Executive Perspectives – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Mon, 19 Jun 2017 06:59:44 +0000 en-US hourly 1 Is WannaCry Really Ransomware? https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-really-ransomware/ https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-really-ransomware/#respond Thu, 08 Jun 2017 16:26:14 +0000 https://securingtomorrow.mcafee.com/?p=74857 Ransomware follows a relatively simple model: data is encrypted, the victim pays, data is decrypted. At least that is what those who create ransomware want you to believe. This was also our assumption when we began our analysis of WannaCry—that those behind the campaign would decrypt victims’ data once they received payment. However, for a campaign with incredibly effective propagation techniques, reasonable key and data management, and a working anonymous communication fabric with Bitcoin payments, we found a major flaw: The WannaCry attackers appear to be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis.

The post Is WannaCry Really Ransomware? appeared first on McAfee Blogs.

]]>
This post summarizes the significant efforts of a McAfee threat research team that has been relentless in its efforts to gain a deeper understanding of the WannaCry ransomware. We would like to specifically acknowledge Christiaan Beek, Lynda Grindstaff, Steve Grobman, Charles McFarland, and Kunal Mehta for their efforts.

Ransomware follows a relatively simple model: data is encrypted, the victim pays, data is decrypted. At least that is what those who create ransomware want you to believe. This was also our assumption when we began our analysis of WannaCry—that those behind the campaign would decrypt victims’ data once they received payment. However, for a campaign with incredibly effective propagation techniques, reasonable key and data management, and a working anonymous communication fabric with Bitcoin payments, we found a major flaw: The WannaCry attackers appear to be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis.

Technical summary

Our analysis into the encryption and decryption functions within WannaCry reveals an effective tool set. The authors:

  • Created an 8-byte unique identifier (via CryptGenRandom) that identifies the current machine and all the encrypted files on that machine. This ID is used in all communications with the back end and is intended to allow per-user decryption. (See “Can the attackers be contacted?” for details.)
  • Practiced reasonable data sanitization techniques to prevent the recovery of key material. (See “Does WannaCry prevent recovery of key material?”)
  • Followed reasonable practices to prevent the recovery of plain-text file data. (See “Does WannaCry prevent recovery of file data?”)
  • Developed a (somewhat unreliable) back end that keeps track of which users have encrypted files. (See “Can the authors respond? Can they return a private key?”)
  • Made file decryption possible, provided that the “Check Payment” interaction with the back end results in the decrypted key being written to 00000000.dky. The authors know if the returned data is a key or a message to be displayed to the user. The authors must have tested this at least once, and have thus tested full decryption where the need for the correct private key was clearly known. (See “Recovering the user’s private key”)
  • WannaCry appears to have been written by (at least] two authors or teams with different motives:
    • One author favored Win32 APIs and wrapping those APIs or using object orientation.
    • The other author favored C, common APIs (such as fopen), and long procedural functions. They may have been responsible for weaponizing the file encryptor/decryptor, but we do not know. If we are correct, this code probably introduced the unique ID idea but the interface was not updated to include a way to associate the ID with the user’s Bitcoin wallet.

The WannaCry authors demonstrated good technical governance, for example, the key handling, buffer sanitization, and private key security on disk using a strongly encrypted format. It is odd that with such good governance, the same group neglected to include something as essential as a unique ID for a user (or instance of attack) because this is mandatory to decrypt a specific user’s files. While much of the initial analysis described the WannaCry campaign as “shoddy,” the use of good technical governance suggests that there are elements of this campaign that are well implemented.

This competence raises doubts that the campaign was shoddy. Given the level of capability demonstrated, we would expect the developers would have found and fixed basic errors. Indeed, could the inclusion of these basic errors be an attempt to make the campaign appear amateur? Without apprehending those behind the campaign, it is impossible to know their motivation; yet a thorough analysis of the technical artefacts questions the shoddy theory.

 

Motivations

What were the attackers’ motives? Is this real ransomware or something else? For a particular ransomware family to make money in the long term, it must be able to encrypt and decrypt files, and have a reputation that once payment is sent, data can be recovered.

We have identified three potential motives:

  • To make money
    • WannaCry has the key components required for a financially successful campaign—including propagation, key management, data sanitization techniques to prevent data and key recovery, anonymous payment, and messaging and decryption infrastructure.
    • To keep ransom payments flowing, the authors used current messaging infrastructure to ask users to send their Bitcoin wallet IDs to the attackers. This is the same messaging infrastructure that ultimately delivers the user’s private key, allowing full decryption.
    • However, there is limited evidence from the field that payment yields data decryption.
  • To test key components of the ransomware
    • This is likely because the malware contains almost no reverse engineering and debugging protection.
    • We have already seen new WannaCry variants that are harder to analyze because components download 24 hours or so after infection time.
  • To disrupt
    • Ransomware as a destructive mechanism. The use of ransomware to destroy or generate noise, though not common, would be a particularly effective tactic.

Determining the authors intent is not trivial, and likely not possible with the information available. However, to get closer to an answer, the question we need to answer is whether WannaCry is fully functional. Analyzing that leads to a few detailed questions that we explored:

  • Can WannaCry decrypt files?
  • Can the authors be contacted?
  • Can the authors respond? Can they return a private key?
  • Does WannaCry prevent the recovery of files?
  • Does WannaCry prevent the recovery of key material?

Is WannaCry fully functional?

WannaCry can communicate with a back end that maintains its state and prevents the recovery of key material and file data. If one has the user’s private key, the user’s data can be recovered. Despite its bugs and design issues, WannaCry is effective. It is not high quality or well implemented, but it is  effective.

Can WannaCry decrypt files?

The short answer is Yes. WannaCry’s encryption, key management, and file formats have been documented by McAfee Labs, so we will not cover that here. Instead, we will focus on the decryption tool, which we know makes use of the following API sets:

  • Microsoft’s crypto APIs.
    • CryptGenKey, CryptGenRandom, CryptExportKey, CryptImportKey, CryptEncrypt, CryptDecrypt, etc.
  • Microsoft’s file management APIs.
    • CreateFileW, ReadFile, WriteFile, CloseHandle, etc.
  • C runtime library file APIs
    • fopen, fread, fwrite, fflush, fclose, etc.

Using WinDbg or IDA Pro, we can set conditional breakpoints on the APIs used by @WanaDecryptor@.exe and dump out useful information. Given the lack of debugging protection in the ransomware, this is one of the fastest ways to understand WannaCry’s behavior.

Sample decryption

To encourage users to pay the ransom, the decryption tool @WanaDecryptor@.exe can decrypt a small number of files for free. After the “free” files have been decrypted, the decryptor looks for the file 00000000.dky, which should contain the user’s private key. If found, this key is used to decrypt all files on the system. If we have the user’s private key, can we decrypt all files?

Recovering the user’s private key

To prove that decryption is possible, we need the private key:

  • Break on CryptGenKey and get the handle to any created key pair.
  • Break on CryptExportKey and watch the export of the public and private keys to memory.
    • Here we can steal the private key and check if decryption works.
  • [Optionally] put break points showing the encryption of the private key with the attacker’s public key (hardcoded within the encryptor binary), and save it to disk in 00000000.eky.

To analyze the key creation, we can use the following breakpoints:

Figure 1: Crypto API breakpoints for key import and export.

As WannaCry initializes, it calls CryptGenKey to generate a new random key, the handle to which is returned in the fourth parameter.


Figure 2: Creating a new random key.

Next, WannaCry exports the public key from the generated key and saves it to the file 00000000.eky. Note the presence of 0x06 and RSA1. This indicates that the exported key blob is a public key. To view the key blob, save the address of the buffer and buffer size in temporary registers, allow the function to return, and dump the key blob using the address and size values from the temporary registers.

Figure 3: Capturing the user’s public key.

Next, WannaCry exports the private-public key pair to memory. Note the presence of 0x07 and RSA2 in the exported buffer.

Figure 4: Capturing the user’s private-public key pair.

Immediately afterward, WannaCry encrypts the user’s private key with the attacker’s public key and writes the file to 00000000.eky. The contents of this file are sent to the attackers when the user clicks “Check Payment” (as discussed further in “Can the attackers be contacted?”).

At this moment, the private-public key pair is easily recoverable, so we can issue a command to dump that memory to a file, as shown below:

Figure 5: Writing the private key to disk from WinDbg.

In Figure 5, we have given the private key almost the correct name. If the file 00000000.dky exists and contains a valid private key that can decrypt files, WannaCry will abort its encryption run. To decrypt files, rename the file to 00000000.dky once all files have been encrypted, and click on Decrypt.

Figure 6: Dialog after WannaCry successfully decrypts all files.

Based on this analysis, WannaCry is capable of per-user decryption, provided that WannaCry can send the user’s private key to the back end, receive the private decrypted key, and place it in the correct location.

 

Can the attackers be contacted?

WannaCry provides two methods of communication with the attackers: the “Contact Us” link and the “Check Payment” button on the main decryptor interface, shown below in Figure 7.

Figure 7: WannaCry’s Decryptor interface.

If WannaCry allowed recovery, both interface controls should function. Assuming that all communication is over standard network sockets, we can inspect the traffic in real time using WinDbg/IDA Pro with the breakpoints in Figure 8.

Figure 8: Breakpoints for analyzing network traffic.

Our goal is to determine what is being sent to and received from the back end. The detail is not shown here, but WannaCry makes use of TOR to anonymize communications with the attackers, cycling through many TOR servers. We looked for the user’s private key being sent to the back end, where we expected it to be decrypted and sent back if the user had paid the ransom (or if the attackers had decided to randomly decrypt a user’s key). We found one message that was large enough. An example is shown in Figure 9.

Figure 9: A large and interesting buffer sent to the back end.

However, the data did not match any part of the user’s private key stored on disk; could this communication be encrypted? Looking at the call stack, we saw several frames:

Figure 10: Post encryption send call stack.

Looking at the previous frame, we saw a simple wrapper around ws2_32!send, so this is not an encryptor.

Figure 11: ws2_32!send wrapper.

Looking at the frame before the send wrapper in Figure 11, we found a reasonably long function beginning at 0x0040d300 that appears to be responsible for obfuscating the buffer, and we confirmed that using IDA Pro with a second breakpoint, as shown below:

Figure 12: Message obfuscator function breakpoint.

Rerunning our Check Payment debugging run, our new breakpoint fired and revealed the message to be sent prior to obfuscation:


Figure 13: Message to be sent to back end.

The message encodes information that identifies the user. We color-coded the message components in Figures 13 and 15:

  • Green: The 8-byte unique ID stored in the first 8 bytes of 00000000.res. This is created by a call to CryptGenRandom during WannaCry’s initialization and persists for the life of the attack.
  • Orange: The computer name retrieved with GetComputerNameA.
  • Red: The user’s name retrieved by GetUserNameA.
  • Bold: The Bitcoin wallet ID that the user should have sent money to, and the amount that the user should have paid.
  • Cyan: The encrypted user’s private key as read from 00000000.eky.

Based on the message content, it is reasonable to assert that the attacker’s back end receives all the information required to identify users who have paid the ransom, and should be able to perform per-user decryption, provided there is a mechanism for users to tie their Bitcoin transfers to the 8-byte unique ID that represents their specific encryption instance. However, we found no mechanism to do this and there are no interface elements or instructions to help.

Running the same experiment using the Contact Us interface shown in Figure 14, we sent a message “Hey! Can I have my files back?” to the attackers, and using our breakpoint from Figure 12, we determined that a common messaging framework is used.

Figure 14: Messaging interface.


Figure 15: Message sent to back end.

The results in Figure 15 show:

  • Both Check Payment and Contact Us appear to use a common messaging format
    • 8-byte unique ID, machine name, username is always sent.
    • The payload can vary according to message type.

As a result, we conclude that the attackers should have been able to uniquely identify a user but they clearly omitted a mechanism to tie a payment to an ID, making per-user decryption technically impossible.

Can the authors respond? Can they return a private key?

Shortly after its release, Check Payment began returning a message to users instructing them to use the Contact Us mechanism to send the users’ Bitcoin wallet addresses, as shown in Figure 16.

Figure 16: Request for a Bitcoin wallet address.

This message confirms that the attackers can respond. It also gives us an opportunity to analyze the flow of Check Payment messages. Using the same send and recv breakpoints from Figure 8, we received the following obfuscated message:

Figure 17: Encrypted response received from attackers.

Using the following breakpoint, we then watched for that data being written to the obfuscated buffer; if the obfuscation removal occurs in place, we should be able to look at the decrypted buffer.

Figure 18: Message decryption breakpoint.

Once the breakpoint fires, we saw that the message was modified in place:

Figure 19: In-place decryption of the encrypted message.

Our analysis of the function in question in WinDbg and IDA Pro indicated that on return the message was in plain text. Issuing the gu command to step out of the function, we saw the message decrypted, as shown in Figure 20.

Figure 20: Decrypted check-payment message.

This is the same message that we saw displayed in the dialog box, so end-to-end communication is working. But, how is this message used? Again, we made use of a hardware breakpoint, as shown in Figure 21.

Figure 21: Hardware breakpoint to track the decrypted message.

The preceding breakpoint triggers during a call to fwrite to 0000000.dky; the message is written to a file that should contain the user’s private key, as shown below in a subsequent call to WriteFile as part of fwrite, fflush.

Figure 22: Entire message being written to 00000000.dky

The entire message, or whatever was sent back to the decryptor, is written to the file 00000000.dky. Thus we conclude that Check Payment should return a crypto API key blob for the user’s private key. By enabling our key import breakpoint shown in Figure 1, we verified this, as shown below:

Figure 23: The decrypted message imported as a key in CryptImportKey.

Note the value of eax at the bottom of Figure 23 after CryptImportKey has returned: eax is 0, which means that CryptImportKey failed. If CryptImportKey fails, then WannaCry eventually deletes 00000000.dky and displays the message to the user. If CryptImportKey succeeds, the user can successfully decrypt all the files.

From this analysis, we conclude:

  • The WannaCry communication fabric is active and can return messages.
  • The WannaCry back end is live and tracking users because the help message is returned only once.
  • The WannaCry client expects that a message or private key can be returned from the back end:
    • If the message is not a private key (CryptImportKey fails), the client assumes the message is text that should be shown to the user.
    • Private keys are left on disk in 00000000.dky and allow the user to decrypt their files.

Decryption does not work because the authors omitted a link between payment and the unique ID. But what happens if a user follows the instructions and sends the Bitcoin wallet ID to the attackers? Can the victim decrypt files? So far, a tiny sample of victims have reported the decryption of files, but this appears not to be tied to the payment-making function.

Although the message indicates that a user may be able to get the files back (which supports the theory of shoddy design), our limited testing indicated that decryption keys are not returned and files cannot be restored even after payment, which adds weight to the possibility that WannaCry is a prank or test.

 

Does WannaCry prevent recovery of file data?

Yes and no. There has been a lot of excellent research showing that in some circumstances, files are recoverable:

  • Files on removable and nonsystem volumes.
  • Read-only files.
  • Temporary files.

Files stored in the Desktop and Documents folders are the hardest to recover. What does this mean for our theories? Both are still supported:

  • Developer incompetence: Incorrectly deleting and overwriting original files indicates a hurried or poor engineer.
    • There is a difference between not realizing that per-user file decryption can never work without the unique ID and running into filesystem processing bugs for large batch operations; errors in batch processing are much easier to explain.
  • Prank: The techniques for preventing recovery support the theory that the developers did not go to great lengths to prevent recovery from unpredictable folders and devices:
    • Removable, network, and fixed nonsystem volumes may support file carving as a recovery technique. This is also true for devices that make use of wear leveling.
    • Online storage folders and some versioning tools may provide alternative recovery mechanisms for files.
    • Desktop and documents folders are commonly file locations. Many users would not be able to recover most of their files.

We do not believe that WannaCry file data recovery prevention strongly supports either thesis.

 

Does WannaCry prevent recovery of key material?

The most important key for data recovery is the user’s private key. We used hardware breakpoints to see what happens to the exported key blob in our earlier example, as shown below:

Figure 24: Hardware breakpoint to trigger on writes to the key blob.

When this breakpoint fires, we found the following code zeroing out the exported key blob:

Figure 25: Assembly of code that modifies the exported key blob.

Thanks to care taken with data sanitization (such as that shown in Figure 25) and the correct use of CryptDestroyKey, WannaCry keeps the user’s private key in a nonencrypted form for the shortest possible time. Thus private key recovery is impractical beyond exploiting issues in the Windows APIs (as described by other authors).

Although the attacker’s motive may remain unknown for some time, we commend the response from victims, who have generally decided to not pay. Our research continues into this campaign; we will release more data as more information arises.

The post Is WannaCry Really Ransomware? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-really-ransomware/feed/ 0
WannaCry: The Old Worms and the New https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-old-worms-new/ https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-old-worms-new/#comments Sat, 13 May 2017 05:42:14 +0000 https://securingtomorrow.mcafee.com/?p=73980 The morning of Friday, May 12 multiple sources in Spain began reporting an outbreak of the ransomware now identified as WannaCry. Upon learning of these incidents, McAfee immediately began working to analyze samples of the ransomware and develop mitigation guidance and detection updates for its customers. By Friday afternoon, McAfee’s Global Threat Intelligence system was …

The post WannaCry: The Old Worms and the New appeared first on McAfee Blogs.

]]>
The morning of Friday, May 12 multiple sources in Spain began reporting an outbreak of the ransomware now identified as WannaCry.

Upon learning of these incidents, McAfee immediately began working to analyze samples of the ransomware and develop mitigation guidance and detection updates for its customers.

By Friday afternoon, McAfee’s Global Threat Intelligence system was updated to identify all known WannaCry samples and the company had delivered DAT signature updates to all its customers.

McAfee urges all its customers to ensure these DAT updates have been applied, and furthermore ensure that security updates are applied for all the software solutions they use. For more information, read this Knowledge Center article.

This week’s attacks leveraging the WannaCry ransomware were the first time we’ve seen an attack combine worm tactics along with the business model of ransomware. The weaponization of the Eternal Blue exploit made public weeks ago, and unpatched MS-17-010 Windows OS vulnerabilities by the thousands enabled WannaCry to infect hundreds of thousands of computers, across industries, across continents, and within just a day. Furthermore, these attacks accomplished all this with little or no human involvement, as is typically the case in other ransomware campaigns.

A hybrid of the proven, less the human

WannaCry’s success comes down to its ability to amplify one attack through the vulnerabilities of many machines on the network. The impact of the attack is much greater than what we’ve seen from traditional data ransomware attacks.

Almost all of the ransomware we see in the wild today attack individual users typically through spear-phishing, meaning victims receive an email that appears to be coming from a legitimate source, it lures the victim into clicking on a link or opening an attachment that downloads or executes malicious code on his or her system. But it only impacts that victim’s one computer.

If you think back to the late 90s and early 2000s, when we had Code Red, NIMDA and SQL Slammer, those worms spread really rapidly because they didn’t require a human to take any action in order to activate the malware on the machine.  This week’s attacks did something very similar.

We’re still working to determine how a “patient zero” machine became infected, but, once it was, if other machines hadn’t received the MS-17-010 vulnerability patch, they were infected over their network.

Instead of stealing data or damaging other machines, the malware executed a classic ransomware attack, encrypting files and demanding a ransom payment. The attack essentially combined two techniques to produce something that was highly impactful.

With WannaCry, if the configuration of machines within an organization possessed the Microsoft vulnerability (addressed by Microsoft in March), the ransomware could infect one machine and then move very rapidly to spread and impact many other machines that still had not been patched.

What we’ve typically seen with cybercrime is that when any technique is shown to be effective, there are almost always copycats. Given that this appears to have been quite an effective attack, it would be very reasonable for other attackers to look for other opportunities. One of the things that makes that difficult is you need to have a vulnerability in software that has characteristics that enable worm-like behavior.

What’s unique here is that there is a critical vulnerability that Microsoft has patched, and an active exploit that ended up in the public domain, both which created the opportunity and blueprint for the attacker to be able to create this type of malicious ransomware worm capability.

Open for exploit

In the late 90s, it was common practice to leave all sorts of software running on machines even if it wasn’t used. For instance, one of the worms in the 90s took advantage of a vulnerability in a print server which was by default included on all servers even if there wasn’t a printer attached to the configuration of systems. That could enable a worm to connect to that printer port on all of the servers on a network, creating a worm propagation scenario that infected system after system.

A common practice for addressing this since those days is a best practice known as “least privilege,” which allows an application or service to run only the things on a machine or network that that entity needs to complete a task or function specific to its particular role. Least privilege has reduced the chances of the traditional worm scenario, but unpatched vulnerabilities mimmick this “open” element available for exploit, particularly if such vulnerabilities enable things such as file transfer or sharing across systems.

It would be difficult to orchestrate attacks such as the WannaCry campaign, without all the unpatched vulnerabilities, the publicly released exploit, and a set of proven ransomware technologies and tactics at the attacker’s disposal.

To patch or to not to patch

WannaCry should remind IT of the criticality to apply patches quickly. Part of the reason IT organizations hesitate to patch or run an internal quality assurance process is to ensure that there aren’t software incompatibility issues. One way I like to think about this is that whenever a patch must be applied, there is a risk to applying a patch, and a risk to not applying a patch. Part of what IT managers need to understand and assess is what those two risks mean to their organizations.

By delaying deployment of a patch, they can mitigate risk related to application compatibility. By delaying a patch, they are increasing the risk of being compromised by a threat exploiting a vulnerability. IT teams need to understand for each patch, what those levels of risk are, and then make a decision that minimizes risk for an organization.

Events such as WannaCry have the potential to shift the calculus of this analysis. One of the problems we often see in security is that the lack of an attack is sometimes interpreted as having a good defense.  Companies that have become lax in applying patches may have not experienced any attacks that take advantage of those vulnerabilities. This can reinforce the behavior that it’s okay to delay patching.

This episode should remind organizations that they really do need an aggressive patching plan in order to mitigate the vulnerabilities in their environment.

Why the hospitals?

Hospitals fall into a category I think of as “soft targets,” meaning hospitals generally focus on patient care as their top priority, as opposed to having the best cyber defenders on staff and best cyber defense technologies in place.

The reason for this is that, traditionally, there was very little incentive for cybercriminals to attack a hospital. They could potentially steal patient records or other data, but the total value of data from a hospital would typically be less than that of  the bulk data stolen from other industries such as financial services.

What ransomware has done as a criminal business model is provide an incentive to attack any organization. Given that criminals are demanding a ransom, it’s far easier to exploit an organization with weaker cyber defenses than an organization with stronger cyber defenses, which is why we’ve seen hospitals, schools, municipal police departments, and universities become victims of ransomware over the last year. While we’re now starting to see the targeting of “harder” organizations as well, at least for now, there are a lot of opportunities for criminals to continue to target these soft target organizations.

What next?

Although this attack is something new, and something we need to be thoughtful of, when we see such a vulnerability occur in the wild, and an exploit published that could be used by cybercriminals, we should always expect and be prepared for this kind of attack, and many more copy-cat attacks following soon after.

 

For French translation click here.

For German translation click here.

The post WannaCry: The Old Worms and the New appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-old-worms-new/feed/ 2
An Analysis of the WannaCry Ransomware Outbreak https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/ https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/#comments Fri, 12 May 2017 22:07:01 +0000 https://securingtomorrow.mcafee.com/?p=73946 Charles McFarland was a coauthor of this blog. Over the course of Friday, May 12 we received multiple reports of organizations across multiple verticals being victim to a ransomware attack. By Friday afternoon, McAfee’s Global Threat Intelligence system was updated to identify all known WannaCry samples and the company had delivered DAT signature updates to …

The post An Analysis of the WannaCry Ransomware Outbreak appeared first on McAfee Blogs.

]]>
Charles McFarland was a coauthor of this blog.

Over the course of Friday, May 12 we received multiple reports of organizations across multiple verticals being victim to a ransomware attack. By Friday afternoon, McAfee’s Global Threat Intelligence system was updated to identify all known WannaCry samples and the company had delivered DAT signature updates to all its customers. But the wave of attacks ranks as one of the more notable cyber events in history.

Once infected, the encrypted files contain the file extension .WNCRYT. Victims’ computers then proceed to display the following message with a demand for $300 to decrypt the files.

Observations

Exploit MS17-010:

The malware is using the MS17-010 exploit to distribute itself. This is a SMB vulnerability with remote code execution options. Details at https://technet.microsoft.com/en-us/library/security/ms17-010.aspx . Exploit code is available on multiple sites, including this example: https://github.com/RiskSense-Ops/MS17-010/blob/master/exploits/eternalblue/ms17_010_eternalblue.rb.

This exploit is also known as the Equation Group’s ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers a couple of weeks ago.

With MS17-010, the attacker can use just one exploit to get remote access with system privileges, meaning both steps (Remote Code Execution +Local Privilege Escalation combined) use just one bug in the SMB protocol. Analyzing the exploit code in Metasploit, a popular hacking tool, we see the exploit uses KI_USER_SHARED_DATA, which has a fixed memory address (0xffdff000 on 32-bit Windows) to copy the payload and transfer control to it later.

By remotely gaining control over a victim’s PC with system privileges without any user action, the attacker can spray this malware in the local network by having control over one system inside this network (gaining control over all systems that are not fixed and are affected by this vulnerability), and that one system will spread the ransomware to all vulnerable Windows systems not patched for MS17-010.

Behavior

By using command-line commands, the Volume Shadow copies and backups are removed:

Cmd /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

File size of the ransomware is 3.4MB (3514368 bytes).

Authors called the ransomware WANNACRY—the string hardcoded in samples.

Ransomware is writing itself into a random character folder in the ProgramData folder with the filename tasksche.exe or in the C:\Windows\ folder with the filename mssecsvc.exe and tasksche.exe.

