be added to your short-list. Exclusive claims about what makes one product different from another may be vague, hard to find or even harder to believe.

That’s why when it comes to our endpoint security platform, McAfee believes the proof is in the product, and that your experience with it will clearly demonstrate the real-world benefits you’re looking for. However, we understand that being invited to your security discussion table depends on a few things like accuracy, trust and reputation. So, rather than make claims of my own, I’m writing this to share what others have had to say so that you don’t have to take our word for it.

First up,  McAfee Endpoint Security (ENS) recently earned a Top Product Award from AV-TEST Institute and scored high detection rates against the threats thrown against it. But that’s not an isolated incident. In fact, here are three more findings by non-McAfee firms on the abilities of ENS to protect, provide value and reliability.

 

NSS Labs

The NSS Labs Advanced Endpoint Protection (AEP) Test is one of the most exhaustive tests of advanced endpoint defenses in the industry. NSS gave McAfee ENS a Recommended product rating. According to NSS, this “…indicates that a product has performed well and deserves strong consideration. Only the top technical products earn a Recommended rating from NSS.” Coming from a test specifically designed to evaluate how effective a solution is at detecting advanced malware, that should tell you McAfee’s endpoint and machine learning defenses are ready for the best disguised malware you may face.

SC Magazine

Return on investment matters, and you undoubtedly strive to get the best bang for your buck. SC Magazine conducted a product group test of endpoint security systems, awarding McAfee ENS a 5 out of 5-star rating, as well as “Best Buy” in the side by side vendor comparison of products. Further, SC Magazine summarized their findings as, “Solid performance, straightforward operation and tight integration” with “no weakness found” during assessment.

Frost & Sullivan

Frost and Sullivan awarded McAfee with the 2017 Global Endpoint Security Growth Excellence Leadership Award, finding that “McAfee has seen high growth in 2016, at 17.7%, outpacing the overall market. All other top competitors either slipped or were essentially flat.” With ~40 total vendors in view, that not only means that McAfee is growing in a crowded market, but that your peers are continuing to choose to invest in McAfee ENS.

At McAfee, we are committed to being your security partner for the long haul. But we don’t want you to just take our word for it. Instead, listen to what others are saying and decide if you can afford to not see how McAfee ENS can help you stop more threats, see more in your environment, manage less and get the return your investment deserves. If you’re a current McAfee customer using McAfee VirusScan Enterprise, McAfee Site Advisor or Host Intrusion Prevention, you already own McAfee ENS. Click here to learn about how to migrate.

For more information, follow @McAfee on Twitter and LinkedIn.

The post McAfee Endpoint Security – Why You Don’t Have to Take Our Word for It. appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-endpoint-security-dont-take-word/feed/ 0
A New Standard for Security at New Standard Corporation https://securingtomorrow.mcafee.com/business/new-standard-security-new-standard-corporation/ https://securingtomorrow.mcafee.com/business/new-standard-security-new-standard-corporation/#respond Mon, 05 Feb 2018 18:30:14 +0000 https://securingtomorrow.mcafee.com/?p=84244 From the latches on the toolbox in your garage to componentry in gigantic earth movers, New Standard Corporation provides Original Equipment Manufacturer components, assemblies, and related services for products used in the agriculture, construction, mining, industrial, and power generation industries. As at companies everywhere, New Standard has seen information security move from the back shelf […]

The post A New Standard for Security at New Standard Corporation appeared first on McAfee Blogs.

]]>
From the latches on the toolbox in your garage to componentry in gigantic earth movers, New Standard Corporation provides Original Equipment Manufacturer components, assemblies, and related services for products used in the agriculture, construction, mining, industrial, and power generation industries. As at companies everywhere, New Standard has seen information security move from the back shelf to the boardroom in recent years.

New Standard Network Administrator Chad Johnson has experienced the shift firsthand. “Years ago, I would never hear from the C-suite or a VP about whether we are doing enough to secure our data, prevent loss, and prevent hacking,” attests Johnson, who oversees all facets of networking, infrastructure, and telephony at the company’s three manufacturing facilities in Pennsylvania and North Carolina. “The Equifax breach definitely helped raise awareness.”

New Standard Corporation has built a reputation of trust and reliability with major OEMs across multiple industries, so cybersecurity is crucially important to the company. The company’s approach to collaborative engineering and custom OEM manufacturing enables it to offer industry-leading solutions, while taking every measure to ensure complete confidentiality.

That approach has led the company to invest in security infrastructure. New Standard has relied on McAfee® endpoint protection for more than a decade, and recently migrated to McAfee Endpoint Security. The company also added McAfee Web Gateway appliances and McAfee Threat Intelligence Exchange,. As a result, Johnson’s day-to-day activities and approach to security have evolved significantly. “Prior to implementing McAfee Endpoint Security and McAfee Web Gateway, our security was essentially event-driven and reactive,” explains Johnson. “We just waited to be notified of an infection on an endpoint.”

“With McAfee Web Gateway filtering at the edge for malware, suspicious content, and web reputation, and with McAfee Endpoint Security and McAfee Threat Intelligence Exchange sharing threat information back and forth, we have become much more proactive,” continues Johnson. “We’re now automatically examining file reputation on all endpoints and cross-referencing unknown files with the McAfee GTI cloud. The number of threats that make it to the endpoint has plummeted, as has the amount of time we spend remediating infected systems.”

Managing Security by Exception

“I manage by exception now,” says Johnson, who looks at the McAfee ePolicy Orchestrator® (McAfee ePO™) central console about an hour each day. “I still look at reports daily, and occasionally validate that all the automated responses we’ve put in place with McAfee are working… but incident response has been fantastic. Today most of my time in McAfee ePO is proactive—for instance, looking for file anomalies or potentially suspicious behavior.”

Johnson particularly appreciates the modular architecture of the McAfee Endpoint Security framework introduced last year. “I love the module approach, where you can deploy specific pieces and leverage only what you want,” says Johnson. “Modularity lets us more easily modify our security profile over time. With this platform, we are looking to add a lot of additional functionality and security for our desktop and mobile users.”

With the switch from reactive to more proactive security, New Standard has felt more comfortable embracing bring-your-own-device policies for employees. “We have a lot more peace of mind now regarding users working outside the firewall and on their own devices,” says Johnson.

Looking to the Cloud and Beyond

Looking forward, Johnson is most excited about the company’s upcoming deployment of McAfee Advanced Threat Defense (McAfee ATD) sandboxing appliances and integration with McAfee Threat Intelligence Exchange across all endpoints. “Given what I’ve seen [in our testing] so far, I believe McAfee ATD will dramatically reduce our potential risk for a zero-day outbreak,” says Johnson.

Extending endpoint security to the Cloud and leveraging OpenDXL are also on New Standard’s security roadmap. After attending MPOWER, the McAfee user conference in October in Las Vegas, Johnson left excited about the direction McAfee is taking its endpoint security platform and how it is working with other security vendors to mitigate threats for its customers.

For Johnson, the dynamic nature of his job is one of the reasons he keeps coming back to work each day. “You’re always going to be learning in the technology industry,” he says. “It changes year over year,” he says. So, even when the toolbox latch or manufacturing component looks the same as it did the previous year, the security behind them keeps evolving. So does McAfee.

Please watch our video of Chad Johnson talking about his experience with McAfee below. Get your questions answered by tweeting @McAfee_Business.

The post A New Standard for Security at New Standard Corporation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-standard-security-new-standard-corporation/feed/ 0
McAfee Endpoint Security Earns Top Product Award https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-endpoint-security-earns-top-product-award/ https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-endpoint-security-earns-top-product-award/#respond Mon, 29 Jan 2018 23:00:21 +0000 https://securingtomorrow.mcafee.com/?p=84065 The AV-TEST Institute, a leading international and independent service provider in the fields of IT security and anti-virus research,  has given McAfee Endpoint Security (ENS) a Top Product Award in their latest corporate Windows7 test. AV-Test evaluated the most recent version 10.5.3 of McAfee Endpoint Security and gave it a score of 17.5 out of […]

The post McAfee Endpoint Security Earns Top Product Award appeared first on McAfee Blogs.

]]>
The AV-TEST Institute, a leading international and independent service provider in the fields of IT security and anti-virus research,  has given McAfee Endpoint Security (ENS) a Top Product Award in their latest corporate Windows7 test. AV-Test evaluated the most recent version 10.5.3 of McAfee Endpoint Security and gave it a score of 17.5 out of a possible 18. Both Usability and Protection earned perfect scores of 6 out of 6, with Performance achieving a near-perfect score of 5.5 out of 6.

That means our latest Endpoint Security solution is yet again a market-leading solution, surpassing other enterprise platform security vendors in independent scoring around Protection, Performance and Usability.  In fact, McAfee ENS was 100% effective against both 0-day malware attacks as well as prevalent malware circulating in the past 4 weeks. And with virtually no false positives (only 1 out of 1.3M) McAfee ENS showed virtually no signs of impacting user productivity.

McAfee ENS is our most modern and effective endpoint security platform to date, delivering advanced integrated capabilities from endpoint hardening, to reputation analysis, machine learning, behavioral containment and endpoint detection and response (EDR). Eighty percent of our current endpoint node base has either completed or is actively in the process of migration to ENS. That’s tens of millions of nodes across thousands of customers globally.

In addition to the Top Product Award for our corporate endpoint solution, our McAfee consumer product—McAfee Internet Security—received perfect scores across the board for protection performance and usability, resulting in an 18 out of 18.  This is significant as both our corporate and consumer nodes work together to deliver one of the largest real-world sensor grids available with over 350 million clients deployed globally.  This sensor network continuously informs our analytics and makes it possible for us to deliver truly differentiated protection as our test results confirm.

 

If you’re a current McAfee customer using McAfee VirusScan Enterprise, McAfee Site Advisor or Host Intrusion Prevention, you already own McAfee ENS.  McAfee ENS simplifies what you manage because it uses one agent and integrates defenses into one platform. How much does it simplify? You could save up to 40 hours a week and cut threat remediation time by as much as 95%. Those aren’t numbers created in a McAfee lab, actual customers have reported saving this much time.

 

Not a McAfee customer? In that case let me ask two questions:

  • Have you had an instance of ransomware in the last year? Our customers report after deploying McAfee Endpoint Security going from regular waves of attacks to zero.
  • How many solutions and management tools do you use to secure your endpoints? Odds are it’s between 4-5 because that’s the average.

Think about how much time having one place to go to manage everything would save you! Now imagine if instead of moving from the multiple tools and interfaces you use and plugging in data or manually deciding what to do, having integrated components that do the collaboration and put threats into context for you.

Learn more about the latest McAfee Endpoint Security or if you’re already a customer, get the details on how to upgrade your legacy products.

The post McAfee Endpoint Security Earns Top Product Award appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/mcafee-endpoint-security-earns-top-product-award/feed/ 0
The Reality of an Incoming C1 Cyberattack on the UK https://securingtomorrow.mcafee.com/business/reality-incoming-c1-cyberattack-uk/ https://securingtomorrow.mcafee.com/business/reality-incoming-c1-cyberattack-uk/#respond Mon, 29 Jan 2018 17:09:24 +0000 https://securingtomorrow.mcafee.com/?p=84048 “When, not if.” Ciaran Martin, head of the U.K.’s National Cyber Security Centre (NCSC), used those words to say he is expecting a devastating cyberattack will hit the U.K. in the next two years. The attack, he believes, will bring disruption to British elections and critical infrastructure. These remarks were made in light of newly […]

The post The Reality of an Incoming C1 Cyberattack on the UK appeared first on McAfee Blogs.

]]>
“When, not if.”

Ciaran Martin, head of the U.K.’s National Cyber Security Centre (NCSC), used those words to say he is expecting a devastating cyberattack will hit the U.K. in the next two years. The attack, he believes, will bring disruption to British elections and critical infrastructure. These remarks were made in light of newly released figures detailing the number of cyberattacks on the U.K. in the last 15 months. Martin said the U.K. has been fortunate to avoid a so-called category one (C1) attack, broadly defined as an attack that might cripple infrastructure such as energy supplies and the financial services sector.

His prediction initially brings one thing to mind – WannaCry. A strain of the ransomware impacted 50 countries and infected more than 250,000 machines in just one day. Its exploits included a massive takedown of 16 U.K. NHS medical centers. WannaCry was rated by the NCSC as a C2 level of attack, milder than the C1 Martin says is still to come.

Organisations across the U.K. were unprepared when WannaCry hit last May, and there is no simple fix to protect everyone. Martin concedes total protection is impossible, stating “Some attacks will get through. What you need to do is cauterise the damage.” The NCSC has been gradually building defenses and is due to publish a 60-plus-page dossier outlining what has worked and what has not since it opened in October 2016. Defense is a responsibility that falls on all of our shoulders, and begins with a new mentality that attacks are inevitable, and preparedness vital for a “culture of security.”

There is a misconception that cybersecurity is an IT issue that affects systems, not ordinary people. The reality is that cybercrime hurts us all. A massive cyberattack impacts economies, governments, innovation, growth, even global state of mind. If we all accept the reality of a potential C1 attack, we also accept the challenge to bond together in a new pact to protect the assets and values we hold dear. We must to do this. It’s a matter of when, not if.

To learn more about modern day threat landscape, be sure to follow us at @McAfee and @McAfee_Labs.

The post The Reality of an Incoming C1 Cyberattack on the UK appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/reality-incoming-c1-cyberattack-uk/feed/ 0
Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities https://securingtomorrow.mcafee.com/business/exploring-correlation-bitcoins-boom-evrials-capabilities/ https://securingtomorrow.mcafee.com/business/exploring-correlation-bitcoins-boom-evrials-capabilities/#respond Thu, 25 Jan 2018 20:12:09 +0000 https://securingtomorrow.mcafee.com/?p=83990 Many of the stealthiest cyberthreats out there spawn on underground forums, as malware authors leverage the space to sell unique variants to fellow criminals. And now there’s a new addition to the underground scene. Meet Evrial: a powerful, information-stealing Trojan which is currently for sale for 1,500 Rubles or $27 USD. Its author previously created […]

The post Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities appeared first on McAfee Blogs.

]]>
Many of the stealthiest cyberthreats out there spawn on underground forums, as malware authors leverage the space to sell unique variants to fellow criminals. And now there’s a new addition to the underground scene. Meet Evrial: a powerful, information-stealing Trojan which is currently for sale for 1,500 Rubles or $27 USD. Its author previously created another variant named CryptoShuffler, which allows cybercriminals to replace the Windows clipboard and steal files from cold cryptocurrency wallets, as well as passwords from programs/browsers. Its successor, Evrial, can steal browser cookies, swoop stored credentials, and monitor the Windows clipboard too — only now it can potentially hijack active cryptocurrency payments and send stolen money directly to a cybercriminal’s address.

Specifically, the Trojan is capable of monitoring the Windows clipboard for certain types of text, and if it detects specific strings, it can modify or even replace them with ones sent by the attacker. This could mean replacing legitimate addresses and URLs with ones under the attacker’s control; a regular Bitcoin address could suddenly become one belonging to a cybercriminal. If the target pastes that address into their app, thinking it’s the legitimate one, and sends Bitcoin, the cyptocurrency will soon be in the hands of the cybercriminal. Mind you, Evrial goes beyond Bitcoin, as it is also configured to detect strings that correspond to Litecoin, Monero, WebMoney, Qiwi addresses and Steam items trade URLs.

Evrial is just one of many Bitcoin-centric news stories lately, as cryptocurrency in general has been on practically everyone’s minds – which begs the question, is there a connection? Is the increased focus on digital currency inciting the creation of malware variants designed specifically to capitalize on Bitcoin’s boom?

In short – yes and no. Historically, cryptocurrencies have been a popular mechanism on underground markets for several years. Other digital currencies were used in the past but presented problems for bad actors due to their centralized nature. However, Blockchain technology, which powers cryptocurrencies like Bitcoin and is designed to be decentralized, allowed bad actors to protect their assets from law enforcement. Noticing this value, criminals on underground markets began to use this to their benefit well before the value of Bitcoin reached $1000+ a coin.

But soon enough Bitcoin value continued to grow and malware authors took notice, as they began to target Bitcoin wallets rather than simply trade in it. Ransomware exploded, holding victim’s files and machines hostage for almost exclusively Bitcoin payment. Malware that was traditionally sold as a scraper (to steal credit card information and passwords) was upgraded to include a cryptocurrency mining feature and was sold at a premium price.

Bad actor adoption of cryptocurrency has been both significant and quick, and notably much faster than the general population. Malware that uses, steals, and is sold with cryptocurrency is now the norm. And now as the general population’s interest in cryptocurrency has exploded, we’ve seen an increase in interest from malware authors as well. This interest has led to new malware behavior, such as Evrial’s ability to scan clipboards for cryptocurrency addresses. It’s had a major impact in how business is done in the underground.

However, it’s important to note that Bitcoin’s popularity presents its own problems. The volatile value has made the buying and selling of illicit goods problematic. Additionally, the pricing of a ransom is now askew. This has forced some markets to move to multi-coin platforms (namely incorporating Monero) as an alternative and some malware families to turn to other alt-coins to mine or steal.

All in all, cryptocurrency is no different than other motivators before it – when cybercriminals find the right opportunity to enhance their profitability, they capitalize on it. And when road blocks emerge, they find ways to maneuver around them. Now, the next step for cyber defenders is to keep their eyes peeled for what’s next, and eventually — outpace cybercriminals entirely.

To learn more about the fight against Evrial and other Trojans like it, be sure to follow us at @McAfee and @McAfee_Labs.

The post Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/exploring-correlation-bitcoins-boom-evrials-capabilities/feed/ 0
GDPR: Great Data Protection Rocks – Especially on Data Privacy Day https://securingtomorrow.mcafee.com/business/gdpr-great-data-protection-rocks-especially-data-privacy-day/ https://securingtomorrow.mcafee.com/business/gdpr-great-data-protection-rocks-especially-data-privacy-day/#respond Thu, 25 Jan 2018 16:00:31 +0000 https://securingtomorrow.mcafee.com/?p=83900 International Data Privacy Day might seem like an odd holiday, especially for businesses to observe. That’s what we thought about Earth Day, launched in 1970, and today companies around the world announce their public support every year. International Data Privacy Day marks the day – back in 1981 — that the Council of Europe recognized […]

The post GDPR: Great Data Protection Rocks – Especially on Data Privacy Day appeared first on McAfee Blogs.

]]>
International Data Privacy Day might seem like an odd holiday, especially for businesses to observe. That’s what we thought about Earth Day, launched in 1970, and today companies around the world announce their public support every year. International Data Privacy Day marks the day – back in 1981 — that the Council of Europe recognized the importance of the right to privacy with a treaty. *

This Data Privacy Day, Jan. 28, finds Europe looking ahead to major new privacy rules in the form of General Data Protection Regulation (GDPR) to be enforced starting on May 25. And this has given us an opportunity to address privacy the way we have come to respect environmentalism. It’s everywhere, it’s everyone’s business, and it’s good business.

As I have worked to ready McAfee for GDPR, one thing I have learned is that it truly takes everyone to focus on the protection of data.  I’ve been privileged to meet and work with hundreds of my McAfee colleagues to sort out what GDPR prepared means to us, from security architects, lab folks, the product teams, and great messaging people.  It takes a city, not just a village, to get ready for GDPR.

This year, most data protection professionals will celebrate Data Privacy Day on Thursday, January 25th, just four months before the official enforcement date for GDPR.  One of my favorite things to come out of the many conversations about GDPR is a new slogan: Great Data Protection Rocks.  The slogan, compliments of our senior writer Jeff Elder, captures my thoughts perfectly — Great Data Protection is not just good digital hygiene and good technological maintenance. It’s an admirable, even cool, ideal, and it’s part of McAfee’s Culture of Security, described by chief executive Chris Young in December in New York. “Ten years ago, if I were to ask a CEO about cybersecurity, he might say, ‘Yeah, I’ve got some guy in IT that’s working on this.’ Now everybody cares and I think that’s going to make a big difference,” Chris told CNBC’s Jim Cramer.

He’s right: Security in general and data protection are not big, monolithic initiatives achieved with one initiative, but rather require the whole city to have a Culture of Security – and you don’t get that by writing checks, or by formulating one list of best practices. We won’t be washing our hands of data protection and putting a bow on top on Data Privacy Day, on May 25 when GDPR goes into effect, or ever. If that sounds ominous, you may be looking at it the wrong way.