Examples

C:\ProgramData\lygekvkj256\tasksche.exe

C:\ProgramData\pepauehfflzjjtl340\tasksche.exe

C:\ProgramData\utehtftufqpkr106\tasksche.exe

c:\programdata\yeznwdibwunjq522\tasksche.exe

C:\ProgramData\uvlozcijuhd698\tasksche.exe

C:\ProgramData\pjnkzipwuf715\tasksche.exe

C:\ProgramData\qjrtialad472\tasksche.exe

c:\programdata\cpmliyxlejnh908\tasksche.exe

 

The ransomware grants full access to all files by using the command:

Icacls . /grant Everyone:F /T /C /Q

 

Using a batch script for operations:

176641494574290.bat 

 

Content of batch file (fefe6b30d0819f1a1775e14730a10e0e)

echo off

echo SET ow = WScript.CreateObject(“WScript.Shell”)> m.vbs

echo SET om = ow.CreateShortcut(“C:\

WanaDecryptor

.exe.lnk”)>> m.vbs

echo om.TargetPath = “C:\

WanaDecryptor

.exe”>> m.vbs

echo om.Save>> m.vbs

cscript.exe //nologo m.vbs

del m.vbs

del /a %0

Content of M.vbs

SET ow = WScript.CreateObject(“WScript.Shell”)

SET om = ow.CreateShortcut(“C:\

WanaDecryptor

.exe.lnk”)

om.TargetPath = “C:\

WanaDecryptor

om.Save

 

Indicators of compromise

Hashes

dff26a9a44baa3ce109b8df41ae0a301d9e4a28ad7bd7721bbb7ccd137bfd696

201f42080e1c989774d05d5b127a8cd4b4781f1956b78df7c01112436c89b2c9

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9

09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa

b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

aae9536875784fe6e55357900519f97fee0a56d6780860779a36f06765243d56

21ed253b796f63b9e95b4e426a82303dfac5bf8062bfe669995bde2208b360fd

2372862afaa8e8720bc46f93cb27a9b12646a7cbc952cc732b8f5df7aebb2450

24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c

f8812f1deb8001f3b7672b6fc85640ecb123bc2304b563728e6235ccbe782d85

4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

4b76e54de0243274f97430b26624c44694fbde3289ed81a160e0754ab9f56f32

9cc32c94ce7dc6e48f86704625b6cdc0fda0d2cd7ad769e4d0bb1776903e5a13

78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

5d26835be2cf4f08f2beeff301c06d05035d0a9ec3afacc71dff22813595c0b9

76a3666ce9119295104bb69ee7af3f2845d23f40ba48ace7987f79b06312bbdf

fc626fe1e0f4d77b34851a8c60cdd11172472da3b9325bfe288ac8342f6c710a

eeb9cd6a1c4b3949b2ff3134a77d6736b35977f951b9c7c911483b5caeb1c1fb

043e0d0d8b8cda56851f5b853f244f677bd1fd50f869075ef7ba1110771f70c2

57c12d8573d2f3883a8a0ba14e3eec02ac1c61dee6b675b6c0d16e221c3777f4

ca29de1dc8817868c93e54b09f557fe14e40083c0955294df5bd91f52ba469c8

f7c7b5e4b051ea5bd0017803f40af13bed224c4b0fd60b890b6784df5bd63494

3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9

9b60c622546dc45cca64df935b71c26dcf4886d6fa811944dbc4e23db9335640

5ad4efd90dcde01d26cc6f32f7ce3ce0b4d4951d4b94a19aa097341aff2acaec

24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c

12d67c587e114d8dde56324741a8f04fb50cc3160653769b8015bc5aec64d20b

85ce324b8f78021ecfc9b811c748f19b82e61bb093ff64f2eab457f9ef19b186

3f3a9dde96ec4107f67b0559b4e95f5f1bca1ec6cb204bfe5fea0230845e8301

 

IP Addresses

  • 197.231.221.221:9001
  • 128.31.0.39:9191
  • 149.202.160.69:9001
  • 46.101.166.19:9090
  • 91.121.65.179:9001
  • 2.3.69.209:9001
  • 146.0.32.144:9001
  • 50.7.161.218:9001
  • 217.79.179.177:9001
  • 213.61.66.116:9003
  • 212.47.232.237:9001
  • 81.30.158.223:9001
  • 79.172.193.32:443
  • 38.229.72.16:443

Domains

  • iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com (sinkholed)
  • Rphjmrpwmfv6v2e[dot]onion
  • Gx7ekbenv2riucmf[dot]onion
  • 57g7spgrzlojinas[dot]onion
  • xxlvbrloxvriy2c5[dot]onion
  • 76jdd2ir2embyv47[dot]onion
  • cwwnhwhlz52maqm7[dot]onion

Filenames

  • @Please_Read_Me@.txt
  • @WanaDecryptor@.exe
  • @WanaDecryptor@.exe.lnk
  • Please Read Me!.txt (Older variant)
  • C:\WINDOWS\tasksche.exe
  • C:\WINDOWS\qeriuwjhrf
  • 131181494299235.bat
  • 176641494574290.bat
  • 217201494590800.bat
  • [0-9]{15}.bat #regex
  • !WannaDecryptor!.exe.lnk
  • 00000000.pky
  • 00000000.eky
  • 00000000.res
  • C:\WINDOWS\system32\taskdl.exe

 

Bitcoin Wallets

  • 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
  • 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
  • 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Here is a snort rule submitted to Sans from Marco Novak:

alert tcp $HOME_NET 445 -> any any (msg:”ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response”; flow:from_server,established; content:”|00 00 00 31 ff|SMB|2b 00 00 00 00 98 07 c0|”; depth:16; fast_pattern; content:”|4a 6c 4a 6d 49 68 43 6c 42 73 72 00|”; distance:0; flowbits:isset,ETPRO.ETERNALBLUE; classtype:trojan-activity; sid:2024218; rev:2;)

And other SNORT rules from Emerging Threats:

(http://docs.emergingthreats.net/bin/view/Main/2024218)

alert smb any any -> $HOME_NET any (msg:”ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Request (set)”; flow:to_server,established; content:”|00 00 00 31 ff|SMB|2b 00 00 00 00 18 07 c0|”; depth:16; fast_pattern; content:”|4a 6c 4a 6d 49 68 43 6c 42 73 72 00|”; distance:0; flowbits:set,ETPRO.ETERNALBLUE; flowbits:noalert; classtype:trojan-activity; sid:2024220; rev:1;)

alert smb $HOME_NET any -> any any (msg:”ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response”; flow:from_server,established; content:”|00 00 00 31 ff|SMB|2b 00 00 00 00 98 07 c0|”; depth:16; fast_pattern; content:”|4a 6c 4a 6d 49 68 43 6c 42 73 72 00|”; distance:0; flowbits:isset,ETPRO.ETERNALBLUE; classtype:trojan-activity; sid:2024218; rev:1;)

 

Yara:

rule wannacry_1 : ransom

{

meta:

author = “Joshua Cannell”

description = “WannaCry Ransomware strings”

weight = 100

date = “2017-05-12”

 

Strings:

$s1 = “Ooops, your files have been encrypted!” wide ascii nocase

$s2 = “Wanna Decryptor” wide ascii nocase

$s3 = “.wcry” wide ascii nocase

$s4 = “WANNACRY” wide ascii nocase

$s5 = “WANACRY!” wide ascii nocase

$s7 = “icacls . /grant Everyone:F /T /C /Q” wide ascii nocase

 

Condition:

any of them

}

rule wannacry_2{

meta:

author = “Harold Ogden”

description = “WannaCry Ransomware Strings”

date = “2017-05-12”

weight = 100

strings:

$string1 = “msg/m_bulgarian.wnry”

$string2 = “msg/m_chinese (simplified).wnry”

$string3 = “msg/m_chinese (traditional).wnry”

$string4 = “msg/m_croatian.wnry”

$string5 = “msg/m_czech.wnry”

$string6 = “msg/m_danish.wnry”

$string7 = “msg/m_dutch.wnry”

$string8 = “msg/m_english.wnry”

$string9 = “msg/m_filipino.wnry”

$string10 = “msg/m_finnish.wnry”

$string11 = “msg/m_french.wnry”

$string12 = “msg/m_german.wnry”

$string13 = “msg/m_greek.wnry”

$string14 = “msg/m_indonesian.wnry”

$string15 = “msg/m_italian.wnry”

$string16 = “msg/m_japanese.wnry”

$string17 = “msg/m_korean.wnry”

$string18 = “msg/m_latvian.wnry”

$string19 = “msg/m_norwegian.wnry”

$string20 = “msg/m_polish.wnry”

$string21 = “msg/m_portuguese.wnry”

$string22 = “msg/m_romanian.wnry”

$string23 = “msg/m_russian.wnry”

$string24 = “msg/m_slovak.wnry”

$string25 = “msg/m_spanish.wnry”

$string26 = “msg/m_swedish.wnry”

$string27 = “msg/m_turkish.wnry”

$string28 = “msg/m_vietnamese.wnry”

condition:

any of ($string*)

}

 

McAfee urges all its customers to ensure McAfee’s DAT updates have been applied to ensure the latest protection. We furthermore advise customers to be diligent in applying security updates for all the software solutions they use.

For more information on McAfee’s response to WannaCry, please read this Knowledge Center article.

The post An Analysis of the WannaCry Ransomware Outbreak appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/feed/ 5
WannaCry : les vers d’hier font peau neuve https://securingtomorrow.mcafee.com/languages/francais/wannacry-les-vers-dhier-font-peau-neuve/ https://securingtomorrow.mcafee.com/languages/francais/wannacry-les-vers-dhier-font-peau-neuve/#respond Fri, 12 May 2017 15:44:17 +0000 https://securingtomorrow.mcafee.com/?p=74459 Le vendredi 12 mai en matinée, de nombreuses sources en Espagne ont été les premières à signaler l’apparition d’une vague d’attaques informatiques menées à l’aide du ransomware désormais identifié sous le nom de WannaCry. Dès que McAfee a été informé de ces incidents, notre équipe s’est immédiatement attelée à analyser des échantillons de ce logiciel de …

The post WannaCry : les vers d’hier font peau neuve appeared first on McAfee Blogs.

]]>
Le vendredi 12 mai en matinée, de nombreuses sources en Espagne ont été les premières à signaler l’apparition d’une vague d’attaques informatiques menées à l’aide du ransomware désormais identifié sous le nom de WannaCry.

Dès que McAfee a été informé de ces incidents, notre équipe s’est immédiatement attelée à analyser des échantillons de ce logiciel de demande de rançon. Nous avons mis au point des mises à jour pour sa détection ainsi que des conseils de prévention à l’intention de nos clients.

Le vendredi après-midi, le système de cyberveille McAfee Global Threat Intelligence a été actualisé pour permettre l’identification de tous les échantillons connus de WannaCry. En outre, nous avons fourni à tous nos clients des mises à jour de signatures (fichiers DAT).

Nous leur conseillons vivement non seulement de s’assurer que ces mises à jour DAT ont été appliquées, mais aussi de veiller au déploiement des mises à jour de sécurité requises pour toutes les solutions logicielles qu’ils utilisent. Pour plus d’informations, veuillez consulter cet article du Knowledge Center.

L’offensive menée à l’aide de WannaCry est inédite : c’était la première fois que l’on observait un mode opératoire combinant des tactiques typiques des vers avec le modèle économique des ransomwares. La conversion en outil d’attaque de l’exploit Eternal Blue, rendu public il y a plusieurs semaines, et la mise à profit de milliers de failles de systèmes d’exploitation Windows encore présentes malgré la publication du correctif MS-17-010 ont permis à WannaCry d’infecter des centaines de milliers d’ordinateurs. Tous les secteurs d’activité et la planète entière ont été frappés, en un jour à peine. De plus, ces attaques n’ont pas nécessité d’intervention humaine, ou très peu, comme c’est généralement le cas dans les campagnes de propagation de ransomware.

Un croisement entre méthodes éprouvées, sans le facteur humain

La réussite de WannaCry est due à sa capacité à amplifier chaque attaque grâce à l’exploitation des vulnérabilités de nombreuses machines connectées au réseau. L’impact est donc nettement plus important que celui des campagnes de diffusion de ransomware classiques observées jusqu’ici.

Pratiquement tous les logiciels de demande de rançon qui sévissent à l’heure actuelle visent des utilisateurs particuliers, souvent par des techniques de harponnage (spear phishing). Ainsi, les cibles reçoivent généralement un e-mail qui semble émaner d’un expéditeur légitime et les incite à cliquer sur un lien ou à ouvrir une pièce jointe entraînant le téléchargement ou l’exécution de code malveillant sur le système du destinataire. Ce type d’attaque n’affecte cependant que l’ordinateur de la victime.

Dans les années 1990 et au début des années 2000, à l’époque de Code Red, NIMDA et SQL Slammer, ces vers se propageaient rapidement parce qu’ils n’avaient pas besoin du concours de l’être humain pour activer le logiciel malveillant sur les ordinateurs. Les attaques qui ont fait rage à la mi-mai ont eu un comportement similaire.

Nous essayons toujours de déterminer comment une machine « patient zéro » a pu être infectée, mais nous savons qu’à partir de cette première infection, d’autres systèmes dépourvus du correctif MS-17-010 étaient contaminés via leur réseau.

Plutôt que de voler des données ou d’endommager d’autres machines, le logiciel malveillant a exécuté une attaque par ransomware classique, en chiffrant des fichiers et en exigeant une rançon. Deux techniques ont été associées pour produire un impact maximal.

Dans le cas où les systèmes de l’entreprise présentaient la vulnérabilité en question (pour laquelle Microsoft avait publié une mise à jour de sécurité en mars), le ransomware WannaCry pouvait infecter un premier ordinateur, puis se propager très rapidement et toucher de nombreuses autres machines dépourvues du correctif ad hoc.

En matière de cybercrime, nous savons que lorsqu’une technique se révèle efficace, elle est presque systématiquement copiée. Vu la réussite impressionnante de cette cyberattaque, on peut raisonnablement penser qu’elle inspirera d’autres pirates. Elle sera cependant difficile à reproduire car ce type d’approche nécessite la présence d’une vulnérabilité logicielle dont les caractéristiques permettent l’expression d’un comportement similaire à celui d’un ver informatique.

L’attaque WannaCry est unique en cela qu’elle a tiré parti à la fois d’une vulnérabilité critique pour laquelle Microsoft avait déjà publié un correctif et d’un exploit actif qui s’est retrouvé sur Internet, accessible à quiconque : ces deux facteurs ont offert à son auteur l’opportunité et le modèle de fonctionnement lui permettant de créer ce ver de demande de rançon très particulier.

Une brèche ouverte aux exploits

À la fin des années 1990, il était courant de laisser s’exécuter toutes sortes de logiciels sur des ordinateurs qui pourtant n’étaient pas en cours d’utilisation. Ainsi, un des vers actifs à cette époque tirait parti d’une vulnérabilité d’un logiciel de serveur d’impression qui était inclus par défaut sur tous les serveurs, même si la configuration ne comptait en réalité aucune imprimante. Tous les serveurs du réseau étaient donc exposés au risque qu’un ver se connecte à leur port d’imprimante, créant ainsi un scénario de propagation où le ver pouvait infecter un système après l’autre.

Pour contrer ce type d’attaque, une bonne pratique appelée « principe du moindre privilège » a été adoptée. Selon celle-ci, une application ou un service exécute sur une machine ou un réseau uniquement les éléments strictement nécessaires à l’accomplissement des tâches ou fonctions propres à son rôle particulier. L’application de ce principe a limité les risques d’attaques par des vers traditionnels, mais les vulnérabilités non corrigées laissent elles aussi une porte ouverte par laquelle les exploits peuvent s’engouffrer — particulièrement lorsqu’elles permettent des transferts de fichiers, des partages entre systèmes, etc.

Il serait très compliqué d’orchestrer des attaques telles que la campagne WannaCry sans la présence de vulnérabilités non corrigées, sans un exploit rendu public et sans disposer d’une série de technologies et tactiques de ransomware à l’efficacité éprouvée.

Corriger ou ne pas corriger, telle est la question

WannaCry doit rappeler aux équipes informatiques combien il est essentiel d’appliquer rapidement les patchs requis. L’une des raisons pour lesquelles elles hésitent à corriger leurs systèmes ou à exécuter un contrôle qualité interne est qu’elles veulent s’assurer de l’absence de problèmes de compatibilité logicielle. J’envisage la question sous un angle différent : lorsqu’un correctif est disponible, tant son application que sa non-application comportent un certain risque. L’un des rôles du responsable informatique consiste à peser ces risques respectifs et à évaluer ce qu’ils représentent pour leur entreprise.

Dans certains cas, retarder le déploiement d’un patch limite les risques d’incompatibilité. Dans d’autres, cela augmente le risque de compromission par une menace qui exploiterait une vulnérabilité existante. Pour chaque patch, l’équipe informatique doit déterminer le niveau de risque associé à chaque cas de figure et ensuite prendre la bonne décision, celle qui mettra le moins possible l’entreprise en péril.

Des incidents majeurs tels que WannaCry vont probablement peser dans la balance lors de cette analyse. Il arrive souvent que les équipes de sécurité interprètent l’absence d’attaques comme une preuve de l’efficacité de leurs défenses. Or, il n’en est rien. Il est tout à fait possible que des entreprises négligentes dans l’application de patchs n’aient pas subi d’attaques exploitant les vulnérabilités concernées. Cela peut renforcer l’idée qu’un déploiement différé n’est pas problématique.

Or, cette attaque massive du mois de mai doit rappeler aux entreprises qu’elles doivent absolument adopter une stratégie rigoureuse de correction des vulnérabilités dans leur environnement.

Pourquoi les hôpitaux ?

Les hôpitaux sont des cibles vulnérables, car leur première préoccupation est bien évidemment les soins aux patients, et pas le déploiement des meilleures technologies de cyberdéfense ou le recrutement de personnel qualifié en cybersécurité.

De fait, jusqu’à présent, les cybercriminels avaient très peu à gagner avec ces établissements. Il était toujours possible de voler les dossiers médicaux ou d’autres types de données, mais en termes de valeur totale, les données provenant d’un hôpital étaient généralement moins attrayantes que celles subtilisées à des entreprises de secteurs comme les services financiers.

Avec le modèle économique criminel des ransomwares, tous les secteurs d’activité deviennent des cibles potentiellement intéressantes. Puisque l’objectif du cyberpirate est la rançon, il est plus aisé de s’en prendre à une structure aux cyberdéfenses faibles plutôt qu’à une entreprise dotée d’un dispositif de protection performant. Voilà pourquoi des hôpitaux, des bureaux de police, des établissements d’enseignement et des universités ont été frappés par des ransomwares l’année dernière. Nous commençons à observer également un intérêt accru pour des entreprises moins vulnérables, mais pour l’instant du moins, les pirates disposent encore de nombreuses opportunités de cibler ces proies plus faciles.

Et demain ?

Même si l’attaque WannaCry présente des caractéristiques inédites, dont il faudra tenir compte à l’avenir, lorsqu’une vulnérabilité est signalée publiquement et qu’un exploit est diffusé au risque d’être utilisé par des cybercriminels, nous devons nous attendre à une attaque de ce genre et nous y préparer. Et, très vite, à de nombreuses autres qui s’en seront inspirées.

 

The post WannaCry : les vers d’hier font peau neuve appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/languages/francais/wannacry-les-vers-dhier-font-peau-neuve/feed/ 0
CIOs: You need to have the cloud talk with your staff https://securingtomorrow.mcafee.com/executive-perspectives/cios-need-cloud-talk-staff/ https://securingtomorrow.mcafee.com/executive-perspectives/cios-need-cloud-talk-staff/#respond Mon, 08 May 2017 16:15:23 +0000 https://securingtomorrow.mcafee.com/?p=73656 CIOs, it is time to have a frank and open discussion with your staff. This conversation may be difficult or awkward, as it involves topics such as consent, privacy, and appropriate protection. Yes, you need to speak with your staff about the organization’s cloud strategy, and any deployment or security issues that they are facing. …

The post CIOs: You need to have the cloud talk with your staff appeared first on McAfee Blogs.

]]>
CIOs, it is time to have a frank and open discussion with your staff. This conversation may be difficult or awkward, as it involves topics such as consent, privacy, and appropriate protection. Yes, you need to speak with your staff about the organization’s cloud strategy, and any deployment or security issues that they are facing.

Cloud First strategies are predominantly driven from the top-down, per McAfee’s 2017 cloud adoption and security report  However, for many of the organizations involved in the study, there appears to be a slight disconnect between the C-suite and staff. Overall, C-level executives, such as CIOs, CSOs, and CISOs, displayed a more positive attitude towards cloud-based operations than the non-executive respondents.

Within your organization, it is important to uncover any gaps in perception and determine what is causing them. Are the reasons for a Cloud First strategy not getting clearly communicated down the chain? Are your staff seeing operational issues that are not making it to your office? Or is your staff concerned that cloud adoption is putting their jobs at risk.

The McAfee 2017 cloud study provides some valuable clues and discussion points for your staff meeting. Based on the survey results, 92% of execs stated that they are following a Cloud First strategy, but only 80% of staff agreed. There were also significant gaps in the number and types of cloud services in use, amount of sensitive data stored in the cloud, and plans for future cloud investments. An organization-wide inventory of cloud services in use, data types and locations, and budgets would be an excellent way to start the meeting. The results of this inventory will likely surprise most people in the room, and form the foundation for a discussion of operational and staffing concerns.

According to the survey, the biggest gaps in operational concerns between staff and executives relate to costs, compliance, unauthorized access, and Shadow IT. Staff were more concerned about costs than executives, which may be directly related to lack of information about budget plans, mentioned above. However, staff were also more concerned about unauthorized access to sensitive data and their ability to maintain compliance with regulations than the execs. These concerns should be the focus of a deep dive across the organization, to identify whether there are significant gaps in security and privacy controls. At the same time, executives were more concerned about Shadow IT than staff. When Shadow IT apps are found, staff were more likely to favor blocking access to unauthorized applications, while execs preferred data loss prevention tools. Depending on the results of y our discussion, clear communication throughout the organization about the risks and consequences of Shadow IT appears to be needed.

Finally, staff may feel that they lack the necessary job skills for a Cloud-First IT department. Over half of the executives reported that they have slowed their cloud adoption due to a skills shortage, and almost a third reported that they are continuing despite a skills shortage. However, the execs ranked this concern lower than staff did, which may be inadvertently sending the message down the chain that staffing changes are coming. Based on earlier research from McAfee, it is easier and more effective to invest in security training for existing staff than to find and hire experienced security professionals.

The transformation to cloud services is having a significant impact on the efficiency and effectiveness of organizations of all sizes, and the IT department is probably impacted more than most. Based on the results of this study, there are some small but possibly significant gaps between C-level executives and their staff, that should be addressed before they impact the organization’s security posture.

For more details on cloud adoption and security, download the 2017 McAfee cloud report, Building Trust in a Cloudy Sky.

The post CIOs: You need to have the cloud talk with your staff appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cios-need-cloud-talk-staff/feed/ 0
McAfee Raises the Stakes Against Cyberespionage https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-raises-stakes-cyberespionage/ https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-raises-stakes-cyberespionage/#respond Wed, 03 May 2017 21:25:50 +0000 https://securingtomorrow.mcafee.com/?p=73384 On November 17, 2016, Shamoon malware struck once more. As with the first Shamoon assault five years ago, the target was Saudi Arabia. But while earlier attacks focused on critical oil and gas infrastructure, last fall’s campaigns targeted Saudi government institutions, financial services, and other sectors. The objective was to gather information on individuals and …

The post McAfee Raises the Stakes Against Cyberespionage appeared first on McAfee Blogs.

]]>
On November 17, 2016, Shamoon malware struck once more.

As with the first Shamoon assault five years ago, the target was Saudi Arabia. But while earlier attacks focused on critical oil and gas infrastructure, last fall’s campaigns targeted Saudi government institutions, financial services, and other sectors. The objective was to gather information on individuals and organizations and wipe critical systems clean. With aggressive assaults across such a broad scope of attack surfaces, the latest Shamoon campaigns were nothing short of attempts to disrupt an entire nation.

Such an effort isn’t audacious given other events over the last several months. We’ve heard the revelations about the breach at Yahoo, watched the Mirai DDoS attack disrupt huge swaths of the Internet, and tried to come to terms with a DNC hack that many say influenced the American democratic process. The re-emergence of Shamoon is just the latest reminder that life and liberty can be imperiled by cyber-attacks.

It’s time—once again—for all of us to raise the stakes in our cybersecurity fight. We must match the audacious efforts of our adversaries with our own.

On the heels of the “new” McAfee launch, we are taking an important step in this effort by increasing investments and resources to fight and win with cyber threat research. Those investments are already starting to pay off, and last week we released new research on the evolution of the Shamoon cyberespionage campaigns that have ravaged the Middle East for half a decade.

The report identifies overlapping technology, tactics, and infrastructure among disparate Shamoon cyber campaigns in Saudi Arabia, and suggests there is one actor behind all the campaigns, rather than numerous independent cyber gangs. We further uncover that the actor has dramatically improved the sophistication of their attacks since 2012.

The research is the work of our Strategic Intelligence group, which works closely with our services organization’s Advanced Programs Group (APG). Led by Chief Scientist and McAfee Fellow Raj Samani, the group complements McAfee Labs’ threat intelligence analysis and Advanced Threat Research’s vulnerability research with an investigative specialization across several essential areas. These include advanced malware, ransomware, cyber campaigns and networks, financial fraud, cyber espionage, cyberwarfare, and protection of industrial controls.

Last week’s report reveals the first of many insights the group will provide our customers, partners, and law enforcement. The work is just one example of the “new” McAfee’s audacious effort to raise the stakes in the fight against our adversaries.

Attacks by cybercriminals, rogue states, or stateless actors, wherever they are targeted, are a threat to us all. Please join me in elevating our commitment to putting malicious actors where they belong—out of business.

 Be sure to check out the Strategic Intelligence team’s executive summary and technical blogs for more information on what they found.

 

The post McAfee Raises the Stakes Against Cyberespionage appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-raises-stakes-cyberespionage/feed/ 0
Are Embedded OEM Device Manufacturers Responsible for Ensuring Their Devices are Secured? https://securingtomorrow.mcafee.com/mcafee-partners/embedded-oem-device-manufacturers-responsible-ensuring-devices-secured/ https://securingtomorrow.mcafee.com/mcafee-partners/embedded-oem-device-manufacturers-responsible-ensuring-devices-secured/#respond Tue, 02 May 2017 19:00:52 +0000 https://securingtomorrow.mcafee.com/?p=73142 Threats against the Industries Today’s devices are becoming more internet-connected as we speak. As our world becomes further intertwined with technology, new doors open directly into our lives for potential threats. Hackers are quickly advancing with their attacks, making it detrimental for end users if security is not provided. Consumers within the retail, medical, industrial …

The post Are Embedded OEM Device Manufacturers Responsible for Ensuring Their Devices are Secured? appeared first on McAfee Blogs.

]]>
Threats against the Industries


Today’s devices are becoming more internet-connected as we speak. As our world becomes further intertwined with technology, new doors open directly into our lives for potential threats. Hackers are quickly advancing with their attacks, making it detrimental for end users if security is not provided. Consumers within the retail, medical, industrial controls and now even the automotive industries are concerned with using devices in their environment due to the potential risk of a cyber attack. Thus, it is critical for device manufacturers and embedded OEMs to provide security within their devices.

The estimated cost of an average cyber attack is $15 million. Approximately 12 million records were breached in just the first half of 2016 in the retail industry. From 2013 to 2016, the number of breaches in the medical Industry have nearly doubled. Within the industrial control industry, more than half of the critical infrastructure organizations have suffered from breaches in the last year. Additionally, in the automotive industry, automobiles are not immune to cyber attacks as well.

The benefits of partnering with McAfee


The McAfee Embedded OEM team is partnering with industry leading device manufacturers and embedded OEMs such as Siemens Healthineers, Schneider Electric, NCR, and Toshiba to embed security solutions within their devices and ensure the safety and privacy of customers.

Our security products feature anti-malware protection, comprehensive threat awareness and analysis, strong data encryption, and is topped off with streamlined security management, making it effective against threats yet simple enough to manage. With embedded security solutions, customers will be compliant and can avoid incidents that can result in high maintenance and service costs.

Our team is committed to be our embedded OEM partner’s #1 security vendor. We know that no one person, product, or organization can fight cybercrime alone. We simply believe that there’s power in working together. People working together. Products and solutions working together. Organizations and industries working together.

Let’s work together because Together is Power.
For more details about becoming an OEM partner, please visit our site: www.mcafee.com/oem

For additional information about our product solutions, please visit our site: www.mcafee.com/us/solutions/embedded-security.aspx

The post Are Embedded OEM Device Manufacturers Responsible for Ensuring Their Devices are Secured? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/mcafee-partners/embedded-oem-device-manufacturers-responsible-ensuring-devices-secured/feed/ 0
The State of Shamoon: Same Actor, Different Lines https://securingtomorrow.mcafee.com/executive-perspectives/state-shamoon-actor-different-lines/ https://securingtomorrow.mcafee.com/executive-perspectives/state-shamoon-actor-different-lines/#respond Wed, 26 Apr 2017 05:01:39 +0000 https://securingtomorrow.mcafee.com/?p=72669 Naming the recent data-wiping attacks in Saudi Arabia as a continuation of the Shamoon campaign suggests that we are dealing with identical malware and procedures. However, there are fundamental differences between the campaigns of 2012 and 2016‒17, and these differences provide a fascinating insight into the development process of the attackers. When we look at …

The post The State of Shamoon: Same Actor, Different Lines appeared first on McAfee Blogs.

]]>
Naming the recent data-wiping attacks in Saudi Arabia as a continuation of the Shamoon campaign suggests that we are dealing with identical malware and procedures. However, there are fundamental differences between the campaigns of 2012 and 2016‒17, and these differences provide a fascinating insight into the development process of the attackers.

When we look at this campaign from a high level (preceding image) and at the shared characteristics (in red), we find quite a lot in common. Let’s examine in more detail:

When we look more closely into the phases of the cyberattack “kill chain,” and their modus operandi, we see differences that lead to more questions, as well as interesting findings.

Reconnaissance

In the reconnaissance phase of the 2012 attacks, the adversaries used scanning tools and a pirated copy of penetration-testing software Acunetix Security Scanner to find possible vulnerabilities on the victims’ outward-facing servers. An example of this scanning follows in an excerpt from an intrusion detection system log:

After finding a possible exploit, the adversaries uploaded web shells to gain remote access and used the web shells’ functionality to harvest usernames and credentials.

In analyzing attacks, we look at the capabilities and skills actors use. In examining how well an adversary knows its target and infrastructure, we classify this type of noisy scanning and hoping for an exploit as novice behavior. The attacker is hoping for a lucky shot instead of gathering detailed information during the reconnaissance phase.

In the 2016 attack, the reconnaissance phase consisted of spear-phishing attacks, with well-prepared spoofed domains and documents falsified as from certain trustworthy corporate and public-sector organizations. These documents were weaponized with malicious macros to download and execute a variety of backdoor threats. From 2012 we know publicly of two major attacks on victims in the petrochemical industry. In 2016‒17 the attacks were focused on multiple sectors including public, petrochemical, finance but were intended to disrupt a single country: Saudi Arabia.

Weaponization

Once the adversaries gathered the credentials needed to weaponize the wiper malware component, they generally used accounts that would give the right amount of privileges to spread the malware as far as possible through the network. One interesting difference was that in the 2012 case that attackers also inserted default credentials of industrial control systems (ICS) equipment. Clearly the attack was aimed not only at the victims’ office networks but also attempted to disrupt the ICS environments.

In both cases, when the hardcoded date was reached, the wiper started to erase the disks. In 2012 the wiped machines reported to an internal control server that the destruction was a success. In the 2016 Shamoon samples, we found a control server component but to our knowledge it was not used to track the status of destruction.

In one URL parameter (also mentioned by our peers in the industry analyzing this campaign) we find an interesting word:

GET hxxp://server/category/page.php?shinu=ja1p9/

The word shinu can be translated to “what?” in Persian Gulf Arabic slang or “listen” in Farsi.

Until now we have compared the 2012 and 2016‒17 attacks. During our investigation and those by our peers in the industry, we have discovered many relations to other campaigns that used the same domains, whois registrants, or code. One of the examples we found was the reuse of code and exploits used in an attack by the Rocket Kitten group in spring 2016 and its reappearance in the 2016 Shamoon attacks.

A code excerpt from a macro used by Rocket Kitten since spring 2016:

A code excerpt from a macro used in a spear-phishing attack by Shamoon in 2016:

Our peers mentioned some other artifacts that referred to the OilRig campaign, in which Saudi Arabian organizations were targeted using Excel documents that included macros. The macros’ VBS code ran PowerShell and communicated via DNS tunneling.

From an operational security perspective—“How well do the attackers hide details or information about themselves?”—we gave them a low score in both campaigns. Although we saw some manipulation on purpose, for example, the resource language in the 2016 wiper was Yemeni Arabic (likely a reference to the political conflict in the region), and the “wiping picture” accompanied by a photo of the dead Syrian boy on the beach. Still plenty of information was left behind, for example, the reuse of infrastructure and code as well as program database paths in the malware that normally would be removed.

From a risk-analysis perspective, we would give the 2012 adversaries a certain score based on factors such as stealth, operations security, precision, and other factors. If we were to do the same for the 2016‒2017 attacks, we would award a higher score. For example, the attack precision increased due to using spear phishing with payloads instead of using noisy scanning and web shells. Also, the time of persistence in the networks increased compared with that of the 2012 attacks.

Due to the large scale of the attack in 2016‒2017, we saw mistakes in maintaining operational security. We strongly believe that this was caused by the involvement of different groups/individuals with different skills, whereas in 2012 we believe one group was responsible for the attack.

Development cycle

With five years between the attacks, we have likely seen a nation-state actor grow in cyber-offensive capacity and skills. Where once pirated software was used for vulnerability scanning, which can be easily detected by intrusion detection or prevention systems, we now find targeted spear phishing with weaponized documents. And instead of batch scripts, the use of PowerShell scripts and DNS tunneling demonstrates a major increase in the attackers’ expertise.

Note: We wish to acknowledge the efforts of McAfee’s Advanced Programs Group for that team’s extensive contributions to the actor and adversary part of this research.

Want more information? Check out the Q&A or Summary Blog on this topic, and follow us on Twitter @McAfee.

The post The State of Shamoon: Same Actor, Different Lines appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/state-shamoon-actor-different-lines/feed/ 0
Shamoon Returns, Bigger and Badder https://securingtomorrow.mcafee.com/business/shamoon-returns-bigger-badder/ https://securingtomorrow.mcafee.com/business/shamoon-returns-bigger-badder/#respond Wed, 26 Apr 2017 05:01:26 +0000 https://securingtomorrow.mcafee.com/?p=72660 In November 2016, we published a blog that drew comparisons between samples that we had received to that of the 2012 ‘Shamoon’ campaign. Since November, there has been a considerable amount of research corroborating our initial assertions, which we have reviewed against our own continuing analysis. We found that the latest Shamoon campaigns are attacking …

The post Shamoon Returns, Bigger and Badder appeared first on McAfee Blogs.

]]>
In November 2016, we published a blog that drew comparisons between samples that we had received to that of the 2012 ‘Shamoon’ campaign. Since November, there has been a considerable amount of research corroborating our initial assertions, which we have reviewed against our own continuing analysis. We found that the latest Shamoon campaigns are attacking a wider range of organizations, they are connected to other notable campaigns, and the increase in sophistication suggests investment, collaboration and coordination beyond that of a single hacker group, but rather that of the comprehensive operation of a nation-state. This blog, and the technical details (also now published) is a summary of our continued research into the comparison and growth of the attacks from 2012 – 2017.

A wider group of targets 

In the original campaign, the targets were predominantly focused on the energy sector within Saudi Arabia. In the current instance, we have evidence that the scope of targeted verticals has widened from energy to the public sector, financial services, and others. Although the scope of targets has widened, all the samples we received targeted organizations in Saudi Arabia.

The approach taken by the attackers was all too familiar: once a target was identified, they used spear phishing email as the initial entry vector. From as far back as September 2016, the attackers sent these emails to individuals within target organizations. The messages contained Microsoft Office files embedded with macros, which facilitated back-door access to the organizations. With the necessary reconnaissance concluded, the actors initiated the weaponization of the attack with the intention of disrupting key organizations across Saudi Arabia:

  • Attack Wave 1: Wipe systems on November 17, 2016, at 20:45 Saudi time.
  • Attack Wave 2: Wipe systems on November 29, 2016, at 01:30 Saudi time.
  • Attack Wave 3: Began January 23, 2017, and ongoing, with similar samples and methods and TTPs as in Waves 1 and 2.

The process of wiping infected systems loaded a different image to the original campaign, but with the same devastating effect. The scale of attack—with multiple waves of attacks—suggests a coordinated effort to disrupt a nation that is new compared to the previous campaign.

Links to other campaigns

The linkage to the previous campaign was based on the fact that much of the code was the same; indeed our assessment concluded that there was a 90% reuse of code from the 2012 attacks. However, our examination of this reuse of code led us to identify code from other attack campaigns. For example, code used in the macros from the latest spear-phishing campaign was seen in attacks conducted by the Rocket Kitten hacking group, and the infrastructure used we identified as that used by the Oil-RIG campaign.

Although the current attackers may have connections with a particular nation-state, our analysis focused on the notable increase in the technical expertise since the 2012 campaign. For example, in 2012, the actors moved quickly in and out of the victim network, inflicting system-wipe damage and then disappearing. In 2016, the actors penetrated networks and established remote control to gather intelligence for future planned wiping attacks.

A broader community of collaborators

Based on these and other key differences, we strongly believe that the 2016-17 campaigns benefitted from the development effort of a much wider community of collaborating hacking groups. The recent attacks demonstrate greater technical expertise, yet the wide-ranging nature of the campaign involved many other actors that did not necessarily have the same level of technical expertise as other participants. Poor Operational Security procedures suggest that some parts of the attacks were executed by less experienced operators. Furthermore, it is true that malware can be designed to contain indicators that attribute their attacks to other actors.

Based on our years of investigation into the Shamoon attacks, we do not believe this misdirection tactic was used in the cases we examined.

Though we can argue about the term sophistication, one thing is clear.  This campaign was significantly larger, well-planned, and an intentional attempt to disrupt key organizations and the country of Saudi Arabia.

Attacks on banks in East Asia and on corporations remind us that cyber espionage and system-wiping campaigns are not unique to the Middle East. Rogue state and stateless actors have been known to use similar cyber tools and tactics to achieve military and intelligence objectives they would otherwise be unable to accomplish. Actors such as these have been known to obtain these and other technologies from the black market, if not from each other directly.

To that end, there is no indication that the attackers will not come back again, and, as this latest Shamoon ‘reboot’ has shown, they will come back bigger and stronger again, and again.

Note: We wish to acknowledge the efforts of McAfee’s Advanced Programs Group for that team’s extensive contributions to the actor and adversary part of this research.

For details on this research, please see the McAfee Strategic Intelligence technical blog in Executive Perspectives.

Want even more information? Check out the Q&A blog on this topic and follow us on Twitter @McAfee.

The post Shamoon Returns, Bigger and Badder appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/shamoon-returns-bigger-badder/feed/ 0
Rising to the Occasion as the New McAfee https://securingtomorrow.mcafee.com/executive-perspectives/rising-occasion-new-mcafee/ https://securingtomorrow.mcafee.com/executive-perspectives/rising-occasion-new-mcafee/#respond Thu, 13 Apr 2017 19:00:48 +0000 https://securingtomorrow.mcafee.com/?p=71504 As a new standalone company, there’s great opportunity in front of us to recapture our identity. And since our identity lies at the core of everything we do and all our interactions, this opportunity is going to help us reinvigorate both our employee and customer base. More importantly, it’s allowing us to rediscover what makes …

The post Rising to the Occasion as the New McAfee appeared first on McAfee Blogs.

]]>
As a new standalone company, there’s great opportunity in front of us to recapture our identity. And since our identity lies at the core of everything we do and all our interactions, this opportunity is going to help us reinvigorate both our employee and customer base. More importantly, it’s allowing us to rediscover what makes McAfee great, as well as actively reclaim our role as a leader in the industry. But before we get there, we’re embodying a “make or break” mindset to guide us along the way as we go after cybercriminals, draw outside the lines, and work better together. And though the opportunity in front of us is great, we’re not intimidated. In fact, we will rise to the occasion. Here’s how:

Reclaiming a Leadership Role

Most players in the cybersecurity industry are ambitious and agile, including the new McAfee. In fact, as a new company, we have the opportunity to lead the pack when it comes to how the industry approaches cybersecurity innovation and leadership.

So, what will this leadership role look like for us? For starters, leaders push the envelope, and drive the market to deliver better products– which is exactly what we plan on doing. We’re also going to ask the tough questions, drive thought leadership, and come to the market with easily adaptable, unique technologies that deliver meaningful outcomes.

Make or Break Mindset

As a standalone company, we will succeed by living and breathing a “make or break” mentality. We are on our own now and it feels good but we recognize that with independence comes ownership and responsibility. We are taking this very seriously and through our commitment to our customers and the industry we’re going to prove that our claim to leadership is valid.

This mindset also hones our focus in on what we need to do to keep our customers safe. This has been part of the McAfee DNA since inception. Through the years, I’ve seen the mettle of this company tested. When adversaries have struck with merciless force against our customers, I’ve watched the men and women of McAfee rally, literally working around the clock to restore order.

That’s the thing that’s always amazed me about this company– nobody stands around and complains about the situation, they just ask how they can help and they get it done. Whether it’s for 1 customer or 500, our team stands up and make it happen. It all goes back to the passion we have for this industry. We can often make the difference between a customer coming out of a situation barely scathed, or coming out with a catastrophic issue. There is no better feeling than knowing you and your colleagues helped a customer through what could have been, or maybe was, their darkest hour. And as the new McAfee, we will continue to put our customers first by doing whatever it takes to make the customer base secure.

That mindset will also permeate how we innovate and look at problem-solving. We’re going to “draw outside the lines so to speak by looking at a multitude of ideas, inputs, and disciplines. Industry’s reinvent themselves by looking beyond how things are done today and by viewing the current reality through a different lens. The freedom and agility that comes from being a stand-alone business gives us the liberty to use a fresh approach to innovation and solution development. That Make or Break mentality will play a role here as well by driving us to adjust our solution development approach to the situation at hand.

However, it’s important to note, a company and its innovations won’t rise to the occasion unless individual employees do first. And a crucial aspect of standing strong as McAfee is standing together internally – which means taking pride in being a McAfee employee.


A Palpable Pride in the McAfee Family

McAfee is a family. At the end of the day, we’re all proud and grateful to be able to work for such an amazing organization. In fact, that pride ends up being one of our strongest assets, because when people feel that way within an organization, it’s palpable, especially to our customers.

Customers can tell when employees take ownership and are engaged, and it makes them have confidence in who we are as company. More importantly, it makes them feel safe. And at the end of the day, that is what we do.

Join the conversation about #newMcAfee! Tweet to us at @McAfee and @McAfee_Business

The post Rising to the Occasion as the New McAfee appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/rising-occasion-new-mcafee/feed/ 0
Tearing Down Walls as the New McAfee https://securingtomorrow.mcafee.com/executive-perspectives/tearing-walls-new-mcafee/ https://securingtomorrow.mcafee.com/executive-perspectives/tearing-walls-new-mcafee/#respond Wed, 12 Apr 2017 15:00:30 +0000 https://securingtomorrow.mcafee.com/?p=71433 As we embark on our journey as a new company, we look towards our goals to help guide us along the way. Our north star? Collaboration. We want to tear down walls, because we know that we’re stronger together. But in order to do this, we first have to take the right steps to get …

The post Tearing Down Walls as the New McAfee appeared first on McAfee Blogs.

]]>
As we embark on our journey as a new company, we look towards our goals to help guide us along the way. Our north star? Collaboration. We want to tear down walls, because we know that we’re stronger together. But in order to do this, we first have to take the right steps to get there, including opening up the dialogue with our customers that keeps education a top priority, and supporting each other internally. And with those acting as our guide posts, the new McAfee can continue to succeed in ensuring safety for all.

Listening to Our Customers

As the new McAfee, our defined position in the market will help us continue our strong communication and collaboration with our customers. An open dialogue is crucial for customer success, so it’s important that we continue to build out a unique and personal experience. That means we’re going to strengthen the listening posts we have for every point of the customer journey, so they feel supported while they navigate the cybersecurity landscape. We’re also now going to set up resources in a centralized fashion to approach customer response with a data-driven method. That way, we can capture the similarities we hear from customers and make them into something actionable, which in turn allows us to provide a more immediate and direct fix to the problem.
The good news is: this has already started to become second nature to us because of the precedent Chris Young has set. When it comes to listening to customers and taking action, he truly leads by example. He’s completely customer-facing, he listens to issues, meets regularly, and most importantly, he sets clear expectations around taking action on what people are saying.
He reminds us that a customer’s journey needs to be strategic, which means we also need to begin the customer journey with a strategy, as well. That’s where strong cybersecurity education comes into play.

Keeping Education Top of Mind

We are in an industry that is charged with securing the lives of people who are dealing with complex problems. And unfortunately, a lot of our customers want to fully understand the problems they’re facing, but can’t.

Therefore, these customers are relying on us to tell them what they don’t know, and more importantly, what they need to do to stay safe.

That’s why the new McAfee is focused on making things simple, smooth, and easy for customers to understand. We want to break cybersecurity down in a way our customers can easily grasp and translate to their own lives. That way, cybersecurity becomes less intimidating and just second nature to them. To accomplish that, we’re going to constantly stay one step ahead by knowing what threats and technologies are on the horizon.

Teamwork Like Never Before

As the new McAfee, we’re experiencing a culture shift that’s allowing us to streamline and optimize our efforts as a team.  We’re now better supporting each other, using everyone to the best of their ability, and keeping everyone accountable for their actions. The result? Teamwork like we’ve never seen before.

That’s because we know this is all of our responsibility, and with that responsibility comes a sense of pride and ownership that is engrained in the fabric of McAfee. We’re proud that we get to positively impact so many lives, and we’re proud we can do that as a McAfee employee.

When you meet a McAfee employee, any employee, you see this sort of blue collar mentality that drives the way they work. Everyone is ready to get their hands dirty, do what they have to do to get it fixed, and get it right. We’re doers, and our customers know that. In fact, they’re counting on it.

Join the conversation about #newMcAfee! Tweet to us at @McAfee and @McAfee_Home

The post Tearing Down Walls as the New McAfee appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/tearing-walls-new-mcafee/feed/ 0
A New McAfee, A New Posture: Staying Agile While Still Going Big https://securingtomorrow.mcafee.com/executive-perspectives/new-mcafee-new-posture-staying-agile-still-going-big/ https://securingtomorrow.mcafee.com/executive-perspectives/new-mcafee-new-posture-staying-agile-still-going-big/#respond Tue, 11 Apr 2017 19:00:55 +0000 https://securingtomorrow.mcafee.com/?p=71359 Our culture has an edge to it. We’re not afraid to try new things. As of right now, we’re “the new McAfee” too. Put all of that together and what you end up with is an opportunity to define how we want the world to see us. That’s a big statement, and I’m well aware …

The post A New McAfee, A New Posture: Staying Agile While Still Going Big appeared first on McAfee Blogs.

]]>
Our culture has an edge to it. We’re not afraid to try new things. As of right now, we’re “the new McAfee” too. Put all of that together and what you end up with is an opportunity to define how we want the world to see us.

That’s a big statement, and I’m well aware of it. To me, our speed, flexibility, and willingness to take calculated risks are cornerstones of our culture. It only makes sense that we should extend those qualities to our posture in the marketplace. That way, our customers and partners will know, without a doubt, who we are and what we stand for. By establishing the posture we want through our products and our actions, our company can make a strong stance—as the go-to source for anyone who wants to stay safe online today.

Speeding Up Our Position in the Market

When keeping people safe today, a major consideration is speed. Just as we’re quick and agile as an organization, we can easily say the same for security threats that we’re fighting. Likewise, consumers are starting to realize that cybercriminals are not just after their PCs anymore—they’re now after their connected devices like wearables and smart assistants too. As the customers’ threat surface rapidly expands across their networks, criminals are quickly exploiting it. That means that we have to operate even faster than before, all while bringing better applications and solutions to market that respond to, and even anticipate, this new breed of threats.

Opportunities like that are exciting, and they allow us to achieve our goals as a company, like be the undisputed leader when it comes to protecting consumer’s devices in the digital world and a visionary when it comes to providing protection. Today, we protect more than 250 million people a day with our consumer products, but our long-term goal is to protect more than a billion per day. And as the new McAfee, we’re in the best position to achieve that goal.

Forging Stronger Partnerships

A new posture also makes a lasting impression on our partners. Another business goal of ours is to bring the marketplace together through collaboration, which aligns with the notion of “Together is power.” The current threat landscape is an evolving challenge for everyone, and thinking that we’re going to solve it all by ourselves here at McAfee is unrealistic. It’s time the industry be more open and collaborative with one another, because if we can bring more heads together, we can bring better technology to the table. That also requires us to forge smart partnerships, like we’ve done with Arris for the Secure Home Platform and with Samsung by securing more than 20 million Smart TVs. As McAfee, we have new factors and capabilities to support our partnerships in different ways than we’ve ever done in the past. By recognizing that we all have a shared interest in keeping people safe, and by supporting our partners with our agility, speed, and ability to innovate, we both can benefit in the form of a happy and secure customer.

A new posture in the new McAfee benefits so much more than ourselves. It can benefit anyone who wants to be more secure and any business that wants to make a stand in the fight against cybercrime.

Join the conversation about #newMcAfee! Tweet to us at @McAfee and @McAfee_Business.

The post A New McAfee, A New Posture: Staying Agile While Still Going Big appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/new-mcafee-new-posture-staying-agile-still-going-big/feed/ 0
Being Central to McAfee Success https://securingtomorrow.mcafee.com/executive-perspectives/central-mcafee-success/ https://securingtomorrow.mcafee.com/executive-perspectives/central-mcafee-success/#respond Mon, 10 Apr 2017 12:00:07 +0000 https://securingtomorrow.mcafee.com/?p=71236 For me, the best role in a company is CFO. A work colleague once summed it this way, “The CEO is the heart and soul of the company, and the CFO is the central nervous system.” As a CFO, you receive impulses from across the organization to gain insight on the implications of decisions and …

The post Being Central to McAfee Success appeared first on McAfee Blogs.

]]>
For me, the best role in a company is CFO.

A work colleague once summed it this way, “The CEO is the heart and soul of the company, and the CFO is the central nervous system.” As a CFO, you receive impulses from across the organization to gain insight on the implications of decisions and then develop plans based on those signals … to improve efficiency and returns for your stakeholders.

McAfee has immense heart and soul in Chris Young. His vision for this company and passion for securing the public’s online presence is inspirational. In fact, it’s his leadership and vision that first drew me to join McAfee a few months ago.

I’m excited to come in as the organization’s first CFO in a few years. It is truly an honor to inherit and enhance a world-class team across the groups I am lucky enough to lead. And, I must admit being the central nervous system to a 7,000-employee startup in the hottest industry around is really cool.

While my new job and the beginnings of McAfee as an independent company are exciting, there is a lot of work ahead of us. First, we’ve got to stand up and operate as an independent company. We need to book, bill, collect, invoice and close the books starting after April 3rd.  In addition, our critical teams in IT, Procurement, Supply Chain, Facilities and Real Estate have a huge amount of activities related to the stand up of McAfee and are critical to our success.

Next, we must ensure our day-to-day operations of an independent McAfee drive profitable growth. We owe it to all our stakeholders to drive growth and increase our cash flow and profitability. Luckily, we are beneficiaries of an established company, brand, business and team. It is up to us to leverage the strong foundation we inherited into increased shareholder return.

We must also continue to drive our strategic transformation as one of the largest pure-play cybersecurity companies in the industry. Innovation is the life blood of any technology company and this is especially true in an industry where our adversaries are constantly finding new and insidious ways to attack. Whether it’s in Finance, Procurement, Supply Chain, Facilities, Real Estate or IT, the teams that I lead are committed to doing our part to help drive innovation – from operating more efficiently to ensuring proper resource allocation.

Most importantly, we must enable a culture of success and high-performing teams. We’re creating an environment where teams can thrive. Together, we’ll work hard for shared success and push one another to reach new heights.

I am honored to be the CFO of the new McAfee and am really excited about working with such a great group of fellow employees as we show the world that Together is Power.

The post Being Central to McAfee Success appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/central-mcafee-success/feed/ 0
How Working Together Accelerates Our Evolution https://securingtomorrow.mcafee.com/executive-perspectives/working-together-accelerates-evolution/ https://securingtomorrow.mcafee.com/executive-perspectives/working-together-accelerates-evolution/#respond Thu, 06 Apr 2017 15:00:47 +0000 https://securingtomorrow.mcafee.com/?p=71050 It is no secret that the end goal for cybersecurity companies is to battle cyber-threats & cyber-attackers in order keep their customers assets and data safe.  Easy, right? Well, the problem is that defenders must move faster than the attackers, than the changes in the underlying technologies evolve, and faster than the power of tools …

The post How Working Together Accelerates Our Evolution appeared first on McAfee Blogs.

]]>
It is no secret that the end goal for cybersecurity companies is to battle cyber-threats & cyber-attackers in order keep their customers assets and data safe.  Easy, right? Well, the problem is that defenders must move faster than the attackers, than the changes in the underlying technologies evolve, and faster than the power of tools used by the attackers.  That is extremely difficult to achieve if you try and do it by yourself in isolation, no matter your size or skills.  Today’s cybersecurity juggernauts have tried to go about this in silos, which slows innovation in an industry that needs to evolve faster than the cybercriminals.

We’ve innovated in silos too. But no longer. With the launch of the new McAfee, we believe that #TogetherIsPower and are focusing on better collaboration to more quickly unlock the potential in our company and in the industry.

This collaboration comes in two forms: uniting across the industry in the fight against cybercrime and working together with our customers to better understand how to protect them. Both result in stronger, more innovative ideas, and ultimately, in better solutions to tricky security challenges.

Uniting the White Hat Fight

Silos have left the cybersecurity industry out of breath as it chases after inventive cybercriminals, desperate to catch up to their newest malicious innovations. And though partnerships like the Cyber Threat Alliance and technologies like McAfee Open DXL are great first steps, they’re just the beginning of an important movement. That’s where the new McAfee comes in: our new company allows us the freedom and agility to share knowledge, utilize the entire cybersecurity ecosystem to our advantage, and expand on existing partnerships and programs. There’s a difference in execution speed as well, since the new McAfee can now forge new partnerships at a faster rate than ever before – giving us a better chance at quickly tackling the newest cyber threats. Through these partnerships, white hats will begin to catch up with black hats.

Finding Strength in an Open Dialogue

Collaboration will also be a cornerstone of our customer relationships.

Our customers are the driving force behind our innovation, so it is critical that we understand their security challenges and where they see cybersecurity risks. Deeper dialogs will help generate new ideas, build stronger solutions, and solve problems more effectively.

Driving Evolution Forward

It is this dedication to collaboration – within the industry and with our customers – that defines what the new McAfee stands for as a company. We are excited about the new McAfee: a company that continues to grow, change and adapt; one that works endlessly to create better ideas, better products and better security.

For more information, follow us at @McAfee_Labs and @McAfee, and join the conversation with #TogetherIsPower

The post How Working Together Accelerates Our Evolution appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/working-together-accelerates-evolution/feed/ 0
Remaining True in the Face of Incredible Responsibility https://securingtomorrow.mcafee.com/executive-perspectives/remaining-true-face-incredible-responsibility/ https://securingtomorrow.mcafee.com/executive-perspectives/remaining-true-face-incredible-responsibility/#respond Wed, 05 Apr 2017 15:00:40 +0000 https://securingtomorrow.mcafee.com/?p=70947 By now you’ve heard the news: Intel Security has officially rebranded to McAfee. But even though our company name has changed, our values and mission continue to endure: our focus remains on educating our customers through valuable content, collaboration within the industry to share intelligence, and leading in security initaitves and innovations. Ultimately, we’re dedicated …

The post Remaining True in the Face of Incredible Responsibility appeared first on McAfee Blogs.

]]>
By now you’ve heard the news: Intel Security has officially rebranded to McAfee. But even though our company name has changed, our values and mission continue to endure: our focus remains on educating our customers through valuable content, collaboration within the industry to share intelligence, and leading in security initaitves and innovations. Ultimately, we’re dedicated to not just maintaining, but bettering, what makes us who we are, as we face the most diverse and advanced threat landscape we’ve ever seen.

Creating Valuable Content

Unfortunately, public understanding of cybersecurity as a whole is still lacking. Why? For starters, whenever there’s a major breach, the conversation is focused on the malware behind it, not the overall impact. So users are left asking “so what?” thinking it has nothing to do with their daily lives.

It is clear that there is work to be done when it comes to addressing, analyzing, and educating the public on the current risks that exist in their digital lives. This why we’re sharpening our own threat intelligence content, so that we can start answering the “so what?”

We want to address those issues in a valuable way. So, we’re looking to develop content that is both interesting and relevant. The good news is– with the new McAfee brand, you’re only going to see more of this, as we’re going to keeping driving home content that communicates the what and the why, not just the how.

To accomplish this, we have a team of researchers dedicated to specific threats across different research categories.   Ultimately the responsibility for security firms go beyond simply the provision of technology, with a need to articulate emerging risks to an audience that do not understand the value of information

Sharing is Caring

But it not just up to us. This is a responsibility that rests on the shoulders of the entire industry—and with the new McAfee, we compete by collaborating.

Efforts like the CTA (Cyber Threat Alliance) hold us all to this sense of shared responsibility, and with it we can hold our heads high. But it’s just the start.  We will continue to push forward when it comes to things like openly releasing research  the recently released CHIPSEC framework being the most recent example. Also, the decryption tools made available through the NoMoreRansom site, as well as many other examples.

Staying True to Who We Are

Integrity is a core component of what we do as an industry, and what we do as a company. So no matter what next initiative or innovation we drive, we maintain integrity in everything we do.

It’s like we said before, our name may change, but our mission – and what guides that mission—doesn’t.

Follow us on @McAfee and join the conversation about the new company with #NewMcAfee

The post Remaining True in the Face of Incredible Responsibility appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/remaining-true-face-incredible-responsibility/feed/ 0
Day Two and Beyond https://securingtomorrow.mcafee.com/executive-perspectives/day-two-beyond/ https://securingtomorrow.mcafee.com/executive-perspectives/day-two-beyond/#respond Wed, 05 Apr 2017 12:00:04 +0000 https://securingtomorrow.mcafee.com/?p=71076 It’s not often we get a chance to work on something truly amazing. To be a part of something new. But this week marks one such occasion. It’s a re-invention of one of the industry’s best known names. For someone like me who’s been around a few years, this is a great opportunity to help …

The post Day Two and Beyond appeared first on McAfee Blogs.

]]>
It’s not often we get a chance to work on something truly amazing. To be a part of something new.

But this week marks one such occasion.

It’s a re-invention of one of the industry’s best known names. For someone like me who’s been around a few years, this is a great opportunity to help shape a company from the outset and try new ideas. I know that this is the kind of chance that comes only once or twice in a career.

Added to that is the fact that our industry – cybersecurity – is growing and moving faster than any other segment of IT. And McAfee is right in the center of what’s happening.

I don’t need to re-quote figures on the problems with cyber-attacks and security threats on the Web. It’s something we are all aware of. All you have to do is read a news site or pick up a newspaper. Security is probably the biggest challenge of the Digital Age.

Last year we introduced 18 new products. Organically. We developed four integrated security systems. We moved forward, fast, on our industry partnerships, which are now over 125. And we surprised the industry by open-sourcing DXL.

We are working in a special organization — one of the largest pure-play cyber security companies in the world — with a fantastic team of over 2,000 engineers, at a time when what we do is needed by the world more than ever. So it’s time to pause (just for a minute!) and reflect.

Chris envisions McAfee as the most respected, most trusted brand in cybersecurity. When we become the company we know we can be, we’ll be our customers’ #1 partner.

The future is open. What’s your opinion? I’d like to hear from you.

Best,

Brian

 

The post Day Two and Beyond appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/day-two-beyond/feed/ 0
McAfee is Back – And Ready to Lead https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-back-ready-lead/ https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-back-ready-lead/#respond Tue, 04 Apr 2017 04:05:51 +0000 https://securingtomorrow.mcafee.com/?p=71088 Today we introduce a ‘new’ McAfee to the world. It’s the right move at the right time. Not only for us, but for the global cybersecurity industry. We have a clear roadmap to lead in innovation, and an opportunity to shape the marketplace as never before. The headlines we drive today span many dimensions. We …

The post McAfee is Back – And Ready to Lead appeared first on McAfee Blogs.