My colleague Mo Cashman, Director Sales Engineering, Principle Engineer lays out the journey to real culture change: “First think of security strategy in terms of governance, people, processes and technology. Then consider the security outcomes you need to be GDPR-ready, and the relevant solutions.”

Great Data Protection means all of us being advocates for good practices. It means making sure you know where you are putting your data, and knowing what protections exist when you use cloud applications… It means saying no to an organization that wants to bypass privacy, security, or vendor practices and do a quick-and-dirty connection to your database or even your brand’s social media accounts. That’s not cool. It’s the equivalent of your company disposing of waste in environmentally harmful ways.

It’s also bad business because winging it every time you handle data is a waste of time and energy. Nailing down good practices that everyone can adhere to every time is economical in many ways. Making that effort a real and admirable value of your company is a beautiful thing.

I confess to being a bit of an International Privacy Day geek (my mother has it written on her calendar and calls and wishes me a happy day).  I generally get a cake and try to touch base with far-flung data protection colleagues.  But the early companies that embraced Earth Day look good now. If Great Data Protection Rocks seemed a little dorky in 2017, I’m good with that. We’ll keep your data safe until you come around.

For additional information about GDPR please visit our Solutions Page, or join in on the conversation by following @McAfee or @McAfee_Business on Twitter.

*  The treaty, the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data,anticipated the cross-border transfers of data that we take for granted now.

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post GDPR: Great Data Protection Rocks – Especially on Data Privacy Day appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/gdpr-great-data-protection-rocks-especially-data-privacy-day/feed/ 0
How Pseudo-ransomware KillDisk Creates a Smoke Screen for Cybercriminals https://securingtomorrow.mcafee.com/business/pseudo-ransomware-killdisk-creates-smoke-screen-cybercriminals/ https://securingtomorrow.mcafee.com/business/pseudo-ransomware-killdisk-creates-smoke-screen-cybercriminals/#respond Fri, 19 Jan 2018 17:35:24 +0000 https://securingtomorrow.mcafee.com/?p=83809 We all remember Petya/NotPetya. How could you forget? The nasty malware took cues from WannaCry, leveraging the same SMB vulnerability. But instead of locking away files, Petya/NotPetya was a wiper – simply cleaning devices of their data. Petya was not the first wiper we’ve seen, and it’s certainly not the last. In fact, a classic […]

The post How Pseudo-ransomware KillDisk Creates a Smoke Screen for Cybercriminals appeared first on McAfee Blogs.

]]>
We all remember Petya/NotPetya. How could you forget? The nasty malware took cues from WannaCry, leveraging the same SMB vulnerability. But instead of locking away files, Petya/NotPetya was a wiper – simply cleaning devices of their data. Petya was not the first wiper we’ve seen, and it’s certainly not the last. In fact, a classic disk wiper is currently re-emerging in Latin America, called KillDisk, and is targeting financial firms. Once dropped on a computer, it will load itself into memory, delete its files from disk, and rename itself.

KillDisk is actually one of the most infamous malware families around. It has historically masked itself as ransomware, but is rather a very destructive wiper. Cybercriminals typically deploy it in the later stages of an infection so they can use it to hide their tracks by wiping disks and destroying forensic evidence. That’s precisely why it was paired together with the BlackEnergy malware during Telebots’ attacks on the Ukrainian power grid – so the cybercriminals could conduct their scheme with stealth.

As Christiaan Beek, lead scientist and principal engineer at McAfee claims – that’s a wiper’s bread and butter. He says, “In the past we have seen wipers being used targeting the Energy sector in the Ukraine, Oil & Gas industry in the Middle-East, Media-company and against targets in South Korea. All of these were related to regional or political conflicts.”

Destruction is clearly the end goal, but stealth is the way of getting there. Beek continues, “In 2017, we introduced the term pseudo-ransomware where destructive attacks disguised as ransomware either took down companies in a nation or were used to keep the IT-department busy while money was being transferred at the same time. Now with KillDisk, it seems that criminals do not hesitate to use it during their campaigns. Since the initial infection vector is unknown and we are lacking further samples or details, we can only speculate why they are using this.”

That’s the ultimate question – why? Is KillDisk part of a larger attack, intended to help cybercriminals avoid detection? Or are crooks extorting these financial institutions for monetary gain? As of now, we’re unsure of the motive. But we do know that as this threat continues to evolve and creates a convincing smoke screen, we all must be as vigilant as ever.

To learn more about our fight against ransomware, check out the alliance No More Ransom. And be sure to follow us at @McAfee and @McAfee_Labs.

The post How Pseudo-ransomware KillDisk Creates a Smoke Screen for Cybercriminals appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/pseudo-ransomware-killdisk-creates-smoke-screen-cybercriminals/feed/ 0
Trivial Software Flaws Continue to Plague Networked Devices https://securingtomorrow.mcafee.com/business/trivial-software-flaws-continue-plague-networked-devices/ https://securingtomorrow.mcafee.com/business/trivial-software-flaws-continue-plague-networked-devices/#respond Thu, 11 Jan 2018 01:46:08 +0000 https://securingtomorrow.mcafee.com/?p=83674 Western Digital My Cloud NAS Devices Contain Multiple Vulnerabilities It’s 2018, but it feels like 2008.  I often reflect on how relatively simplistic the attack surface of nearly everything was just 10 years ago, and how much we’ve evolved since then.  I remember writing exploits for trivial buffer overflows without having to deal with exception […]

The post Trivial Software Flaws Continue to Plague Networked Devices appeared first on McAfee Blogs.

]]>
Western Digital My Cloud NAS Devices Contain Multiple Vulnerabilities

It’s 2018, but it feels like 2008.  I often reflect on how relatively simplistic the attack surface of nearly everything was just 10 years ago, and how much we’ve evolved since then.  I remember writing exploits for trivial buffer overflows without having to deal with exception handling, address randomization, stack and heap execution protections, and many other significant enhancements to operating systems, browsers and software in general.  As the years passed, we started to see software vendors making tangible progress in the areas of secure coding and vulnerability mitigations.  The most popular exploits tended to be in the browser space, and as such we saw an increasingly rapid response from browser vendors over the years as they struggled to gain or maintain market share in an aggressively contested market.  With the evolution of sandboxing and containerization, popular browsers such as Internet Explorer and Chrome began to raise the bar on what it took to execute malicious code.  Bypass mitigations, such as MemGC in the Microsoft Edge browser were implemented to reduce the number of trivial use-after-free vulnerabilities.  Operating systems have been hardened with new features such as VBS in Windows 10 (no not Visual Basic Scripting) to provide virtualization-based security for protection of critical systems and data.  It would be great if I could just end this discussion here, and we could all go home feeling great about the future of information security.  Unfortunately, not everyone is aboard this train.  Specifically, device manufacturers continue to deprioritize the necessity of secure code in order to get faster, larger and more feature-rich products to market quickly.

Western Digital is by no means any worse an offender in this area than others, but after reading the latest vulnerability disclosures in its ubiquitous network storage device known as My Cloud, I felt it was necessary to provide some basic insight to the industry about the implications and effects of insecure software development.  The principal problem is not that these devices contain vulnerabilities; even software vendors such as Apple, which pours millions of dollars and dedicated security teams into securing its operating system, have been bitten (pun intended) by asinine security flaws.  The High Sierra empty password root authentication bypass is a good example of this.

No, the problem lies in the complete lack of interest in developing secure code.  Even someone with zero software development experience could probably look at the following code and see the issue; spoiler alert, it’s a classic backdoor:

It leads me to ask the simple question – how are hardcoded backdoors still a thing?  Even if you can get past the myriad of early-millennium-style vulnerabilities reported in this disclosure, why won’t device manufacturers make the relatively small investment to review the code of the products they are selling worldwide?  Automated tools exist for this, and even a junior-level security practitioner could likely uncover some of these flaws.  Every year brings another collection of similar disclosures, yet the bar stays the same.  Simple format string abuse, rudimentary authentication bypasses, command injections and buffer overflows just to name a few.  Of equal importance, beyond simple coding errors, is that the basic concept of designing in a backdoor or adding one to an existing design is a well-known mistake. Resources such as IEEE’s Center For Secure Design’s “Avoiding the Top 10 Security Design Flaws” have been readily available for years.

I think a big part of the problem is the sheer noise.  You’d be hard pressed to find a software or device manufacturer out there who hasn’t been exposed to some negative press based on vulnerabilities reported in its products.  After enough exposure, consumers subconsciously begin to tune this noise out and it becomes the de facto standard for the products they buy; a “tax”, if you will, where they carry much of the risk, in this case the potential theft of personal data and privacy.

It begs the question of what can be done to improve this process and move the industry as a whole towards better security practices.  We’d like to challenge vendors to invest in secure development, code review and patching and mitigation strategies.  At McAfee, we try our best to practice what we preach.  We’ve made our own mistakes, and we’ve adapted from those experiences in an ongoing effort to fundamentally improve the way we build products.  It’s also time that consumers demand more from vendors; ultimately, the consumer carries the most significant tool of all, your decision about which products you buy and your mandate for security accountability.  Within McAfee’s Advanced Threat Research team, we firmly believe in the process of responsible disclosure and the openness of the research community in finding and reporting similar issues.  Whenever possible, we will continue to work directly with vendors who answer this call, in order to find and effectively eliminate vulnerabilities through the disclosure process.

Devices such as Western Digital’s My Cloud may fall under the purview of a consumer economy that pushes for cheaper technology with an abstract expectation of “security”. Still, software security is at the point where the “rubber meets the road”, where theory turns into practice which in turn is delivered in the devices that we use and hope we can trust.  Only with increased visibility and a shared set of priorities can we make hardcoded backdoors and other trivial security flaws truly, a thing of the past.

The post Trivial Software Flaws Continue to Plague Networked Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/trivial-software-flaws-continue-plague-networked-devices/feed/ 0
How McAfee Embedded Security Helps Medical Device Manufacturers Protect Their Products from Malware and Hacker Attacks https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/mcafee-embedded-security-helps-medical-device-manufacturers-protect-products-malware-hacker-attacks/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/mcafee-embedded-security-helps-medical-device-manufacturers-protect-products-malware-hacker-attacks/#respond Wed, 10 Jan 2018 17:00:37 +0000 https://securingtomorrow.mcafee.com/?p=83655

Like other Internet of Things (IoT) devices, medical equipment is a vulnerable attack surface. By 2018, it’s expected that sales of medical devices will exceed 14 million units—more than five times the sales of 2012.1 Network- and cloud-connected medical devices used in clinical settings—nurse stations, patient monitors, communications, networks, diagnostic devices, testing, scanning systems, blood […]

The post How McAfee Embedded Security Helps Medical Device Manufacturers Protect Their Products from Malware and Hacker Attacks appeared first on McAfee Blogs.

]]>

Like other Internet of Things (IoT) devices, medical equipment is a vulnerable attack surface. By 2018, it’s expected that sales of medical devices will exceed 14 million units—more than five times the sales of 2012.1 Network- and cloud-connected medical devices used in clinical settings—nurse stations, patient monitors, communications, networks, diagnostic devices, testing, scanning systems, blood gas analyzers, and more—are just as much at risk as healthcare IT networks, laptops, and tablets.

Typical attacks targeting such devices are ransomware, internal and external data exfiltration, distributed denial-of-service attacks, malware introduced via infected external memory devices, and network attacks. A single connected medical device can potentially be exploited to enable large-scale data theft.

Medical device manufacturers have a responsibility to secure their devices to prevent breaches and to protect the privacy of patient and healthcare facilities’ data. They must ensure their products conform to strict regulatory compliance mandates dictated by the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for medical devices issued by the US Food and Drug Administration (FDA).

Healthcare information is rich in both financial and personally identifiable data, making it a highly profitable target for cybercriminals. In the black market, a health record can fetch as much as $60, compared to $15 for a Social Security number.2 It’s estimated that approximately 100 million healthcare records were compromised just in the first quarter of 2015.3 A recent study reveals that the average cost of a healthcare breach in 2016 was $4 million per incident—up 29% since 2013.4

Let’s take a look at the trajectory of a typical threat that targets poorly secured medical devices. The implications can be devastating, with the potential for costly data breaches.

  1. An employee (either inadvertently or with malicious intent) installs malware on a connected medical device via a USB drive.
  2. The malware connects the infected device to an external command and control server.
  3. The perpetrator wipes out the data and overwrites a server’s Master Boot Record.
  4. The server affects hundreds or thousands of devices, potentially disabling them.

McAfee helps medical device manufacturers thwart attacks and comply with strict regulatory mandates and requirements by providing an array of embedded security solutions, including application control with whitelisting, antivirus and anti-malware protection, device security management, advanced data protection, encryption, and simplified, streamlined device management. McAfee solutions can be customized to meet the design requirements for a manufacturer’s medical device.

Siemens Healthineers—a global leader in medical imaging, laboratory diagnostics, and healthcare information technology—recognizes that system security is a critical concern among healthcare providers and customers. They employ trusted McAfee embedded security and solutions to ensure that security is designed into their devices at the outset. The Siemens Ultrasound System Security is an embedded antivirus solution powered by McAfee that offers a comprehensive defense against unwanted applications, blocking both known and unknown threats. In addition, their RapidLab1200 blood gas analyzer uses McAfee whitelisting to secure the device and prevent unauthorized applications from running on it. To learn more about how network security can be breached via a medical instrument and how Siemens works with McAfee to protect patient data on blood gas analyzers, view this informational video created by Siemens.

To learn about McAfee solutions for embedded medical systems and ensure that your devices have the best possible security, visit: https://www.mcafee.com/us/resources/data-sheets/ds-embedded-control-for-healthcare.pdf.

 

1 https://www.parksassociates.com/blog/article/dec2013-medical-devices

2 http://arnoldit.com/wordpress/2017/01/10/medical-records-are-the-hot-new-dark-web-commodity/

3 http://www.csoonline.com/article/2931474/data-breach/attackers-targeting-medical-devices-to-bypass-hospital-security.html

4 http://fortune.com/2016/06/15/data-breach-cost-study-ibm/

 

The post How McAfee Embedded Security Helps Medical Device Manufacturers Protect Their Products from Malware and Hacker Attacks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/mcafee-embedded-security-helps-medical-device-manufacturers-protect-products-malware-hacker-attacks/feed/ 0
Changing Role of the CISO https://securingtomorrow.mcafee.com/business/changing-role-ciso/ https://securingtomorrow.mcafee.com/business/changing-role-ciso/#respond Thu, 04 Jan 2018 20:00:30 +0000 https://securingtomorrow.mcafee.com/?p=83439 With the growth of digital world, we have seen growth in cyberthreats. These range from the annoying to the downright catastrophic. And as these threats evolve and permutate, we have also seen the evolution of a formerly overlooked player: the Chief Information Security Officer, or CISO. Not only is the CISO’s role changing, but so […]

The post Changing Role of the CISO appeared first on McAfee Blogs.

]]>
With the growth of digital world, we have seen growth in cyberthreats. These range from the annoying to the downright catastrophic. And as these threats evolve and permutate, we have also seen the evolution of a formerly overlooked player: the Chief Information Security Officer, or CISO.

Not only is the CISO’s role changing, but so is his/her relationship to the organization they work in. Where once many reported to the Chief Information Officer (CIO), many now report directly to the CEO or the Board. In their new role, the CISOs also need new skills.

The CISO was first brought into the modern business organization to monitor and analyze potential security risks for the company. Traditionally, CISOs have come more from the technical side, and perhaps did not have to understand the whole business. Leadership and communication or an in-depth business background may not have been a job requirement.

But this is changing.

With the advent of some high-profile hacks (last summer’s Equifax debacle comes to mind — the CEO lost his job), it’s fair to say the top of C-Suite is seeing the importance of cybersecurity.  The challenge for the modern CISO is to discuss the business issues causing the security challenges (versus just talking technology).  When CISOs bring ideas to the executive table that are put in terms of choices and business integration, it is more likely that issues will be addressed and remediated.

How do the roles of the CIO and CISO differ? They are both involved with Information Technology, but from different angles. The CIO’s charter is to ensure information is available to run the business; the CISO’s charter is to ensure security without affecting availability of business services. This could be an adversarial relationship, but approached properly – from a holistic viewpoint – it can work well.

Every organization handles security differently, based on its needs and internal structure. The CIO has traditionally worked on the management side of a company and is internally and operationally focused. CISOs by their nature are outwardly-focused. In this case, silos can be fatal to a company. Also, since the CISO often reported to the CIO, they weren’t always seen as peers. One perception is that CIOs are seasoned veterans and leaders, and CISOs are younger and more specialized. But as reality changes, neither should be put in a box.

The CISO’s role has become more elevated because of the importance of data management in the Digital Age. We see that without cybersecurity, a company can be seriously compromised, both monetarily and in reputation. For many companies, information and security are not part of the business; they are the business.

The CISO has also become the go-to person when working with cybersecurity vendors. Since there are over 1,000 cybersecurity companies of varying sizes and scope, the role frequently means getting different flavors of software to work together. Once that is accomplished, the CISO also needs to communicate what they are doing to the rank and file of an organization.

As I travel the U.S. and the world, I am frequently asked along on sales calls, and I am often asked questions about strategy, Board of Directors reporting, metrics, Security Operations, and product delivery. However, when I address these topics, I stress that CISOs must look at the business as an organic whole versus focusing on technology. If you force just on technical choices, one might look at cybersecurity as a cost. The right approach to focus on the business and managing the environment, as well communicating how security is important to company success.

In sum, today’s CISO has an important and expanded role in managing a company’s security heath. They should a have a relationship with both the CEO and the Board, so that organizations can accurately assess their threat landscape. A good CISO is also a good leader and communicator, but someone who can influence the organization to be able to drive towards the outcome of ensuring security and availability of systems. In short, the role has evolved from specific function to a vital part of a company’s management.

What’s your view? I’d like to hear it.

The post Changing Role of the CISO appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/changing-role-ciso/feed/ 0
The Year Cybersecurity Made Primetime https://securingtomorrow.mcafee.com/business/year-cybersecurity-made-primetime/ https://securingtomorrow.mcafee.com/business/year-cybersecurity-made-primetime/#respond Tue, 26 Dec 2017 18:00:55 +0000 https://securingtomorrow.mcafee.com/?p=83382 Grey-Sloan Memorial Hospital, the fictional hospital on the television drama “Grey’s Anatomy,” was suddenly brought to a halt Nov. 14 at the hands of ransomware. The No. 3 drama on broadcast television, a venerable franchise of 14 seasons and 300 episodes, reflected the harsh reality faced by many. WannaCry, Petya, and Equifax entered dinner table […]

The post The Year Cybersecurity Made Primetime appeared first on McAfee Blogs.

]]>
Grey-Sloan Memorial Hospital, the fictional hospital on the television drama “Grey’s Anatomy,” was suddenly brought to a halt Nov. 14 at the hands of ransomware. The No. 3 drama on broadcast television, a venerable franchise of 14 seasons and 300 episodes, reflected the harsh reality faced by many. WannaCry, Petya, and Equifax entered dinner table conversation and late-night talk show monologues. In 2017 cybercrime made primetime.

Shonda Rhimes, creator of “Grey’s Anatomy,” tweets about ransomware hits Grey-Sloan Memorial

The events that transpired this year put cybersecurity on everyone’s mind. The stories of ransomware and malware found their way into homes, schools, and businesses – everyday life.

The Attacks That Changed Everything

In May, the ransomware WannaCry took center stage. True to its name, WannaCry was worth its weight in tears: 150 countries impacted, 250,000 machines infected, 16 United Kingdom medical centers taken down, all in just one day. The ransom was paid, and expert analysis ensued. The motive: disruption. As Raj Samani, Chief Scientist at McAfee stated: “The game has changed. The reality is that any organization can hire someone to disrupt a competitor’s business operations for less than the price of a cup of coffee.”

Taking cues from WannaCry, the Petya/NotPetya malware emerged a month later as its successor. The next global cyberattack leveraged the same vulnerability, but was nastier when infecting systems. Instead of locking away files and extorting money from victims, Petya/NotPetya was a wiper – deleting all files from affected devices.

The threat landscape was not just populated by cyberattacks, but also a data breach deemed the worst in recent memory. The Equifax breach exposed crucial personal identification of roughly 143 million consumers in the United States. This data included names, addresses, birthdates, driver’s license data and Social Security numbers. “We need to view the Equifax breach as a catalyst moment for rethinking the way we handle identification for U.S. citizens,” said Steve Grobman, senior vice president and chief technology officer for McAfee.

Rethink we did. These attacks, and other notable ones such as Bad Rabbit, the Uber data breach, the KRACK Wi-Fi attack, and more, changed how the cybersecurity industry responds to threats.

Cause and Effect

These attacks moved the needle. Cybercriminals were upping their game. These attacks mandated that cybersecurity must be faster, smarter, and more effective. Christiaan Beek, lead scientist and principal engineer at McAfee, says our improved response time to ransomware attacks confirms that’s happening: “The cybersecurity world is indeed responding faster than before, especially after WannaCry, which was another wake-up call… The moment researchers see that a decryptor is available, we go on and continue to hunt down the next one or learn from the previous ones and start innovating or fine-tuning our products.”

Looking Ahead

Now that cybersecurity is on prime time, what happens? We’re paying attention. Does that mean we’re prepared?

McAfee Chief Executive Officer Chris Young thinks we still have a ways to go. “It’s nearly 2018. And from the discussions I have weekly, it’s clear that business leaders understand far more about the risk of cyber threats today than they did even a few years ago. However, so many business leaders I talk to still want to know if they’re doing everything they can to protect their companies. Answer: They’re not.”

Young recommends a “Culture of Security” –– a paradigm shift in philosophy and approach from the executive boardroom to new employees on their first day. Leaders must demonstrate a new priority, whether it’s impeccable password and virtual private network use, or cloud computing adoption only under the guidance of cybersecurity professionals. “Businesses need to think security first,” Young says. “Whether that’s in designing new products and services, signing partnership agreements, in hiring new employees, or anything else.”

Malware is not the star of the show. It’s the villain, but a powerful one. Cybersecurity must adapt to address it. McAfee wrapped up 2017 by announcing the upcoming acquisition of cloud provider Skyhigh Networks, which will become part of the McAfee Cloud Security Business Unit. Skyhigh will join a McAfee portfolio that includes market-leading products in the endpoint and security operations center (SOC). Partnering in an open ecosystem pulls these major strengths together in a new and agile way.

Welcome, 2018. New tools and a new “Culture of Security” are ready to take on new threats.

The post The Year Cybersecurity Made Primetime appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/year-cybersecurity-made-primetime/feed/ 0
Cybercriminals Capitalize on Bitcoin’s Boom, Attack Mining Marketplace NiceHash https://securingtomorrow.mcafee.com/business/cybercriminals-capitalize-bitcoins-boom-attack-mining-marketplace-nicehash/ https://securingtomorrow.mcafee.com/business/cybercriminals-capitalize-bitcoins-boom-attack-mining-marketplace-nicehash/#respond Wed, 13 Dec 2017 18:10:06 +0000 https://securingtomorrow.mcafee.com/?p=83208 We’re seeing it everywhere: Bitcoin is booming. The cryptocurrency’s value has shot up 181 percent the past month. Everyone seems to be scurrying to get in on the newest gold rush – especially cybercriminals. Last week, hackers carried out a “professional” attack against Slovenian-based bitcoin mining marketplace NiceHash intended to capitalize on this trend. By conducting […]

The post Cybercriminals Capitalize on Bitcoin’s Boom, Attack Mining Marketplace NiceHash appeared first on McAfee Blogs.

]]>
We’re seeing it everywhere: Bitcoin is booming. The cryptocurrency’s value has shot up 181 percent the past month. Everyone seems to be scurrying to get in on the newest gold rush – especially cybercriminals. Last week, hackers carried out a “professional” attack against Slovenian-based bitcoin mining marketplace NiceHash intended to capitalize on this trend. By conducting an advanced attack on the organization, cybercriminals were able to steal approximately 4,700 bitcoins ($63.92 million dollars).

Beyond the staggering monetary amount, details about the attack are still emerging. Here’s what we do know: a hacker or a group of hackers was able to infiltrate NiceHash’s system through a compromised company computer. The NiceHash head of marketing Andrej P. Škraba has stated this was “a highly professional attack with sophisticated social engineering.”

NiceHash is collaborating with law enforcement as “a matter of urgency.” It briefly suspended operations, with its website still inactive at this time. It also urges users to change their passwords in the meantime until more details are revealed.

The biggest takeaway from this attack isn’t just for NiceHash users, however, as it acts an important reminder for all those eager to get involved in the cryptocurrency market. With the world’s reshaped focus on Bitcoin, the market for cryptocurrency will be caught between growth and security. As cryptocurrency marketplaces and exchanges surge in popularity, the targets on their backs will widen. Given they act as digital wallets, cryptocurrency organizations essentially double as a one-stop shop for cybercriminals wishing to line their pockets. They don’t have to encrypt and extort as with ransomware, or sell stolen info to third party data warehouses – they just have to hack one marketplace to potentially get their hands on millions of dollars.

It’s crucial NiceHash and all other cryptocurrency organizations prioritize online security immediately. That means extending the right solutions and training from the top down; supplying employees with security know-hows; locking down individual devices with tailored endpoint security; and protecting massive databases with large-scale solutions. That way, Bitcoin’s growth won’t create unintended consequences, and the cryptocurrency market will be more secure and stable.

To learn more about this Bitcoin data breach and others like it, be sure to follow us at @McAfee and @McAfee_Business.

The post Cybercriminals Capitalize on Bitcoin’s Boom, Attack Mining Marketplace NiceHash appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cybercriminals-capitalize-bitcoins-boom-attack-mining-marketplace-nicehash/feed/ 0
“Culture of Security” Pulls Cybersecurity Together https://securingtomorrow.mcafee.com/business/culture-critical-factor-fighting-cyber-threats/ https://securingtomorrow.mcafee.com/business/culture-critical-factor-fighting-cyber-threats/#respond Tue, 12 Dec 2017 15:45:05 +0000 https://securingtomorrow.mcafee.com/?p=83107

It’s nearly 2018. And from the discussions I have weekly, it’s clear that business leaders understand far more about the risk of cyber threats today than they did even a few years ago.

The post “Culture of Security” Pulls Cybersecurity Together appeared first on McAfee Blogs.

]]>

It’s nearly 2018. And from the discussions I have weekly, it’s clear that business leaders understand far more about the risk of cyber threats today than they did even a few years ago.

However, so many business leaders I talk to still want to know if they’re doing everything they can to protect their companies.

Answer: They’re not.

The critical missing piece a business leader needs to protect his or her company from cyber threats? It’s a culture of security.

As the world becomes more connected, cybercriminals are finding new ways to attack businesses, to exploit vulnerabilities in technology — and the humans that use it. Some are even using the same innovative technology we use every day to defend ourselves as a weapon against us.

Just this year, we’ve seen new iterations of cyberattacks with unprecedented and chilling repercussions.

In May, ambulances were diverted from some of the 40 hospitals in the United Kingdom that were crippled by the WannaCry ransomware attack. Major U.S. brands have, and will continue to pay big – both in dollars and reputation — for major data breaches that exposed customers’ private information.

So many businesses are doing the basics: They are hiring a Chief Security Officer. They are buying the latest technology that integrates human-machine teaming and artificial intelligence to learn about, adapt to and detect threats. They are establishing baseline protocols for maintaining a secure environment.

But it’s no longer enough to just cover your bases. Cybercriminals are getting smarter and they’re still finding ways in.

A culture of security is the piece that activates all those security best practices and investments in technology. It’s the marker determining whether or not any of those things are worth it.

So how do business leaders do it?

First – they must get their employees on board. Employees can be a company’s biggest vulnerability or its first line of defense. That means building security into the vision and values of a company. And getting employees to acknowledge and commit to the security culture.

Businesses need technology that supports rather than inconveniences employees so that they’re motivated to make smart decisions, rather than looking for work-arounds.

And businesses need to think security first – whether that’s in designing new products and services, signing partnership agreements, in hiring new employees or anything else.

At McAfee, we’re building security into our culture not just because we live and breathe this stuff everyday – but because the business imperative for every company to protect themselves from unavoidable threat requires it. Join us.

For more on this topic, follow me on Twitter at @youngdchris and @McAfee.

The post “Culture of Security” Pulls Cybersecurity Together appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/culture-critical-factor-fighting-cyber-threats/feed/ 0
What Leakbase Going Dark Means for the Data Breach Lifecycle https://securingtomorrow.mcafee.com/business/leakbase-going-dark-means-data-breach-lifecycle/ https://securingtomorrow.mcafee.com/business/leakbase-going-dark-means-data-breach-lifecycle/#respond Thu, 07 Dec 2017 23:38:46 +0000 https://securingtomorrow.mcafee.com/?p=83050 “Big Company Hit with Data Breach, Millions of Users Impacted.” An all too familiar news title, for an all too familiar issue. It almost seems that each week we read about a new data breach in the news. We learn how it happened, what the hackers went after, and the ramifications. Those affected scan their […]

The post What Leakbase Going Dark Means for the Data Breach Lifecycle appeared first on McAfee Blogs.

]]>
“Big Company Hit with Data Breach, Millions of Users Impacted.” An all too familiar news title, for an all too familiar issue. It almost seems that each week we read about a new data breach in the news. We learn how it happened, what the hackers went after, and the ramifications. Those affected scan their credit, potentially chopping up compromised cards. But what happens after that?

A data breach is just that – data that has been breached. After they’ve attacked an organization, hackers have barrels of stolen information just sitting in their laptops. So, the next question for black hats is often – what do we do with this stolen data? Answer: turn it into profit.

That’s where sites like Leakbase come into play. These crooks can hand over this stolen data to Leakbase, which is a website that has indexed and sold access to billions of usernames and passwords swiped in some of the world’s largest data breaches. Leakbase began its operations in late 2016, advertising access to crucial data stolen from data breaches involving LinkedIn, Myspace, and Dropbox. That is until this week when the site suddenly went dark, discontinuing their service entirely.  In fact, after being discontinued, the domain was redirected to Troy Hunt’s https://haveibeenpwned.com/ site, which actually allows anyone to check to see if specific email addresses have been involved in a data breach. There’s speculation that Dutch law enforcement has been involved in this shutdown, but as of now it remains only that – speculation.

So, even though Leakbase is gone, the existence of the site and others like it serves as an important reminder that the impact of data breaches reverberates louder and longer than we may imagine. “Warehouses of stolen data extend the risk of breaches,” says Christian Beek, lead scientist and principal engineer at McAfee, who helped identify this trend in cybercrime in a 2017 Threats Predictions report.

Beek says the same thing goes for cloud data services, which can be mined for valuable information while also allowing criminals to change and hide their own identities. “The same cloud capabilities that help businesses can also house stolen data and help bad guys constantly cycle through their own information, making them harder to track.” Beek says this brings home the need for evolving security operations centers connected to a community. “If it’s you vs. them, it’s very hard. If it’s all of us vs. them, we have much better odds.”

To learn more about Leakbase and the ramifications of data breaches, be sure to follow us at @McAfee and @McAfee_Labs.

The post What Leakbase Going Dark Means for the Data Breach Lifecycle appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/leakbase-going-dark-means-data-breach-lifecycle/feed/ 0
A Leader-Class SOC: The Sky’s the Limit https://securingtomorrow.mcafee.com/business/security-operations/leader-class-soc-skys-limit/ https://securingtomorrow.mcafee.com/business/security-operations/leader-class-soc-skys-limit/#respond Wed, 06 Dec 2017 19:44:17 +0000 https://securingtomorrow.mcafee.com/?p=82956 This has been quite a year for McAfee, as we not only roll out our vision, but also start to fulfill that vision. We’ve established our world view: endpoint and cloud as the critical control points for cybersecurity and the Security Operations Center (SOC) as the central analytics hub and situation room. While we’ve talked […]

The post A Leader-Class SOC: The Sky’s the Limit appeared first on McAfee Blogs.

]]>
This has been quite a year for McAfee, as we not only roll out our vision, but also start to fulfill that vision.

We’ve established our world view: endpoint and cloud as the critical control points for cybersecurity and the Security Operations Center (SOC) as the central analytics hub and situation room. While we’ve talked a lot about endpoint and cloud over the past year, we’ve only recently started exposing our thinking and our innovation in the SOC, and I would like to delve a bit deeper.

SOCs provide dedicated resources for incident detection, investigation, and response. For much of the past decade, the SOC has revolved around a single tool, the Security Incident and Event Manager (or SIEM). The SIEM was used to collect and retain log data, to correlate events and generate alerts, to monitor, to report, to investigate, and to respond. In many ways, the SIEM has been the SOC.

However, in the past couple of years, we’ve seen extensive innovation in the security operations center. This innovation is being fueled by an industry-wide acceptance of the increased importance of security operations, powerful technical innovations (analytics, machine learning), and the ever-evolving security landscape. The old ways of doing things are no longer sufficient to handle increasingly sophisticated attacks. We need do something different.

McAfee believes this next generation SOC will be modular, open, and content-driven.

And automated. Integration of data, analytics, and machine learning are the foundations of the advanced SOC.

The reason for this is simple: increased volume.  In the last two years, companies polled in a McAfee survey said the amount of data they collect to support cybersecurity activities has increased substantially (28%) or somewhat (49%). There are important clues in all that data, but the new and different attacks get lost in the noise. Individual alerts are not especially meaningful – patterns, context, and correlations are required to determine potential importance, and these constructs require analytics – at high speed and sophistication, with a model for perpetually remaining up-to-date as threat actors and patterns change. We need the machines to do more of the work, freeing the humans to understand business-specific patterns, design efficient processes, and manage the policies that protect each organization’s risk posture.

SIEM remains a crucial part of the SOC. The use cases for SIEM are extensive and fundamental to SOC success: data ingestion, parsing, threat monitoring, threat analysis, and incident response. The McAfee SIEM is especially effective at high performance correlations and real-time monitoring that are now mainstream for security operations. We are pleased to announce that McAfee has been recognized for the seventh consecutive time as a leader in the Gartner Magic Quadrant for Security Information and Event Management.* And we’re not stopping there — we’re continuing to evolve our SIEM with a high volume, open data pipeline that enables companies to collect more data without breaking the bank.

An advanced SOC builds on a SIEM to further optimize analytics, integrating data, and process elements of infrastructure to facilitate identification, interpretation, and automation. A modular and open architecture helps SOC teams add in the advanced analytics and inspection elements that take SOCs efficiently from initial alert triage through to scoping and active response.

Over the past year, we’ve worked extensively partnering with over eight UEBA vendors to drive integration with our SIEM. At our recent customer conference in Las Vegas, MPOWER, we announced our partnership with Interset to deliver McAfee Behavioral Analytics. Look for more information about that in the new year. I also want to reinforce our commitment to being open and working with the broader ecosystem in this space, even as we bring an offer to market. No one has a monopoly on good ideas and good math – we’ve got to work together. Together is Power.

We also launched McAfee Investigator at MPOWER, a net new offering that takes alerts from a SIEM and uses data from endpoints and other sources to discover key insights for SOC analysts at machine speed. Leveraging machine learning and artificial intelligence, McAfee Investigator helps analysts get to high quality and accurate answers, fast.

The initial response is great: we’ve seen early adopter customers experience a 5-16x increase in
analyst investigation efficiency. Investigations that took hours are taking minutes. Investigations that took days are taking hours. Customers are excited and so are we!

In short – we have a lot cooking in the SOC and we are just getting started.

Look for continued fulfillment of McAfee’s vision in 2018. The sky’s the limit.

Cheers,

Jason

 

*Gartner Magic Quadrant for Security Information and Event Management, Kelly M. Kavanagh, Toby Bussa, 4 December 2017. From 2015-16, McAfee was listed as Intel Security, and in 2011, McAfee was listed as Nitro Security since it acquired the company in 2011.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post A Leader-Class SOC: The Sky’s the Limit appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-operations/leader-class-soc-skys-limit/feed/ 0
Generating Compliance History Reports https://securingtomorrow.mcafee.com/business/generating-compliance-history-reports/ https://securingtomorrow.mcafee.com/business/generating-compliance-history-reports/#respond Tue, 05 Dec 2017 15:00:02 +0000 https://securingtomorrow.mcafee.com/?p=82826 When you’re managing a large environment with thousands of endpoints, assuring consistency can be a huge challenge. Imagine that you want every endpoint to be upgraded to a specific software version, for example. In many cases, you’re forced to rely on manual tracking, where errors and omissions are commonplace. And, if you want to demonstrate […]

The post Generating Compliance History Reports appeared first on McAfee Blogs.

]]>
When you’re managing a large environment with thousands of endpoints, assuring consistency can be a huge challenge. Imagine that you want every endpoint to be upgraded to a specific software version, for example. In many cases, you’re forced to rely on manual tracking, where errors and omissions are commonplace. And, if you want to demonstrate how you’re progressing towards that goal over time, you’re looking at a large manual effort to track which systems have been updated and when.

In my previous blogs, I talked about sometimes-overlooked features in McAfee ePolicy Orchestrator (ePO) that can make managing your endpoint environment a whole lot simpler. Now, I’m going to cover one more: using ePO to show compliance history over time.

Tracking Compliance

Out of the box, you can use ePO to see the percentage of your systems that comply with a given criteria, such as McAfee Endpoint Security (ENS) software version. You may already be using that feature. But what you might not realize is that, in addition to showing a snapshot of systems that do and don’t meet that criteria right now, you can also track compliance over time. Effectively, you can use ePO to set a starting point for your migration project, and then generate reports showing your day-to-day progress towards the project goal.

For example, say you want to migrate all endpoints to McAfee ENS 10.5 by the end of this quarter. And imagine that, right now, 50 percent of your endpoints are running that software version. By next week, 60 percent of endpoints may be in compliance. The following week, you may be up to 75 percent. With ePO compliance history reporting, you can generate hard numbers to track your progress towards 100 percent compliance for that migration.

Software migrations are just one example of when compliance reporting comes in handy. You could use the same reporting to track endpoint systems that have a specific set of McAfee endpoint tools or components installed. Or, you could use it to help enforce a rule that no system should be using antivirus definitions older than 10 days. If you have any compliance goal for the McAfee products and tools on your endpoints, and you can express it as a Boolean query, you can generate a graph showing your progress towards that goal and export it to an Excel spreadsheet.

Creating the Report

Generating a compliance history report in ePO involves three basic steps: creating a Boolean managed system query, creating a server task, and creating a compliance history query.

The first step, a Boolean managed system query, creates a pie chart to show which systems are compliant with your criteria and which are not. ePO features a wizard to take you through the process. To get started, click “Create new managed system query” in the Queries & Reports section of the main ePO dashboard. Select Boolean Pie Chart as the chart type, and click the “Configure Criteria” button. The properties listed here configure which attributes the query will check for compliance. So in our software migration example, if you want to see which systems are running ENS 10.5, you would add that as a compliance attribute. ePO will then show all systems that are not running software version 10.5 as non-compliant for the purposes of this query.

Using the same tool, you can also label the Boolean pie chart with your compliance criteria. And you can configure the Filters tool to exclude any systems that you don’t need to be in compliance for the purposes of your query. (So in the software migration example, you could decide that servers are out of scope for this update and exclude them from your query.)

Finally, save the Boolean Managed System Query. I’d recommend naming the report with “Compliance” in the query name for easier referencing later.

Configuring Server Tasks and Compliance Queries

The next step is to create a new server task. Go to Server Tasks in ePO and click “Create Server Task.” For simplicity’s sake, you may want to include “Compliance” in the server task’s name. For the Action field, select “Run Query.” In the Query field, select the Boolean Managed System Query you created in the previous step. In the Sub-Actions field, select, “Generate Compliance Event.” Then, set a schedule to run the server task once per day, or as often as you’d like to track. Remember: the goal here is not simply to see a snapshot of how many systems are in compliance, but to be able to track your progress towards full compliance over time. So you will want this server task to run on an ongoing basis.

For the final step, you create a new compliance history query. Go back to Queries & Reports in ePO and click “Create Compliance History Query.” For the chart type, select “Single-Line Chart.” Select “Day” for the Time Unit (unless you’ve chosen a different time interval for your server task to run). For the Line Values field, select “Average of,” and in the second field, select “Percent Compliant.” Save the chart. Then, in the filter section, add a filter for “Server Task Used to Generate Compliance Event” and assign it the Server Task that you just created.