]]>
Today we introduce a ‘new’ McAfee to the world. It’s the right move at the right time. Not only for us, but for the global cybersecurity industry. We have a clear roadmap to lead in innovation, and an opportunity to shape the marketplace as never before.

The headlines we drive today span many dimensions. We represent a new brand promise, we offer a new pledge to our stakeholders and to one another, and we have a new view into growth. It’s our time to show the world not only who today’s McAfee is, but who tomorrow’s McAfee becomes.

At the same time, many things remain the same—starting with our strategy and our unwavering commitment to company objectives. The standup of our new company continues in the coming months. Thank you for your support to this point, but there’s more to do. Our independence is foundational to our continued strategic transformation. We’ll also keep our focus on the fundamentals of driving profitable growth—you’ll recall we created an independent company with growth as a central tenet. Finally, a culture of success and high-performing teams are essential enablers of everything we’ll accomplish in the future.

This constancy of purpose is essential because our challenges are stubbornly durable. Cybersecurity becomes increasingly complex every year, and with every wave of new attacks on innovation. I believe what we do as the new McAfee matters more than ever, not only to our individual success and career satisfaction, but to the wider world, and the hundreds of millions whose digital lives we protect.

That’s why we’re taking the lead and promoting important cultural changes in cybersecurity. In essence we’re dramatically re-shaping the ways our solutions are procured, implemented, and managed. We’re also the force behind a new conversation in cybersecurity, one that sensibly acknowledges the need for true collaboration and genuinely celebrates the power of working together.

You now represent the newest brand in cybersecurity. You can be very proud of everything you’ve done to bring this company to this milestone—we stand quite literally at the threshold of our future. Yet even as defining as our future will be, I do feel it’s important that we proudly take with us from today all the good that we created in the past.

As McAfee we’re going even further, faster. Independence is the best way for us to build more of what the industry needs now. Our timing couldn’t be better because we’re now wholly focused on our customers’ cybersecurity outcomes. There’s nothing to divide our attention. As an independent company we have the freedom, the power, and the responsibility to innovate as never before. Our new financial foundation and growth plan, made possible by McAfee’s new stakeholders, equips us to invest in ourselves and makes us a sustainable partner for the consumers, corporations, and organizations we’re pledged to protect.

Today is an exciting milestone, but it will come and go in a flash. Today’s equally exciting story is what comes next. We’re in this for the long haul and we intend to do real battle—not only with our adversaries, but with our competitors. Job one is to become the most respected, most trusted brand in global cybersecurity.

It’s a goal I’m proud to rally behind. And I’m proud to share the future with you.

 

The post McAfee is Back – And Ready to Lead appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-back-ready-lead/feed/ 0
What’s In a Name? https://securingtomorrow.mcafee.com/executive-perspectives/whats-in-a-name/ https://securingtomorrow.mcafee.com/executive-perspectives/whats-in-a-name/#respond Tue, 04 Apr 2017 04:04:11 +0000 https://securingtomorrow.mcafee.com/?p=70832 In one of the most iconic self-help books of all time, How to Win Friends and Influence People, Dale Carnegie outlines several strategies to earn favor from others. Among them is recognizing that a person’s name is, to that person, the sweetest sound in any language. I’ll posit a reason: Your name is your first …

The post What’s In a Name? appeared first on McAfee Blogs.

]]>
In one of the most iconic self-help books of all time, How to Win Friends and Influence People, Dale Carnegie outlines several strategies to earn favor from others. Among them is recognizing that a person’s name is, to that person, the sweetest sound in any language. I’ll posit a reason: Your name is your first sign of identity to the world. It’s deeply personal. It connotes meaning. Over time and with familiarity, it becomes directly associated with your completely unique essence. In short, names matter.

As a lifelong marketer, I’ve been fascinated with how a company’s brand name can have the same impact. Over time, a strong brand becomes inextricably linked to a company’s identity. The moment you recognize a brand, your experiences and perceptions of that company are resurrected. In the same way your name immediately brings to mind what others who know you already think of you, recognized brands have the same effect for their companies. In short, brands matter.

And so, when we announced that, after six years with Intel Corporation, we would once again strike out on our own as a standalone company, the obvious question arose: What will be our name? We clearly had two choices: Keep the McAfee name, one that had remained part of our brand architecture even through our history with Intel, or lose it and chart a path under a completely new identity. To make the right choice, we had to take an honest assessment of how the name, McAfee, resonated in the market. And, we asked thousands of organizations and consumers around the globe to do just that.

What we found is that McAfee is synonymous with cybersecurity itself. It’s one of the first brands in this dynamic category that has maintained a 30-year history in protecting the digital lifestyles and assets increasingly important to all. That’s a powerful connection that holds true no matter the geography or segment in which we tested it. It’s a linkage that is so prevalent, the choice to keep the McAfee name became obvious.

Yet, at the same time, we had to realize that we are no longer the same McAfee we were 30 years ago – no more than you and I are the same people we were as children. Like you and me, McAfee has grown up. And, as a nod to that maturity, we knew we had to create a new McAfee brand to accompany a trusted name.

Again, that brand is rooted in research, which reveals that our industry is in desperate need of cybersecurity companies working together to defeat adversaries. Indeed, the digital freedom we tend to take for granted is dependent on it. With that, we expose our brand essence – Together is Power. It’s more than a slogan. It speaks to our fundamental worldview: Only by working together can we collectively address the greatest digital challenge of our time – cybercrime.

And, to signal that the McAfee we proudly launch today is equal parts time-tested and future-leaning, we unveil a new logo as the visual symbol of our identity:

  • It’s a shield – the undisputed symbol for defense.
  • It’s comprised of two interlocking elements – representing the power of unity when individuals and organizations work together toward a common goal.
  • It respectfully acknowledges our heritage – from the classic red color to the carefully placed “M” that frames the shield itself.

Today marks a new chapter in our company’s history – one made possible only by the loyal customers, partners and employees who created it. You helped give us our name. You voted with how you perceive our strengths and where we must continue to do better. We’ve listened. The brand we release today is not ours to own, as only you can bestow its value. And, channeling the guru Dale Carnegie himself, we will tirelessly fight to continue earning your favor.

http://players.brightcove.net/21712694001/S1o50VS1l_default/index.html?videoId=5377909890001

 

The post What’s In a Name? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/whats-in-a-name/feed/ 0
The 5G reality https://securingtomorrow.mcafee.com/executive-perspectives/the-5g-reality/ https://securingtomorrow.mcafee.com/executive-perspectives/the-5g-reality/#respond Tue, 07 Mar 2017 18:15:43 +0000 https://securingtomorrow.mcafee.com/?p=70225 Mobile World Congress has come and gone. With over 100,000 attendees at the show, people gathered around the impressive booths to get a glimpse at what the world’s biggest mobile brands had to offer in 2017. There was definitely a theme of nostalgia at play with the highly anticipated return of the classic Nokia 3310 …

The post The 5G reality appeared first on McAfee Blogs.

]]>
Mobile World Congress has come and gone. With over 100,000 attendees at the show, people gathered around the impressive booths to get a glimpse at what the world’s biggest mobile brands had to offer in 2017.

There was definitely a theme of nostalgia at play with the highly anticipated return of the classic Nokia 3310 (including Snake!), as well as other exciting and impressive device launches from the likes of LG and Sony.

But walking around the show floor and talking to people over the course of the four days, it became clear it was not the devices taking centre stage, but in fact 5G. Everywhere I looked I saw companies shouting about being at the ‘cutting edge of 5G’.

Now, 5G was definitely on everyone’s radar at last year’s MWC, but this year it felt slightly more real. In fact, Mats Granryd, director-general of GSMA, even said ahead of the show: “We will move away from being vague on the prospects of 5G this year to concrete proposals.” And he was right, we saw this from many of the big mobile players at the show fighting to be seen as being at the forefront of 5G. Because this ‘transformative power’ is no longer just a hype, but set to become a reality in the next few years.

And as exciting as 5G is – and it is incredibly exciting – I’m also concerned about its arrival. Because with 5G comes a world of vulnerabilities – a world of security vulnerabilities that no one seems to be discussing or addressing in their proposals. With 5G comes download speeds of up to 10 gigabits per second (that’s 1,000 times faster than the current US 4G average), but what that also means is thousands more devices introducing more vulnerabilities into a world already struggling to deal with the countless devices flooding the internet.

Our recent Mobile Threats Report found more than 4,000 potentially malicious apps had been removed from Google Play, and 500,000+ devices still have these apps actively installed, putting users’ security at risk. This is happening now in a world of 4G, highlighting the fact that there are existing security issues that we must address before we should even consider bringing 5G to consumers.

As we veer closer to a world of 5G hyper connectivity, we must not forget security. And OK, it may not sound like the sexiest part of the ‘5G revolution’ but it has a huge role to play, and my mind will not be at ease until we start to address it. Because 5G will be an ‘evolution’ and the sooner security is considered the better for all of us.

In the coming months, I hope to see these very companies touting about how they are revolutionising our worlds with 5G telling us how they plan on addressing the security and privacy implications that come with it. It’s key that our safety and security is considered first.

 

The post The 5G reality appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/the-5g-reality/feed/ 0
Window on a Cloudy Sky https://securingtomorrow.mcafee.com/executive-perspectives/window-cloudy-sky/ https://securingtomorrow.mcafee.com/executive-perspectives/window-cloudy-sky/#respond Tue, 07 Mar 2017 00:00:47 +0000 https://securingtomorrow.mcafee.com/?p=70188 There’s no question that cloud services are now a regular component of IT operations. And while this is great news for business users and developers who appreciate the agility and increased productivity offered by cloud services, security professionals are getting nervous. Just about everyone in this line of work knows that all the excitement over …

The post Window on a Cloudy Sky appeared first on McAfee Blogs.

]]>
There’s no question that cloud services are now a regular component of IT operations. And while this is great news for business users and developers who appreciate the agility and increased productivity offered by cloud services, security professionals are getting nervous.

Just about everyone in this line of work knows that all the excitement over adoption of cloud applications has spawned Shadow IT (the use of unsanctioned cloud services). However, most security teams lack the ability to discover what cloud services employees are using, what corporate data is being stored in the cloud, and who has access to the data. That’s a problem.

Intel Security has begun to roll out our response to this issue: McAfee Cloud Visibility – Community Edition (CVCE). It is our first of two entries into the cloud access security broker (CASB) market. McAfee Cloud Visibility is a free service for existing customers with McAfee DLP, encryption or web protection technologies.

This solution comes at an important time. Cloud services are now utilized by more than 90% of organizations around the world. In fact, many are working under a “Cloud First” philosophy, only choosing to deploy an internal service if there is no suitable cloud variant available. As a result, IT architectures are rapidly shifting to a hybrid private/public cloud model, with those surveyed expecting 80% of their IT budget to be cloud-based within an average of 15 months.

We think McAfee Cloud Visibility is the answer to these issues — it enables security professionals to:

  • Discover authorized and unauthorized cloud applications used by employees.
  • Identify risk associated with cloud applications based on risk indicators.
  • Monitor sensitive data flowing between users and cloud applications.
  • Track endpoint health around threats, data leakage, and theft.

An added advantage is single-pane-of-glass manageability via McAfee ePolicy Orchestrator Cloud, which provides centralized monitoring of cloud applications and on-premises Intel Security solutions, allowing for the synchronization of data protection events into one easy-to-use interface. That’s something no other CASB vendor can offer currently.

So, rather than fret about lack of cloud visibility or concern yourself with justifying the expense of a CASB solution, check out the McAfee Cloud Visibility—Community Edition solution at www.mcafee.com/cloudvisibility.

The post Window on a Cloudy Sky appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/window-cloudy-sky/feed/ 0
If we can’t trust technology we won’t (and shouldn’t) use it https://securingtomorrow.mcafee.com/executive-perspectives/cant-trust-technology-wont-shouldnt-use/ https://securingtomorrow.mcafee.com/executive-perspectives/cant-trust-technology-wont-shouldnt-use/#respond Mon, 27 Feb 2017 16:53:35 +0000 https://securingtomorrow.mcafee.com/?p=69893 Walking this year’s Mobile World Congress I am no longer thrown by the devices, gadgets and flashy booths, but completely mystified at how we as an industry continue to hype up the idea of a truly connected world without addressing one of the most important pieces – security. As someone who’s been in the industry …

The post If we can’t trust technology we won’t (and shouldn’t) use it appeared first on McAfee Blogs.

]]>
Walking this year’s Mobile World Congress I am no longer thrown by the devices, gadgets and flashy booths, but completely mystified at how we as an industry continue to hype up the idea of a truly connected world without addressing one of the most important pieces – security.

As someone who’s been in the industry for almost 20 years, you’d expect me to be shocked that many businesses still aren’t addressing something so key, especially as consumers are starting to question it. In the last year, more people than ever have started asking me: “So Raj, what about my security?”

Hurrah – finally – some people are catching on, and at least asking the question. But whether or not they’ll act upon it is what concerns me…

Don’t get me wrong. Whilst it’s great some people are waking up to the realities that come with a connected lifestyle which, let’s admit is everyone at this stage, there is still a lot of work to do. Ultimately, it’s the industry’s – that’s right, every single person at MWC and beyond – job to lead this.

Because at the moment we’re failing. Our recent survey, for example, found half of us have no idea how to check if our devices have ever been compromised and a third are unsure how to check if a device has been breached. So although many may be starting to consider device security, it doesn’t mean they necessarily know how to manage it. Yet, here we are at MWC giving these same people even more technologically advanced devices to play with – when we know most are unsure how to protect themselves – whether that’s with their phones, computers, kids toys, or now – connected homes and cars.

The truth is that with awesome technology comes great responsibility.  So what do we – both consumers and businesses alike – do to ensure that such technology coming out of big shows like this are safe?

  • Put security first: security cannot be an afterthought in any device manufacturing process. It must be considered upfront by manufacturers in order for any underlining issues to be addressed and catered to
  • Be transparent: enough of the hiding, let’s be honest with consumers about the risks associated with using certain technology. Instead of hiding away and hoping it’s all ok, vendors must at least educate and advise the user on how to best protect themselves including recommending security software suitable for that technology
  • Take control: whilst I want to see manufacturers leading the way when it comes to security, consumers can and should do their bit too. Take device security at home for example where the home network is the hub for all connected devices. New solutions, such as McAfee Secure Home Platform, will help people easily manage and protect devices connected to this network while providing parental controls with permissions that can be tailored to the entire household

 

We must be able to trust the new technology that’s making our world a hyper-connected one – as inventors, product developers, manufacturers, technology leaders from the word ‘go’ in our development cycles, through to the consumers’ lives when they use it. Trust has fallen down across our societies because of all the security hacks, risks and wider vulnerabilities that technology has opened up. It’s our job – each and every one of us – to help change that via our actions as an industry. Let’s continue producing amazing and innovative technology that helps change and advance our lives, but let’s protect ourselves – our friends, our economies, our neighbours and the wider industry – while we do. The more we can work together to build this trust, the better off each technology will be for everyone.

The post If we can’t trust technology we won’t (and shouldn’t) use it appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cant-trust-technology-wont-shouldnt-use/feed/ 0
Technology companies should ‘at least do no harm’ https://securingtomorrow.mcafee.com/executive-perspectives/technology-companies-least-no-harm/ https://securingtomorrow.mcafee.com/executive-perspectives/technology-companies-least-no-harm/#respond Wed, 22 Feb 2017 17:38:36 +0000 https://securingtomorrow.mcafee.com/?p=69676 Mobile World Congress (MWC) provides yet another opportunity for technology giants to flex their muscles and whip the industry into a frenzy. Even more-so than last year, mobile is a reflection of the Internet of Things (IoT) and the hyper-connected world we find ourselves living in. Following in the footsteps of CES, I expect to …

The post Technology companies should ‘at least do no harm’ appeared first on McAfee Blogs.

]]>
Mobile World Congress (MWC) provides yet another opportunity for technology giants to flex their muscles and whip the industry into a frenzy. Even more-so than last year, mobile is a reflection of the Internet of Things (IoT) and the hyper-connected world we find ourselves living in. Following in the footsteps of CES, I expect to see a heavy focus on ‘smart’ technology as everything from hairbrushes to fridges and even pregnancy tests look to receive an IP overhaul.

But as companies battle to stay ahead of the competition, racing to bring innovative products to market, many are stumbling when it comes to security. And I’m worried.

In the last year alone, some of the worst IoT vulnerabilities have come to light, with the security of connected cars and even pacemakers being called into question. Never mind the threat of identity and financial theft, if cybercriminals are able to hack and control these objects, consumers’ physical health and safety could be at risk.

Traditionally in the automotive industry, for example, every aspect of the car would be rigorously tested to ensure drivers and passengers are as safe as possible. However, we haven’t seen the same stringent approach taken to protecting our increasingly computerised cars from hackers. Although driverless cars may not be mainstream, research from Intel Security suggests 78% of new cars will be connected to the Internet by 2022 and therefore open to potential security breaches.

The lack of importance placed on cybersecurity has filtered through to consumers and is reflected in attitudes to data protection in connected devices. People wouldn’t dream of driving a car off the forecourt without seatbelts, yet they’ll happily invest in the next flashy car without knowing whether it has adequate cyber security in place.

MWC is the perfect platform for influential figures within technology and the wider industries such as health and automotive, which are investing heavily in connected devices, to discuss the ramifications of our increasingly connected world. We must continue to innovate, but we also have to work together to ensure that the latest technology doesn’t put consumers’ data or safety at risk. As an industry, we need to develop strict standards for manufacturers, with clear consequences for falling short of these standards.

Consumers also have a responsibility to drive change. If consumers refuse to buy products that are not properly secured, companies developing such products will start to take note and we’ll see security becoming more of a priority.

Data security is not a trend, it’s an ethical issue that holds the potential to impact us all if not taken seriously. With 5G on our doorsteps, hyper-connectivity will soon be a reality and more data than ever before will be transferred across networks via millions of devices. It’s imperative that we get security right and ensure products do not pose a threat to users.

As my colleague, Chris Young, said at this year’s RSA, “we have to start thinking of ourselves as smaller players in a bigger fight… we’re better when we link arms with like-minded partners, intent on the same goals.”

But if further collaboration is too much to ask, the Hippocratic oath is a simple philosophy that those involved in developing our connected world would do well to take note of: ‘help, or at least do no harm’.

The post Technology companies should ‘at least do no harm’ appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/technology-companies-least-no-harm/feed/ 0
The Answer to Big Cybersecurity Challenges: Think Small https://securingtomorrow.mcafee.com/executive-perspectives/the-answer-to-big-cybersecurity-challenges-think-small/ https://securingtomorrow.mcafee.com/executive-perspectives/the-answer-to-big-cybersecurity-challenges-think-small/#respond Tue, 14 Feb 2017 17:38:07 +0000 https://securingtomorrow.mcafee.com/?p=69231 I just left the keynote stage at RSA 2017, where I called on a very large audience—more than 40,000 attendees in the hall or watching screens throughout the Moscone Center— to re-think the future. I argued that while cybersecurity and potential threats against the digital experience have never been bigger, current defensive measures aren’t working. …

The post The Answer to Big Cybersecurity Challenges: Think Small appeared first on McAfee Blogs.

]]>
I just left the keynote stage at RSA 2017, where I called on a very large audience—more than 40,000 attendees in the hall or watching screens throughout the Moscone Center— to re-think the future. I argued that while cybersecurity and potential threats against the digital experience have never been bigger, current defensive measures aren’t working. Tomorrow demands a different response from all of us, starting today.

We need to think small.

At RSA 2016 I wondered aloud how we would handle a cyber disruption of the presidential vote. Twelve months later it’s clear that cybersecurity was front and center in our country’s national election. After all, data drives decisions and the election reminded us that decisions write world history. Specifically, stolen and manipulated data was commissioned to assassinate character and disrupt democracy. While I’m not questioning the outcome of the election, I am pointing out that cyberattacks played a real role. It was a case of data manipulation intended to mislead decisions on a grand scale.

But let’s put politics aside. This manipulation of data matters in a broader discussion because data is the bedrock of our economy. We rely on big data to drive decisions, so the small data going into our big data models must have full integrity. When it’s manipulated, it’s turned into a weapon and used against us. Big data isn’t the problem, but when big data becomes bad data, then small data is the big story. Weaponized data is the next threat vector challenging all of us in cybersecurity. In fact, I submit that weaponized data is the newest form of advanced persistent threat.

Of course, data isn’t the only thing being weaponized.

Securing the digital experience is a tall order, especially when it comes to the organizations we defend. Not long ago we focused on protecting an individual device, then one network, then a single enterprise. But I’d argue today that we need to turn our focus from a large attack surface to a small one—the home, and we should care about this smaller target for two reasons. One, it’s increasingly where many of us work, on whatever device we have in hand. And two, it’s our connected devices in the home that are now used to launch larger, more sophisticated attacks. Last fall’s Mirai attack on Dyn is a perfect example.

Mirai enslaved a vast botnet of household devices (including security cameras, ironically) to wreak havoc. While we could think of the attack on Dyn as just one more DDOS, I believe our adversaries were just testing the limits of our capabilities. It’s no coincidence Mirai is Japanese for ‘future,’ because the Mirai threat is alive and well—it points to where we’re headed. You have to ask yourself, will it find the IoT devices it needs in your home? Or will it enlist soldiers for its botnet army from the homes of your employees? The smallest of technologies are being turned against us in the biggest of ways. How do we make sure the Internet of Things doesn’t become the Internet of Terrorism?

It’s a strange irony. What we once protected, we must now be protected against. We’ve given the enemy the ultimate scale they need by connecting our homes and deepening our reliance on data, even as both are weaponized. What’s our call to action when the game has changed so dramatically? We need to flip the script.

We have to start thinking of ourselves as smaller players in a bigger fight—players that collaborate generously in a vast, largely open ecosystem. We can begin by integrating best-in-class features from numerous cybersecurity providers across a shared communications fabric. On the RSA stage I announced OpenDXL (Data Exchange Layer) to the wider industry. It’s a free, open solution to share intelligence and orchestrate security operations across thousands of tools we all use. Go to GitHub today and download the SDK. It’s our small contribution to the industry, and just one example of numerous ways in which we can truly work together to drive the outcomes we need.

To put it in its simplest terms, cybersecurity needs a Dream Team. Like the NBA players who took gold in basketball at the 1992 Olympics, we need to check our egos at the door. If big names like Michael Jordan and Magic Johnson can put aside their drive to compete, all in order to win the bigger prize, surely we in cybersecurity can follow their example. We’re better when we link arms with like-minded partners, intent on the same goals. It’s a small idea that can have a big impact.

Let’s work together.

The author is senior vice president and general manager of the Intel Security Group, Intel Corporation.

The post The Answer to Big Cybersecurity Challenges: Think Small appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/the-answer-to-big-cybersecurity-challenges-think-small/feed/ 0
The Security Advantage of Dynamic Endpoint https://securingtomorrow.mcafee.com/business/security-advantage-dynamic-endpoint/ https://securingtomorrow.mcafee.com/business/security-advantage-dynamic-endpoint/#comments Tue, 07 Feb 2017 00:27:09 +0000 https://securingtomorrow.mcafee.com/?p=68850 The escalation and sophistication of cyber threats is very real. So are the challenges associated with having too many siloed security tools. Rather than compounding complexity and inefficiency by using products that don’t work in unison or communicate with each other, Intel Security made a fundamental shift in how we engineer solutions, moving from point …

The post The Security Advantage of Dynamic Endpoint appeared first on McAfee Blogs.

]]>
The escalation and sophistication of cyber threats is very real. So are the challenges associated with having too many siloed security tools. Rather than compounding complexity and inefficiency by using products that don’t work in unison or communicate with each other, Intel Security made a fundamental shift in how we engineer solutions, moving from point products to integrated systems that deliver better security outcomes.

Protect, detect and correct are better together

As Candace Worley suggested in her blog last fall, some things are simply better together! Integrating the threat defense builds the best protection possible, finds and contains advanced threats, and rapidly remediates them, while adapting to do a better job blocking the next threats. Quite simply, organizations with integrated security are 30%1 better protected.

Automating the Threat Defense Lifecycle helps eliminate routine tasks, enables faster new hire onboarding, and frees your strongest talent to tackle your hardest problems.

At the endpoint, Intel Security provides this advantage through our new solution – Dynamic Endpoint Threat Defense. This multi-stage solution outsmarts even the savviest cyber threats and emerging malware, including ransomware. By leveraging the cloud dynamically to drive threat detection and analysis, and automating the Threat Defense Lifecycle, it shortens the window of vulnerability and makes it easier for endpoint administrators to focus on critical tasks.

Integrated, multi-stage protection improves efficacy

Not only is Dynamic Endpoint the only solution built on a connected platform, it’s also unique in the way it provides pre- and post-execution analysis powered by proven machine learning (Real Protect), greyware containment (Dynamic Application Containment) and native endpoint detection response (Active Response). This solution uniquely addresses the entire Threat Defense Lifecycle with a single agent and console. It allows multi-stage protection to share insight as it stops malware across each stage:

  • Before it reaches the endpoint
  • Before it executes
  • While it executes
  • After it executes

McAfee Labs tested ENS 10.5, with Real Protect, vs ENS 10.2, and demonstrated a 34% higher detection rate. Most importantly, our tests confirmed its ability to stop zero-day malware, like ransomware, and secure the endpoint BEFORE the threat can infect the host. The advantage is further illustrated by private third-party real world testing conducted by AVTest showing perfect efficacy scores in 3 consecutive rounds.

Beyond the initial test results, customers are also sharing their enthusiasm for the new solution.

Not only does ENS handle the ‘commodity’ threats that can significantly occupy team resources, it now gives us even stronger advanced threat detection, protection and visibility.” – Large Manufacturer

ENS 10.2 has had the fastest endpoint adoption in history

Even simple upgrades are no small task for large organizations. However, since the release of Endpoint Security (ENS) 10.2 in August 2016, we have seen more than 2.5 million nodes already migrated, including a full 100K+ node environment. This rapid adoption represents the fastest adopted endpoint release in Intel Security’s history. With over 80% of our installed base already on ENS-ready ePO versions, and more than half engaged in planning and deployment, we anticipate the adoption record being shattered during 2017.

For those interested in migrating to ENS 10.2 or 10.5, we’ve created a migration assistant to educate and aid customers while they migrate their data to the new platform. Automatic migration can create new policies and client tasks based on your current product settings and automatically assign them to groups and managed systems. For more information on migrating, visit www.mcafee.com/movetoens.

Native EDR closes the window of vulnerability

Built on the same connected architecture, using the same agent, and same ePO management console, Dynamic Endpoint includes endpoint detection and response (EDR) capabilities. Instantly, you have all the information necessary to detect, convict and remediate a threat in seconds rather than days or weeks. Using one-click actions, it’s possible to delete a malicious file from a single endpoint or across the entire organization; or, immediately update protection across all connected components based on the insight from the investigation.

Active Response 2.0 definitely saves time. The modern workspace makes remediation much faster. Specifically, the speed to search, gather information on a threat and take action is done in mere minutes.” – Large Bank

Dynamic Endpoint breaks security silos to create a closed-loop system

Unlike other security vendors, Intel Security provides a connected platform with integrated tools delivering better protection while preserving the most valuable resource – time. Our Dynamic Endpoint integrates with other Intel Security products as well as third-party products through DXL, the industry’s leading (now open source!) threat sharing infrastructure. This allows users to automatically adapt defenses to stay ahead of emerging threats, using a connected infrastructure prepared for the future, rather than merely layering components.

Dynamic Endpoint Threat Defense is an integral part of Intel Security’s core strategy, which was introduced at FOCUS ’16. Just as I emphasized in the Automating the Threat Lifecycle blog last year, we are committed to using integration, automation and orchestration to help users address more threats, faster, with fewer resources. Join us, and see for yourself!

1Penn Schoen Berland. Research on behalf of Intel Security, 2016

 

Brian Dye is Corporate Vice President and General Manager of Corporate Products at Intel Security Group.

The post The Security Advantage of Dynamic Endpoint appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/security-advantage-dynamic-endpoint/feed/ 2
Welcome Mike Berry, Intel Security’s new CFO https://securingtomorrow.mcafee.com/executive-perspectives/chris-young-announcement-feb-2017/ https://securingtomorrow.mcafee.com/executive-perspectives/chris-young-announcement-feb-2017/#comments Mon, 06 Feb 2017 14:00:09 +0000 https://securingtomorrow.mcafee.com/?p=68811 I’m pleased to announce Mike Berry is joining Intel Security as our Chief Financial Officer. Mike’s been a CFO for more than 10 years in both public and private technology companies. Mike most recently was Executive Vice President, Chief Financial Officer, and Chief Operating Officer at FireEye, responsible for worldwide finance, accounting, data analytics, investor …

The post Welcome Mike Berry, Intel Security’s new CFO appeared first on McAfee Blogs.

]]>
I’m pleased to announce Mike Berry is joining Intel Security as our Chief Financial Officer. Mike’s been a CFO for more than 10 years in both public and private technology companies.