View Progress Over Time

Illustrating compliance history over time can be extremely useful for anyone undertaking a large-scale software migration, or seeking to ensure that all systems’ McAfee components are configured consistently. But it can also be helpful for illustrating the progress of a given project to others.

If an executive wants to know how a software migration is progressing, for example, and you show them a point-in-time snapshot showing 70 percent compliance, they may want to know why 30 percent of systems are still running older software. With ePO compliance history reporting, you could demonstrate that just two weeks ago, 60 percent of systems were non-compliant, and you’ve cut that figure in half. It’s just one more way that ePO can make large-scale endpoint management easier.

To learn more about McAfee ePolicy and compliance reports, follow us on Twitter at @McAfee.

 

The post Generating Compliance History Reports appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/generating-compliance-history-reports/feed/ 0
Cloud Risk in a Rush to Adopt – New Research from the SANS Institute https://securingtomorrow.mcafee.com/business/cloud-risk-rush-adopt-new-research-sans-institute-2/ https://securingtomorrow.mcafee.com/business/cloud-risk-rush-adopt-new-research-sans-institute-2/#respond Fri, 01 Dec 2017 20:00:06 +0000 https://securingtomorrow.mcafee.com/?p=82731 This post was written by Eric Boerger. Twenty-one percent of organizations don’t know if their organization has been breached in the cloud. That uncertainty, lack of control, and limited visibility is a startling indication of the state of cloud use today: The speed of adoption has invited risk that was not foreseen. Understanding that risk is key […]

The post Cloud Risk in a Rush to Adopt – New Research from the SANS Institute appeared first on McAfee Blogs.

]]>
This post was written by Eric Boerger.

Twenty-one percent of organizations don’t know if their organization has been breached in the cloud.

That uncertainty, lack of control, and limited visibility is a startling indication of the state of cloud use today: The speed of adoption has invited risk that was not foreseen. Understanding that risk is key to gaining control over security in the cloud.

Many more industry insights are revealed in Cloud Security: Defense in Detail if Not in Depth: A SANS Survey completed in November and sponsored by McAfee. The survey especially delves into infrastructure-as-a-service from providers like Amazon Web Services (AWS) and Microsoft Azure, which is driving digital business transformation toward the most agile models to date.

Among the findings, some captured in the chart below, include the benchmark that 40% of organizations are storing customer personally identifiable information (PII) in the cloud – and 15% of those had experienced a misconfiguration due to quickly spun up components.

The inevitable goal of cloud adoption is, of course, quite laudable: To realize agility and costs benefits across the organization. The problem is that many IT departments and developers have rushed in, adjusting their delivery models from dedicated hardware in data centers to cloud instances, containers, and now even serverless infrastructure.

Where was security in that fast adoption? Unfortunately, often left behind. Existing endpoint or data center security tools often can’t simply be transferred to the cloud. They need to be rebuilt to run “cloud-native,” designed specifically for the unique properties of public cloud service provider environments. Added to that adjustment is often the dual responsibility of maintaining the public cloud and a virtual private cloud environment in your datacenter – two to manage.

This requires a cloud strategy across these environments: seek policy unification, not tool unification. Cloud security requires change. But there is no point in burdening the agility of the cloud with disconnected management. Your organization should have one view to your infrastructure with one set of policies that everyone understands.

McAfee teamed up with the SANS Institute on an analysis of this survey’s findings. In this presentation, we dive deeper into these points, providing key perspectives on the cloud industry at this crucial time. Tune in here:

Download and read the full report here: Cloud Security: Defense in Detail if Not in Depth: A SANS Survey. For more information on our approach to cloud security, go to  https://mcafee.com/cloudsecurity.

The post Cloud Risk in a Rush to Adopt – New Research from the SANS Institute appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-risk-rush-adopt-new-research-sans-institute-2/feed/ 0
Optimize Software Deployments with McAfee ePolicy Orchestrator https://securingtomorrow.mcafee.com/business/optimize-software-deployments-mcafee-epolicy-orchestrator/ https://securingtomorrow.mcafee.com/business/optimize-software-deployments-mcafee-epolicy-orchestrator/#respond Thu, 30 Nov 2017 15:00:02 +0000 https://securingtomorrow.mcafee.com/?p=82811 Few engineers will tell you that software updates are their favorite part of the job, but they’re a critically important part of endpoint security. Unfortunately, they do sometimes come with hassles—in particular, dealing with traffic surges over the WAN whenever many endpoints need to download large software packages at the same time. In my last […]

The post Optimize Software Deployments with McAfee ePolicy Orchestrator appeared first on McAfee Blogs.

]]>
Few engineers will tell you that software updates are their favorite part of the job, but they’re a critically important part of endpoint security. Unfortunately, they do sometimes come with hassles—in particular, dealing with traffic surges over the WAN whenever many endpoints need to download large software packages at the same time.

In my last blog, I talked about a sometimes-overlooked tagging feature in McAfee ePolicy Orchestrator (ePO) that can dramatically simplify management of your endpoint environment. Now, I’m going to cover some of ePO’s software deployment capabilities that you may not be using, but that can make the task a lot simpler and less bandwidth-intensive.

Distributing Software Deployments

Using ePO, you can distribute software deployment capabilities throughout your environment, and eliminate scenarios where thousands of endpoints are downloading large software packages from a central location. In this way, you can ensure that endpoints always have the latest McAfee software—without saturating site-to-site links or consuming a huge amount of bandwidth connecting to the Internet.

ePO offers two ways to do this: peer-to-peer (P2P) distribution and “SuperAgent” distributed repositories. When you use P2P (enabled by default in ePO), the first endpoint to request a software update downloads it from the centralized master repository and then distributes it to other endpoints within the local broadcast domain. All endpoints receive the update, but most no longer have to go back out over the site-to-link to do it.

P2P software distribution can be extremely efficient, since every system in the environment can act as a distribution node. And if you’re using it and experiencing no link saturation problems, then you don’t need to do anything else.

There may be cases, however, where you’re still experiencing issues. For example, in environments where mobile laptops are frequently moving across locations and networks, it can be hard to ensure that each endpoint connects with other systems in its local group in a timely manner. You may also have systems with older versions of the McAfee ENS agent that don’t support P2P. In these cases, you may have more endpoints than you’d like falling back to the central repository when they need to update software, and saturating site-to-site links. For situations like these, ePO offers an additional distribution option: SuperAgent distributed repositories.

Configuring SuperAgents

SuperAgents are endpoint systems that can be automatically configured to act as distributed software repositories. Typically, you would choose systems that don’t move and that are already being used as file servers or software distribution servers for a given physical location (such as a server being used to push out Microsoft software updates at a remote site).

To use SuperAgents, you need to ensure that each subgroup in your system tree contains a system from each remote site you want to configure as a remote distribution node. Then, follow these steps:

  1. In the Policy Catalog, create a new McAfee Agent General Policy tool and enable SuperAgents.
  2. Use the ePO Tag Console to create a “SuperAgent” tag to assign to systems you plan to use as remote distribution nodes. (For detailed instructions, see my previous blog Using Tags to Simplify Endpoint Security Management)
  3. In the Policy Assignment Rule settings, assign the SuperAgent policy configuration to all systems tagged as “SuperAgent.”
  4. In the System Tree, manually apply the “SuperAgent” tag to the file servers or software distribution servers at your remote sites.

Now, ePO will treat those servers as a Distributed Repository in the McAfee Agent Repository Policy.

For the final step, you create a McAfee Agent Repository Policy for each remote site. Here’s how:

  • Create a new McAfee Agent Repository Policy for the specified location in the System Tree Subgroup. You’ll need to do this for each location subgroup.
  • Select the radio button “Use order in repository list.”
  • Ensure that the box “Automatically allow clients to access newly-added repositories,” is not
  • Enable the local system that is the SuperAgent, the Master Repository, and the Fallback repository for each remote site, and ensure that all other remote sites are disabled.
  • Make sure that the SuperAgent Distributed Repository is listed at number 1

SuperAgent Grouping

One more aspect needs to be in place to ensure that endpoints at remote sites pull software from their local SuperAgent: systems in the ePO system tree must be organized by remote site. Fortunately, ePO makes it easy to do this. There are three options for sorting systems at remote sites:

  • By IP address: If each remote location has a specific IP address range, you can use a sorting criteria based on IP address to sort systems into the correct subgroups in the system tree.
  • Using tags: If the systems have attributes that identify them as operating at a specific remote site, you can use those attributes to automatically apply tags to those systems to sort them in the system tree. Attributes like “System Name,” “Custom Property,” or “Is Laptop” can all be used to automatically apply tags for the purpose of sorting each system according to its location.
  • Using Active Directory: If your systems in Active Directory are organized by location, you can synchronize Active Directory with the ePO system tree.

Simplify Your Environment

Software deployments don’t have to cause headaches. With ePO distribution features, you can even use P2P and SuperAgents in conjunction, configuring endpoints to use P2P if it’s available and fall back to the local SuperAgent if it’s not. In either case, all endpoints still get timely software updates—without over-saturating the WAN.

 

To learn more about McAfee ePolicy and optimizing software developments, follow us on Twitter at @McAfee.

The post Optimize Software Deployments with McAfee ePolicy Orchestrator appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/optimize-software-deployments-mcafee-epolicy-orchestrator/feed/ 0
Securing IoT, Not a Mission Impossible https://securingtomorrow.mcafee.com/business/securing-iot-not-a-mission-impossible/ https://securingtomorrow.mcafee.com/business/securing-iot-not-a-mission-impossible/#respond Wed, 22 Nov 2017 21:03:25 +0000 https://securingtomorrow.mcafee.com/?p=82717 At the McAfee MPOWER Cybersecurity Summit in Las Vegas on Oct. 18, I had the privilege of sharing the stage with Dr. Alissa Johnson, Xerox VP & Chief Information Security Officer (CISO) to discuss how those responsible for cybersecurity must consider threats to the IoT landscape as mission-critical components to their security strategy. I asked […]

The post Securing IoT, Not a Mission Impossible appeared first on McAfee Blogs.

]]>
At the McAfee MPOWER Cybersecurity Summit in Las Vegas on Oct. 18, I had the privilege of sharing the stage with Dr. Alissa Johnson, Xerox VP & Chief Information Security Officer (CISO) to discuss how those responsible for cybersecurity must consider threats to the IoT landscape as mission-critical components to their security strategy. I asked her to be a guest blogger and share her insight about security, partnerships and our tag line “Together is Power”. Below is her blog post.

As I attended MPOWER, I heard great themes –collaboration, partnerships, increasing baselines, open platforms, among many many more.  What we, as technologist, recognize is that we are facing big challenges and as we chip away at those challenges, more arise.  Cybersecurity has been aligned to many descriptors, but of all of those descriptors, cybersecurity is best described as a team sport. With 1.8 million security jobs going unfulfilled in 2017, our external partnerships are more important.   I was reminded that we must continue to build the team.  I’m not just talking about your internal team.  I am talking about partnerships inter-agency, across vendors, and across industries.

As a document technology company, we see ourselves in the Internet of Things (IoT) space.  Security is a large part of the IoT evolving story and in general –the evolving story of technology.  It is not a war, it is not a fight, nor is it a fairy tale.  It is actually an evolution.  This means that there is no end, no final battle, no waiting for the other side to raise the white flag.  So how do we maneuver in this journey?    We do this together.  “Together. Is. Power.”  And that is the McAfee slogan that talks to how important it is to band together to provide secure solutions.  We have found many that often look at print solutions as the “Star Wars” character in the corner that we interact with on as an “as needed” basis.  With the enhancements of the Xerox App Gallery, our ability for our solutions to integrate with the cloud, and it’s interoperability with network components, we are more.  This is why our external partnerships continue to be a critical theme in the Xerox security story.

Xerox print solutions are thus far the only IoT devices that automatically connect with McAfee’s ePolicy Orchestrator.  It’s proof that the approach is a solutions approach that focuses on security integration with our customer’s infrastructure.  The Xerox-McAfee approach to IoT security also includes McAfee’s whitelisting technology which constantly monitors and automatically protects against malware attacks.  Our partnerships continue to expand to help prevent bad things from happening, protect our devices and data associated, and detect malicious attempts.

As I think about my team analogy, the team is expanding as well as those companies ready to submit themselves for competition in the evolving draft.  The best part is that there is no fantasy league on this side.  No secret sauce to winning.  No one way to win.  Our playbook is strong and –As we “SET THE PAGE FREE”, we know that “Together.Is.Power!”

Learn more: IoT and security

Join us at the McAfee MPOWER Cybersecurity Summit in Amsterdam on November 28 through 29. Learn more about our industry-leading, comprehensive approach to IoT security solutions for devices and networks.

Read about how multifunction printers are a favorite beachhead for attacks on your IT infrastructure and what Xerox is doing about it.

Dr. Alissa Johnson
VP and Chief Information Security Officer, Xerox Corporation

Dr. Alissa Johnson is vice president and Chief Information Security Officer for Xerox Corporation, an $11 billion technology leader that innovates the way the world communicates, connects and works. In her role, she is responsible for establishing and maintaining a corporate-wide information risk management program to ensure that information assets are adequately protected. She leads the organization in identifying, evaluating and reporting on information security practices, controls and risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

Prior to Xerox, Dr. Johnson served as the first Chief Information Security officer at Stryker Corporation, a multibillion-dollar medical technology company. In addition,

Dr. Johnson spent three years in the White House as the Deputy Chief Information Officer, beginning in March 2012, helping modernize the Executive Office of the President’s IT systems, using cloud services and virtualization, employing new cybersecurity strategies, and chairing boards across the office of the President to enhance technology.

Dr. Johnson holds a PhD in Information Technology Management from Capella University; a master’s degree in Telecommunications and Computer Networks from The George Washington University; and a bachelor’s degree in mathematics from Savannah State University.

The post Securing IoT, Not a Mission Impossible appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/securing-iot-not-a-mission-impossible/feed/ 0
Out Innovating the Adversary, Part 2 https://securingtomorrow.mcafee.com/business/innovating-adversary-part-2/ https://securingtomorrow.mcafee.com/business/innovating-adversary-part-2/#respond Wed, 22 Nov 2017 15:00:53 +0000 https://securingtomorrow.mcafee.com/?p=82400 My last post discussed the challenges of working to out-innovate our adversaries given the growing variety of objectives they might pursue, and the growing variety of methods they might use in pursuit of those objectives. As mentioned, part of the answer to these challenges lies in thinking differently about threat defense, and in understanding that […]

The post Out Innovating the Adversary, Part 2 appeared first on McAfee Blogs.

]]>

My last post discussed the challenges of working to out-innovate our adversaries given the growing variety of objectives they might pursue, and the growing variety of methods they might use in pursuit of those objectives.

As mentioned, part of the answer to these challenges lies in thinking differently about threat defense, and in understanding that the correlation of detection technologies is as critical as their efficacy.

We also need to think about confidence. We benefit from independent technologies agreeing on what they are detecting. We need to think about some of the nuance on how to maximize the value of modern threat defense technologies.

Let me give you an example outside cybersecurity.

Anyone who travels by plane must put their bags through an x-ray machine, and bags are either pulled off for inspection or not. If airport security teams were only measured on detection, they could achieve 100% detection rates easily. Simply pull and search every bag. In this sense, threat detection is easy.

But such a practice would create lots of extra overhead associated with energy and labor costs, along with many false positives. Which is why, when you think about threat detection, you can’t think about threat detection alone. That’s easy. It’s threat detection without false positives that’s hard. In cybersecurity, where the adversary is constantly innovating, threat detection without false positives is incredibly hard.

Threat Detection is Easy…. Threat Detection Without False Positives is Hard

To address this, we have thought about the tools and capabilities we can use to solve problems like this. We have looked at the quality of each of our technologies, and acted upon our understanding of how false positives relate to detection.

For instance, given that I can have any level of detection if I’m willing to tolerate a number of false positives, I can simply graph the detection to false positive rate. The quality of the technology is indicated by the knee of the curve in the top left (below). Higher quality technologies will ramp to high detection rates before intolerable false positive rates occur.

What this also does is allow us to tune our technologies to give you the best outcome. We have looked at the underlying structure of threat defense, and dial in the right level of detection to give you a great outcome.

Either extreme will provide a bad result. If we go too far to the left (below) to where we see the green dot, we have a lot of headroom. We can achieve a much higher level of detection without incurring the cost of false positives.

Similarly, if we go all the way to the right, we start getting a lot more falsing without increasing our detection rate. There is an area of optimal sensitivity that is really key in order for us to tune the products we deliver to our customers.

At McAfee, we’re looking at each technology on its own, optimizing it to give customers the best outcome, and then making it work with all the other technologies in your environment to provide the best aggregate set of capabilities.

Strategy Anchored in Understanding

We have anchored the McAfee strategy on understanding adversary counter-evasion, and we’re investing in the building blocks we need to out-innovate the adversary.

We think about machine learning, but do so intellectually, understanding that every model will eventually be evaded.

Threat research is incredibly important because understanding what the adversary is going to do next, allows us to go where the puck is going to go, not where it currently is.

Being able to amplify your incident responders and other security operations personnel gives you the headroom to actually do the investigation to out innovate the adversary.

It’s also important that we don’t think about technologies in a vacuum for any product. For instance, we use many forms of analytics and data science and we use each of them across our product lines, from the backend systems of McAfee Labs to the endpoint.

McAfee Advanced Threat Defense (ATD), our sandboxing technology, can take the output of all the capabilities that different elements of the gauntlet provide to come to a better conclusion, a higher-quality analysis of whether a sample is malicious or benign. We’re using it in our enterprise endpoint product to counter adversarial machine learning.

Our McAfee Investigator product is all about the concept of human-machine teaming, amplifying how your incident responders and operations personnel can benefit from using this technology. Here we use machine learning to separate the good, from the bad, from the unknown, and then allow human intellect and intuition to determine critical context and next steps.

The only way McAfee is going to help you out innovate the adversary, is if McAfee is going to out innovate everyone else in the industry. I’m committed to helping lead the 7,000 employees at McAfee in embracing innovation as the only way we can win this battle.

One of the things you will always see from McAfee is a high level of intellectual honesty about our  technologies, what their capabilities are, and how we’ll innovate and build upon them to address the future attack landscape. Our commitment to you is to not only build great capabilities that work well when you install them, but further down the line, when you need resilience, efficacy and stability.

The post Out Innovating the Adversary, Part 2 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/innovating-adversary-part-2/feed/ 0
Out Innovating the Adversary, Part 1 https://securingtomorrow.mcafee.com/business/innovating-adversary-part-1/ https://securingtomorrow.mcafee.com/business/innovating-adversary-part-1/#respond Tue, 21 Nov 2017 15:00:39 +0000 https://securingtomorrow.mcafee.com/?p=82388 Deep down, if I think about who I am, I’m a scientist who loves to solve problems. If you think about cybersecurity, its problems are unique in that we are not only competing against industry competitors, we are also competing against the adversaries behind the cyber-attacks. My recent keynote at MPOWER17 Las Vegas focused on […]

The post Out Innovating the Adversary, Part 1 appeared first on McAfee Blogs.

]]>

Deep down, if I think about who I am, I’m a scientist who loves to solve problems. If you think about cybersecurity, its problems are unique in that we are not only competing against industry competitors, we are also competing against the adversaries behind the cyber-attacks. My recent keynote at MPOWER17 Las Vegas focused on the problem of out-innovating these adversaries.

A year ago, I introduced a framework illustrating how defensive technologies are effective over time based on the innovation competition between defender and adversary. It shows that a defensive technology works best when it is first deployed. At that time, the threat it is designed to address is well-understood. Over time, however, defenders are incentivized to develop more and more countermeasures that will eventually degrade the technology’s efficacy. We have seen this play out with spam filters, sand boxes and numerous other defensive measures.

At McAfee, we have thought a lot about how we can use this cycle of attacker-defender innovation to benefit customers.

First, we take a platform approach by making it easier for you to install and maximize the value of the technologies within your environment. Value could mean things such as technology teaming enabled with OpenDXL, or human-machine teaming that marries machine power with human intellect to achieve better outcomes.

And finally, we think about how we can create new technologies that we recognize are going to be evaded by adversaries when they hit a key point in their life cycle.

Machine learning, deep learning and artificial intelligence are cornerstone technologies that McAfee and much of the industry are building upon, but we must recognize that the adversaries are going to work to innovate around them.

Evasion Innovation

During my MPOWER keynote, I used a machine learning model that is successful in recognizing different handwritten characters, and showed what it might take from a technical perspective to confuse it. The machine learning model initially predicts with 99% probability that the image represented a number “9” character, versus 1% probability that the character is a “4.” By slightly manipulating the pixels of the next the character, probability levels out to 50/50. The image on the right is now at the other end of the spectrum; to you and me it looks like a “9,” but the machine now thinks there’s a 99% chance it’s a “4.”

This same concept can be applied to machine learning capabilities used in cybersecurity defense. We took the same approach and applied it to a malware classifier that judges Android-based malware to be either malicious or benign. By making just slight modifications to the malware, we could fool models into thinking that the code is benign.

Why do I call-out some of the inherent weaknesses in machine learning?

It is because if we close our eyes and disregard that adversaries will attempt something like this, the cyber defense technology that works so well today will fall apart tomorrow. At the same time, if we recognize some of these weaknesses exist, we can put energy into developing defenses today to add resiliency.

This this exactly what we are doing at McAfee. We are looking at all our machine learning capabilities to understand not only how well they work today, but also how they will stand up over time and be resilient and resistant to the evasion attacks of the future.

Objectives, Methods and Innovation

We have to recognize that the adversaries are continuously innovating, and their objectives and methods evolve. They are not focused just on data theft, system breaches, and the sale of stolen information. New business models are driving things like ransomware, where the victim pays the cybercriminal directly, bypassing the risk of reselling data, and monetizing a breach in a very efficient model.

We see things like the weaponization of data, in which attackers can do damage to an individual or an organization by releasing information with the intent to harm them. They are even able to take advantage of changes in the technical ecosystem to find new objectives, such as attacking cloud environments wherein multi-tenant breaches can affect many organizations or users.

Adversaries can take advantage of vulnerabilities by using exploits. They can use stolen credentials to move around environments in such a way that the activity appears to be normal behavior and difficult for defenders to spot.

Sometimes the weakness is not technology. Sometimes it is social, or phishing, or configuration vulnerabilities. Malicious insiders may be authorized actors in an environment.

The Correlation of Detection

Imagine we have a new defense technology that can defend against 5% of the threats on our threat landscape. Should we bring this technology to market when it can stop only 5% of our threats?

You clearly cannot answer that question without more data. If the 5% of threats that this technology can catch is 5% for which existing technologies do not have an answer, such a new technology is very valuable.

This question is not just hypothetical. It is the way that we are engineering and innovating with our new endpoint technology.

McAfee ENS is the most innovative endpoint product on the planet because we have used a set of technologies, each covering a different portion of the threat landscape. You have signature based, you have reputation based, and you have multiple machine learning models. Each technology on its own detects many types of threats, while also leaving some holes.

We must understand what a technology can cover that another technology potentially misses, and how effectively they work together—versus how effectively they work on their own.

Ultimately, part of the answer to out-innovating our adversaries lies in understanding that the correlation of detection technologies is as critical as their efficacy.

My next post will explain how McAfee is understanding correlation as well as efficacy, and how this understanding is paramount to McAfee’s approach to innovation.

The post Out Innovating the Adversary, Part 1 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/innovating-adversary-part-1/feed/ 0
McAfee and Amazon Web Services: A Secure Relationship https://securingtomorrow.mcafee.com/business/mcafee-amazon-web-services-secure-relationship/ https://securingtomorrow.mcafee.com/business/mcafee-amazon-web-services-secure-relationship/#respond Fri, 17 Nov 2017 22:00:03 +0000 https://securingtomorrow.mcafee.com/?p=82499 As enterprises continue their journey to the cloud, many are using a hybrid model that engages both the private and public cloud.  McAfee has embraced this “hybrid cloud” strategy to enable companies to migrate to the public cloud, and we are investing in the tools and relationships to enable the transition. Working with Amazon Web […]

The post McAfee and Amazon Web Services: A Secure Relationship appeared first on McAfee Blogs.

]]>
As enterprises continue their journey to the cloud, many are using a hybrid model that engages both the private and public cloud.  McAfee has embraced this “hybrid cloud” strategy to enable companies to migrate to the public cloud, and we are investing in the tools and relationships to enable the transition. Working with Amazon Web Services (AWS) is an important part of bringing enterprise-level security to public cloud deployments, and I’m happy to announce two new partner relationships with AWS. Also, McAfee will be joining AWS at the AWS re:Invent Expo in Las Vegas in late November, where we will demonstrate products that customers can use in their hybrid cloud strategy.

McAfee is Now an APN Advanced Technology Partner

For enterprise engagements, McAfee has become an Amazon Partner Network (APN) Advanced Technology Partner. To become an APN Advanced Technology Partner we have demonstrated that our products, customer relationships, expertise and overall business investments on AWS have grown and are meaningful to AWS.

McAfee builds tools that automate the rollout of security controls and security operations consistently across organizations. Our solutions — such as Virtual Network Security Platform, Cloud Workload Security, and Web Gateway — can play significant roles in helping companies adopt AWS securely:

McAfee Virtual Network Security Platform (vNSP): Designed specifically for fully virtualized public and private clouds, vNSP delivers an elastic security control that provides comprehensive network inline intrusion prevention, application protection, zero-day threat detection and visibility into lateral attack movement. The scalable and highly distributed architecture has been certified as “Well Architected” by Amazon. Integration with orchestration and automation frameworks makes this an ideal solution for adoption in DevSecOps environments.

McAfee Cloud Workload Security (CWS): As data center parameters get redefined, the ability to navigate current datacenter workload assets and plot the journey to the cloud requires a map that will safely show the way. Cloud Workload Security provides visibility and protection for your workloads in the cloud with agility and confidence through an integrated suite of security technologies, ensuring control of new parameters.

McAfee Web Gateway (MWG): With its best-in-class malware protection efficacy and policy flexibility, we now have the ability to deploy MWG directly in AWS. This is in addition to the appliance model and SaaS deployment model. MWG boasts the most flexible options in the industry for Web security. With an AWS deployment, customers can not only offload workload from on-premise appliances through hybrid policy enforcement, they can also provide advanced in-line malware detection for SaaS-based apps. This is the same value proposition that McAfee has historically offered for endpoint protection, but we are now able to offer it for SaaS-based applications as well.

To learn more about our solutions that keep you better protected on AWS, visit  mcafee.com/ProtectAWS

McAfee Accepted into the AWS Public Sector Partner Program

In addition to the commercial sector, McAfee knows that Government, Education and Nonprofit customers need quality security in the cloud. AWS has accepted McAfee into its AWS Public Sector Partner Program. This designation reflects McAfee’s strong commitment to support public sector customers in their transition to the cloud. As our presence in the AWS Public Sector Partner Program grows, so too will the value of our solutions specifically targeted for the public sector.

McAfee is a Sponsor at AWS re:Invent

Join us the week of November 27th at the AWS re:Invent event in Las Vegas. Visit the McAfee (Booth 1238) at the Venetian. McAfee experts will share strategies and best practices to help customers secure and manage data on AWS. Plus, you can see live how McAfee vNSP expands network protection across virtualized environments.

Make sure to stop by the booth to say hello in person, or via Twitter.

To find out more about our programs, certifications, qualifications, and technologies supporting AWS, click here.

Cheers,

The post McAfee and Amazon Web Services: A Secure Relationship appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mcafee-amazon-web-services-secure-relationship/feed/ 0
When it Comes to Malware, Actions Can Speak Louder than Words https://securingtomorrow.mcafee.com/business/malware-actions-speak-louder-than-words/ https://securingtomorrow.mcafee.com/business/malware-actions-speak-louder-than-words/#respond Fri, 17 Nov 2017 21:00:59 +0000 https://securingtomorrow.mcafee.com/?p=82472 At some point as a child, a parent likely told you, “actions speak louder than words.” It’s a good life lesson—and it can hold just as true when fighting malware. Cybercriminals have become extremely skilled at disguising the true nature of malware attacks. The best way to protect your users is to employ a layered […]

The post When it Comes to Malware, Actions Can Speak Louder than Words appeared first on McAfee Blogs.

]]>
At some point as a child, a parent likely told you, “actions speak louder than words.” It’s a good life lesson—and it can hold just as true when fighting malware.

Cybercriminals have become extremely skilled at disguising the true nature of malware attacks. The best way to protect your users is to employ a layered approach that includes both pre- and post-execution analysis. You can learn a lot by evaluating what an unknown file “says” it is. But sometimes, the only way to stop advanced malware is to observe what it does once it crosses your threshold.

Journey through the Anti-Malware Funnel

To understand how pre- and post-execution anti-malware tools work together, imagine you’re running a grocery store and you have a problem with shoplifters. The thieves look just like other customers. How do you tell the good shoppers from the bad? Organizations are tasked with solving a similar problem in protecting against malware disguised to look like harmless application traffic.

Legacy signature-based antivirus plays an early role, filtering out large numbers of known attacks. Going to our grocery store analogy, this is like denying entry to all shoppers who’ve been caught before, who have their picture hanging on the wall of the manager’s office. It’s an important security measure, but it won’t stop thieves you’ve never seen before or those in disguise who no longer look the same.

At the next level of the funnel, McAfee Real Protect pre-execution scanning applies sophisticated statistical analysis and machine learning techniques to unknown “greyware” files. These scans compare static code attributes (source code language or complier used, linked DLLs, and other static features) against known threats, without signatures. Returning to our analogy, this is comparable to, say, facial recognition software that catches anyone entering the store with a criminal record of shoplifting, even if they’ve never been there before.

Static scanning catches a huge amount of malware, even if it’s well disguised. But as we know, cybercriminals don’t just give up when new defenses emerge. They develop new techniques (like packing, polymorphism, and metamorphism) to slip past them. (In our analogy, these would be the savviest shoplifters who, for example, dress up like a vendor making deliveries, or get someone with a clean record to shoplift for them.) To stop threats like these, you sometimes have to go deeper: watching what the greyware actually does.

Analyzing Malware Actions

McAfee offers two post-execution tools to catch the most cleverly disguised malware—the kind that makes it past even advanced pre-execution scanning. These are:

  • Real Protect Dynamic: This layer uses machine learning to analyze the file’s actual behavior as it executes. If the file attempts to do things that malware often does, such as create child processes, drop or alter files, or reach out to known bad networks, Real Protect can convict it as malicious in seconds.
  • Dynamic Application Containment: While other parts of the anti-malware funnel attempt to analyze and understand greyware, this layer takes a “contain first, limit the impact approach.” Based on the context and reputation of the greyware, Dynamic Application Containment (DAC) makes a determination to limit or eliminate its ability to make malicious changes on the endpoint. The threshold for triggering DAC is fully configurable. Once DAC is triggered, McAfee Endpoint Security uses Arbitrary Access Control (AAC) technology to isolate the execution profile of a process. It then detects any potentially malicious behavior, such as access violations, memory scanning, signs of persistence, proxy attacks on legitimate applications, etc. If the parent process violates any of the containment rules, DAC as a protective component blocks and/or reports on the actions that the malware had attempted to perform, preventing a “patient-zero” infection. The entire analysis is performed without having to configure any blacklists or whitelists, and without having to detonate the file in an execution sandbox.

In our hypothetical grocery store, post-execution tools are the equivalent of having a surveillance team watching every inch of the premises and stepping in the moment someone tries to steal or demonstrates a sufficient level of suspicious behavior to summon the attention of store security. You’re not necessarily preventing every shoplifter from entering the store, but you’re ensuring that they can’t do much damage once inside.

Multi-Layered Defense

If it sounds like there’s a tradeoff here, there is. Pre-execution scanning can prevent most malware from ever executing on endpoints—but it may miss some advanced attacks. Post-execution tools stop malicious behavior before it causes significant damage—but the file does execute on the system before they take action.

Neither method, on its own, will stop every attack or peel away every obfuscation technique. But working together as part of a multi-layered defense strategy, they provide powerful protection against the most sophisticated malware threats.

Like our hypothetical store, preventing threats is no longer about posting pictures and hoping someone spots a thief, it’s about ensuring that the tools to spot the would-be criminals you have yet to identify are in place. The good news is that with McAfee endpoint defenses, it’s possible to see more, stop more and do less thanks to tightly integrated defenses with a single management console.

Learn More

McAfee can help you detect and respond to advanced threats more quickly, with less time and effort. Learn more about our Dynamic Endpoint Threat Defense solution and follow us on Twitter at @McAfee.

 

The post When it Comes to Malware, Actions Can Speak Louder than Words appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/malware-actions-speak-louder-than-words/feed/ 0
Securing Victoria’s Secret’s Secrets — Defending Data and Operations to Support Global Fashion Brands https://securingtomorrow.mcafee.com/business/securing-victoria-secrets-secrets-defending-data-operations-support-global-fashion-brands/ https://securingtomorrow.mcafee.com/business/securing-victoria-secrets-secrets-defending-data-operations-support-global-fashion-brands/#respond Fri, 17 Nov 2017 15:00:29 +0000 https://securingtomorrow.mcafee.com/?p=82444 You’ve probably heard of Victoria’s Secret. And Calvin Klein, Gap, Lands’ End, Marks & Spencer, and Tommy Hilfiger. But you may have never heard of Brandix, one of the largest apparel suppliers to these and other top retail fashion brands. Sri Lanka’s largest apparel exporter, the Brandix Group employs approximately 48,000 people across 42 sites […]

The post Securing Victoria’s Secret’s Secrets — Defending Data and Operations to Support Global Fashion Brands appeared first on McAfee Blogs.

]]>
You’ve probably heard of Victoria’s Secret. And Calvin Klein, Gap, Lands’ End, Marks & Spencer, and Tommy Hilfiger. But you may have never heard of Brandix, one of the largest apparel suppliers to these and other top retail fashion brands. Sri Lanka’s largest apparel exporter, the Brandix Group employs approximately 48,000 people across 42 sites in Sri Lanka, India, Bangladesh, and the Dominican Republic.

In the global apparel industry, Brandix’s reputation as a top supplier of quality clothing has been rising rapidly along with its export volume. For the past five years, Brandix has been lauded as Sri Lanka’s Exporter of the Year (by the Sri Lankan Export Development Board). This surge in recognition has led to rapid growth, and with it, additional security risk.

“With the success and growth of our business, we knew we needed to take information security to the next level,” says Manager of Microsoft Technologies Janaka Sampath who oversees endpoint protection across the extended Brandix enterprise. Management concurred and even mandated bolstering cyber defenses, but desired to keep the information security team small.

So that was Janaka’s challenge: How could he pull together multiple security tools such as endpoint solutions with machine learning and detailed threat analytics in a security operations center run by a small team?

Tempted by Newer Endpoint Solutions but Won Over by McAfee

Although Brandix had used McAfee® antivirus solutions to protect endpoints for  years, the newer endpoint protection products began to catch Janaka’s attention because they do not rely on signatures for detection. After a thorough evaluation, however, he concluded that sticking with McAfee for endpoint protection still made the most sense given that McAfee recently introduced McAfee Endpoint Security. In Janaka’s mind, the new solution was a tremendous leap forward in endpoint protection, one that “goes well beyond signature-based detection.” The addition of Dynamic Application Containment (DAC) functionality and Real Protect machine learning technology, in particular, helped sway the decision.

Without its users even noticing, Brandix seamlessly migrated the antivirus engine of the McAfee Complete Endpoint Protection Advanced suite—McAfee VirusScan® Enterprise—to the McAfee Complete Endpoint Threat Protection Suite. The company also deployed the Adaptive Threat Prevention module option, which provides DAC and Real Protect. Janaka is first running DAC in “productivity mode,” fine-tuning and teaching it to avoid false positives before moving to “balance mode.” Implementation of Real Protect will follow. The impact of DAC and Real Protect has been impressive in the company’s tests using malware and greyware samples and mutations of samples. “In our simulations, McAfee Endpoint Security has detected and blocked ransomware and zero-day threats very effectively,” says Janaka.

Integrated Security Framework Boosts Security to Next Level

In addition to McAfee Endpoint Security, Brandix decided to implement McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense (McAfee ATD) to take advantage of each solution’s integration via the Data Exchange Layer (DXL), an open-source platform that connects security components for real-time data exchange without requiring point-to-point API connections. Now when a Brandix endpoint encounters a suspicious or malicious file, that information is immediately conveyed to McAfee Threat Intelligence Exchange, which compares it to its reputation database, and, if no match is found, immediately sends it to McAfee ATD for analysis. If McAfee ATD concludes the file is malicious, that information is instantly shared with all systems in the environment connected via DXL—including all other endpoints.

“Aggregating and sharing threat intelligence that has been gathered at various levels from a range of sources significantly enhances our security posture,” explains Janaka. “With McAfee Threat Intelligence Exchange and our integrated security platform, we can respond to threats much more quickly and mitigate risk more effectively. For instance, if a user attempts to download, knowingly or unknowingly, a file that violates our security policy or causes suspicious activity detected by McAfee Endpoint Security, we can immediately blacklist the file and prevent it from executing anywhere in our highly distributed environment.”

Improved Security Without a Huge Hassle or Increased Operational Overhead

Using the McAfee ePolicy Orchestrator® (McAfee ePO™) central console, Janaka and his small team at headquarters can manage all three McAfee solutions—McAfee Complete Threat Protection Suite, McAfee Threat Intelligence Exchange, and McAfee Advanced Threat Defense—as well as McAfee DLP Endpoint (to prevent data leakage). From a single pane of glass, they set security policies and push them out to the company’s sites worldwide. Small remote teams at each of the company’s major sites also use McAfee ePO software to monitor day-to-day security in their respective environments. Because McAfee ePO software simplifies and consolidates security administration so much, Brandix needed no additional staff to augment its security arsenal and fortify its security posture.

Just as Brandix works behind the scenes to support global retail brands, McAfee integrated security works in the background at Brandix to keep data and operations secure so the company can focus on its core business. “The biggest benefit of our decision to go with McAfee Endpoint Security and the McAfee integrated security platform,” says Janaka, “is that it takes our security to next level without a huge hassle.”

To read the full case study, click here. Follow @McAfee_Business to learn more about our enterprise security solutions.

The post Securing Victoria’s Secret’s Secrets — Defending Data and Operations to Support Global Fashion Brands appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/securing-victoria-secrets-secrets-defending-data-operations-support-global-fashion-brands/feed/ 0
Your New Cybersecurity Tools Are Already Aging – We Can Help https://securingtomorrow.mcafee.com/business/new-cybersecurity-tools-already-aging-can-help/ https://securingtomorrow.mcafee.com/business/new-cybersecurity-tools-already-aging-can-help/#respond Wed, 15 Nov 2017 15:00:14 +0000 https://securingtomorrow.mcafee.com/?p=82354 In the booming industry of cybersecurity, we see increasing numbers of threats all the time. Here’s one that puts things in perspective: Since 2015 we have seen the number of new malware reported quarterly has more than doubled. In Q1 2017, our research discovered there were 244 new threats every minute, or more than 4 every second.

The post Your New Cybersecurity Tools Are Already Aging – We Can Help appeared first on McAfee Blogs.

]]>
We will bankrupt ourselves in the vain search for absolute security.
– Dwight D. Eisenhower

In the booming industry of cybersecurity, we see increasing numbers of threats all the time. Here are two statistics that put things in perspective: Since 2015 the new malware reported quarterly has more than doubled. In Q1 2017, our research discovered there were 244 new threats every minute, or more than 4 every second.

With threats geysering to that extent, it would be easy to assume that companies should buy the latest, greatest cybersecurity tools, anchor them firmly in place, and feel relieved that they have invested in a strong defense that will last.

And that assumption is wrong. You can’t just write a check and sit back.

No matter how good cybersecurity tools are – and we have some of the best at McAfee – they lose effectiveness over time as a world of attackers picks them apart. In fact, while early adoption of the latest tools provides good  protection for a while, mass adoption of those tools gives attackers more incentives to beat the best tools.

We call this decline in effectiveness Grobman’s curve, named after McAfee’s Chief Technical Officer Steve Grobman, for the principle he laid out in the book The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War.