Mike most recently was Executive Vice President, Chief Financial Officer, and Chief Operating Officer at FireEye, responsible for worldwide finance, accounting, data analytics, investor relations, facilities, procurement, information technology, manufacturing operations, and internal audit.

Prior to FireEye, Mike served as Chief Financial Officer of Informatica. Additionally, he led finance and other operations for a number of technology companies, including IO, SolarWinds, and i2 Technologies.

I’ve known Mike for a while now—we served together on the board of directors of Rapid7. He understands the complexity and challenges of our industry, and he believes in the unique perspective we bring to the market. Namely, that it will take all of us, working together in an open, integrated architecture, to ensure a more secure world.

I also hear he’s got a mean slap shot. I couldn’t say…I prefer the basketball court to the hockey rink…but here’s what I can say: he’s a great addition to Intel Security.

Welcome, Mike!

The post Welcome Mike Berry, Intel Security’s new CFO appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/chris-young-announcement-feb-2017/feed/ 8
2017 – New Year, Better Security https://securingtomorrow.mcafee.com/executive-perspectives/2017-new-year-better-security/ https://securingtomorrow.mcafee.com/executive-perspectives/2017-new-year-better-security/#respond Tue, 03 Jan 2017 22:25:33 +0000 https://securingtomorrow.mcafee.com/?p=67609 Avoid junk food, exercise more, save some money. Every year around this time you can find gazillions (technical term) of articles about New Year’s resolutions and planning, for your job or personal life. I read an article a few years ago that suggested they usually take one of a few forms. Some inspirational feel-good stuff …

The post 2017 – New Year, Better Security appeared first on McAfee Blogs.

]]>
Avoid junk food, exercise more, save some money.

Every year around this time you can find gazillions (technical term) of articles about New Year’s resolutions and planning, for your job or personal life. I read an article a few years ago that suggested they usually take one of a few forms. Some inspirational feel-good stuff that lulls you into a euphoric sense that everything’s going to be just fine without you having to lift a finger. Some self-important person’s resolutions, which you should care about because, well, they are a very, very important person. What someone’s crystal ball says you should do next year because it’ll make you happy, prosperous, or both.

Avoid malware, practice incident response scenarios, save some money.

In keeping with the tradition I’ll recommend two specific ones that you really should add to the list:

First, read the Commission on Enhancing National Cyber Security report.

Second, get involved in your cyber community and make a difference.

The Commission on Enhancing National Cyber Security released its report on Securing and Growing the Digital Economy on December 1, 2016, with a cover letter to the President and President-elect identifying imperatives, recommendations, and action items. If you are a cybersecurity professional at any level and have not read this document, your first action for 2017 should be to do so. Your second action should be to encourage everyone you know, cyber professional or not, to also read it. This report is not densely technical, and it clearly describes the current state of cyber security and outlines a vision of the future. One of the essential reasons that everyone should read the report is that we all “must be more purposefully and effectively engaged in addressing cyber risks.” The Internet is a commons, and all of us have some level of accountability and responsibility to make it more secure.

The Commissioners organized their findings into six major imperatives, which are well organized and high level enough to cover just about every challenge our government faces in cyber. Helpfully, the commission also provided specific recommendations and action items for each one, to help move them forward.

  1. Protect, defend, and secure today’s information infrastructure and digital networks.
  2. Innovate and accelerate investment for the security and growth of digital networks and the digital economy.
  3. Prepare consumers to thrive in a digital age.
  4. Build cybersecurity workforce capabilities.
  5. Better equip government to function effectively and securely in the digital age.
  6. Ensure an open, fair, competitive, and secure global digital economy.

However, what I found more thought provoking was the “other areas that required more consideration”:

  • How best to incentivize appropriate cybersecurity behaviors and actions and how to determine if or when requirements are called for;
  • Who should lead in developing some of the most urgently needed standards and how best to assess whether those standards are being met;
  • What is the feasibility of better informing consumers, for example, through labeling and rating systems;
  • Which kinds of research and development efforts are most needed and at what cost;
  • How to project the right number of new cybersecurity professionals our economy needs and how to choose among different approaches for attracting and training the workforce at all levels; and,
  • What the roles and relationships of senior federal officials should be and how best to ensure that they not only have the right authorities but are empowered to take the appropriate actions.

Several of these points lead to the second resolution, to get more involved. Whether you are working on the front lines of cybersecurity, setting policy and strategy, or just benefitting from better security in your role, enhancing cybersecurity is a collective responsibility. Talk with your peers, get involved with security standards, educate your customers and suppliers, mentor a new or interested colleague, or just fix your poor password hygiene!

2017 is shaping up to be a very interesting year in cybersecurity. Whatever it brings, here’s wishing you and yours a great start to a new year sure to be filled with many challenges and successes along the way!

https://www.nist.gov/sites/default/files/documents/2016/12/02/cybersecurity-commission-report-final-post.pdf

The post 2017 – New Year, Better Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/2017-new-year-better-security/feed/ 0
Together is Power: FOCUS 16 and the Future of Cybersecurity https://securingtomorrow.mcafee.com/executive-perspectives/together-power-focus-16-future-cybersecurity/ https://securingtomorrow.mcafee.com/executive-perspectives/together-power-focus-16-future-cybersecurity/#respond Tue, 08 Nov 2016 21:21:44 +0000 https://securingtomorrow.mcafee.com/?p=64405 I led last week’s FOCUS 16 conversation with a simple question – “Are we safer together, or apart?” It was a powerful way to begin my keynote, and you can safely presume the answer I gave on behalf of all of us at Intel Security: cybersecurity outcomes are best when we work together. Together is …

The post Together is Power: FOCUS 16 and the Future of Cybersecurity appeared first on McAfee Blogs.

]]>
I led last week’s FOCUS 16 conversation with a simple question – “Are we safer together, or apart?”

It was a powerful way to begin my keynote, and you can safely presume the answer I gave on behalf of all of us at Intel Security: cybersecurity outcomes are best when we work together.

Together is Power.TM 

This is our vision for the future. Working together is essential not only for all of cybersecurity. This tenet also will be the driving force behind the new McAfee brand. I was truly proud in Las Vegas to unveil our new logo on the FOCUS stage with nearly 3,500 Intel Security customers and partners in the audience—and with several thousand employees joining via webcast from around the world. These are the stakeholders that have made possible our journey over the decades. And these are the men and women who will make the new McAfee brand the largest and best pure-play in cybersecurity. Look for the new brand mark in the coming months.

Intel, New McAfee Brand, Las Vegas 2015, Focus16

A new product logo is a big change, but one thing that didn’t change on the FOCUS stage is our commitment to be our customers’ #1 cybersecurity partner. Earning that privilege is our north star.

Now here’s what did change at FOCUS 16. We announced a whole new series of integrated platforms and automated workflows that will enable all of us in cybersecurity to work together in ways never before thought feasible. Last week’s big news centered on a record number of innovations from Intel Security that were a year in the making. And all of the headlines we created are underpinned by a book that we also dropped at FOCUS.

The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War, lays out Intel Security’s view of cybersecurity’s future. Authored by Steve Grobman, our Chief Technology Officer, and Allison Cerra, our Vice President of Marketing, The Second Economy puts into plain language the cybersecurity challenge, and invites readers to understand and enlist in the cause. I encourage you to read the book and challenge your own assumptions, consider abandoning obsolete defense strategies, and sign onto driving robust collaboration for a more secure world. In the ‘second economy,’ money (or, treasure) is not the only currency in play; we battle for trust and against time as well. To win the cybersecurity war for the long term, we must succeed on all three fronts.

Winning means working together. That’s why we introduced more than 18 new products and partner innovations across our portfolio at FOCUS 16. They are the result of hundreds of millions of dollars in R&D investments over the past twelve months. Many of those investments mean Intel Security now has more engineers, more product managers, more UX experts, and more professional services members on the job, serving our customers.

But perhaps the most important announcement at FOCUS was our boldest-ever collaboration play. We are opening our Data Exchange Layer (DXL) communications fabric to…well, everyone. That’s right. Open DXL for the entire industry. It’s our call-to-arms to face the cybersecurity challenge in a way that no others have. I’m excited and proud to lead this charge and to put this invitation to all cybersecurity innovators: Let’s. Work. Together.

We also introduced a new architecture vision, where routine task automation goes to a new, unprecedented level of orchestration. Human oversight is still in the mix, but we’re advancing human-machine teaming to its highest level yet. Additional innovations strengthen security around the key control points of cloud and endpoint.

What’s more, we’ll provide cybersecurity-as-a-service in a way that allows our customers to redeploy their own people as escalation points – focusing on the toughest, most urgent emergencies, instead of routine attack remediation. Put simply, our roadmap for tomorrow enables cybersecurity on your terms.

I’ve never been as proud of my talented colleagues as I was last week at FOCUS, demonstrating the power and elegance of our new, integrated architecture. I know not everyone is with us on this point – at least, not yet. But I also know working together is the future of cybersecurity. Every day, more are realizing that the only way to address more of today’s threats, faster, and with fewer resources, is to integrate and collaborate. It’s the way forward. The second economy demands it, and the first economy deserves no less.

Even our new logo pays tribute to the power of collaboration with its striking two-tone red shield. It visually represents the most important message each of us in this fight needs to understand. We’re smarter together. We’re safer together. We’re better together.

Together is Power.TM 

No question: It’s a new day for the new McAfee brand – and our best days are ahead.

The post Together is Power: FOCUS 16 and the Future of Cybersecurity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/together-power-focus-16-future-cybersecurity/feed/ 0
Defense Evolved: From Threat Intelligence, to Investigation, to Orchestration with DXL https://securingtomorrow.mcafee.com/executive-perspectives/defense-evolved-threat-intelligence-investigation-orchestration-dxl/ https://securingtomorrow.mcafee.com/executive-perspectives/defense-evolved-threat-intelligence-investigation-orchestration-dxl/#respond Tue, 08 Nov 2016 17:20:25 +0000 https://securingtomorrow.mcafee.com/?p=64345 In my last post, I discussed the attributes of our adversaries, the drivers behind their activities, and their recent attack methodologies. I also discussed the threat defense efficacy curve, which illustrates how cyber defense capabilities decline in efficacy over time as attackers develop countermeasures to evade them. My FOCUS 16 keynote last week also explained …

The post Defense Evolved: From Threat Intelligence, to Investigation, to Orchestration with DXL appeared first on McAfee Blogs.

]]>
picture11

In my last post, I discussed the attributes of our adversaries, the drivers behind their activities, and their recent attack methodologies. I also discussed the threat defense efficacy curve, which illustrates how cyber defense capabilities decline in efficacy over time as attackers develop countermeasures to evade them.

picture12

My FOCUS 16 keynote last week also explained how we can build more effective defenses that match our adversaries’ abilities to innovate and orchestrate.

At-the-Head of the Curve

It really all comes down to landing new technologies at the leading edge of the threat defense efficacy curve.

That is, it’s important that we add new technologies into our environment at the point where they can live with a high level of efficacy for the longest duration of time before adversaries develop countermeasures rendering them less effective.

picture13

To do this, Intel Security is delivering a pipeline of technologies that can very rapidly be integrated and deployed into enterprise environments.

Last week at FOCUS, Brian Dye and Candace Worley showcased Real Protect and Dynamic Application Control. These capabilities will integrate within platforms like McAfee Endpoint Security, where it’s not about deploying an entire new product, but simply reconfiguring and selecting new functionality that can flow into the platform with a much lower level of effort than deploying entirely new solutions.

What we’re committing to is creating a strong pipeline of capabilities that is constantly looking at how to defend against the latest threats, including working on things that will counter some of the most difficult problems that we have in the industry today.

These capabilities could address the latest ransomware strains, or the challenge of real-time polymorphic packing of executables, where it’s very difficult to use traditional signatures or hash-based approaches because every time something is packed, it’s going to be 100% unique to a target victim.

Human-Machine Teaming

Today I explained that when we move beyond the individual technologies, we need to think about how we protect our environment overall. At Intel Security, we believe the strategy really needs to be around “human-machine teaming.”

If you look at the “human” and “machine” elements of cyber defense, each of them has unique properties which, put together, can deliver the best possible solution.

Machine learning is really the only way we can deal with the massive scale of data required to analyze and understand cyber events within environments. But we also need to recognize that there will always be a human adversary on the other end of an attack, always working to confuse and evade our technologies. So, it’s absolutely critical that we put our incident responders and security operations personnel into the equation, where they can bring unique strategies and intellect to think like the attackers think.

To do this, however, we need to build out a new structure for talking about cyber defense.

Moving Beyond Threat Intelligence

For years we have been talking about threat intelligence, which started as object reputation and over time has come to include additional elements such as tactics, techniques, and procedures, or specific information about campaigns.

The problem with threat intelligence is it can tell you what the threats are, but it doesn’t actually tell you how to defend against them.

We need to augment this nomenclature with other key elements, namely, investigative methods to determine what is going on in our environments. We need visibility into events, analytics to process and determine what those events mean, and assessment recalibration to go from recognizing what is happening to deciding what must be done about it.

Finally, once we identify threats operating in our environments, we need to be able to orchestrate the right responses effectively and efficiently, allowing us to both recover and update our protections.

To build technologies that link threat intelligence, investigative methods, and orchestrated response capabilities together, we need a high degree of scalability from an infrastructure perspective, and the right underpinnings in the fabric upon which these capabilities rely.

Intel Security built McAfee Data Exchange Layer (DXL) with these requirements in mind, and, this week at FOCUS, we announced that we are making DXL available as an open industry protocol:

https://github.com/openddxl

From a connectivity perspective, DXL allows us to communicate about events with clients even when they are in complex network situations, and get information to or from them with ease. The protocol also favors efficiency, making sure that enterprises can move data across their networks once, and have one-to-many or many-to-one sorts of data transfers. Moreover, DXL enables a security model that allows integrity and attestation, such that data goes only where it should go.

picture14

My keynote featured an example of DXL in action.

We showed how command and control traffic could be reported to McAfee solutions by a Checkpoint solution, and allow McAfee defenses to quickly determine the right analysis and, later, the response.

Our demo system captured events and turned around and executed searches to determine where the event came from. Based on the “machine” results of the search, we humans then took action to address it. We could tag an impacted system and change policies if needed.

Finally, we sent a request to a Rapid7 vulnerability management solution, set a tag in an Aruba access control solution, and contained the incident within the network.  All with a sophisticated 218 lines of code.

picture15

This human-machine teaming example showed how our threat intelligence, investigative methods, and orchestration framework could be implemented by organizations.  Today’s announcement of the release of OpenDXL means that such a framework can be built with and even extended beyond McAfee and McAfee Security Innovation Alliance (SIA) partner solutions to include any number of other third-party solutions.

But, more importantly, it means Intel Security customers can evolve however their situations require. They now have the power to design cyber defense capabilities unique to their environments, however specialized and complex they may be, whatever their functions or businesses are, and however they might be confronted on the cyber-threat landscape.

Please see the replay of my FOCUS’16 keynote for more information and insight.

 

 

The post Defense Evolved: From Threat Intelligence, to Investigation, to Orchestration with DXL appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/defense-evolved-threat-intelligence-investigation-orchestration-dxl/feed/ 0
Security, Time, and the Decline of Efficacy https://securingtomorrow.mcafee.com/executive-perspectives/security-time-decline-efficacy/ https://securingtomorrow.mcafee.com/executive-perspectives/security-time-decline-efficacy/#respond Fri, 04 Nov 2016 21:55:21 +0000 https://securingtomorrow.mcafee.com/?p=64220 This week at the FOCUS’16 conference in Las Vegas, I shared perspectives on today’s changing threat landscape, how we must re-think cyber defense technologies, and Intel Security’s vision for thwarting the cyber-threats of tomorrow. In 2016, we saw significant cases of cyber activity from criminals, nation-states, and hacktivists. In each case, they’ve really upped their …

The post Security, Time, and the Decline of Efficacy appeared first on McAfee Blogs.

]]>
picture1

This week at the FOCUS’16 conference in Las Vegas, I shared perspectives on today’s changing threat landscape, how we must re-think cyber defense technologies, and Intel Security’s vision for thwarting the cyber-threats of tomorrow.

In 2016, we saw significant cases of cyber activity from criminals, nation-states, and hacktivists. In each case, they’ve really upped their game.

We saw ransomware evolve from holding consumers’ data hostage, to going after larger “soft targets” such as hospitals. Front and center in our presidential election, we’ve seen nation-state actors become mainstream by using cyber activities to manipulate voter thought processes. Hacktivists have been effective in using cyber events and disclosures to change the way that we think about certain people, organizations, and issues.

In all of these cases, bad actors also changed their underlying arsenal of tools and techniques. In some cases, we saw them use tools we defenders use, but for malicious purposes. They’re using artificial intelligence to do a better job at spear-phishing. As we’ve seen in the current presidential election, they’re not just stealing data, but weaponizing it to cause harm.

They’re also looking at ways to take advantage of vulnerabilities among the armies of IoT devices (including connected cars) that are now beyond the physical reach and corrective capacity of their manufacturers. Some of these devices can’t be updated at all even if manufacturers wanted to. Any vulnerabilities that may exist within them could allow attackers to compromise and use them as cyber-attack vehicles for the current and future generations of hackers.

picture3

What we see in all of these cases is that there is a way to think about the problem statement of “what might be attacked.” It’s really about the incentive to the attackers, how easy it is to achieve their goal, and what the risk of discovery is.

Cybercriminals will always look to maximize profits, while minimizing the risk of prosecution. Nation-states will look to amplify their ability to change opinions, or steal intellectual property. They will weigh this against the risk of being identified through strong attribution, and the prospect of retaliatory steps taken in either the cyber or kinetic domains.

In all of these cases, it’s really about understanding how we defend against the next generation of attacks, and, in many ways, it requires thinking about our cyber defense technologies and their efficacy over time.

Cyber Defense Efficacy

One of the ways to do this is to think about security technologies from a time perspective, in contrast to typical IT technologies.

In most IT technologies, there is an inherent benefit to being a late adopter. Whether a database, architecture, or network technology, most technologies get better over time, meaning there are advantages to waiting for early adopters to implement and work the bugs out.

The problem is that cyber defense technologies are typically most effective right after invention. The reason for this is that a security defense capability will initially focus on solving a problem for a very well-understood issue or set of threats. During the initial deployment phase, there isn’t enough volume for adversaries to build countermeasures or evasion tactics.

But once it becomes part of a widely deployed defense, we see that new techniques by the attackers work to directly influence and reduce the effectiveness of the technology. Its effectiveness inevitably declines.

picture2

Threat Defense Efficacy Curve

We’ve seen this time and time again:

  1. Bayesian spam filters worked well until there was enough deployment to force the cybercriminals to use HTML formatting tricks and other techniques to bypass them.
  2. When we implemented the use of hashes to very quickly convict files without waiting for signature detection, adversaries were driven to build countermeasures such as creating polymorphic downloads to make each malware sample unique.
  3. Sandboxing helped us find never seen before malware, but very quickly we began to see malware that was sandbox aware, adding evasion tactics to determine whether it was operating within a sandbox or on a victim’s machine.

We need to recognize that this cycle is going to remain true for every technology, even some of the most powerful technologies at our disposal today. So, as we walk around the floor at RSA and Black Hat, and hear about the promise of big data, machine learning, and artificial intelligence, we need to think forward to what the next generation of countermeasures could be.

picture4

That’s one of the key things we’re focused on at Intel Security: as we build out new technologies, we’re figuring out how adversaries will attack them to make them more inherently resilient.

In my next blog post, I will share how we can use the curve to develop better defensive strategies, and how Intel Security is delivering the solutions to enable partners to improve their defenses and amplify outcomes.

The post Security, Time, and the Decline of Efficacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/security-time-decline-efficacy/feed/ 0
Chance of a Lifetime https://securingtomorrow.mcafee.com/executive-perspectives/chance-of-a-lifetime/ https://securingtomorrow.mcafee.com/executive-perspectives/chance-of-a-lifetime/#respond Thu, 03 Nov 2016 20:55:08 +0000 https://securingtomorrow.mcafee.com/?p=64175 Writing from the FOCUS 16 Security Conference, Wed., Nov. 2 I just came out of one of the most energetic keynote sessions I have ever seen. Chris Young, who heads Intel Security /McAfee, mapped out a vision for the future of our company. It was overwhelming. I don’t need to re-quote figures on the problems …

The post Chance of a Lifetime appeared first on McAfee Blogs.

]]>
Writing from the FOCUS 16 Security Conference, Wed., Nov. 2

I just came out of one of the most energetic keynote sessions I have ever seen.

Chris Young, who heads Intel Security /McAfee, mapped out a vision for the future of our company. It was overwhelming.

I don’t need to re-quote figures on the problems with cyber-attacks and security threats on the Web. It’s something we all are aware of. All you have to do is read a news site or pick up a newspaper. Security is probably the biggest challenge to the Digital Age.

Our industry – cybersecurity – is moving faster than any other segment of IT. And Intel Security/McAfee is right in the center of what’s happening.

This year Intel Security/McAfee introduced 18 new products. We developed four integrated security systems. We moved forward, fast, on our industry partnerships, which are now up to 125.

This morning Chris unveiled the new McAfee logo, which will go into full effect early next year, when the company formally spins out from Intel (though Intel is hanging on to 49% of us!). At that point we will be one of the largest pure-play cyber security companies in the world. Our goal is to also be the #1 security partner.

We aim to move even faster in 2017, and actually increase our product introductions, chiefly through organic innovation. We will continue to move into the cloud and integrated solutions, and with the opening of DXL (https://github.com/opendxl), we expect to greatly accelerate our partnerships.

If I could be personal for a moment, this for me is one of the greatest chances of my lifetime. I’m working in a great company, with a fantastic team of over 2000 engineers, at a time when what we do is needed by the world more than ever.

Chris has given us our marching orders. #1. Agile. Integrated. Cloud-based. And working together within the industry, not just turning out point widgets.

The future is open. What’s your opinion? I’d like to hear from you.

Best,

Brian

The post Chance of a Lifetime appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/chance-of-a-lifetime/feed/ 0
Risky Business: Miscalculating Cyber Threats https://securingtomorrow.mcafee.com/executive-perspectives/risky-business-miscalculating-cyber-threats/ https://securingtomorrow.mcafee.com/executive-perspectives/risky-business-miscalculating-cyber-threats/#respond Mon, 31 Oct 2016 22:09:10 +0000 https://securingtomorrow.mcafee.com/?p=63945 Human beings are an amazingly resilient species. I’m not speaking merely of our collective abilities in building and growing productive civilizations the world over. I’m referring to a much more important, even if less understood, characteristic—that of our ability to deceive ourselves. I realize that statement is loaded with controversy, if not confusion, so allow …

The post Risky Business: Miscalculating Cyber Threats appeared first on McAfee Blogs.

]]>
Human beings are an amazingly resilient species. I’m not speaking merely of our collective abilities in building and growing productive civilizations the world over. I’m referring to a much more important, even if less understood, characteristic—that of our ability to deceive ourselves.

I realize that statement is loaded with controversy, if not confusion, so allow me to explain. Psychology has explored the most essential element that separates mankind from every other species on the planet—that of our ability to reason. Our mind dictates how we see the world around us and drives our behavior, no matter how deliberate or unconscious it may be.

And so, when considering how our brain processes risk, such as that rampant in the world of cybersecurity, the mind that governs every action we take is significantly impaired by its own limitations. We can thank psychologists for their contributions in helping us understand the seemingly unthinkable. The field has identified several ways we fundamentally get risk wrong. Whether it’s our tendency to underestimate threats that creep up on us (such as the daily grind of poor eating habits that contribute to a lifetime of disease complications), our propensity to substitute one risk for another (such as speeding up once we click our seatbelt) or the seductive illusion of control (where we will readily text and drive but excoriate others for doing the same), the human brain is amazingly resilient in revealing what we want to see—even if in stark contrast to actual reality.

The implications to cybersecurity are palpable. Employees readily justify risky behavior, such as clicking on unknown links or emails, if not dismissing their own judgment in questioning that which is suspicious. Cybersecurity professionals believe they are best equipped to handle the next threat, rather than relying on a third party with presumably more experience for the same. The slow drip, drip, drip of breaches that litter headlines creates an insidious perception that we are somehow immune to the next one—all the while the risk continues to creep up on us.

Consider some of the more sobering facts. According to Intel Security primary research of American consumers, 71% of those aged 18-34 believe their data is more secure today than it was a year ago. This isn’t merely a generational issue. Some 65% of those aged 35-54 agree. This, despite the fact that the number of threats in our virtual world continues to exponentially multiply. Not convinced? Ten years ago, McAfee Labs observed 25 new threats per day entering the landscape; today, that figure had exploded to more than 400,000 new threats—per day!

Muddying the waters further, it’s not as though consumers don’t believe the threatscape is more dangerous—even overestimating the number of annual data breaches in the U.S.—all while also overestimating their own capabilities in defending themselves against such clear and present risks. The powerful psychological concoction that ensues provides threat actors the world over with self-deceived consumers (and, yes, cybersecurity professionals) who might as well hang a virtual shingle on their public profile or company website with the simple message, “Your Next Victim Here”.

Take heart. There’s an answer to this problem. We’re not likely to uproot millennia of psychology evolution that have programmed our brains toward self-deceit. But, such propensities can be remediated, if not balanced, with an open and constructive dialogue about our tendency to miscalculate risk entirely. When we do, we can remove at least a few bullets, if not an entire weapon category, from the enemy’s arsenal.

 

Learn more about cybersecurity risk perceptions in the new book, “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War.”

The post Risky Business: Miscalculating Cyber Threats appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/risky-business-miscalculating-cyber-threats/feed/ 0
Who Needs Another Cybersecurity Book? https://securingtomorrow.mcafee.com/executive-perspectives/needs-another-cybersecurity-book/ https://securingtomorrow.mcafee.com/executive-perspectives/needs-another-cybersecurity-book/#respond Mon, 31 Oct 2016 21:37:07 +0000 https://securingtomorrow.mcafee.com/?p=63937 One could argue the last thing the world needs is another book on cybersecurity. A simple search of the term on Amazon yields nearly 1,700 results. A Google search of the same renders nearly 27 million hits. In fact, one could argue that cybersecurity is dangerously close to suffering the same overexposure plaguing so many …

The post Who Needs Another Cybersecurity Book? appeared first on McAfee Blogs.

]]>
One could argue the last thing the world needs is another book on cybersecurity. A simple search of the term on Amazon yields nearly 1,700 results. A Google search of the same renders nearly 27 million hits. In fact, one could argue that cybersecurity is dangerously close to suffering the same overexposure plaguing so many once-interesting, now-irritating celebrities clinging to their proverbial fifteen minutes of fame.

So, why write another book on an already saturated topic? Quite simply, because one is needed. There are more than enough cybersecurity books that cover the technical aspects of the field. These are worthy of any cybersecurity professional’s bookshelf. But, there simply isn’t a cybersecurity book that clearly articulates why the layperson should care about a war that many are unaware is even occurring.

When we speak of the layperson, we’re not discussing the average consumer and his or her need for widely available and equally understood antivirus protection. We’re speaking of employees and executives who play a very important role, whether they realize it or not, in a cybersecurity battle that has much higher stakes. One where noble cybersecurity professionals stand on the right side of a fight too important to lose and are the unsung heroes of their organizations, seeking no glory, knowing the cause is bigger than themselves. These defenders toil in virtual anonymity, protecting all that is sacred to their organizations, while many of their colleagues play the role of unwitting participant, directly or indirectly doing the bidding of enemies seeking to undo their employers.

And, because motivated adversaries who aim to weaken an organization’s defenses know that these unwitting participants are most useful when they are also most ignorant, cybersecurity is simply too important to remain a dialogue within technical hallways. We must expand the conversation to include employees, whose ignorance is a bullet in the enemy’s gun. We must engage business leaders, including CXOs and board members, who directly or indirectly guide their organizations’ cybersecurity agenda, even if they do so not always understanding the ramifications of their decisions.

We realize it’s not these laypersons’ fault that they don’t understand our world. We’ve never invited them in. Enter “The Second Economy.” Think of it as a veritable Rosetta Stone that converts technical speak into business language. Does this mean that technologists shouldn’t give it a read? Absolutely not! If there is one enemy greater than the adversary seeking to destroy a cybersecurity professional’s organization, it’s the preconceived cybersecurity notion that has outlived its relevance all while it guides a defensive strategy built on faulty assumptions. For these technologists, you’ll gain a different perspective on your mission, even understanding how conventional cybersecurity “wisdom” is anything but.

Whether you are a technologist or a layperson, a cybersecurity professional or a business leader, open this book and open your mind to a fascinating topic that is simply too important to ignore. This is a war that can only be won when we all understand what is at stake and the role we play as defenders, attackers, victims or unwitting participants. The first step to action is understanding. “The Second Economy” seeks to initiate the dialogue between cybersecurity professionals and their non-technical peers that, despite the thousands of books and millions of search results on the topic, is conspicuous by its absence.

Learn more about the book, “The Second Economy: The Race for Trust, Treasure and Time.”

The post Who Needs Another Cybersecurity Book? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/needs-another-cybersecurity-book/feed/ 0
CTO Q&A: Campaign Hacks, Yahoo! and Clinton-Trump https://securingtomorrow.mcafee.com/mcafee-labs/cto-qa-campaign-hacks-yahoo-clinton-trump/ Mon, 03 Oct 2016 07:08:11 +0000 https://blogs.mcafee.com/?p=53023 Over the last several days, we’ve seen headlines on potential cyberattacks on state voter registries, cybersecurity front and center in the Clinton-Trump presidential debate, and new revelations into the Yahoo! cyber-breach that appears to have compromised more than 500 million user accounts. Intel Security CTO Steve Grobman fielded a number of questions on these events …

The post CTO Q&A: Campaign Hacks, Yahoo! and Clinton-Trump appeared first on McAfee Blogs.

]]>
Over the last several days, we’ve seen headlines on potential cyberattacks on state voter registries, cybersecurity front and center in the Clinton-Trump presidential debate, and new revelations into the Yahoo! cyber-breach that appears to have compromised more than 500 million user accounts.

Intel Security CTO Steve Grobman fielded a number of questions on these events and revelations:

What do you make of the FBI and DHS announcements that the agencies have detected cyberattacks on voter registration websites in more than a dozen states?

“These announcements certainly raise concerns. Elections are meant to be anonymous and not traceable back to the individual voter. Thirty-one states and DC offer the kind of online voter registration that the FBI says was targeted. The perpetrators are hacktivists. They probably seek to shake voter confidence in the American electoral system, and they only have to have one high-profile attack to achieve this goal.”

What do you make of reports that cybercriminals are behind the theft of 500 million Yahoo! users’ accounts, not government-backed hackers, and these actors sold the data to a state actor?

“Some nation-states have the same cyber gap in their offensive operations as the rest of the world has in defensive operations. Moreover, they face the threat of kinetic repercussions resulting from the digital attribution of a cyberattack. Therefore, it’s conceivable that these state actors could use a wide range of tactics to mitigate these issues. This could indeed include partnering with criminal or private organizations to achieve their strategic objectives.

Because of this, we need to be careful not to interpret what little we see as definitive proof of a conclusion.

For example, the fact that stolen data can be leaked through criminal underground networks could simply indicate that a nation-state is attempting to mask a cyber espionage operation as a standard cybercriminal breach. It may also be a side effect of a criminal actor acting on a nation-state’s behalf. A similar deception can occur in reverse, in which a criminal or terrorist group can use tactics to falsely implicate a nation-state.”

What should we make of the possibility of a nation-state potentially hacking a U.S. corporation for user emails as an act of espionage?

“For state actors, the political or strategic incentives of orchestrating such a large breach are as real as the obvious financial ones for cybercriminals. A rival state’s intelligence services could find and access the messages of individuals with political, government, military, and even corporate public profiles.

Consider the recent compromise and disclosure of former Secretary of State Colin Powell’s personal email messages. While probably more tame than the average citizen’s messages, the public disclosure of his communications revealed statements that proved controversial in political and other government circles.

The emails of the less tame or even reckless candidate, three-letter agency chair, general, or CEO could contain material sensitive enough to destroy careers, enable blackmail, endanger a mission, or influence high-level negotiations and decisions.”

Regarding Verizon’s planned acquisition of Yahoo!, is an analysis of a company’s computer security expected as part of the due diligence in a purchase?

“It is common practice for technology companies conducting due diligence of a potential acquisition to evaluate the cybersecurity posture of that target. This due diligence often includes requesting a list of IT breaches, reviewing the results of any security audits or certifications, evaluating the company’s policies and procedures for IT security, reviewing the company’s privacy policies, and assessing the nature of personal information held by the business, among others.”

Who generally performs such an analysis? Are they paid by the buyer or the seller?

“Security-related diligence is often conducted through a combination of internal teams employed by the acquirer, and, if needed, third-party specialists. The cost of any third-party evaluation is typically borne by the acquirer.”

Would such an analysis have picked up this breach?

“The due diligence process generally requires disclosure of known IT breaches. Security audits or other evaluations conducted during the course of diligence would attempt to assess the likelihood of future breaches or potentially undiscovered IT breaches.”

What was your reaction to the prominent mention of cybersecurity in the presidential debate between Hillary Clinton and Donald Trump?

“It was refreshing to see cybersecurity at the forefront of the national security conversation during the debate. In just a few years, we’ve seen cybersecurity go from a function of the IT back office, to the nation’s Oval Office.

While events have tended to drive government into action, more and more of our nation’s top leaders understand the cyber battlefield is as critical as land, sea, air, and space. The prominence of cybersecurity in this week’s debate is tremendous progress, with the promise of further progress to come in the coming months and years.”

 

 

The post CTO Q&A: Campaign Hacks, Yahoo! and Clinton-Trump appeared first on McAfee Blogs.

]]>
Dynamic Endpoint – some things are simply better together! https://securingtomorrow.mcafee.com/executive-perspectives/dynamic-endpoint-things-simply-better-together/ Thu, 29 Sep 2016 18:47:03 +0000 https://blogs.mcafee.com/?p=53002 I like chocolate but I don’t seek it out. Peanut butter – I can take it or leave it. But put them together and now you’ve got my attention. Some things are better together. That doesn’t mean they aren’t perfectly good by themselves. It just means that combined, they provide a superior experience. Although comparing …

The post Dynamic Endpoint – some things are simply better together! appeared first on McAfee Blogs.

]]>
I like chocolate but I don’t seek it out. Peanut butter – I can take it or leave it. But put them together and now you’ve got my attention. Some things are better together. That doesn’t mean they aren’t perfectly good by themselves. It just means that combined, they provide a superior experience. Although comparing peanut butter cups and Dynamic Endpoint Defense might seem like a stretch, they are both the result of putting two perfectly good ingredients together to create something that delivers greater satisfaction and a more superior experience than the individual elements alone. Endpoint Security technologies today are generally single purpose and fail to deliver a superior level of satisfaction for most, if not all, of their users. They are not converged or integrated or even aware of each other. They protect, detect, or correct in isolation. Yet the need from security practitioners is nearly the opposite – they need security that is delivered in a coordinated, integrated, and system-aware solution. In other words, they want the Reese’s* Peanut Butter cup of security – simple, superior, and satisfying.

There is little satisfaction in today’s approach to endpoint security. The product-for-every-problem approach is only good until there is a new problem tomorrow.  To secure complex environments, you need security that is as dynamic as the environment it’s protecting and the threats it’s protecting against. Dynamic endpoint defense requires a fundamental shift from deploying isolated countermeasures designed with the sole directive of payload recognition, to a collaborative set of converged capabilities that can identify, contain, and eradicate threats across all points of attack progression as part of an integrated security platform. Only through a system and platform based approach will the industry eliminate security silos and deliver real-time, holistic security that addresses the entire threat defense lifecycle from protect to detect and correct.

McAfee Dynamic Endpoint will bring together our best security management and on-device protections integrated with cloud based analytics to deliver dynamic and highly adaptable protection against known and zero day attacks. It will do this by utilizing a multitude of approaches to identify transient attack techniques and lateral movements that do not manifest themselves in obvious ways.

dynamic-endpoint

By leveraging multiple security capabilities as part of an integrated system, McAfee® Dynamic Endpoint will provide proactive protection, advanced detection, and automatable correction addressing the entire threat defense lifecycle. Delivering our solution in this way will reduces computing overhead on the system while providing extensibility that makes it easy to evolve your endpoint security footprint. Early testing of McAfee Dynamic Endpoint shows promising results. It prevented 60% more threats than signature-based solutions, reduced team training times by 80% and took 66% less operational personal than Best of Breed approaches. The integrated approach to securing the endpoint enables security teams to do more, faster with fewer resources.

McAfee® Dynamic Endpoint will be comprehensive in its approach to securing endpoints. As a result of being fully integrated into Intel Security’s platform, its capabilities will help to ensure the health, integrity, and improved TCO of the entire security infrastructure.  The endpoint does not live alone in an IT infrastructure. It coexists with many other security solutions. At any given time a computing compromise may occur rendering the IT infrastructure only as strong as its weakest link. Our Intel Security platform approach will mitigate this risk.

Our endpoint will connect, in real time, to Intel Security and Partner solutions subscribed to the Intel Security Platform via our Threat Intelligence Exchange and Data Exchange Layer. Being part of this platform means that an attack, and the associated threat intelligence, discovered by McAfee Dynamic Endpoint, will be shared in real-time with all other countermeasures subscribed to the platform. Delivering on this strategy requires scale from an endpoint penetration, threat intelligence, and management perspective. Intel Security delivers that scale with over 90 million corporate endpoints protected with our endpoint solution, a product and partner management console in the McAfee® ePolicy Orchestrator®, a tightly integrated threat intelligence cloud processing 420 billion lines of telemetry a month, and a security partner ecosystem with 135 partners committed to platform integration. This platform approach means that an attempted compromise and threat discovery on a single endpoint protected by the McAfee® Dynamic Endpoint solution will become the seed of immunity for the entire network.

At FOCUS 2016, our annual user conference at the Aria Casino In Las Vegas Nevada November 1-3, 2016 we will showcase new solutions in support of Dynamic Endpoint and it’s integration with the broader Intel Security platform.

Bringing together advanced and traditional endpoint security in McAfee® Dynamic Endpoint, in addition to the integration with the broader Intel Security Platform, will allow us to deliver a more superior experience than delivering any of them alone. Stand-alone, each delivers value but together they deliver superior satisfaction.  

Who knew that peanut butter cups and Dynamic Endpoint could possibly have anything in common!

© Intel Corporation

NOTICE:  The information contained in this document is for informational purposes only and should not be deemed an offer by Intel or create an obligation on Intel. Intel reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations.

Intel, McAfee, the Intel and Intel Security logos, ePolicy Orchestrator, and McAfee ePO are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.

The post Dynamic Endpoint – some things are simply better together! appeared first on McAfee Blogs.

]]>
Pinching ideas on Climate Change and Cyber Security https://securingtomorrow.mcafee.com/executive-perspectives/pinching-ideas-climate-change-cyber-security/ Fri, 23 Sep 2016 12:17:28 +0000 https://blogs.mcafee.com/?p=52806 “We’re here to pinch your best ideas.” Those words began Mayor of London, Sadiq Khan’s remarks to a small group of city officials, regulators and private industry in New York City’s financial district this morning.  The discussion was focused on cities, climate change and the use of technology to address it while improving citizens’ lives. …

The post Pinching ideas on Climate Change and Cyber Security appeared first on McAfee Blogs.

]]>
“We’re here to pinch your best ideas.” Those words began Mayor of London, Sadiq Khan’s remarks to a small group of city officials, regulators and private industry in New York City’s financial district this morning.  The discussion was focused on cities, climate change and the use of technology to address it while improving citizens’ lives.

Mayor Khan stated that he believes this will be the first generation to tackle climate change or the last to ignore it.  Obviously a strong commitment partially driven by a commitment to public health.  It’s estimated that 9500 Londoners die every year as a result of long-term exposure to poor air quality.

Technology can definitely play a role and providing appropriate cyber security for that technology is critical.  Whether it’s carbon neutrality (London) or 80 by 50 (NYC’s pledge to 80 percent emissions reduction by 2050 as compared to 2005 levels), renewable energy, energy efficiency, smart transportation and smart buildings will play critical roles.  And all need to be delivered securely.

As the conversation at the roundtable continued another relationship between the climate change debate and smart city cyber security emerged.  In both cases there’s a need for integration.  The New York State Department of Public Service Deputy for Markets and Innovation made the comment that everyone has a tendency to look for the ONE THING that will solve the problem – renewables, improved building stock, etc.  But the reality is that it takes many efforts that need to be integrated together to achieve the goal.

The same thing is very true for securing smart infrastructure.  We are often asked what one technology should be deployed.  The answer is much more complex.  Security must be designed in.  And for the era of the Internet of Things it is particularly important that the integrity of devices and data be ensured from the moment the system is installed.

Security built into the hardware (secure boot, identity, secure storage, trusted execution environments) can be foundational, but we also need network security and protected infrastructure in the cloud.  And it all needs to work together.

Smart, connected and secure.  And carbon neutral.

That's my red jacket
(That’s my red jacket)

 

The post Pinching ideas on Climate Change and Cyber Security appeared first on McAfee Blogs.

]]>
Automating the Threat Defense Lifecycle – What the Heck does THAT Mean? https://securingtomorrow.mcafee.com/executive-perspectives/automating-threat-defense-2016/ Fri, 16 Sep 2016 18:05:15 +0000 https://blogs.mcafee.com/?p=52647 When we introduced our strategy at FOCUS ’15, at its core a simple concept:  create integrated security systems to automate the threat defense lifecycle so you can address more threats, faster, with fewer resources.  With the recent announcement of our strategic partnership with TPG we want to further define our strategy and show how we …

The post Automating the Threat Defense Lifecycle – What the Heck does THAT Mean? appeared first on McAfee Blogs.

]]>
When we introduced our strategy at FOCUS ’15, at its core a simple concept:  create integrated security systems to automate the threat defense lifecycle so you can address more threats, faster, with fewer resources.  With the recent announcement of our strategic partnership with TPG we want to further define our strategy and show how we are uniquely leading the market, making IT security as dynamic and responsive as today’s most dangerous threats.[1]

To start at the finish:  the results of these security systems will be measurable – a simple but incredibly important conclusion.  We define success not just through your satisfaction but through impact to key CISO-level metrics.  When compared to disconnected architectures, we expect these systems should be able to:

  • Reduce overall time to protection from over four hours to one minute
  • Increase incident response capacity by up to 30x
  • Improve response time from over 24 hours to less than 7 minutes

We understand that if we can’t move your metrics, we having nothing to offer but a new widget – and you have enough of those already!

Fundamentally, we are creating these integrated and automated security systems because we believe:

  1. Protect, detect, and correct are better together.  The virtuous cycle of integrated security builds the best protection technology possible, finds and contains advanced threats, and rapidly remediates them … while adapting protection technologies to block the next threats better.  Organizations with integrated security platforms are 30% better protected[2], and we want you to be part of that statistic.
  2. Only automation can overcome staffing issues.  You are clearly faced by a mismatch between your staffing (talent and volume) and the growth in number and sophistication of threats.[3]  That gap is compounded by stove-piped tools that force analysts to manually connect the dots across them, which takes even more time and effort.   Deeply automated security systems are critical to help solve that problem:  eliminate routine tasks, enable faster new hire onboarding, and free your strongest talent to tackle your hardest problems.  We expect automation to reduce manual effort by up to 70%.
  3. No vendor can do this alone.  The security industry is one of the most fragmented of any in IT and no one provider delivers the entire threat defense lifecycle.  You need a practical way to integrate new capabilities into an overall platform approach.  Only real partnerships, across industry leaders, can create true security systems that protect, detect, and correct.

Four Security Systems

With those beliefs fueling our strategy, we are building a platform-based architecture with four security systems:  endpoint, cloud, hybrid data centers, and threat management.  Each system combines multiple technologies in to a single, integrated security system that allows us to break the Gordian knot:  combining best-in-market technology with broad integration across common platforms.  We expect these will drive the superior outcomes that you deserve with a low operating complexity … to drive an operating cost structure you can afford.

bdblog_1

 

Connecting these Security Systems

Each of these systems help you address more threats, faster, with fewer resources.  That said, because these systems are themselves built on platforms they will work together to solve even bigger security problems.  To pick just a few examples:

  • Closed loop threat defense: The four systems work together to share threat information and automate protection, which improves security and lowers cost.  Using the example of a potential attack starting at the endpoint, our security systems automate the detection and response end to end (although a threat coming in through the cloud or data center would have the same flow):

bdblog_2

  • Mobile workforce security: Due to the rise of SaaS applications, mobile workers can complete much of their work using only email, SaaS applications, and local compute.  The combination of the converged endpoint and cloud-delivered data security systems is designed to create a “mobile clean zone” to secure those mobile workers’ devices, but also keep the organizations data secure while off of the corporate network … allowing them to more safely reconnect to the corporate network when needed.  This includes technology from Intel Security, but also from our partners like VMware® AirWatch® and MobileIron.
  • Security for Infrastructure as a Service: Securing the workloads and access of IaaS platforms like Amazon Web Services or Microsoft Azure highlights the interconnectivity of the public cloud, data, users, and security operations center to defend it successfully:

bdblog_3

 

A Unique Point of View

A common hazard across the security industry is that vendors start describing their strategies with common words, and before long everyone sounds the same.  To help cut through the buzzword bingo, here are a few areas where we believe our approach is truly unique in the market:

  • Integration: we are combining point tools and features, using common platforms, in to integrated security systems.  You can see this in the four security systems:  each combines the capability from 3 or more point products in to a single system.  We deliver this integration and the management level with ePO™ and the threat intelligence level through DXL as well.
  • Automation: with integration as our foundation, we then build in closed loop automation.  This automation delivers more accurate detection, faster remediation, and closed loop protection.  These benefits increase directly with the breadth of products and technologies that we integrate (our own or with other security providers).
  • Orchestration: with more of your organization freed up through automation, we then proceed to orchestrate.  While automation is at the tools level, orchestration is at the systems level to not just drive actions but coordinate teams and accelerate investigation.  The gains, across both security effectiveness and team efficiency, are the most dramatic here which is why this is the ultimate goal that both integration and automation are building towards.

Really?

Overall this may be surprising to some of you, and it is more true than ever that the proof is in the pudding.  You may wonder if we can do this, and I appreciate that skepticism.  I don’t ask for your trust – instead I invite you to join us at FOCUS16 in Las Vegas this fall.  There, we will share with you the first round of technology delivery against this strategy.  I think you will be – pleasantly! – surprised.

Best,

Brian

© Intel Corporation

Intel, the Intel Security logo, McAfee® ePolicy Orchestrator® (McAfee® ePO), McAfee® ePolicy Orchestrator Cloud (McAfee Cloud ePO ) and Security Innovation Alliance are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

[1] NOTICE:  The information contained in this document is for informational purposes only and should not be deemed an offer by Intel or create an obligation on Intel. Intel reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations.  Performance achievement objectives stated throughout this document assume certain environment configurations and are only representative of what we want to achieve, not a statement of current performance.

[2] Penn Schoen Berland. Dates of study: 1/4/2016 – 04/25/2016.

[3] https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/GISWS/FrostSullivan-(ISC)%C2%B2-Global-Information-Security-Workforce-Study-2015.pdf, pages 10-14

The post Automating the Threat Defense Lifecycle – What the Heck does THAT Mean? appeared first on McAfee Blogs.

]]>
The Cybersecurity Talent Deficit Goes Global https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-talent-deficit-goes-global/ https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-talent-deficit-goes-global/#comments Thu, 28 Jul 2016 12:00:34 +0000 https://blogs.mcafee.com/?p=51522 I’m privileged to lead a group of Intel Security leaders to the annual Aspen Security Forum this week. This event is among the most prestigious gatherings of its kind. Dozens of government leaders, tier one journalists, and private-sector companies like ours connect in Aspen each July to discuss the most pressing national security issues facing …

The post The Cybersecurity Talent Deficit Goes Global appeared first on McAfee Blogs.

]]>
I’m privileged to lead a group of Intel Security leaders to the annual Aspen Security Forum this week. This event is among the most prestigious gatherings of its kind. Dozens of government leaders, tier one journalists, and private-sector companies like ours connect in Aspen each July to discuss the most pressing national security issues facing the United States. The candid, diverse and direct discussions cover a broad array of topics of concern to our industry and yield helpful insights both to our team and the officials we meet.

ASF

I’ll be participating on a panel discussing the role of cybersecurity in our national security apparatus. CNN Justice Correspondent Evan Perez will moderate the discussion, and I’ll be joined on the panel by Assistant Attorney General for National Security John Carlin, Michael Daly of Raytheon, and Vinny Sica of Lockheed Martin.

While there are many issues of concern, I look forward to discussing the global cybersecurity talent deficit, and the potential national security ramifications of failing to address it.

The Looming Cyber Workforce Shortage

Not everyone may be willing to define thousands of unfilled tech jobs as a national security crisis, but we are. This week, the Center for Strategic and International Studies (CSIS) released a report supporting our assertion. It surveyed public and private IT decision makers on the quantity and quality of cybersecurity professionals in Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom, and the United States.

The study reveals a global cybersecurity skills shortage, and it is allowing malicious actors to inflict real, quantitative damage to public and private interests alike.

Eighty-two percent of all survey respondents report a shortage of cybersecurity skills. Seventy-one percent say the talent deficit has hurt their organization. One in four blame it directly for data loss and reputational damage.

Whose problem is this? Public and private entities, including institutions of higher education, share blame for not doing enough to sync the supply of cybersecurity skills with soaring demand. In our survey, three out of four respondents criticized their governments for inadequate cultivation of cyber talent.

These decision makers fault colleges and universities for failing to develop and market attractive cybersecurity coursework. They view the standard four-year college degree as insufficient, and praise the value of hands-on experience, including gaming and hacking exercises.

A National Security Crisis?

Countries lacking the human beings to adequately protect their most vital data, national secrets, financial markets, and ground-breaking intellectual property are unlikely to be economically competitive with those nations who can. But, beyond the economic implications of the shortage, consider the billions of connected devices coming online throughout the critical infrastructure that increasingly run our world.

From train systems, to water utilities, to smart power grids, to first responder communications, as the Internet of Things becomes ubiquitous, digital attacks now threaten physical damage. If we do not address the shortage of cybersecurity professionals soon, nations could find themselves unable to maintain adequate cybersecurity postures to protect and defend their critical infrastructure.

Automation and Unpredictables

The survey reveals across-the-board confidence that automation technology solutions will prove up to the task of mitigating ongoing cybersecurity threats. It’s true that the next phase of the cybersecurity era will redefine the symbiotic relationship between automated solutions and their human managers, analysts, and decision makers. The incoming cybersecurity workforce will adapt to increasingly automated environments, from “human in the loop” to “human on the loop” processes.

Security Leaders

Moving Forward with Solutions 

This week in the Rockies, we expect to hear sober talk from America’s best and brightest about encryption, ISIL threats, spyware, foreign espionage, extremist propaganda, and more. All well and good. Having enough smart, discerning professionals on deck to manage these issues, however, is just as pressing a concern. It should, in fact, be near the top of the list.

The CSIS survey delivers a clear call for more public investment in cyber education by higher education institutions – and more ongoing learning programs for private sector workers. While the private cybersecurity industry continues to innovate, our expertise shortage is an essential national security challenge that cannot be solved in the private sector alone.

Just as we have in past conflicts, government and private industry must collaborate, set priorities together, recruit talent, and seriously invest in skills development to address the cybersecurity workforce shortage facing our nation.

 

Fore more, watch ‘Cyber’s Role in America’s Security Arsenal‘ panel with John Carlin, Assistant Attorney General for National Security, Evan Perez, Justice Correspondent, CNN, Vinny Sica, Vice President, Defense and Intelligence Space Ground Solutions, Lockheed Martin, Michael Daly, Chief Technology Officer, Cybersecurity and Special Missions, Raytheon and myself.

The post The Cybersecurity Talent Deficit Goes Global appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-talent-deficit-goes-global/feed/ 7
Cybersecurity and Me https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-and-me/ https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-and-me/#respond Wed, 27 Jul 2016 23:41:59 +0000 https://blogs.mcafee.com/?p=51587 I keep the things people care about safe. Their bank accounts, their private data, their social media accounts, their children, spouses, grandparents, employees and their company secrets. I didn’t set out to work in cybersecurity. But given what I’ve learned about the business, its people and their sense of mission, and our growing criticality to …

The post Cybersecurity and Me appeared first on McAfee Blogs.

]]>
I keep the things people care about safe.

Their bank accounts, their private data, their social media accounts, their children, spouses, grandparents, employees and their company secrets.

I didn’t set out to work in cybersecurity. But given what I’ve learned about the business, its people and their sense of mission, and our growing criticality to the world at large, I urge you to think about it.

As a young professional, technology was not my strong suit. I majored in management at Oregon State, with a minor in behavioral science. I was not up coding all night. I was waitressing and bartending to pay tuition. I graduated without a job and finally found a rent-paying gig as an administrative assistant.

Hardly a storybook start for a would-be cybersecurity leader.

But after laboring for several years in a succession of corporate vineyards – becoming a product manager, getting an MBA on the side – a professional networking contact reached out and I was offered a position at McAfee. I joined as the VirusScan product manager (it was our flagship corporate solution at the time).

Just the next stop on the corporate shuttle, right? Wrong.

I saw within a year what a different industry security was. I stopped looking for the job that would deliver long-term job satisfaction realizing that I may very well have found it. I’ve now worked at this company for 16 years.

Drinking the security Kool-Aid was not my plan. But after one short year I realized coming to work and keeping people safe was pretty cool. Not inventing rationales for obscure widgets, or assessing my worth according to how much jargon I could cram onto a presentation slide. I knew I was doing good and creating value for a world that had come to rely, with astonishing speed, on digital systems born fragile and vulnerable that have been playing catch up with the bad guys ever since.

Cybersecurity attracts extraordinarily committed people. Early in my McAfee term the I Love You virus broke out – a malicious e-mail attachment that affected tens of millions of PC’s. It was not just another day at the office. We had grown men and women melting down on the phone, terrified that their company’s security teams might not tame the malware before it overwrote critical files and resent itself to all their employees Outlook contacts. I had colleagues work 3 days straight, pitching in without pause – amazing engineers, researchers and managers who brought passion to the task of protecting our customers. If we didn’t feel like a family before we certainly felt that way after 72 hours of pizza, Chinese take-out, and a steady stream of caffeine. It felt like a cause.

At times like that ours is not a normal life. Of course I stayed.

In the years since the I Love You virus, cyberattacks have only grown more malicious and fateful. It has matured from mostly innocuous pranking to well-organized crime. Malware is an established industry with its own developers, pricing models and distribution chains. The bad guys have become serious adversaries.

Why don’t more young people respond to the urgency and rewards that come with such   exciting work – the development of digital protection and detection technologies for the whole civilized world?

It’s partly because we have to make a better, clearer case. We need hard science skills and hard coding chops, but you don’t have to be a computer science or mathematics major to contribute to this industry. Look at me. I understand technology and know how to communicate its powers – and when the tech arena gets more good communicators, the public will better understand this field and more importantly, why it is so important to them personally and professionally.

It’s partly because private industry and higher education need to up their collaboration game. When Intel Security piloted cybersecurity coursework with Cal Poly and my alma mater, Oregon State, the classes we designed filled up in 15 minutes. So we know we can ignite the next generation’s interest. We, as an industry, ought to work with more universities to proactively develop and disseminate cybersecurity curriculum.

And I think we have to reach young people sooner. When I talk to students in middle school and high school I tell them a cybersecurity career offers a chance to fight bad guys, yes. It rewards adrenalin junkies, yes. But it also makes you a caretaker, teacher and a hero all at once.

If in the 8th or 9th grade I had heard that pitch, who knows how much more quickly I might have gravitated to the career I love today. If today’s 8th or 9th graders hear it, I hope they’ll consider joining me.

Cybersecurity is more than lines of code. It’s keeping people and corporations safe and teaching them how to keep themselves safe. It’s what I do, and I want more company.

For more information on the state of the cybersecurity workforce, read the new report, “Hacking the Skills Shortage”, from Intel Security and CSIS.

This blog originally appeared on my LinkedIn page

The post Cybersecurity and Me appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-and-me/feed/ 0
Securing the Hybrid Cloud: What Skills Do You Need? https://securingtomorrow.mcafee.com/executive-perspectives/securing-hybrid-cloud-skills-need/ https://securingtomorrow.mcafee.com/executive-perspectives/securing-hybrid-cloud-skills-need/#respond Thu, 14 Jul 2016 17:56:05 +0000 https://blogs.mcafee.com/?p=51278 With enterprises moving to hybrid cloud environments, IT architectures are increasingly spread among on-premises infrastructure and public and private cloud platforms. Hybrid models offer many well-documented benefits, but they also introduce more complexity for securing data and applications across the enterprise. And this added complexity requires an increasingly diverse skill set for security teams. That’s …

The post Securing the Hybrid Cloud: What Skills Do You Need? appeared first on McAfee Blogs.

]]>
With enterprises moving to hybrid cloud environments, IT architectures are increasingly spread among on-premises infrastructure and public and private cloud platforms. Hybrid models offer many well-documented benefits, but they also introduce more complexity for securing data and applications across the enterprise. And this added complexity requires an increasingly diverse skill set for security teams.

That’s a challenge, considering the growing cybersecurity skills shortage. In one recent study, 46% of organizations said they have a “problematic shortage” of cybersecurity skills – up from 28% just a year ago. One-third of those respondents said their biggest gap was with cloud security specialists.