The big question is: How do you extend that curve to get the longest effectiveness out of your cybersecurity tools? It’s not an abstract question. That effectiveness translates directly to the value of your investment, and your security as a company.

The big answer to that big question is: Agility.

Your company simply must adapt, evolve and stay nimble. It is the only way to stay ahead of bad guys who are constantly chewing at the foundation of your company like an army of termites under your house.

We’re not going to be vague or philosophical about how you do this. Staying agile means you don’t rush out to buy the latest best-of-breed tool only to idly watch it lose effectiveness. You need to invest in an integrated, open-platform approach that allows you to deploy security solutions faster, extend their effectiveness longer, and coordinate all aspects of your security from endpoint to cloud.

You don’t have to do it alone. We really mean it when we say Together is Power. We have invested in this integrated, evolving approach for the future. That’s the spirit behind our McAfee professional services giving you guidance, the free OpenDXL community we’ve built, and our commitment to help your security operations center evolve. Our latest addition is the new Investigator tool that makes insightful analysts out of novices, and arms your organization with analytics that inform your evolving defense. We want to help you learn and grow so you get the most out of all your tools. Here’s a great place to start, with our whitepaper laying out the concepts of Grobman’s curve and how you can apply them to your cybersecurity.

The post Your New Cybersecurity Tools Are Already Aging – We Can Help appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/new-cybersecurity-tools-already-aging-can-help/feed/ 0
Use Tags to Simplify Endpoint Security Management https://securingtomorrow.mcafee.com/business/use-tags-simplify-endpoint-security-management/ https://securingtomorrow.mcafee.com/business/use-tags-simplify-endpoint-security-management/#respond Mon, 13 Nov 2017 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=82143 One thing that sets McAfee apart in endpoint security is the ability to manage multiple security technologies for hundreds of thousands of endpoints through a single interface: McAfee ePolicy Orchestrator (ePO). But while our customers appreciate ePO, it’s even more powerful than some realize. In my next few blogs, I’ll discuss some ePO features that […]

The post Use Tags to Simplify Endpoint Security Management appeared first on McAfee Blogs.

]]>
One thing that sets McAfee apart in endpoint security is the ability to manage multiple security technologies for hundreds of thousands of endpoints through a single interface: McAfee ePolicy Orchestrator (ePO). But while our customers appreciate ePO, it’s even more powerful than some realize. In my next few blogs, I’ll discuss some ePO features that you may not be using right now that could save you a ton of time and effort in managing your environment. Let’s start with the concept of tags.

Understanding Tags

With ePO tags, you can mark a system to perform additional automated actions on it, such as pushing new configurations, software deployments, or reporting. You can tag systems in any way you want, effectively creating ad hoc groups of systems for a specific (even temporary) purpose. Once tags are assigned, you can then instruct ePO to apply a particular policy or execute a client task on all systems with that tag, without having to configure each of those systems manually.

Tags are different from the concept of “groups,” which ePO also supports, though tags and groups can work simultaneously in your management environment. Groups involve a more permanent (and often higher-level) classification, such as the line of business or location that an endpoint is associated with. Tags offer an additional, more dynamic and flexible layer of classification.

As an example, say you want to update all of your systems to the latest version of McAfee Endpoint Security (ENS) over the next quarter. You can create a new “Upgrade this System” tag for all endpoints using any version of ENS older than 10.5. Using ePO, you create a query to identify all such systems in your environment and apply that tag. Then, you create a client task to deploy the latest version of ENS to all tagged systems, and ePO handles the rest.

Compare that with the traditional method—running a report to identify all systems with out-of-date software, manually assigning client tasks to update each system, and then manually removing the client task from all those systems afterwards. Tags make the job much faster and easier. And you can assign (and remove) as many tags as you’d like to a system for as many purposes as you need.

Creating Tags

You create tags in ePO’s Tag Catalog. Click it, and you can see a list of all existing tags, create new tags, and create subgroups of tags to organize your systems. You can automatically assign tags to systems based on their properties, such as assigning a “Windows 10” tag to all Windows 10 systems or tagging all servers as “Server.” You can also assign tags based on if a system falls into a specific IP address range. If the system’s IP address changes to a different range, the next time it communicates with ePO, the appropriate tags are automatically applied.

You can assign tags in several ways. You can use an ePO server task to automatically assign tags to systems with specific properties (such as in our “Update this System” example). You can manually assign a tag to a system. You can use a McAfee solution with built-in tag support, such as McAfee Enterprise Security Manager (ESM) or McAfee Network Security Platform (NSP), to assign tags. Or, you can use the McAfee ePO API to allow other solutions, such as a third-party security information and event management (SIEM) systems, to use ePO tags.

For example, you could configure your SIEM to automatically apply a “Quarantine” tag to any system found communicating with a command and control server. ePO can then automatically apply a policy that you’ve defined for quarantined systems, such as blocking all network traffic other than management ports.

Assigning Client Tasks and Policies

ePO can automatically execute client tasks whenever a system is assigned a particular tag. Examples include executing a software deployment or update, executing an on-demand scan, or executing other product-based tasks.

You can also automatically apply policies to tagged systems in the same way to control or change how systems are configured. To assign policy, create a new policy in the Policy Catalog with the configurations you’d like to assign. Then, create the tag that will be assigned to all systems that will receive that policy. Next, create a Policy Assignment Rule. Select “System Based Rule” from the menu, add the policy you created, and then select your tag in the Selection Criteria field. Whenever you (or another system, such as McAfee ESM) assign a tag to a system, that system communicates with ePO and receives the new policy.

For example, you can create a server task to automatically apply a “High Risk” tag to all systems that have detected a threat event. Then, you can execute a client task to automatically perform a deep anti-malware scan for all systems with that tag.

Save Time and Headaches

These are just a few examples, but if you’ve spent any time managing a large endpoint environment, you can probably think of many others. For practically any policy or client task, durable or ad hoc, you can use tags to automate a huge amount of manual effort.

If you’ve never used ePO tags before, give them a try. And check back here soon for my next blog, where we’ll cover another powerful but sometimes-overlooked ePO feature: automating and optimizing McAfee software deployments.

Learn More

McAfee can help you detect and respond to advanced threats more quickly, with less time and effort. Learn more about our Dynamic Endpoint Threat Defense solution.

The post Use Tags to Simplify Endpoint Security Management appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/use-tags-simplify-endpoint-security-management/feed/ 0
How GIBON Ransomware Created a Benchmark for Response Time https://securingtomorrow.mcafee.com/business/gibon-ransomware-created-benchmark-response-time/ https://securingtomorrow.mcafee.com/business/gibon-ransomware-created-benchmark-response-time/#respond Fri, 10 Nov 2017 21:40:23 +0000 https://securingtomorrow.mcafee.com/?p=82181 We all remember WannaCry and Petya. How could you forget them? Their rampant spread and malicious maneuvers are burned into memory. But there was one upside to the nasty ransomware campaigns – we learned from them. We adapted and we got agile. So when GIBON ransomware came into town, we were ready to rumble. Meet […]

The post How GIBON Ransomware Created a Benchmark for Response Time appeared first on McAfee Blogs.

]]>
We all remember WannaCry and Petya. How could you forget them? Their rampant spread and malicious maneuvers are burned into memory. But there was one upside to the nasty ransomware campaigns – we learned from them. We adapted and we got agile. So when GIBON ransomware came into town, we were ready to rumble.

Meet GIBON: a new ransomware strain currently for sale on dark web forums for $500 USD. (It gets its name due to a user string of “GIBON” when the malware connects to its command-and-control (C&C) server, as well as the ransomware’s administration panel where it calls itself “Encryption Machine GIBON.”)

It makes its way from forums to victims’ devices through phishing emails containing macros that download and execute the malware payload on a victim’s PC. Then, GIBON connects to the C&C server, passing along a base64 encoded string with a timestamp and registers the string in order to record the new victim. Following that, it generates an encryption key, and begins locking up any file it can find on a device only to return them for, of course, a fee paid in cryptocurrency. Once every file is encrypted, the strain reports back to the boss, letting the C&C server know it’s finished so it can timestamp the event and a record of the number of files encrypted. Simple enough.

GIBON, like many ransomware strains, proves that these attacks don’t have to be very complicated in order to be effective. However, that effectiveness has dwindled in recent attack campaigns. In fact, a decryptor is already available for GIBON — which represents a benchmark for our response time to these attacks.

Christiaan Beek, lead scientist and principal engineer at McAfee, says response time is only improving. “The cybersecurity world is indeed responding faster than before, especially after WannaCry, which was another wake-up call… The moment researchers see that a decryptor is available, we go on and continue to hunt down the next one or learn from the previous ones and start innovating or fine-tuning our products.” Beek continues, “Ransomware has sparked and forced the infosec industry to think and innovate about solutions more than other malware-related threats.”

Basically, the industry now more than ever is expediting how cybersecurity professionals adapt to threats and how quickly they apply learnings to the next go around. White hats are becoming faster in the race against cybercrime, and increasing their chances of eventually getting ahead of these threats.

That’s exactly why we created McAfee Ransomware Recover (Mr 2), a new ransomware decryption framework, which will allow for the rapid incorporation of decryption keys and custom decryption logic (when they become available) and gets help to victims of ransomware a lot quicker. That way, we can continue to combat these threats quickly and effectively, and put ourselves in the best position possible to win the fight against cybercrime.

To learn more about GIBON ransomware, and others like it, be sure to follow @McAfee and @McAfee_Labs on Twitter.

The post How GIBON Ransomware Created a Benchmark for Response Time appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/gibon-ransomware-created-benchmark-response-time/feed/ 0
The Clock Is Ticking: Can You Find and Kill Advanced Malware Before it Kills Your Endpoints? https://securingtomorrow.mcafee.com/business/clock-ticking-can-find-kill-advanced-malware-kills-endpoints/ https://securingtomorrow.mcafee.com/business/clock-ticking-can-find-kill-advanced-malware-kills-endpoints/#respond Thu, 09 Nov 2017 18:25:35 +0000 https://securingtomorrow.mcafee.com/?p=82040 Your company’s computer system has been compromised by disguised malware. There is no greater feeling of dread for a security professional. This may put your mind at ease: Through automation, McAfee’s endpoint and sandbox tools can round up the malware, detonate it in a safe place, identify any compromised areas, and prepare them for you […]

The post The Clock Is Ticking: Can You Find and Kill Advanced Malware Before it Kills Your Endpoints? appeared first on McAfee Blogs.

]]>
Your company’s computer system has been compromised by disguised malware. There is no greater feeling of dread for a security professional. This may put your mind at ease: Through automation, McAfee’s endpoint and sandbox tools can round up the malware, detonate it in a safe place, identify any compromised areas, and prepare them for you to remediate all threats. With one click.

Today this kind of always-on protection is badly needed.

According to 2016 data from Verizon, 63 percent of organizations faced one or more “advanced attacks” in the past 12 months[1]. These are the attacks that, once they’ve penetrated your front-line defenses, can remain in networks for 200 days[2], on average, quietly collecting information about your organization and waiting for an opportunity to spread. Even when your defenses detect an advanced attack, performing all of the analysis and forensics to understand what it is and where it went takes time—an average of 39 days to contain attacks and 43 days to remediate them, according to the Ponemon Institute[3]. Seeing the disconnect?

It’s not that organizations have no way to detect the signs of an attack—quite the opposite. Too often, they’re struggling with a massively complex security infrastructure, using multiple point solutions that can provide lots of information, but don’t talk to each other. So security analysts get buried in an avalanche of alerts and false positives. They struggle to manually connect the dots between siloed defenses. And while many large enterprises now have sophisticated endpoint detection and response (EDR) tools, they require advanced skills to use effectively—and there just isn’t enough expertise to go round.

Fortunately, there’s a way out of this Catch-22. New McAfee EDR and sandbox tools provide powerful threat analysis and response capabilities that front-line endpoint administrators can use, on their own, without advanced training or expertise. They can help you detect the most evasive malware threats in your environment, and shorten the time between detection and remediation from days or weeks to seconds.

Get to the Bottom of Suspicious or Unwanted Incidents in Seconds

McAfee Active Response EDR tools and McAfee Advanced Threat Defense sandboxing can help you cut through the complexity of siloed defense solutions, without sacrificing the in-depth analysis needed to detect and remediate advanced threats. They can help you:

  • Understand what’s happening more quickly: McAfee Active Response filters through the thousands of alerts coming in from endpoints and other defense systems. It automatically surfaces the most unusual and highest-priority threats, without requiring expert investigators.
  • Quickly uncover advanced threats wherever they are: Through the same interface, administrators can see the full context for any threat, without having to swivel between multiple complex tools and interfaces. Through a single pane of glass, they can view aggregated threat details based on analysis from both internal and external sources, including behavior scores, reputation scores, and other parameters. And they can drill down through a historical timeline that traces when the threat came in, what it did, and where it went.
  • Unmask the most cleverly camouflaged attacks: The most advanced cyberthreats disguise themselves to look like normal application traffic—making it even harder for security teams to understand where and how they’re under attack. McAfee Advanced Threat Defense uncovers the most advanced malware by detonating suspicious files in a safe environment and performing fine-grained analysis on the entire code base. It generates in-depth indicator of attack (IoA) information that your security teams can then use to hunt for similar attacks across your organization.

Shut Down Advanced Cyberthreats with a Click

With much more detailed information—already prioritized and collected in one place—your security teams can identify and control suspicious objects much more quickly. They can then use integrated, automated McAfee EDR tools to take instant action—typically moving from detecting a threat to remediating it on the same screen, with a single click of a mouse.

Security teams can:

  • Remediate threats with one click: When administrators identify an infection, they can see every other endpoint it’s infected at a glance. With one mouse click, they can then remediate the malware threat on an isolated host or across the entire organization.
  • Set triggers and reactions against future attacks: McAfee Active Response provides powerful tools to quickly hunt for IoAs. Administrators can set triggers to search for similar IoAs in the future—in a single action, from the same interface.
  • Inoculate the broader environment: Both McAfee Active Response and McAfee Advanced Threat Defense sandboxing integrate with other McAfee endpoint defenses (McAfee Threat Intelligence Exchange, McAfee Data Exchange Layer (DXL), McAfee Endpoint Security) to create a single, adaptive security fabric. When a new malware threat is uncovered, they update the file’s reputation and immediately inform every other McAfee endpoint agent and security system in the environment to block that threat in the future.

Detect and Stop Malware More Quickly with Integrated Defenses

With conventional endpoint platforms, most of these activities—correlating and prioritizing a suspected threat, discovering all endpoints it’s infected, removing it, tuning other security solutions (IPS, firewall, web gateways, endpoint agents) to detect it in the future—are handled by separate, slioed tools. They require specialized experts and a huge amount of time and effort. That’s why McAfee integrates many of these capabilities with standard endpoint operations.

With McAfee EDR and sandboxing tools, even front-line administrators can view comprehensive information about the security posture of the organization. At a glance, they can see the sources of threat events, the methods used to detect them, the systems affected, attack duration, targets, and actions taken to mitigate them. With instant, actionable threat forensics, along with real-time endpoint data, they can quickly understand the full context of a threat and where deeper scrutiny or action is warranted. They can remediate even advanced attacks throughout the environment with one click, and activate continuous monitoring of the IT infrastructure for every newly unmasked zero-day attack. And they can continually move from detection, to correction, to proactive global protection, in seconds, with a lot less manual time and effort.

Learn More

McAfee can help you detect and respond to advanced threats more quickly, with less time and effort. Learn more about our Dynamic Endpoint Threat Defense solution.

 

[1] Verizon, 2016 Data Breach Investigation Report. http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf.

[2] Verizon, 2016 Data Breach Investigation Report. http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf.

[3] Ponemon Institute, The State of Malware Detection and Prevention, March 2016. http://www.ponemon.org/blog/the-state-of-malware-detection-prevention

The post The Clock Is Ticking: Can You Find and Kill Advanced Malware Before it Kills Your Endpoints? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/clock-ticking-can-find-kill-advanced-malware-kills-endpoints/feed/ 0
At MPOWER, New Tools Give Partners a Defensive Edge https://securingtomorrow.mcafee.com/business/mpower-new-tools-give-partners-defensive-edge/ https://securingtomorrow.mcafee.com/business/mpower-new-tools-give-partners-defensive-edge/#respond Thu, 09 Nov 2017 14:00:01 +0000 https://securingtomorrow.mcafee.com/?p=82010 October is always one of the busiest months of my year with the beginning of Q4 in full swing and the MPOWER Cybersecurity Summit & Americas Partner Summit events in Las Vegas. This is a prime opportunity to engage with the great partners that carry our brand and our products into the field and expertly […]

The post At MPOWER, New Tools Give Partners a Defensive Edge appeared first on McAfee Blogs.

]]>
October is always one of the busiest months of my year with the beginning of Q4 in full swing and the MPOWER Cybersecurity Summit & Americas Partner Summit events in Las Vegas. This is a prime opportunity to engage with the great partners that carry our brand and our products into the field and expertly support our mutual customers.

This year’s MPOWER Cybersecurity Summit was more than just an conference. This was our first official gathering since becoming an independent company again. In keeping with our motto, “Together is Power,” 2017’s MPOWER demonstrated the formidable togetherness and power of the extended McAfee partner community.

Our commitment to the partner community was on full display at MPOWER, where we showcased powerful Security Innovation Alliance integrations and new innovations on tap to help partners and customers transform their security operations centers (SOCs). Together, we will shift the balance of power in the battle against evolving and emerging threats at every stage of the threat defense lifecycle.

McAfee understands partners are dealing not only with a rapidly changing threat landscape but also with a virtual fire hose of new and updated security solutions. At MPOWER, partners witnessed firsthand how our game-changing “Protect, Detect, Correct, and Adapt,” approach aims to reduce complexity and make partners more efficient and effective.

In the coming months, McAfee partners will have access to several important innovations that promise to continue evolving traditional security architecture, including:

  • McAfee Enterprise Security 11.0: We’ve added speed, power, and advanced capabilities to our premier endpoint protection suite to deliver our most comprehensive client security product. With McAfee Enterprise Security 11.0, McAfee partners can offer customers a highly scalable platform with advanced analytics, deep and machine learning, powerful event handling, and efficient integration with other security products in their arsenal.
  • McAfee Behavioral Analytics: In the SOC, understanding and baselining user behavior often makes the difference between efficient protection and useless noise. Our latest User and Entity Behavior Analytics offering gives McAfee partners powerful analytics to catalog suspicious events and build dynamic threat models based on risky user activity.
  • McAfee Investigator: We’re bringing machine learning and artificial intelligence (AI) to bear on threat remediation and incident response, making the process more efficient, more accurate, and up to 10 times faster. By automating much of the manual threat investigations process with technology that learns and improves over time, partners can deliver world-class protection with less overhead.
  • McAfee Cloud Workload Security: Increasingly, customers are asking partners to protect cloud-based data and workloads. To that end, McAfee is delivering cloud-native technology to discover, defend, manage, and recover customer information no matter where it resides.

McAfee is committed to helping partners become and remain the trusted security advisors their end users demand. We do that by continuing to develop and deliver tools that provide world-class protection and make our partners second-to-none in cybersecurity. That’s the true power of our partnership.

All of this will take time to roll out, and changes will be made along the way. But by working together, we’ll build and bring to market a better approach to security to counter the dynamic threats we all face. I invite you all to send us feedback on how McAfee is doing and what you need to succeed. We’ll work to empower you.

Together is power.

The post At MPOWER, New Tools Give Partners a Defensive Edge appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mpower-new-tools-give-partners-defensive-edge/feed/ 0
View From the Summit: The Future Looks Bright for Partners https://securingtomorrow.mcafee.com/business/view-summit-future-looks-bright-partners/ https://securingtomorrow.mcafee.com/business/view-summit-future-looks-bright-partners/#respond Mon, 06 Nov 2017 22:00:28 +0000 https://securingtomorrow.mcafee.com/?p=82000 The months leading up to our MPOWER Cybersecurity Summit & Americas Partner Summit are the perfect time to roll up our sleeves and take a hard look at where we’ve been and, more important, where we’re headed. If my conversations with the McAfee partner community taught me one thing this year, it’s that the future […]

The post View From the Summit: The Future Looks Bright for Partners appeared first on McAfee Blogs.