Modern security teams require a broad and deep mix of technology skills, ranging from twists on traditional network and OS technology all the way to security on data itself, to address a rapidly evolving threat landscape. But they also need “softer” expertise, such as knowledge of compliance regulations and vendor-management skills. Driving this dual focus is the public cloud’s “shared responsibility model,” in which service providers and enterprises divvy up various levels of protection across the IT stack. These responsibilities – and the requisite skills – vary depending on the type of public cloud service.

 
Security Skills

Certain skills are required across all uses of public cloud. For example, you’ll need in-house expertise with encryption and data loss prevention controls for content-rich cloud applications. Your IT teams need to know (and track) where your enterprise data resides in the cloud, what offerings your cloud service providers offer for data protection, and most importantly, how to integrate data protection policies in the cloud with your own company policies. On a similar note, your team will need sophisticated identity and access management (IAM) and multifactor authentication, including tokenization, regardless of whether you’re deploying SaaS, PaaS, IaaS, or a combination of those services.

For SaaS, your security teams needs to be familiar with the various applications in use and how to use logging and monitoring tools to detect security violations and alert appropriate IT staff. Post-incident analysis is a critically important skill for mitigating active threats and improving your security posture for future threats.
For PaaS deployments, you will also need to add skills to ensure that native cloud applications are being developed with security built in at the API level. Adoption of open security APIs can help to bridge the gaps among proprietary cloud environments.

For IaaS environments, the ability to provision software-defined infrastructure carries the need for highly technical security professionals who can create policies for server, storage, and network security on AWS or other platforms. These skills include the ability to monitor usage of compute, storage, networking, and database services, as well as the ability to manage security incidents identified in the cloud platform you’re using.

Audit and Compliance Skills

Many of the softer skills needed for cloud success stem from the need for organizations to gain more visibility into hybrid environments that are becoming more complex as SaaS, PaaS, and IaaS services are cobbled together with each other and private clouds.

“The challenge has never been about security, but about transparency,” wrote Raj Samani, our Chief Technology Officer here at Intel Security’s Europe, Middle East and Africa division, in a recent blog post. To gain visibility into the security posture of a third-party provider, IT teams should at a minimum secure audit rights to examine the provider’s practices and ensure the proper certifications are in place.

Audit rights can be built into a service level agreement (SLA) as a way to make sure the provider complies with corporate security policies and industry or government regulations. This is one reason why the ability to develop comprehensive SLAs with service providers is an increasingly important skill. IT and security teams will need to work together to negotiate terms that provide maximum protection and visibility into third-party services, to ensure that data, applications, and other components of your cloud environment are secure and compliant.

In addition to formal audits, security professionals require skills (and tools) for continuously monitoring compliance and threats across SaaS, PaaS, and IaaS deployments in two key areas: threats and applications. Starting with threats, achieving (or maintaining) visibility to specific threats across these environments so your organization has a full view of attacks is critical. That visibility needs to extend across endpoint, infrastructure, and network elements in order to recognize and respond to coordinated, multi-angle attacks.

Second, in application security experience with cloud access security brokers (CASBs) will help security professionals increase the visibility into user behavior and their needs across public cloud service providers.

That said, we see convergence between the need for application visibility, threat visibility, and data security for SaaS applications, so look for skills that bridge those three areas as you build an organization for the future. The same need for a blended skill set will increasingly be true as threat and application needs converge.

Organizations in highly regulated industries also need to devote resources to tracking how third-party providers handle data and applications to ensure compliance with industry-specific regulations. The same goes for global players: Requirements around data storage can vary dramatically by country, requiring in-depth knowledge of local regulations regarding where data resides and how it is transmitted for any geography in which you do business.

Skills for Hybrid: the New Private Cloud

Security practices for a private cloud deployment – which enables enterprises to keep data and applications under their control – would seem to be more traditional than public deployments. But the virtualization technology that is inherent in the private cloud model creates a need for new security skills beyond those for traditional on-premise environments. The first is understanding the difference in the infrastructure itself, for example between a traditional virtual machine and a framework like OpenStack.

Second, as organizations explore software defined networking (SDN), they see a need for more automation skills, as security policy must co-exist with the orchestration to fully exploit an SDN environment.

Third, the security operations center will need more network insight as the east-west traffic becomes more material to threat analysis.

These skills become especially important as virtualization expands beyond servers and into networks and storage.

That said, most private clouds are truly hybrid clouds – and these will be the default moving forward. Hybrid clouds demand cross-domain threat visibility, along with the skills across the various cloud types to prioritize and respond to them. This requires both a broader level of technical depth but also more cross-team facilitation and leadership to analyze and respond to critical threats. Revisiting the soft skills points made earlier, this also includes leadership not just within the organization but across the set of SaaS providers relevant to a given situation.

The Bottom Line on Cloud Skills

The takeaway for security leaders: It’s time to optimize the skills of your team to the different types of cloud. Public cloud security – spanning SaaS, PaaS, and IaaS environments – is (a) more about policy, audit, analysis, and teamwork skills rather than pure technical depth, and (b) will include more cross-domain skills than are required in the more silo’d on-premise structure. Creating the proper mix of skillsets for all of these scenarios will help build your confidence as you build out your hybrid cloud model.

Here are some tips for training – and retaining – good cloud security employees.

 

The post Securing the Hybrid Cloud: What Skills Do You Need? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/securing-hybrid-cloud-skills-need/feed/ 0
Agile and Secure – Intel’s Approach to Designing World Class Security https://securingtomorrow.mcafee.com/executive-perspectives/agile-secure-intels-approach-designing-world-class-security/ https://securingtomorrow.mcafee.com/executive-perspectives/agile-secure-intels-approach-designing-world-class-security/#respond Thu, 30 Jun 2016 16:00:09 +0000 https://blogs.mcafee.com/?p=50895   Every few months, concerns arise in blogs and in the media over the security of the devices we use every day. In most cases, these are rooted in simple misunderstandings or an incomplete picture of what is being done or how the technology operates. The Intel Management Engine (Intel ME) was the object of …

The post Agile and Secure – Intel’s Approach to Designing World Class Security appeared first on McAfee Blogs.

]]>
 

Every few months, concerns arise in blogs and in the media over the security of the devices we use every day. In most cases, these are rooted in simple misunderstandings or an incomplete picture of what is being done or how the technology operates.

The Intel Management Engine (Intel ME) was the object of one of the more recent cases, so we wanted to provide some additional context and data that might be helpful to the conversation.

First, we want to be very clear. Intel takes the integrity of its products very seriously.  Intel does not put back doors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user. In short, Intel does not participate in efforts to decrease security in technology.

Allow me to expand and share our approach to designing and implementing world class security for our customers.

The design of Intel ME incorporates established industry standards and security best-practices, and delivers tremendous advantages to a variety of computing environments. For example, Intel applies what is called the “least privilege” principle, where users and administrators only have the rights to get their job done.  We apply this principle into the design of our processors so each component has the minimum – yet sufficient – privileges it needs to perform a given task, mitigating the chances that attackers could use privileges to access areas they shouldn’t.

However, as we are all painfully aware, today’s threat landscape produces countless security challenges every year, targeting systems in a variety of areas. Should an issue arise after a product has shipped, Intel has architected its products with the ability to receive security firmware updates that can counter these issues in the field, allowing for more rapid responses to new exploits and threats.

This is possible because the entire industry has adopted a design methodology for application processors that assembles sets of building blocks, each of which has a particular function such as media decoding, manageability or communications. These building blocks are complemented by an embedded microcontroller or processor, which drastically simplifies and shortens development cycles, but more importantly to this topic, it can enable the ability to upgrade and repair a product after it has shipped should an issue arise.

These capabilities and protections have made Intel ME a well-known and widely used technology that improves security for our customers, enabling them to better manage, repair and protect computers on their networks.

Intel goes to great lengths to validate the security of our products and actively solicit input as part of our validation process. We have a defined set of policies and procedures, and a dedicated team to actively monitor and respond to vulnerabilities identified in released products.

We believe our OEM partners and end customers deserve both the agility that firmware updates allow and the protection to safely accomplish whatever they wish to with our technology to keep their devices secure.

The post Agile and Secure – Intel’s Approach to Designing World Class Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/agile-secure-intels-approach-designing-world-class-security/feed/ 0
10 Questions To Ask Yourself About Securing Big Data https://securingtomorrow.mcafee.com/executive-perspectives/10-questions-securing-big-data/ https://securingtomorrow.mcafee.com/executive-perspectives/10-questions-securing-big-data/#respond Tue, 03 May 2016 13:00:21 +0000 https://blogs.mcafee.com/?p=49394 Big data introduces new wrinkles for managing data volume, workloads, and tools. Securing increasingly large amounts of data begins with a good governance model across the information life cycle. From there, you may need specific controls to address various vulnerabilities. Here are a set of questions to help ensure that you have everything covered. 1. …

The post 10 Questions To Ask Yourself About Securing Big Data appeared first on McAfee Blogs.

]]>
Big data introduces new wrinkles for managing data volume, workloads, and tools. Securing increasingly large amounts of data begins with a good governance model across the information life cycle. From there, you may need specific controls to address various vulnerabilities. Here are a set of questions to help ensure that you have everything covered.

1. What is your high-risk and high-value data?

Data classification is labor intensive, but you have to do it. It just makes sense: The most valuable or sensitive data requires the highest levels of security. Line-of-business teams have to collaborate with legal and security personnel to get this right. A well-defined classification system should be paired with determination of data stewardship. If everybody owns the data, nobody is really accountable for its care and appropriate use, and it will be more difficult to apply information lifecycle policies.

2. What is your policy for data retention and deletion?

Every company needs clear directions on which data is kept, and for how long. Like any good policy, it needs to be clear – so everyone can follow it. And it needs to be enforced – so they will.

More data means more opportunity, but it can also mean more risk. The first step to reducing that risk is to get rid of what you don’t need. This is a classic tenet of information lifecycle management. If data doesn’t have a purpose, it’s a liability.  One idea for reducing that liability in regards to privacy is to apply de-identification techniques before storing data. That way you can still look for trends, but the data can’t be linked to any individual. De-identification might not be appropriate for any given business need, but it can be a useful approach to have in your toolbox.

3. How do you track who accesses which data?

How you are going to track the data, and who has access to the data, is a foundational element of security. As your analytics programs become more successful, you are likely to be exposed to more sensitive data, so tools and storage mechanisms should have that tracking capability built in from the beginning. After all, if you don’t have the right tracking tools in place at the outset, it’s hard to add them after the fact.

4. Are users creating copies of your corporate data?

Of course they are. Data tends to be copied. A department might want a local copy of a database for faster analysis. A single user might decide to put some data in an Excel spreadsheet, and so on.

So the next question to ask yourself is this: what is the governance model for this process, and how are policies for control passed through to the new copy and the maintainer of this resource? Articulating a clear answer for your company will help prevent sensitive data from leaking out by gradually passing into less secure repositories.

5. What types of encryption and data integrity mechanisms are required?

Beyond technical issues of cryptographic strength, hashing and salting and so on, here are sometimes-overlooked questions to address:

  • Is your encryption setup truly end-to-end, or is there a window of vulnerability between data capture and encryption, or at the point when data is decrypted for analysis? A number of famous data breaches have occurred when hackers grabbed data at the point of capture.
  • Does your encryption method work seamlessly across all databases in your environment?
  • Do you store and manage your encryption keys securely, and who has access to those keys?

Encryption protects data from theft, but doesn’t guarantee its integrity. Separate data integrity mechanisms are required for some use cases, and become increasingly important as data volumes grow and more data sources are incorporated. For example, to mitigate the risk of data poisoning or pollution, a company can implement automatic checks flagging incoming data that doesn’t match the expected volume, file size or pattern.

6. If your algorithms or data analysis methods are proprietary, how do you protect them?

Protecting proprietary discoveries? That’s old hat. What’s easier to miss is the way you arrive at those discoveries. In a competitive industry, a killer algorithm can be a valuable piece of intellectual property.

The data and systems get most of the glory, but analysis methods may deserve just as much protection, with both technical and legal safeguards. Have you vetted and published a plan for securely handling this type of information?

7. How do you validate the security posture of all physical and virtual nodes in your analysis computing cluster?

Big-data analysis often relies on the power of distributed computing. A rogue or infected node can cause your cluster to spring a data leak. Hardware-based controls deserve consideration.

8. Are you working with data generated by Internet of Things sensors?

The key with IoT is to ensure that data is consistently secured from the edge to the data center, with a particular eye on privacy-related data. IoT sensors may present their own security challenges. Are all gateways or other edge devices adequately protected? Industrial devices can be difficult to patch or have a less mature vulnerability management process.

9. What role does the cloud play in your analytics program?

You’ll want to review the contractual obligations and internal policies of those hosting your data or processing. It’s important to know which physical locations they will use, and whether all those facilities have consistent physical (not just logical) security controls. And of course, the geographic locations may impact your regulatory compliance programs.

10. Which individuals in your IT organization are developing security skills and knowledge specific to your big-data tool set?

Over time, your project list, data sets, and toolbox are likely to grow. The more in-house knowledge you develop, the better your own security questions will be.

Read the original post on Dark Reading.

The post 10 Questions To Ask Yourself About Securing Big Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/10-questions-securing-big-data/feed/ 0
Continuing Momentum on the New and the Next https://securingtomorrow.mcafee.com/executive-perspectives/continuing-momentum-new-next/ https://securingtomorrow.mcafee.com/executive-perspectives/continuing-momentum-new-next/#respond Mon, 02 May 2016 15:00:05 +0000 https://blogs.mcafee.com/?p=49380 New. Next. It’s how we defined the future of cybersecurity, and of our organization at the 2015 FOCUS Security Conference. It’s gratifying that since October customers have rewarded us with meaningful gains. In Q1, our revenue was up 12% year over year, and we continued strong growth in net income as a result of our …

The post Continuing Momentum on the New and the Next appeared first on McAfee Blogs.

]]>
New. Next.

It’s how we defined the future of cybersecurity, and of our organization at the 2015 FOCUS Security Conference. It’s gratifying that since October customers have rewarded us with meaningful gains. In Q1, our revenue was up 12% year over year, and we continued strong growth in net income as a result of our portfolio restructuring in 2015 (you can access our financial results here).

In our corporate products business our growth is driven by execution against the strategy we announced at FOCUS.  We see organizations challenged by an expanding attack surface, a talent shortage, and an inability to detect and respond to threats quickly. As Chris described earlier, our strategy is to automate the threat defense lifecycle. This means we:

  1. Provide outcome-driven solutions, not just point products
  2. Build those solutions on key platforms, like the extensible agent architecture in Endpoint Security v.10, the Data Exchange Layer (DXL), and ePolicy Orchestrator (ePO)
  3. Concentrate our investment in Endpoint and Cloud as key control points, using advanced analytics and automation for detection and response to advanced threats
  4. Partner with industry leaders in areas of their strength to the benefit of our joint customers

Fast forward to this week. Customers are asking me, “What does Intel’s restructuring mean for Intel Security?”  My answer is twofold.

First, Intel is transforming from a PC company to a company that powers the cloud and billions of smart, connected computing devices. The data center, cloud, and Internet of Things along with memory and integrated circuits, these are foundational growth engines for Intel’s future, and our restructuring puts us in a strong position to efficiently and effectively pursue the opportunities these technologies represent. Intel’s Q1 financial results confirm that the company is investing in the right areas. And of course, security is an implicit enabler of the cloud, data center, and IoT.

Second, Intel Security is transforming as well. Our transformation started in 2015, when we made a number of changes across our portfolio, and our team—all in order to fully focus our energy on automating the threat defense lifecycle. Of course we’ll constantly work on being more efficient, but our central focus is to invest in the right technologies, and to follow a roadmap that results in the best outcomes for our customers and partners. In short, our strategy, plans, and execution capabilities continue, unabated. These changes are driving the results both we, and our customers, expect.  As a result, we’re continuing to focus and execute against our plans.

One example of our steady focus on execution is that in Q1 we delivered 15 new releases across our software, appliance, and SaaS solutions. While these achievements illustrate strong execution by our organization, I’m even more excited about the increased rate of innovation I see moving forward. To be crystal clear—I see Intel Security delivering more technology to the market in 2016 than we did in 2014 and 2015 combined. That acceleration is due to three factors: platforms, concentration, and you.

We spent a great deal of time and effort over the past few years building technology platforms that benefit customers and accelerate innovation. A great example is our recent Endpoint Security v.10 release, bringing a single, extensible agent platform to market. Customers on v.10 benefit from agent consolidation, improved security, and a better user experience. Likewise, we can innovate much faster by leveraging the agent framework to rapidly add ‘blades’ of functionality across the platform.

The second factor accelerating our work is concentration. When I joined the organization last summer our engineering team’s feedback was clear: they were spread too thin. By trying to do ‘a little of everything’ we weren’t giving our engineering teams the support they needed to do what ‘needed to be done.’ Improving the focus of our portfolio work—while increasing our total R&D staffing YoY—means we now are literally doing a few things…but doing each of them much better. Having personally seen the development work in process, I’m excited about what we are bringing to market this year. I see a much better user experience. I see better leverage across converged platforms. And I definitely see market-leading capabilities.

This brings me to our third, and final factor for success: you. Some may be surprised—but I think you, along with all of our customers, will be delighted with the progress and innovations we continue to drive. I, along with the teams I lead, are proud of the transformation we are driving to secure the computing experience. I look forward to sharing these innovations with you as they come to market. Innovations worthy of a new vision for a new industry, fully prepared for what comes next.

 

The post Continuing Momentum on the New and the Next appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/continuing-momentum-new-next/feed/ 0
Is Cloud Security An Exaggerated Concern? https://securingtomorrow.mcafee.com/executive-perspectives/cloud-security-exaggerated-concern/ https://securingtomorrow.mcafee.com/executive-perspectives/cloud-security-exaggerated-concern/#respond Fri, 22 Apr 2016 13:00:43 +0000 https://blogs.mcafee.com/?p=49043 Research indicates the challenge has never been about security, but about transparency. The results are in: We have made zero progress since 2010. This was the year that IDC published results of a survey regarding cloud computing, and it found that security was the biggest barrier toward adoption. This statistic has found its way onto …

The post Is Cloud Security An Exaggerated Concern? appeared first on McAfee Blogs.

]]>
Research indicates the challenge has never been about security, but about transparency.

The results are in: We have made zero progress since 2010. This was the year that IDC published results of a survey regarding cloud computing, and it found that security was the biggest barrier toward adoption. This statistic has found its way onto pretty much every presentation about cloud computing since 2010.

Well the year is 2016, and a recent Intel Security study asked 1,200 IT decision-makers what their biggest concern is; the most common answer was data breaches. What is remarkable about this is that the next question in the survey asked respondents to comment on what issues they have experienced, and they were not security related. In fact, the biggest issue was the difficulty in migrating services or data. Incidentally, this is likely to get worse as the use of platform-as-a-service and infrastructure-as-a-service become more ubiquitous.

This does beg the question as to whether the issue of security concerns is exaggerated. Indeed, those of you that have heard me speak know that I do not believe the term “cloud security” is even an issue. Firstly, the concept of cloud is misused. If we strictly adhere to the NIST definition as per NIST 800-145, then the number of service providers offering a cloud service is a lot smaller than Google results suggest.

One of the key characteristics of a cloud provider (as per NIST) is to provide offering on-demand self-service. In 2012, the website CloudSleuth investigated how many cloud service providers actually fulfilled this characteristic; its research found that “of the 20 companies we selected in this round, only 11 were fully self-serve, nine required some level of sales interaction, and astoundingly, three of those nine simply didn’t respond to our requests.”

It’s About Transparency

So the term “cloud service provider” in practical terms is simply a company offering computing resources over broad network access. (Thank you, NIST!) Now let’s move to the concern regarding security. The question is not whether a provider is secure — moving away from the argument over what constitutes secure or not. The challenge is how to determine the level of security of a provider. Therefore, the challenge has never been about security, but about transparency; in other words, how can you determine the security posture of a third-party provider without the ability to physically audit? Of course, annual audits have been the default tool of choice for many years now, but this model only provides a certain level of assurance.

Work within the Cloud Security Alliance (with whom we collaborated on this research) has begun to develop the necessary tools to provide the transparency so desperately needed. For example, STAR is a registry that documents the security controls deployed by providers. But perhaps the most encouraging tool is STAR Continuous Monitoring, which provides transparency of the security posture of a provider even after the auditor has left the building.

Perhaps for 2017 the concern of cloud security will not make it onto the opening slide of every presentation, and we can discuss the adoption of tools such as STAR that provide the requisite transparency into third-party providers. If there is concern about the security of a cloud provider, then the simple answer will be not to use them and to find a provider that satisfies the risk appetite of the end customer.

Read the original post on Dark Reading.

The post Is Cloud Security An Exaggerated Concern? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cloud-security-exaggerated-concern/feed/ 0
Healthcare Organizations Must Consider The Financial Impact Of Ransomware Attacks https://securingtomorrow.mcafee.com/executive-perspectives/healthcare-organizations-must-consider-financial-impact-ransomware-attacks/ https://securingtomorrow.mcafee.com/executive-perspectives/healthcare-organizations-must-consider-financial-impact-ransomware-attacks/#respond Thu, 21 Apr 2016 13:00:46 +0000 https://blogs.mcafee.com/?p=49040 Sometimes the impact of an attack can extend well beyond the attack itself. Intel Security’s five-year threats projection report predicted that ransomware would become a major growth area, given higher ransom “returns” achievable from organizations suffering the potential loss from paralyzed organizational systems. By Q1 of 2016, these predictions have already come true. From February …

The post Healthcare Organizations Must Consider The Financial Impact Of Ransomware Attacks appeared first on McAfee Blogs.

]]>
Sometimes the impact of an attack can extend well beyond the attack itself.

Intel Security’s five-year threats projection report predicted that ransomware would become a major growth area, given higher ransom “returns” achievable from organizations suffering the potential loss from paralyzed organizational systems. By Q1 of 2016, these predictions have already come true. From February onward this year, press headlines have revealed that numerous healthcare organizations in the United States and around the world have been hit by ransomware attacks. In some cases, these attacks were random instances of individual systems falling prey to commoditized ransomware. But in multiple instances, the attacks were targeted (see https://securingtomorrow.mcafee.com/mcafee-labs/targeted-ransomware-no-longer-future-threat). And in at least one case, a healthcare organization chose to pay the ransom.

It’s notable that the healthcare vertical — the sector that arguably holds the most extensive and non-changeable stores of our most personal, intimate data — arguably possesses one of the poorest track records for cyberattack preparedness. This poor reputation for preparedness has earned medical clinics, hospitals, and insurance providers the “soft target” label. But as in other industries, an assessment of vertical-specific cyberattack costs can lead to better IT security investments and more effective organizational processes that “harden” these targets.

Besides the paid ransom, what can be said about the other costs that are related to these attacks? Some of the major areas we should examine include:

  • Lost or stolen record(s) costs
  • Downtime costs
  • Incident response and audit/assessment services

A great resource for gauging the value of breaches is the 2015 Ponemon Institute’s Cost of Data Breach study. The report assesses the differences in cost per stolen or lost record by industry, including a healthcare industry approximation of $363 per record.

Healthcare organizations face particularly high stakes in dealing with ransomware because disruptions in availability can jeopardize the core mission of the organization. Surgeries and appointments will be delayed, lab results will take longer, and patients will have to travel to other facilities — all inconvenient results of systems that were impacted.

Sometimes the impact of a ransomware attack can extend well beyond the attack itself. A study conducted by the AC Group concerning downtime cost calculations of electronic healthcare records gives us an indication. The study assessed several cyberattack factors, including the additional time spent to perform tasks manually and to update records after the systems were up again. The study established an average cost of $488 per hour per physician.

Not every healthcare organization can afford a dedicated incident-response team or an IT security team that executes ongoing assessments of the organization’s assets and applications. The reality is that most healthcare organizations hire an external company for these services after a breach.

Case In Point

Let’s review an example in which a healthcare organization suffered a ransomware outbreak that affected a small number of endpoints and some network data.

The type of breach, extent of damage, and management focus shape the nature and scope of the incident-response engagement. In a ransomware case, the organization would be most interested in determining the scope of the incident (how widespread it is), which systems are targeted, which files are encrypted, and how the attacker breached the organization.

A team of two incident-response consultants onsite with remote expertise support, management overhead, and reporting will easily require a 10-day assignment. Based on our experience, that effort would result in an engagement of $75,000 to $90,000 per incident response. In the case of a compromised application or asset, an audit/assessment would be required, as well as another quick check once the fix was complete. That would easily cost another $20,000 to $25,000.

The following table is a rough approximation of the additional cost and damages for an organization in this scenario.

Sources: Intel Security analysis; Ponemon Institute’s Cost of Data Breach study; Modern Healthcare’s annual Hospital Systems Survey.

However, this table shows an incomplete list of costs. On top of these operational impacts are considerations that could include:

  • Possibly paid ransom
  • Legal costs
  • Notification costs
  • Restoring impacted assets costs
  • Internal/external communications costs
  • Overtime costs for IT personnel
  • Damage to reputation and brand
  • Regulatory penalties and fines
  • Increased compliance and audit costs
  • Lost trust from patients

A ransomware incident as we have described can easily result in a total cost between $700,000 and $1.5 million, depending on the size of the hospital, the impact of ransomware, and whether backups were available.

The Ponemon research notes factors that lower the cost per stolen, lost, or encrypted record. For example, organizations can lower the cost per record by $5.50 by engaging the organization’s board in an effort to prepare for potential attacks. Cybersecurity insurance also appears to reduce damage per record by $4.40. And although few healthcare organizations have budgets for their own dedicated incident-response teams, the engagement of “shared” incident-response teams appears to lower the financial impact by $12.60 per record.

Healthcare organizations should take information security as seriously as they take their mission to provide patients the best possible care. Securing information must have the highest priority so that threats such as ransomware cannot impact the availability of critical systems.

View the original post on Dark Reading.

The post Healthcare Organizations Must Consider The Financial Impact Of Ransomware Attacks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/healthcare-organizations-must-consider-financial-impact-ransomware-attacks/feed/ 0
Who Took The Cookies From The Cookie Jar? https://securingtomorrow.mcafee.com/executive-perspectives/who-took-the-cookies/ https://securingtomorrow.mcafee.com/executive-perspectives/who-took-the-cookies/#respond Thu, 24 Mar 2016 13:00:47 +0000 https://blogs.mcafee.com/?p=48586 The indictment of five Iranian hackers three years after the fact raises the question: Is naming them a worthwhile part of the threat defense lifecycle, or is it a meaningless distraction? This week, the US Justice Department announced an indictment has been prepared for five Iranian hackers allegedly responsible for the breach of systems at …

The post Who Took The Cookies From The Cookie Jar? appeared first on McAfee Blogs.

]]>
The indictment of five Iranian hackers three years after the fact raises the question: Is naming them a worthwhile part of the threat defense lifecycle, or is it a meaningless distraction?

This week, the US Justice Department announced an indictment has been prepared for five Iranian hackers allegedly responsible for the breach of systems at a small Rye, NY, water dam. This development prompts two lines of thought at Intel Security:  Is this after-the-fact attribution, also called “name and shame,” a worthwhile part of the threat defense lifecycle, or is it a meaningless distraction?

Let’s try and explore both sides.

Attribution Helps

Information security and privacy practitioners have been long warning against the potential impact of Internet-driven attacks against critical infrastructure such as the recent incursions into the Ukraine power grid where 80,000 were without power for six hours. There was also the foundry incident in Germany where a cyberattack inflicted greater than $1 million in physical damage to the facility. Our growing dependence upon Internet-enabled devices to ensure operational efficiency and reduce costs has created opportunities for our critical infrastructure to be subjected to remote manipulation and disruption.

The Justice Department indictment will name five hackers who “probed” the Bowman Avenue Dam using a cellular modem attached to the dam’s sluice gate. The DoJ “naming and shaming” indictment drew dozens of top-tier publications and networks to respond within hours of the news, thereby raising public awareness that our use of the Internet potentially increases critical infrastructure risk.

In theory, this in turn creates a teaching moment, so while respecting the need for operational efficiency that the Internet offers, as a society we become more mindful that enabling that efficiency must be tempered with security and privacy considerations.

Attribution Is Irrelevant

Who took the cookies from the cookie jar?

Iranians took the cookies from the cookie jar!

Who, me?

Yes, you!

Couldn’t be!

Then, who?

If someone has taken your cookies from the cookie jar via the Internet, knowing who it was after it’s long over doesn’t help you at snack time.

Reflecting upon the length of time it took to determine attribution to Iran, Sen. Steve Daines (R-Mont.) commented, “It is downright shameful that it has taken President Obama three years to denounce Iran for a malicious cybersecurity attack on our country.”

Partisan rhetoric aside, what is the actual value derived three years later? The attackers can deny involvement as digital attribution is a difficult thing to prove.  The attribution doesn’t make any other critical infrastructure networks any more secure, the indicted are unlikely to ever be arrested or prosecuted, and a titillating headline serves only to distract us from the core problem:  It is extremely likely that other critical infrastructure networks around the world are just as vulnerable as the Bowman Avenue Dam.