]]>
The months leading up to our MPOWER Cybersecurity Summit & Americas Partner Summit are the perfect time to roll up our sleeves and take a hard look at where we’ve been and, more important, where we’re headed. If my conversations with the McAfee partner community taught me one thing this year, it’s that the future of our channel is bright.

After spending a full day immersed in the annual Partner Summit, I remain unwaveringly confident that wringing complexity out of our partner programs and reducing friction in our channel relationships are more important than ever. In a world full of threats and uncertainty, it’s vital that we give partners the resources they need to be more effective trusted security advisors and, subsequently, achieve greater profitability.

How will we do that?

For starters, by simplifying the way you work with us. Our multifaceted deal registration programs will be consolidated, our service-level agreements (SLAs) revised, and many more improvements are in the works.

Together, we must employ our skills and knowledge to address customers’ security challenges. We must apply strategy, give our customers actionable guidance, and innovate to overcome existing and emerging threats.

And we must do it in an efficient, organized, and scalable way to ensure both the effectiveness and profitability of the endeavor.

If you attended the Partner Summit, you heard me talk about the event’s 2017 trifold theme: innovation, collaboration, momentum. These aren’t just buzzwords; they’re pillars of our mutual mission. It’s vital for us — McAfee and our partners — to leverage innovation through collaboration to build momentum. We’re taking a page from the “Three E’s of Management” playbook:

  • Enablement: Getting partners involved in sales and technical training that builds the foundation for success
  • Engagement: Going after net-new and greenfield opportunities that drive us toward our mutual goals
  • Economics: Filling the deal pipeline and leveraging incentives that help partners increase profitability

In practice, our commitment to partner success will include things such as full-day business planning sessions with honest and transparent discussion of our mutual goals and go-to-market strategies in pursuit of a three-year plan. Executive sponsors from both sides will revisit goals and track progress in regular quarterly business reviews, finding ways to help partners bolster and upgrade their portfolio of McAfee products.

And when things aren’t going according to plan, we’ll remain flexible.

We know partners have a lot on their plates. As you raise your game to defend customers, we’re doubling down on our commitment to making the McAfee partner program better and simpler for you. We’re working diligently, based on partner feedback, to reduce the complexity of ordering product, acquiring training and support, accessing marketing and reference materials, and communicating with our various tactical and intelligence teams.

We want to make leading with McAfee as easy as using a smartphone app. And as we make things simpler, our mutual futures will get even brighter.

Together is power.

The post View From the Summit: The Future Looks Bright for Partners appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/view-summit-future-looks-bright-partners/feed/ 0
10 Ways to Bring your Incident Response Back from the Grave https://securingtomorrow.mcafee.com/business/10-ways-bring-incident-response-back-grave/ https://securingtomorrow.mcafee.com/business/10-ways-bring-incident-response-back-grave/#respond Wed, 01 Nov 2017 04:00:58 +0000 https://securingtomorrow.mcafee.com/?p=81902 This blog was written by Barbara Kay. It’s Día de Los Muertos—but that’s no excuse for your security threat processes to move like the walking dead. As hundreds of thousands of people around the globe take time to remember their ancestors today, we urge you to look back through your incident history. But don’t stop […]

The post 10 Ways to Bring your Incident Response Back from the Grave appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

It’s Día de Los Muertos—but that’s no excuse for your security threat processes to move like the walking dead. As hundreds of thousands of people around the globe take time to remember their ancestors today, we urge you to look back through your incident history. But don’t stop there, think about how you can improve and accelerate deadly response times.

You might be thinking easier said than done. I might as well send that goal to join the graveyard of good intentions. But you’d be doing yourself a disservice, as ‘quelling the dwell’ is more possible to put into action than you think.

So, grab a candy sugar skull, and get ready to accelerate your detection and response time with our ten simple tips:

1. No Vacations From Integrations.

Products that don’t work together are working against each other, and are a major road-block in the race to detect and respond. If your security products don’t talk to one another, you could be missing the full picture—and a breach. Integrating your detection and response systems and tools can ensure communication with the right context to speed time to detection and containment.

2. You Don’t Need a Soothsayer to Understand Scope.

It’s no surprise security professionals say that determining security incident impact and scope takes a lot of time. Many often underestimate how many servers, applications, and devices are in their organization. By implementing centralized security management, you get the visibility and monitoring you need. Per Aberdeen, if you cut time to detection and response in half, you can reduce the impact of a data breach by 30 percent and the impact on enterprise resources by 70 percent. That competitive advantage begins when you learn to understand your entire environment.

3. Keep Your Eyes on the Prize—Data.

Do you know what your data looks like on a regular basis? If not, it’s nearly impossible to realize when anomalous activity creeps into your system. Establish a baseline for your data using a solution that continually monitors traffic.

4. Vanquish Attacks with Practiced Prioritization.

Triage is the key during an attack. You must know your most critical assets, know when to sound alarms, and have structured investigation workflows and cross-functional communications already in place. Plan so that you will save precious time defending your organization’s most important assets when they come under attack.

5. This is Not a Drill!

It’s mandatory for your company to conduct fire drills…but did you know only 33 percent of companies are running regular security breach drills? This is not a drill people! Putting response procedures to the test identifies security gaps before breaches occur. Simulating breaches, conducting drills, or hiring a penetration testing firm to attack you from outside are all ways to test your ability to stop a breach.

6. Regulate Outside Access to Your Company.

Think of your company as the coolest VIP party in town, the one only a few invite-only guests with a gold key are allowed access to. Most breaches begin with third-party suppliers, partners, or cloud providers. Ensure that every entity connected to your network environment, without exception, adheres to your security policies. Also, set privilege, time, and location controls to make certain partners can access only prescribed systems and data.

For the remainder of the tips, download our white paper or infographic.

For more information follow us on Twitter at @McAfee and @McAfee_Business.

The post 10 Ways to Bring your Incident Response Back from the Grave appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/10-ways-bring-incident-response-back-grave/feed/ 0
MPOWER 2017 Highlights: A Cybersecurity Conference On-Demand https://securingtomorrow.mcafee.com/business/mpower-2017-highlights-cybersecurity-conference-demand/ https://securingtomorrow.mcafee.com/business/mpower-2017-highlights-cybersecurity-conference-demand/#respond Mon, 30 Oct 2017 20:29:42 +0000 https://securingtomorrow.mcafee.com/?p=81810 Conference organizers waited with anticipation. In a sleek, high-tech conference hall glowing with McAfee’s deep signature red, a colossal scoreboard flashed the results of a real-time vote for who would take the stage and speak next. The results were a virtual dead heat. The thousands in the audience had just chosen to hear from McAfee’s […]

The post MPOWER 2017 Highlights: A Cybersecurity Conference On-Demand appeared first on McAfee Blogs.

]]>
McAfee CEO Chris Young during his opening Keynote

Conference organizers waited with anticipation.

In a sleek, high-tech conference hall glowing with McAfee’s deep signature red, a colossal scoreboard flashed the results of a real-time vote for who would take the stage and speak next. The results were a virtual dead heat. The thousands in the audience had just chosen to hear from McAfee’s own chief information security officer Grant Bourzikas – one of their tribe and “customer zero” of cybersecurity products – in a narrow victory over a high-profile presentation of issues much in the news.

Welcome to MPOWER, the first “face-to-face, on-demand conference”, where attendees voted for speakers, topics, and even product names, in real-time. From Chief Executive Officer Chris Young’s opening keynote to the breakout sessions, cybersecurity leaders from around the world were firmly in charge, and they knew what they wanted to work on: cloud security, endpoint protection, and the constantly evolving security operations centers they call home.

Spread out across the sprawling Aria Hotel and Resort on the Las Vegas Strip from Oct. 17-19, the conference pulled together an industry constantly in the headlines, where job openings can’t be filled quickly enough and sinister cyber threats loom constantly. Perhaps the most famous thought leader in the cybersecurity world, blogger and journalist Brian Krebs told the crowd in a keynote address Wednesday: “There’s never been a better time to be gainfully employed in the cybersecurity industry. It’s an incredible time.”

Brian Krebs, from Krebsonsecurity.com

Young kicked off this year’s MPOWER Conference by gazing into his crystal ball (at the audience’s request, of course) where he made some bold predictions for the industry. The endpoint and cloud will be the control points of our future cybersecurity architectures. The security operations center will be one where tools support people, not where people support tools. And, customers will demand an open ecosystem approach to gain vendor choice without backoffice chaos. Within each area, MPOWER provided evidence of McAfee’s unwavering commitment to seeing this future realized.

Endpoint Protection

McAfee’s latest endpoint protection platform, ENS 10.5, released at the company’s conference the year prior, is seeing tremendous success. ENS 10.5 provides machine learning, EDR and traditional signature-based protection, all within a single-agent architecture and on a common platform.

Cloud Security

In cloud, McAfee is making virtualized IPS and web gateway capabilities available via Amazon Web Services. Conference goers witnessed a new solution to hybrid cloud challenges, McAfee Cloud Workload Security (CWS), which facilitates enterprises’ safe cloud use by discovering and defending elastic workloads within minutes.

Security Operations

In security operations, McAfee is shifting the narrative from an industrywide talent shortage that litters headlines to the talent efficiency opportunity in front of us.  McAfee Investigator applies advanced analytics to increase the SOC’s productivity by completing the normal investigative flow of a typical analyst up to 6-10 times faster, giving SOC teams a force multiplier on productivity.

Open Ecosystem

Finally, McAfee remains fully committed to fostering an open ecosystem to share threat intelligence more seamlessly and bring pre-integrated solutions to market faster for customers. The McAfee Security Innovation Alliance continues to flourish with the addition of 19 more partners, including IBM. And, attendees learned that OpenDXL and Cisco Platform Exchange Grid (pxGrid) are now integrated – allowing two of the industry’s largest messaging fabrics to share threat information and enable automation between networks and endpoints.

I want to thank our customers, partners and employees for making MPOWER such a success. Bringing to life the industry’s first on-demand, face-to-face conference was no small feat and required attendees and presenters to come together to realize the vision. Sounds familiar, doesn’t it? MPOWER was a small microcosm of the tremendous power that is unleashed in our industry when people and technologies work together. Together is power.

More MPOWERs to come

That power continues as we take MPOWER international in the next few weeks:

  • Tokyo – Nov. 9 at the Prince Park Tower. 50 sessions, 25 companies, more than 2,000 attendees expected. This conference is FREE. More information here.
  • Sydney – Nov. 14 at the International Convention Centre. Keynote speakers include McAfee CEO Chris Young and Troy Hunt, international cybersecurity expert. This conference is FREE. More information here.
  • Amsterdam –  28-29 at the Mövenpick Hotel Amsterdam City Centre. This two-day meeting includes top industry keynotes and deep-dive technical breakout sessions. More information here.

Can’t make it? Follow us on Twitter at @McAfee, @McAfee_Business and #MPOWER17.

The post MPOWER 2017 Highlights: A Cybersecurity Conference On-Demand appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/mpower-2017-highlights-cybersecurity-conference-demand/feed/ 0
How McAfee Products Can Protect Against BadRabbit Ransomware https://securingtomorrow.mcafee.com/business/how-mcafee-products-can-protect-against-badrabbit-ransomware/ https://securingtomorrow.mcafee.com/business/how-mcafee-products-can-protect-against-badrabbit-ransomware/#respond Thu, 26 Oct 2017 18:07:42 +0000 https://securingtomorrow.mcafee.com/?p=81585 McAfee is leading the way enterprises protect against emerging threats such as BadRabbit ransomware, remediate complex security issues, and combat attacks with an intelligent end-to-end security platform that provides adaptable and continuous protection as a part of the threat defense life cycle. McAfee had zero-day protection for components of the initial BadRabbit attack in the […]

The post How McAfee Products Can Protect Against BadRabbit Ransomware appeared first on McAfee Blogs.

]]>
McAfee is leading the way enterprises protect against emerging threats such as BadRabbit ransomware, remediate complex security issues, and combat attacks with an intelligent end-to-end security platform that provides adaptable and continuous protection as a part of the threat defense life cycle.

McAfee had zero-day protection for components of the initial BadRabbit attack in the form of behavioral, heuristic, application control, and sandbox analyses. This post provides an overview of those protections with the following products:

Frequently updated technical details can be found in the McAfee Knowledge Center article KB89335. We will update this post as more product information becomes available.

McAfee Endpoint Protection (ENS)

Dynamic Application Control (DAC) successfully provided our customers with zero-day protection from BadRabbit ransomware and prevented any potential damage from occurring when “Security” mode is enabled.

In addition, McAfee Endpoint Security mitigation methods for assorted malware are available in the following product guide.

Access Protection Rules: Setting up access protection rules to prevent the creation of the following files prevents the ransomware from executing and encrypting files:

  • C:\Windows\cscc.dat
  • C:\Windows\infpub.dat
  • C:\Windows\dispci.exe

The following screenshots show steps for creating rules for McAfee ENS:

Figure 1.

Figure 2. 

Figure 3.

Figure 4.

McAfee VirusScan Enterprise (VSE)

The following screenshots show steps for creating Access Protection Rules for McAfee VirusScan Enterprise (VSE). For VSE, one rule must be created for each file mentioned in the behavior section:

Figure 5.

Figure 6.

Figure 7.

Enabling Joint Threat Intelligence (JTI) Rules 239 and 242 also prevents the ransomware from executing.

McAfee Threat Intelligence Exchange (TIE)

McAfee Threat Intelligence Exchange (TIE) further enhances a customer’s security posture. With the ability to aggregate reputation verdicts from ENS, VSE, McAfee Web Gateway, and McAfee Network Security Platform, TIE can quickly share reputation information related to BadRabbit with any integrated vector. By providing the ability to use Global Threat Intelligence (GTI) for a global reputation query, TIE also enables integrated products to make an immediate decision prior to execution of the ransomware payload, and leverage the reputation cached in the TIE database.

There are currently three samples associated with this ransomware campaign, representing the dropper and the main executable that could be added manually. (GTI automatically updates these file hashes.)

  • 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
  • 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93
  • 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648

 

McAfee Network Security Platform (NSP)

McAfee NSP is one product that quickly responds to prevent exploits and protect assets within networks. The McAfee NSP team works diligently to develop and deploy user-defined signatures (UDS) for critical matters. Within a 24-hour period, several UDS were created and uploaded for customers to deploy on their network sensors. In this case, the UDS explicitly targeted the exploit tools EternalBlue, Eternal Romance SMB Remote Code Execution, and DoublePulsar. There were also related indicators of compromise released that could be added to a blacklist to block potential threats associated with the original Trojan.

A Network Security Platform Emergency User Defined Signature (UDS) has been created to detect this threat. The UDS and its release notes are available for download from Knowledge Base article KB55447.

IMPORTANT:
Use Emergency_UDS_1.zip with NSM versions 8.1.x.x and 8.3.x.x
Use Emergency_UDS_2.zip with NSM version 9.1.x.x

Please read the release notes carefully for important information.

Knowledge Base article KB55447 is available only to registered users. Log in to https://support.mcafee.com and search for the article ID.

McAfee products using DAT files 

On October 25, McAfee released on DAT 8695 to include coverage for BadRabbit ransomware and variants.

The post How McAfee Products Can Protect Against BadRabbit Ransomware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/how-mcafee-products-can-protect-against-badrabbit-ransomware/feed/ 0
When Your Media Player Watches You – Trojan Infects Software Downloads for Macs https://securingtomorrow.mcafee.com/business/when-your-media-player-watches-you-trojan-infects-software-downloads-for-macs/ https://securingtomorrow.mcafee.com/business/when-your-media-player-watches-you-trojan-infects-software-downloads-for-macs/#respond Wed, 25 Oct 2017 22:45:58 +0000 https://securingtomorrow.mcafee.com/?p=81573 Users downloading a media player to watch videos on their Macs ended up being watched by cybercriminals using Trojan malware to spy on victims’ operating systems. Unfortunately, that’s the case for the popular Mac OSX media player, Elmedia Player. A trojanized version of the program has hit the scene as a result of the developer’s […]

The post When Your Media Player Watches You – Trojan Infects Software Downloads for Macs appeared first on McAfee Blogs.

]]>
Users downloading a media player to watch videos on their Macs ended up being watched by cybercriminals using Trojan malware to spy on victims’ operating systems.

Unfortunately, that’s the case for the popular Mac OSX media player, Elmedia Player. A trojanized version of the program has hit the scene as a result of the developer’s servers being hacked by cybercriminals.

It all started when a Remote Access Trojan (RAT), named Proton, snuck into the developer’s servers via a breach in their JavaScript library. From there, the threat was able to actually live on the developers official site for a period of time. Seemingly complete legitimate, the trojanized player was ready for download, which translates to: ready to infect any innocent user that may stumble across it.

The compromised package was created in order to deliver the latest version of the Proton backdoor on a broad scale. Proton is a Trojan that poses as legitimate programs or files, such as Elmedia Player, in order to trick and entice users into unknowingly running it. Upon being launched, the Proton backdoor provides attackers with an almost full view of the compromised system, allowing the theft of browser information, keylogs, usernames and passwords, cryprocurrency wallets, macOS keychain data and more.

Users have been warned that if they downloaded the software prior to the October 19th disclosure (after which Eltima Software removed the program from the site), they run the risk of having their system infected by the malware. And since Elmeida boasts over one million users, it’s crucial we all start looking towards next steps.

Users can start by seeing if any of the following files or directories are on their system, which would mean the trojanized version of Elmedia Player has been installed:

  • /tmp/Updater.app/
  • /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
  • /Library/.rand/
  • /Library/.rand/updateragent.app/

If a user is in fact infected, the next step would be to undergo a full OS re-installation. And for Elmedia Player users who are wishing to run the program safely once more, fear not. Users are now able to download a clean version of Elmedia Player from the Eltima website, which has said to be now free of compromise.

To learn more about this Trojan, and others like, be sure to follow @McAfee and @McAfee_Business.

The post When Your Media Player Watches You – Trojan Infects Software Downloads for Macs appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/when-your-media-player-watches-you-trojan-infects-software-downloads-for-macs/feed/ 0
ROCA: Which Key-Pair Attacks Are Credible? https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/roca-key-pair-attacks-credible/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/roca-key-pair-attacks-credible/#respond Fri, 20 Oct 2017 23:18:21 +0000 https://securingtomorrow.mcafee.com/?p=81335 This blog was co-written by Brook Schoenfield. In the past two weeks, we have seen two big encryption issues arise: key reinstallation attacks, called KRACKs; and “Return of Coppersmith’s Attack,” called ROCA. Many CEOs, CIOs, and CISO/CSOs are asking, as they must, “Are we protected?” and “What’s our exposure?” Security architects are scurrying about to […]

The post ROCA: Which Key-Pair Attacks Are Credible? appeared first on McAfee Blogs.

]]>
This blog was co-written by Brook Schoenfield.

In the past two weeks, we have seen two big encryption issues arise: key reinstallation attacks, called KRACKs; and “Return of Coppersmith’s Attack,” called ROCA. Many CEOs, CIOs, and CISO/CSOs are asking, as they must, “Are we protected?” and “What’s our exposure?” Security architects are scurrying about to identify reasonable responses that can be presented to anxious executives.

We’ve already looked at KRACKs. How dangerous is ROCA?

Upon reading the Forbes article on ROCA, the first attack (code signatures) did not seem to be that major because operating system certificates typically are not generated on users’ individual machines. “Given a code signing certificate’s public key (which an organization has to publish), an attacker could derive the private key allowing them to sign software impersonating the victim,” said Jake Williams of Rendition InfoSec.

Although Williams’ example is theoretically correct, his statement fails to acknowledge how the major operating system vendors issue certificates. As we shall see from our analysis, only some digitally signed software might suffer from private-key derivation. For several commercial and open-source operating systems, derivation will not be probable, and for others will be impossible.

In case you haven’t read the rest of the analysis, Android is again this week’s security “problem child.”

Android Google Play signing certificates are generated on whatever hardware an application developer happens to own. The key pair are also generated based upon the default Java algorithm in their installation of Java. Surely, some percentage of Android signing certificates use RSA algorithm key pairs smaller than 2,048 bits and are generated from the vulnerable Infineon hardware and software?

It also appears that Apple applications not offered by the Apple Store can be signed with any certificate, including key pairs generated locally. Some small percentage of Apple applications might have key pairs that can be derived via the Infineon chip subject to a ROCA attack.

Because Apple’s Mac OS X doesn’t make use of the Infineon chip for random number generation,[1] we believe the percentage of derivable private keys will be small. Apple development occurs on Apple machines, which use a pseudorandom software algorithm. Only in a corner case would a developer generate the keys outside of Apple’s development system, XCode. Though this is certainly possible, it is not usual, and perhaps quite rare.

Are there other credible attacks? Absolutely. At the current state of key derivation (estimated at 140.8 CPU years), single, targeted derivations are very credible, especially considering adversaries who can afford to apply serious computing time to the derivation.

For attackers who can leverage massive parallel processing or supercomputing resources, the derivation of a targeted private key might be worth the investment. But the attacker first must obtain the public key, which for a number of scenarios will first require gaining a beachhead on the targeted machine.

For attackers who must maximize profits and minimize expenses and investments, key derivation is probably too expensive an operation, unless the return on investment far outweighs the expense of purchasing the computing power and taking the time to perform that single, targeted derivation. This attack occurs one at a time, not as weaponized and global.

Nation-states, cyber armies, and industrial espionage threat actors who aim at specific targets, these are the types of attacks to worry about. For the average consumer who is not a government official, intelligence agency worker, executive, or technical leader of an organization of interest, there is probably little to worry about. Update your firmware (if you can) when it becomes available. But do not change all of your passwords yet again. (Changing passwords provides no protection for this issue.)

If you reuse passwords often, do not construct passwords with lots of character variation, or do not use passphrases, any time is good to change your password strength. The ease of cracking passwords just keeps increasing exponentially. Make your passphrases slow to crack; criminals will move on to easier targets. For those who insist on using poorly constructed passwords, this attack does not decrease your already weak security posture. Weak passwords offer attackers an easy, well-trodden path to success.

For those who are potential targets of a one-off attack powered by significant resources, you should immediately seek a Trusted Platform Module (TPM) firmware update. These users will also need to reprovision the TPM root key pair and any other keys that have been generated by the Infineon chip and its associated random number generator (RNG) library. (More details follow.) Or, potential targets may wish to obtain a different device that is not dependent upon the vulnerable Infineon chip and its RSA key generation library.

For those concerned about McAfee products: McAfee Drive Encryption and McAfee Management of Native Encryption may depend upon an Infineon TPM chip to protect hard disk encryption keys. This not a McAfee vulnerability. Indeed, use of the TPM is a configurable option in McAfee Drive Encryption. If you do not use the “TPM Autoboot” feature, then even if the Infineon chip is present, McAfee Drive Encryption does not use it.

The situation is the same for any product that may take advantage of available TPM protections: A service upon which McAfee software is dependent and over which McAfee has no control has a serious vulnerability that affects the security of the machine upon which McAfee builds its protections.

McAfee customers who must protect data from a tightly targeted attack should seek a TPM firmware update immediately and then reprovision their disk encryption keys. (More details follow.) In any event, like other software that makes use of a root-of-trust like the TPM, we depend upon the TPM to ensure and anchor trust on a machine; that is its purpose and a very strong reason to use it. Hence, McAfee Drive Encryption and McAfee Management of Native Encryption are functioning as designed. (McAfee disk encryption products do not support Google Chromebook computers.)

Let’s take a look at how several major operating systems issue code-signing certificates and why these certificates will likely not be vulnerable to ROCA.

To follow the analysis, remember that ROCA works against the Infineon chip’s RNG. Even if a vulnerable Infineon chip is used, if some other RNG is employed then the ROCA attack is not applicable.

Microsoft

Authentic code certificates, which must be used for Windows digital signatures, are issued only by a limited set of approved certificate authority (CA) vendors. We might imagine that one or more of these vendors have support staff issuing certificates on their laptops, but that is not how it is done. Because the CA business is entirely dependent on the trustworthiness of the private key that is used to sign the root certificate, commercial CA must rigorously defend their root private key, and ensure that it is generated with as much entropy as possible.

We have been directly involved in the implementation of four public key infrastructures (PKIs) at three companies and worked with several more. Although none of these was a commercial CA, a couple were for large enterprises.

Root of trust CA and PKI typically do not depend on a user level or even server machines; they depend on hardware security modules (HSM) for generating and protecting keys and cryptographic functions. HSM are purpose-built appliances to perform cryptographic operations. The few HSM vendors tend to be very jealous of their careful and exacting RNGs. Based upon our investigation, the major HSM vendors build RNGs to exacting standards; these tend to be custom—as a differentiator.

It is certainly possible that these HSMs contain Infineon chips. It is also possible that the vulnerable Infineon RNG is used in some capacity in the HSM vendor’s RNG. But, the HSM RNG would have to pass its entropy failures into the vendor’s RNG, and that is unlikely. HSM RNGs receive a lot of testing and, often, independent certification of randomness.

Our educated guess is that commercial HSMs do not suffer from poor entropy because that is what the HSM business is built upon. Of course, without direct testing, Infineon ROCA susceptibility is still a possibility, though we believe a remote one (except perhaps for Infineon’s own HSM offering, Aurix).

It is very unlikely that a commercial CA that is successful enough to be approved by Microsoft would generate keys on anything less than heavy-duty, purpose-built RNGs, likely an HSM that can also adequately protect the private keys to root certificates.

Thus unless one of Microsoft’s approved CAs is blowing smoke (remembering that Microsoft certify each implementation), the likelihood of a vulnerable Infineon chip behind a Microsoft certified CA is small.

Apple

Apple issues its own Apple Store certificates. Apple would be very foolish to use just any hardware under the control of random employees and contractors for Apple Store key generation. Our educated guess is that they also employ a bank of HSMs to generate keys. After all, Apple must protect private keying material like Fort Knox, or their trust pyramid falls like a house of cards.

Outside the Apple Store, anything is possible. But, Apple’s development platform, XCode, makes it easy to generate keys. It would be a corner case that another piece of hardware and another operating system were used to generate a key pair, though this is certainly possible. XCode uses the operating system’s pseudorandom number generator, /dev/random. The device is a software generator. The Infineon ROCA attack is not relevant to XCode-generated keys.[2]

Linux

Linux makes use of OpenPGP. OpenPGP’s algorithms are specified in RFC 4880, which does not include RSA key pairs. Thus PGP signed software cannot be vulnerable.

Android/Google Play

The key pair for Google Play is generated by the Java key tool, which relies on the local Java installation and whatever cryptography provider is installed. (There is a default reference implementation.) Therefore, it is quite likely that a significant number of Android applications have been signed with the key pair generated by the vulnerable chip and potentially less than or equal to 2,048 bits.

To make matters worse, a Google Play certificate is glued to the single application to which it has been issued and is good for 30 years. How does one ensure that a private key will be safe for 30 years? That’s a couple of epochs in computer time, more in web time. Consider the rate of hardware and software change in the last 30 years. Brook threw away all his floppy disks 10 years ago; he hadn’t inserted one for at least seven years before that.

For a lone application developer without access to a properly managed HSM and security infrastructure, how do they protect their Android private key for three years, much less 30? There are many other ways to attack networks and computers beyond deriving the private key from the public key.

Taking in all of our analysis, the likely set of applications that have derivable private keys via a ROCA attack lie within the Android space. Although a faked signature based upon deriving a private key from a public key generated by the Infineon chip is certainly possible, for most operating systems it is not a credible attack due to mitigating factors in the way commercial organizations build trust with their certificate chains.

That does not mean that locally signed software used within an organization or community is not subject to a ROCA attack; the attack is certainly credible outside the realm of most major operating systems’ signing process. But self-signed certificates for signing software offer no more trust then you can place in the person who has signed the software. Caveat emptor; do not trust software from unreliable sources. That is nothing new.

Apple chose not to use the Infineon TPM chip that it had included in early Intel-powered MacBooks. The chip is no longer included. (See references, at end.)

The second attack reported in the Forbes article, impersonating trusted software that is then validated by an Infineon TPM, does seem credible to me. It might be interesting to identify which computers including the Infineon chip use it as a TPM.

Other credible attack scenarios

Of the other potential attacks, the most worrying will be those targeting a single victim. Once having gained a foothold on a device (in some unspecified manner) for which the root of trust or other cryptographic functions depend upon 2,048-bit or smaller RSA keys generated via Infineon’s RSA library, an attacker can steal the public key of the RSA key pair—if the attacker has access to the public key.[3] Offline, with sufficient computing resources, the attacker can derive the private key. At that point, what the attacker can accomplish is dependent upon the functions for which the private key has been used.

If the vulnerable key pair is used as the device startup (“boot”) root of trust, the attacker can insert software into the boot sequence. That might surrender complete control of the victim’s machine.

If the vulnerable key pair have been used to “seal,” that is, protect secrets in the TPM, then those secrets are compromised. For instance, in the case of Microsoft’s BitLocker disk encryption, the disk encryption key could be gained by the attacker.

A TPM attack will depend upon individual use cases and what the attacker hopes to accomplish through the attack. But the attack remains difficult to weaponize, and turn into a general-purpose, automated attack that anyone with the tool could carry out.

First, that attacker must get the public key to the vulnerable RSA key pair. TPM public keys generally remain on the local machine, and are not used across a network, though there are cases for network use of a TPM public key. (Brook has reviewed several such cases, but none of these was with the Infineon TPM.)

Smart card attacks, especially national cards, have been analyzed elsewhere. (See references, at end.) We find no fault in those analyses. Purveyors of smart cards using vulnerable RSA key pairs have been placed on notice to respond, quickly and effectively.

We offer this analysis in the hope that defenders and incident responders will be better able to assess the relative importance of the Infineon RSA RNG vulnerability to key derivation.

Typical consumers will not likely, at least immediately, be a target of this attack. The exploit may never become sufficiently automated to make it useful for broad cybercriminal activity. Those with valuable secrets protected by a vulnerable key pair would be wise to fix or remove the issue.

If a reader feels that they might be a target, then a first line of defense will be to install and maintain endpoint protections such as the latest version of McAfee Endpoint Security (ENS) or similar protections. By keeping attackers from establishing any presence on a machine, most credible attack scenarios cannot achieve the prerequisite first step such that any local, public RSA keys can be obtained.

McAfee Drive Encryption key reprovisioning

Drive Encryption is affected only if the TPM Autoboot policy is in use. McAfee Drive Encryption customers wishing to update an Infineon TPM should follow these steps:

  • Change the TPM Autoboot policy to Non-TPM Autoboot (or use Temporary Autoboot).
  • Update the Infineon TPM firmware provided by your hardware vendor.
  • Clear the TPM.
  • Reprovision the TPM with new keys.
  • Re-enable the TPM autoboot policy.

See the McAfee Service Portal for updates and detailed information.

Brook Schoenfield is Principal Engineer, Product Security Architecture and Jonathan Oulds is Senior Software Development Engineer and Product Security Champion Lead. They thank Joani Wilkinson, Senior Technical Support Engineer, for her assistance with this analysis.

References

https://msdn.microsoft.com/en-us/library/ms537364(v=vs.85).aspx

https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate

https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man4/random.4.html

https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW41

https://developer.apple.com/support/code-signing/

https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW1

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

RFC 4880 (November 2007)

RFC 4880bis in 2014

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

Notes

[1] First-generation MacBooks included an Infineon TPM but did not use it. See http://www.osxbook.com/book/bonus/chapter10/tpm/.

[2] Pseudorandom number generators have plenty of cryptographic problems, which is why HSM vendors build high-entropy RNG.

[3] TPM key use cases are largely confined to the machine upon which they are used, which implies that the attacker has gained a foothold on the machine to get the public key.

The post ROCA: Which Key-Pair Attacks Are Credible? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/roca-key-pair-attacks-credible/feed/ 0
Ransomware Decryption Framework – Now Available https://securingtomorrow.mcafee.com/business/ransomware-decryption-framework-now-available/ https://securingtomorrow.mcafee.com/business/ransomware-decryption-framework-now-available/#respond Thu, 19 Oct 2017 16:04:38 +0000 https://securingtomorrow.mcafee.com/?p=80675 This blog details the availability of the McAfee Ransomware Recover (Mr 2).  We would like to credit Kunal Mehta and Charles McFarland in the work required to develop this framework. How do I get my files back?  This is probably the first question asked when ransomware strikes. Of course, the answer will depend on whether there […]

The post Ransomware Decryption Framework – Now Available appeared first on McAfee Blogs.

]]>
This blog details the availability of the McAfee Ransomware Recover (Mr 2).  We would like to credit Kunal Mehta and Charles McFarland in the work required to develop this framework.

How do I get my files back?  This is probably the first question asked when ransomware strikes. Of course, the answer will depend on whether there is a backup available. Or if a decryption tool exists on the www.nomoreransom.org website.

Developing these tools invariably involve significant effort to identify the decryption keys, but also create a tool that can be tested, hosted and then made freely available to help victims of ransomware. Today however we are pleased to announce the availability of McAfee Ransomware Recover (Mr 2), this framework will allow for the rapid incorporation of decryption keys and custom decryption logic (when they become available) and get help to victims of ransomware a lot quicker.

Now, whilst the availability of a framework is important its probably not something you would say deserves the fanfare of the communications we have produced. However, the key difference here is that this framework is free to use for the security community. So if security researchers have identified decryption keys and custom decryption logic for a ransomware variant, and do not want to spend the time to produce their own tool then McAfee Ransomware Recover (Mr 2) is available to freely use.

Over the course of the next few weeks we will produce more guidance on the tool, including webcasts by the development team. Also, we will remain committed to working with our public and private sector partners to get our hands on as many decryption keys as possible.

Follow us on Twitter for all updates from #MPOWER17 at @McAfee.

The post Ransomware Decryption Framework – Now Available appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/ransomware-decryption-framework-now-available/feed/ 0
What can Blockchain Do For Cybersecurity? https://securingtomorrow.mcafee.com/business/can-blockchain-cybersecurity/ https://securingtomorrow.mcafee.com/business/can-blockchain-cybersecurity/#respond Wed, 18 Oct 2017 22:04:39 +0000 https://securingtomorrow.mcafee.com/?p=80907 You can tell when a technology has reached its peak hype potential when things just start to get silly.  In the blockchain world, this is evidenced by athletes, artists and other public personalities tweeting, posting, or otherwise endorsing ICOs (Initial Coin Offerings). These have ranged from Prediction Market blockchains, to Cannabis Supply Chain blockchains, to […]

The post What can Blockchain Do For Cybersecurity? appeared first on McAfee Blogs.

]]>
You can tell when a technology has reached its peak hype potential when things just start to get silly.  In the blockchain world, this is evidenced by athletes, artists and other public personalities tweeting, posting, or otherwise endorsing ICOs (Initial Coin Offerings). These have ranged from Prediction Market blockchains, to Cannabis Supply Chain blockchains, to more pedestrian Big Data Marketing blockchains.  My personal favorite, however, is Burger King’s “WhopperCoin”.

How do we cut through the hype?  First let’s ask the question, what are blockchains good at?

  • Adjudicating Trust – in the exchange of value, whatever that value may be, with blockchain the participants don’t need to trust each other. They trust the “math” behind the blockchain platform.
  • Transactions – blockchains are optimized to facilitate transactions between parties, whether it is exchange of value, data, etc.
  • Incentivized Participation – think “Game Theory”. The participants in the blockchain are rewarded as a result of their participation, and the incentives can be specific to the audience.
  • Transparency – the ledger is an open book – anyone can see the transaction history and trace data through the blockchain.
  • Accountability – like transparency, it is easy to account for every transaction on the blockchain and independently verify it.
  • Immutability – Once a transaction has been recorded in the blockchain, it is written in “digital stone.”

All of these things align to similar goals in cybersecurity – so where are the cybersecurity blockchains?  Let’s take a look at an interesting approach to Threat Intelligence leveraging the blockchain and see how it stacks up to the list above.  Swarm (https://swarm.market) (not to be confused with Swarm – the distributed storage and content distribution network) is a decentralized security marketplace that aims to connect end users with security experts.

In the most simple case, anyone can submit a sample through Swarm and ask “Is this malicious?”.  They can also post a “bounty” for the resultant information.  A security expert examines the sample and earns the bounty by submitting an assertion about the data.  Where the blockchain comes into play here is by acting as the arbiter of truth.  Presumably there are many, potentially thousands, of security experts making assertions on the data and contributing to confidence in their assertion.  Get enough experts to agree and you’ve got an answer you can trust.

Next up, the blockchain manages the transaction, distributing the bounty paid by the submitter amongst the “correct” security experts.  This also manages the incentives of both parties to participate in the Swarm marketplace.  As more and more information is transacted on the blockchain, security experts will begin to develop an accuracy reputation due to the transparency of the blockchain – subsequently allowing submitters to target their offers toward experts in specific areas of interest.

Finally, the accountability and immutability of the blockchain builds on that confidence to provide the most accurate results as efficiently as an open market will allow.  While all this sounds a bit slow and hands on, think of the submitter as your client software and the security expert as an automated cloud service that runs the sample through many different malware detection engines.

Will Swarm take off?  I don’t know – there is a bit of a chicken-and-egg problem to solve first.  It is clear, however, that blockchain is here to stay thanks to cloud vendors like Amazon and Microsoft offering “Blockchain as a Service”, making these technologies easier to build, manage, and maintain. I believe we will see security vendors large and small adopting blockchain technology to solve problems blockchains are good at.

As for Swarm, I’m looking forward to seeing this project’s progress and getting my hands on some code to try it out.

For more stories like this, and for updates from MPOWER17, follow us on Twitter at @McAfee.

The post What can Blockchain Do For Cybersecurity? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/can-blockchain-cybersecurity/feed/ 0
Safe Soaring: McAfee Advances Customer Success with Integrated Analytics, Ecosystems, and Experiences at MPOWER https://securingtomorrow.mcafee.com/business/safe-soaring-mcafee-advances-customer-success-integrated-analytics-ecosystems-experiences-mpower/ https://securingtomorrow.mcafee.com/business/safe-soaring-mcafee-advances-customer-success-integrated-analytics-ecosystems-experiences-mpower/#respond Wed, 18 Oct 2017 20:01:24 +0000 https://securingtomorrow.mcafee.com/?p=80593 This blog was written by Barbara Kay. Security embodies the analogy of fixing a plane in flight. Every company has some variety of security people, process, and technology in place already. So, like a plane in flight, your security infrastructure needs an operational model that can be updated, adapted, repaired, or serviced while it is […]

The post Safe Soaring: McAfee Advances Customer Success with Integrated Analytics, Ecosystems, and Experiences at MPOWER appeared first on McAfee Blogs.

]]>
This blog was written by Barbara Kay.

Security embodies the analogy of fixing a plane in flight. Every company has some variety of security people, process, and technology in place already. So, like a plane in flight, your security infrastructure needs an operational model that can be updated, adapted, repaired, or serviced while it is actively at work protecting your business infrastructure.

A successful model must accommodate several inconvenient truths. Security systems are not set-and-forget, nor does any product or service exist in a vacuum. There’s no single vendor. The people-process-technology trifecta takes a sound, extensible architecture and continual nourishment to support healthy and secure enterprise operations.

These truths are fundamental to the McAfee threat defense lifecycle model and human-machine teaming vision, which received new support this week in Las Vegas at the MPOWER Cybersecurity Summit. Here’s an overarching view and examples of the 360 degree approach McAfee is taking for customer success. We are innovating in products, in industry collaboration, in cloud enablement, and in the customer relationship model.

Innovating in Analytics

Multiple new and updated products increase the precision, efficiency, and efficacy of defenses and security operations through new analytics based on machine learning, artificial intelligence, and really smart people in our Foundstone consulting practice and McAfee Labs.

  • New McAfee Investigator solution applies advanced analytics to increase SOC productivity
  • Deep Learning integrated into McAfee Endpoint Security, leveraging knowledge gleaned from both pre- and post-execution review
  • New McAfee innovations feature ransomware decryption and a new “stegware” or steganography detection initiative

Breaking Glass (and Silos)

ESG research shows that enterprises want to embrace automation as a means of getting more done with existing resources, but automation is contingent on integration of data and processes between products. That’s been difficult because of the many moving parts: accessible APIs, vendor politics, and available integration skills and time.

We’ve taken the need for easier integration to heart, building on the success of the Data Exchange Layer