This is akin to a driver taking his eyes off the road to look at the car crash that caused a highway traffic slowdown — he has become inherently part of the problem by not focusing on the task at hand.

Is there a happier medium?

At Intel Security, we believe these teaching moments should be focused on keeping our eyes on the road.  Knowing who bad drivers are may help you avoid a future crash, but it isn’t paramount immediately after you’ve just been wrecked. You’ve got different problems to resolve.

Let’s look at this particular situation from the teaching moment standpoint:

  • Why was the control system for the sluice gate connected directly to a cellular modem?
  • Could the control system be separated from the Internet by a firewall?
  • Could strong authentication mechanisms be employed rather than using a fixed password?
  • Could the modem itself be configured in a way that either limits who could connect or how its services are advertised to the Internet?

Most importantly, could we create a checklist that other technically limited critical infrastructure organizations could use to avoid their own disaster at snack time?

View the original post on Dark Reading.

The post Who Took The Cookies From The Cookie Jar? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/who-took-the-cookies/feed/ 0
Protection Is Necessary, But Not Sufficient https://securingtomorrow.mcafee.com/executive-perspectives/protection-necessary-not-sufficient/ https://securingtomorrow.mcafee.com/executive-perspectives/protection-necessary-not-sufficient/#respond Tue, 22 Mar 2016 13:00:20 +0000 https://blogs.mcafee.com/?p=48584 It’s time to move the conversation beyond malware and point defenses and onto dealing with breaches in their entirety. Not much protection in life is guaranteed 100% effective. Airports and airlines around the world have introduced a range of preventative protection measures, from the airport entrance to the perimeter, from passenger screening to baggage X-rays. …

The post Protection Is Necessary, But Not Sufficient appeared first on McAfee Blogs.

]]>
It’s time to move the conversation beyond malware and point defenses and onto dealing with breaches in their entirety.

Not much protection in life is guaranteed 100% effective. Airports and airlines around the world have introduced a range of preventative protection measures, from the airport entrance to the perimeter, from passenger screening to baggage X-rays. But they do not rely on these alone, also employing extensive training and planning so that they can detect and respond quickly if something goes wrong.

In digital security, I have heard many times that companies need to move from detection to prevention, that they need to stop all threats rather than detect and respond. Unfortunately, the only way to prevent all threats is to completely isolate each of your systems from any type of interaction with another. If you need communications and data exchanges to operate your business, then you need a breach detection strategy.

Is prevention better than detection? Of course; if you can stop attackers before they get into your systems you should, and preventative devices are an important component of any security strategy. The debate is not prevention or detection; it is whether adding the latest prevention widget is sufficient.

Central to this debate is your security strategy: malware defense or breach defense? Defending against malware is necessary, but not sufficient. Since all security threats are not similar, and all breaches are not equal, no amount of next-generation defense widgets is going to stop every threat. And if something does get through, you need the ability to quickly detect and contain the attack.

On The Offensive

Let’s look at some examples. Many security defenses use anti-malware devices that leverage a variety of techniques, including signature detection, heuristics, reputation models, sandboxing, what everyone now calls math, and various proprietary algorithms. While these techniques are all generally effective, they will miss some threats such as attacks that leverage stolen credentials, misconfigurations, unpatched vulnerabilities, unknown attack types, and rogue insiders. Your cybersecurity strategy, just like a physical security strategy, cannot play only defense. You must also have the tools and plans to deal with a breach.

Detection plays a much larger role in reducing your exposure than just an additional malware scanner. A complete detection strategy looks at breaches as an end-to-end issue. With malware likely already in your organization, industry analysts agree that the lion share of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020. Detection is vital to reduce your time to detect and recover from a breach.

Instead of simply looking for malware signatures, detection tools monitor data access and movement, looking for unlikely activity and suspicious correlations. They also provide critical actionable and forensic information when something gets through, as well as information on who was affected by it, what data is at risk, and how to contain it. Without this detection capability, it is like having a car mechanic or doctor tell you that something is wrong, but leaving it to you to identify and implement a fix or cure.

The cybersecurity industry has spent a lot of energy arguing about best-of-breed, signature versus algorithmic malware defenses, and whose sandbox is the most difficult to evade. However, cyberattacks have reached the point where, like with castles and gunpowder, a sophisticated attack can win against a purely defensive position. So it is time to move the conversation beyond malware and point defenses and onto dealing with breaches in their entirety. This requires us to evolve as an industry. We need to focus on greater intelligence sharing, communicating and collaborating across multivendor systems, and focusing on the whole problem — protecting data and digital assets, detecting vulnerable devices and abnormal behavior patterns, and rapidly containing breaches. Anything less leaves you too exposed.

View the original post on Dark Reading.

The post Protection Is Necessary, But Not Sufficient appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/protection-necessary-not-sufficient/feed/ 0
The Machines Are Coming! The Machines Are Coming! https://securingtomorrow.mcafee.com/executive-perspectives/the-machines-are-coming/ https://securingtomorrow.mcafee.com/executive-perspectives/the-machines-are-coming/#comments Mon, 21 Mar 2016 16:57:05 +0000 https://blogs.mcafee.com/?p=48582 A revolution in human-machine teaming for security operations is at hand. Cybersecurity has two great resources that work well together — experienced security ops personnel and learning machines. Machines can work at the speed of electrons and process enormous quantities of data, but they are challenged when dealing with unforeseen scenarios. Human judgment and experience …

The post The Machines Are Coming! The Machines Are Coming! appeared first on McAfee Blogs.

]]>
A revolution in human-machine teaming for security operations is at hand.

Cybersecurity has two great resources that work well together — experienced security ops personnel and learning machines. Machines can work at the speed of electrons and process enormous quantities of data, but they are challenged when dealing with unforeseen scenarios. Human judgment and experience cannot be replicated by machines, but humans struggle to find patterns in massive data sets and they operate in minutes, not microseconds. For us to be truly effective as an industry, we need to deliver solutions that combine human and machine working together to fend off cyberattacks that can multiply and adapt in microseconds.

We are facing a significant labor market shortage in cybersecurity, both in numbers and experience. At the same time, there are traditional fears about automation and machine intelligence. One is that people will be replaced by machines, and another is that the machines will create enormous messes by compounding poor decisions. In this case, we are talking about using the machines to amplify the effectiveness of security operations and incident-response teams. Technology is not replacing people, but in the spirit of the best teams, each is working to its strengths.

One example of this is computers and chess players. In 1997, an IBM supercomputer beat a human chess grandmaster for the first time. Chess has a large quantity of data and a lot of patterns, which plays well into the strengths of the machines. However, in 2005 a couple of amateur chess players augmented with three PCs beat a whole range of supercomputers and grandmasters. The human/machine team was better than either alone.

In cybersecurity, we are gathering vast amounts of data, and there is an assumption that with increased visibility, enough data, and the right algorithms we will be able to predict threats. However, cyberattacks are not deterministic, as they contain at the core a human who can be innovative or random in his approach, and visibility does not give you insight into your adversary. Algorithms and analytics on their own cannot comprehend the strategic nature of the adversarial game that is being played against the cybersecurity bad actors.

So technology will not be replacing security professionals anytime soon, but it does bring tremendous advantages to the defense. Shared threat intelligence helps prevents attacks from being used over and over again, or from propagating rapidly throughout your network. You need a learning machine to detect and contain attacks at the speed of light, while humans work to mitigate the problem and develop long-term solutions.

With the increasing number of targeted attacks that are executed only once, threat intelligence might not help. The same is true of zero-day exploits or new attack types. The machines won’t have rules to deal with this, but they can help filter the alerts and correlate actions to raise the alarm to their human colleagues sooner than a human acting alone.

The machine revolution is coming, but not the way Hollywood movies portray it. Machines are coming to be the best teammate you could ask for.

View the original post on Dark Reading.

The post The Machines Are Coming! The Machines Are Coming! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/the-machines-are-coming/feed/ 1
Intel Files Amicus Brief on Apple iPhone Matter https://securingtomorrow.mcafee.com/executive-perspectives/intel-files-amicus-brief-on-apple-iphone-matter/ https://securingtomorrow.mcafee.com/executive-perspectives/intel-files-amicus-brief-on-apple-iphone-matter/#respond Thu, 03 Mar 2016 20:10:05 +0000 https://blogs.mcafee.com/?p=47982 Intel is one of the world’s leading technology companies. One of our important objectives is to bring a protected and secure computing experience to the world. Accordingly, we have a deep understanding of the vital role strong encryption plays in protecting both privacy and security. Today, Intel filed an amicus brief in response to the …

The post Intel Files Amicus Brief on Apple iPhone Matter appeared first on McAfee Blogs.

]]>
Intel is one of the world’s leading technology companies. One of our important objectives is to bring a protected and secure computing experience to the world. Accordingly, we have a deep understanding of the vital role strong encryption plays in protecting both privacy and security.

Today, Intel filed an amicus brief in response to the U.S. Department of Justice’s attempt to compel Apple to create security-disabling software for an iPhone involved in an investigation. Admittedly, the case presents difficult choices, depending on how you view the role and importance of innovation in an increasingly connected world.

Intel fully supports law enforcement’s goals to protect national security and the American people. Indeed, recognizing the importance of this mission, we comply with lawful demands for information from government agencies.

However, companies like ours are in business to improve the security of our products, and to safeguard the digital lives of those who use them. It’s an unprecedented step for the government to require a company to develop technology that weakens security in a commercial product. Such a move chills innovation. Intel believes we need to accomplish safety, security, and personal privacy. We also believe we need a greater dialogue among and between all stakeholders. We’re eager to be part of that conversation.

The post Intel Files Amicus Brief on Apple iPhone Matter appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/intel-files-amicus-brief-on-apple-iphone-matter/feed/ 0
Landmark Cybersecurity Proposals from White House on Workforce Development and Privacy https://securingtomorrow.mcafee.com/executive-perspectives/landmark-cybersecurity-proposals-white-house-workforce-development-privacy/ https://securingtomorrow.mcafee.com/executive-perspectives/landmark-cybersecurity-proposals-white-house-workforce-development-privacy/#respond Wed, 10 Feb 2016 22:52:29 +0000 https://blogs.mcafee.com/?p=47502 It’s great to see the White House leaning forward and taking action to improve our national Cyber Security posture by announcing a Cybersecurity National Action Plan (CNAP) and issuing an Executive Order to create a permanent Federal Privacy Council. Both initiatives will improve the national posture on cybersecurity and privacy – issues Intel believes are …

The post Landmark Cybersecurity Proposals from White House on Workforce Development and Privacy appeared first on McAfee Blogs.

]]>
It’s great to see the White House leaning forward and taking action to improve our national Cyber Security posture by announcing a Cybersecurity National Action Plan (CNAP) and issuing an Executive Order to create a permanent Federal Privacy Council. Both initiatives will improve the national posture on cybersecurity and privacy – issues Intel believes are closely related.

One CNAP element I’m particularly passionate about is workforce development. I have frequently called for the creation of a ‘cyber corps’ to address the growing cyber skills shortage, so I am pleased that the CNAP includes funding for a CyberCorps Reserve program. A $62 million investment will fund scholarships for Americans who want to obtain cybersecurity education and serve their country in the civilian federal government, as well as increase the number of institutions that offer cybersecurity programs. This is a good first step. To realize the vision, it will take more investment both by government and the private sector.

The security industry has talked at length about how to address the barrage of hacks and breaches we face, but we haven’t brought enough urgency to solving the cybersecurity talent shortage. More than 209,000 cybersecurity jobs in the United States alone were unfilled last summer, and cybersecurity experts estimate there will be 1.5 million more jobs than takers by 2019. Intel alone has more than 250 available security jobs in the United States, so we understand the criticality of creating a robust 21st century workforce.

Security and privacy go hand in hand, so I am pleased to see the CNAP specify the creation of a Federal Privacy Council. As the principal interagency forum tasked with improving the privacy practices of federal agencies, the Council will have a major impact on both privacy and security initiatives. This is a significant milestone in efforts to preserve America’s core value of privacy.

Intel Security has frequently commented about the essential link between privacy and security. To put it simply, it takes data to protect data. To provide robust cyber protection, government and the private sector will need to process personal data and share some of that data with other organizations. At the same time, we need the right oversight and controls to help reassure individuals that data relating to them will not be used inappropriately.

We look forward to working with the new Federal Privacy Council to promote privacy while also enabling businesses and government agencies to pursue the innovative use of data. And we’re enthused about working with government and industry to support the development of a CyberCorps, which could operate as a type of Cyber National Guard. The concept deserves our highest attention, and the federal dollars dedicated to it will be extremely well spent.

Intel Security is ready to lend assistance.

The post Landmark Cybersecurity Proposals from White House on Workforce Development and Privacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/landmark-cybersecurity-proposals-white-house-workforce-development-privacy/feed/ 0
Why InfoSec Pros Should Keep A Close Eye On Cyber Efficiency https://securingtomorrow.mcafee.com/executive-perspectives/close-eye-on-cyber-efficiency/ https://securingtomorrow.mcafee.com/executive-perspectives/close-eye-on-cyber-efficiency/#respond Fri, 05 Feb 2016 14:00:18 +0000 https://blogs.mcafee.com/?p=47379 No organization will ever be impervious to breaches, but efficient organizations can lower their overall spend. The intense demand for trained information security and privacy practitioners is reflective of the convergence of technology, productivity, and profitability. CIOs and CISOs that balk at enabling more mobile, cloud, and Internet of Things (IoT) tools not only find …

The post Why InfoSec Pros Should Keep A Close Eye On Cyber Efficiency appeared first on McAfee Blogs.

]]>
No organization will ever be impervious to breaches, but efficient organizations can lower their overall spend.

The intense demand for trained information security and privacy practitioners is reflective of the convergence of technology, productivity, and profitability. CIOs and CISOs that balk at enabling more mobile, cloud, and Internet of Things (IoT) tools not only find themselves in a cultural conflict, but as more and more devices become IP-enabled, reluctant security practitioners will also find themselves at odds with the business or mission of the organization.

For instance, Boston Consulting Group indicated that the remote cardiac monitoring market in the US alone would eclipse $1 billion in 2016, a specific example of the convergence between technology, productivity, and profitability. The ability for a doctor to remotely adjust a pacemaker without a patient visit or in an emergency situation has a profoundly positive impact on patient care. Information security and privacy practitioners simply must find a way to enable this kind of technology while encompassing the risk as best they can.

At the same time, there is a systemic personnel problem. There are simply far too few trained information security and privacy practitioners available to organizations; the baby boomer generation is taking decades of experience with it into retirement; and the prospects for replacing them are bleak. The 2015 (ISC)2 Global Information Security Workforce Study estimates two global labor gaps: the gap between the existing workforce and what the respondents’ companies are funded to hire (600,000 workers), and the gap between the existing workforce and what those companies believe the need is (1 million further workers). As more devices become IP-enabled for the first time and need to be incorporated into an organization’s information security and privacy posture, the tax upon practitioners will become even more pronounced. Also, for the first time in the (ISC)2 study, practitioners have become acutely aware that the premise that they’ve used for the last 20 years — buy unique tools for each specific IS and privacy problem — has created an unwieldy “sprawl in security technologies.”

All of these conditions — demand, expanding IP footprint, convenience, cost reduction, and insufficient trained practitioners — create an untenable competition between business or mission enablement and security. Evidence of this competition can be seen in the dramatic increase in time from breach detection to remediation. The (ISC)2 study results show a troubling trend indicative of a workforce stretched by demand and sprawl, as indicated in the chart below:

It is for these reasons that dramatic improvements in both efficiency and efficacy should be the goal of any decision IS teams are considering. The ability to get to solid results quickly is the only way that teams can compete with the mathematical problems described above. Any decision regarding methodology, vendor, product, or service that doesn’t demonstrably increase efficiency and efficacy is a bad decision.

Organizations that invest in ensuring that their infrastructure becomes more streamlined, automated, interoperable, resilient, sprawl-reducing, and focused will stay ahead of the math and enjoy the most important results.

No organization will wind up impervious to breaches, but efficient organizations will lower their overall spend by consolidating the number of vendors, tools, and services they use; reduce their labor-hour costs by ensuring automated means of execution; reduce the number of events that operators and analysts need to respond to manually; and shrink the hours operators and analysts spend by reducing events requiring follow-up to fewer, more noteworthy events. The time between breach and detection and the time between detection and remediation will drop measurably, ensuring that breaches don’t have a material effect on the business or mission of an organization.

Over the next few weeks, I’ll explore several techniques that will allow organizations to improve their efficiency and efficacy and reduce the labor hours and per-hour costs associated with operations.

View the original post on Dark Reading.

The post Why InfoSec Pros Should Keep A Close Eye On Cyber Efficiency appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/close-eye-on-cyber-efficiency/feed/ 0
When It Comes To Facebook Apps, Be Like Mike — Not Bill https://securingtomorrow.mcafee.com/executive-perspectives/be-like-mike-not-bill/ https://securingtomorrow.mcafee.com/executive-perspectives/be-like-mike-not-bill/#respond Thu, 04 Feb 2016 14:00:59 +0000 https://blogs.mcafee.com/?p=47373 This is Mike. Mike works in the security industry and is concerned about his privacy. Mike wonders why people sign up for Facebook apps so quickly. Mike doesn’t sign up for Facebook apps without a quick read of the terms of agreement. Mike is smart. Be like Mike. A few months ago, people on Facebook …

The post When It Comes To Facebook Apps, Be Like Mike — Not Bill appeared first on McAfee Blogs.

]]>
This is Mike.

Mike works in the security industry and is concerned about his privacy.

Mike wonders why people sign up for Facebook apps so quickly.

Mike doesn’t sign up for Facebook apps without a quick read of the terms of agreement.

Mike is smart.

Be like Mike.

A few months ago, people on Facebook were up in arms over a perceived breach of their privacy (which turned out to be a hoax), so they were posting the following status:

“As of September 29, 2015 at 10:50 p.m. Eastern standard time, I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, or posts, both past and future.” And so it went on for another 100 words or so. Aside from the fact that this was in response to a hoax, there was quite a lot of noise made about this supposed violation of their privacy. But my question is, how quickly do they give up their privacy when presented with a new app or new technology?

Fast forward to last week, and many people were creating posts with an app that does a cute summary of their actions or personality, accompanied by a stick figure. Now this app, Be Like Bill, has a pretty good privacy policy and terms. They clearly state, in a brief and readable format, that the information collected is only used to generate the post, will not be stored on the server, and will not be provided to other companies. The only clause that elicits any concern allows them “to use, edit your content with our service permanently, no limit and no recover.” I understand that this makes it a lot simpler to run the site without having to respond to concerns or requests to delete a post, but it does significantly reduce your options.

Many of these fun quizzes or posts go through everything that you have done on Facebook. That should raise a red flag about the potential privacy issues, but millions of people install them and trade their privacy for a brief moment of fun. Unfortunately, there’s a very fine line between an app that’s fun and one that can be damaging. Most fall in the fun category and ask for a limited set of information. However, at least one recent app asked for a bit more.

If you install that app and give permission, the developers can harvest your:

  • Name, profile picture, age, sex, birthday, and other public info
  • Entire friend list
  • Everything you have ever posted on your timeline
  • All of your photos and photos you are tagged in
  • Education history
  • Hometown and current city
  • Everything you have ever liked
  • Your IP address
  • Info about the device you are using, including browser and language

I am not saying that this particular app is malicious, but no quiz or app should need access to this level of detail. They may or may not promise in the user agreement not to store it, use it, or sell it, but either way you have lost control of your data and associated privacy. It is much better for apps not to ask for it in the first place.

Harmless Or Harmful?

As a consumer, how do you tell the difference between fun and potentially damaging? Look closely at what the app is asking for, and think about the potential risk of that data. Consumers are the big target of these apps, and where security and privacy are concerned, people are always the weakest link. This same info could be used to guess passwords, security questions, or even impersonate someone for a bit of live social engineering, all of which have serious business implications.

Now, people have not been reading terms of agreement for decades, and they are not likely to start anytime soon. What I would like to figure out is why didn’t the Facebook privacy hoax rampage provoke concern over other apps? Or more important, what do we need to do differently so that data requests by every app, device, and Web page are treated with appropriate levels of privacy concern? Because at this rate, it is only a matter of time before we might as well just publish everything and save our adversaries the trouble

View the original post on Dark Reading.

The post When It Comes To Facebook Apps, Be Like Mike — Not Bill appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/be-like-mike-not-bill/feed/ 0
Validating Supply Chain Cybersecurity https://securingtomorrow.mcafee.com/executive-perspectives/validating-supply-chain-cybersecurity/ https://securingtomorrow.mcafee.com/executive-perspectives/validating-supply-chain-cybersecurity/#respond Tue, 22 Dec 2015 15:00:21 +0000 https://blogs.mcafee.com/?p=46754 How to identify risks, understand downstream effects, and prepare for incidents. You’ve got your organization protected as best you can, but what about your supply chain? Like any type of chain, the security in your supply chain is only as good as the weakest link. Can malicious software find its way into your company or …

The post Validating Supply Chain Cybersecurity appeared first on McAfee Blogs.

]]>
How to identify risks, understand downstream effects, and prepare for incidents.

You’ve got your organization protected as best you can, but what about your supply chain? Like any type of chain, the security in your supply chain is only as good as the weakest link. Can malicious software find its way into your company or your products through your supply chain? Can a weak downstream link lead to an opportunity for exploits that take advantage of your intellectual property? Or can disruption of one link disrupt your profitability?

Almost every business is dependent on far-reaching supply chains, and we have already seen some serious cyber incidents from security lapses. Historically, supply chain professionals focused on protecting links through supplier qualification, insurance, and physical security, protecting against risks ranging from theft to delayed deliveries. While those practices remain essential, today’s supply chain professional must add a focus on information security to their defensive strategy. New efforts must focus on protecting intellectual property, defending against hacktivism and espionage, detecting embedded malware, and ensuring continuity of operations.

Managing security risk in your supply chain is new, but you have probably already been through a similar process with quality. First, you identify and classify each of your suppliers with regard to what they do now and the critical aspects of their contractual obligations. Then you define a clear baseline of security and privacy requirements for the group. Standards tools such as ISO/IEC 27036 (information security for supplier relationships) can provide a solid baseline.

With a baseline established, the next step is regular validation of security and privacy controls. Validation can be challenging, full of competing acronyms, contractual issues, and resource constraints. Doing this for every supplier in your chain is unrealistic for most companies, so it is important to prioritize. And fortunately there are standards and processes emerging for various industries that range from self-assessment to third-party certification.

One example is the Cloud Security Alliance’s Security, Trust, and Assurance Registry (STAR) for various cloud computing offerings. STAR is a straightforward three-level certification, accompanied by a publicly accessible registry. STAR provides important information about product certifications, including the date, country, term, and level of certification. Decisions can be based on a simple cost and risk comparison, or on more thorough analysis of the strengths and weaknesses of current or potential suppliers. Analogous to ratings systems in other industries such as banking or tourism, STAR requires little technical training to understand the difference between level 1, 2, and 3 certifications.

These certifications are also valuable to your supplier. Suppliers can readily compare themselves to their competitors and build a strategic perspective of their own organization’s risks and opportunities.

From your customers’ perspective, your company includes the extended network of people, processes, and partners involved in delivering products and services. You cannot “go it alone” or dismiss these issues as limited to supply chain experts.

Validating the supply chain, whether it is for product quality or information security, is now an essential part of your success. You need to identify risks, to understand the potential downstream effects of a security breach or cyberattack, and to prepare response plans so that you can respond quickly to an incident. The alternative could be a serious loss of reputation, customers, and profits.

The post Validating Supply Chain Cybersecurity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/validating-supply-chain-cybersecurity/feed/ 0
Drag Your Adolescent Incident-Response Program Into Adulthood https://securingtomorrow.mcafee.com/executive-perspectives/adolescent-incident-response/ https://securingtomorrow.mcafee.com/executive-perspectives/adolescent-incident-response/#respond Mon, 14 Dec 2015 17:09:42 +0000 https://blogs.mcafee.com/?p=46625 It’s not about how many tools you have, but what you can do with them. We are often the incident response (IR) team called in to put out the fire after the security breaches you see on the news, seemingly every week. We see the facts, flaws, and foibles of these crises, and afterward we …

The post Drag Your Adolescent Incident-Response Program Into Adulthood appeared first on McAfee Blogs.

]]>
It’s not about how many tools you have, but what you can do with them.

We are often the incident response (IR) team called in to put out the fire after the security breaches you see on the news, seemingly every week. We see the facts, flaws, and foibles of these crises, and afterward we help the organization pick up the pieces and assemble a better approach to prevent a next-time. We usually find that fundamentals have been missed. Although the virtual front door was padlocked with an ornate authentication system, the attacker hopped in a virtual back window by stealing legitimate credentials from an insecure application with a basic flaw. Or one phish got away from the anti-spam filter. Or an unmanaged asset missed a patch.

As you watch the dramas unfold, are you wondering how good your own incident response plan is? Are you taking comfort in the range of security technologies you have installed? Are you reassuring yourself and your peers that your organization would not commit the same fundamental errors that seem to be at the root of most of these breaches? But how can you be sure?

Many of the organizations we meet with have IR plans, often expensively developed by third-party consultants. The plans are usually evaluated against theoretical scenarios but not rehearsed and real-world tested. In addition, these companies frequently have an overabundance of security technology but fail to recognize and address the root causes of their vulnerabilities and breaches. In the absence of solid metrics to measure the results of their efforts, it can be difficult to justify the investments required for their security needs, leaving some aspects of the security program underdeveloped because of lack of budget approval.

One of the IR evaluation tools we have been using with customers is a variation on the capability-maturity model concept, which dates back to the 1970s. Maturity does not refer to the age of the model, but to the level of formality and optimization of the procedures. A security architecture or framework can be prescriptive in what processes and technologies you need, but too generic to be a perfect fit for anyone.

A maturity model, instead, defines three or four levels of increasing capabilities and metrics, across different areas of responsibility. In enterprise security, for example, you might call the levels reactive (Level 0), compliant, proactive, and optimized (Level 3), covering areas such as metrics, user awareness, infrastructure, applications, incident response, and strategy.

Using a model like the one above, you evaluate your maturity level in each area and identify the processes and technologies you need to adjust or invest in to get you to the level that matches your organization’s specific acceptable level of risk.

Let’s look at the recent BASH bug discovery, which is a vulnerability in a widely deployed Unix command-line shell. The response to this incident required identifying all of the vulnerable devices, ranking them by level of exposure, getting the appropriate patches, and applying the patches.

A reactive security group has an ad hoc approach to this. Upon getting the updated threat intelligence (possibly from a general news report), the group works to assemble a team, search for potentially vulnerable systems throughout their network, identify the owners, and then painstakingly assess the software version levels of each, upgrading and patching as they can. However, this leaves the company at risk if they don’t find all of the vulnerable systems.

A compliant security group has an annual asset list to start from, but the list needs to be updated and does not contain sufficient details on the configurations to positively classify the exposure level. So, this group is also going system by system to evaluate and patch and faces the risk of not finding every vulnerable system.

A proactive security group has an asset list that is updated quarterly, with configuration management for each machine. This client is starting to engage in actual risk management. The proactive company would likely miss far fewer systems, and prioritizes its efforts on critical systems first. The IR team quickly ranks the systems by exposure level, remotely patching those they can and scheduling the rest for manual updates.

An optimized security group may be barely affected by the threat. It has current asset information and live vulnerability scanning. Its patch management system updates the most exposed systems as the security patches become available, while the environment is protected by defense-in-depth countermeasures. The IR team is able to continue with its normal work processes of dealing with incidents.

When we begin the conversation about maturity, most companies are unaware of their posture and are often surprised by the assessment results. We’d say the bulk of companies get at best a C grade, with only the exceptional passing with a few A’s in specific areas. C is for Compliant, which is not sufficient for security these days. Companies with high-sensitivity or regulated data should aim to be at least proactive, with a stretch goal of optimized within two to three years.

View the original post on Dark Reading.

The post Drag Your Adolescent Incident-Response Program Into Adulthood appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/adolescent-incident-response/feed/ 0
When Every Minute Counts (Part 2) https://securingtomorrow.mcafee.com/executive-perspectives/when-every-minute-counts-part-2/ https://securingtomorrow.mcafee.com/executive-perspectives/when-every-minute-counts-part-2/#respond Mon, 14 Dec 2015 17:04:55 +0000 https://blogs.mcafee.com/?p=46627 Acting on key Indicators of Attack for incident response is crucial. The increasing frequency and severity of incident headlines these days really makes it clear that we live and work in an increasingly complex digital world. I’ve been in the industry for a long time – leading teams on comprehensive security assessments for hundreds of …

The post When Every Minute Counts (Part 2) appeared first on McAfee Blogs.

]]>
Acting on key Indicators of Attack for incident response is crucial.

The increasing frequency and severity of incident headlines these days really makes it clear that we live and work in an increasingly complex digital world. I’ve been in the industry for a long time – leading teams on comprehensive security assessments for hundreds of businesses – and this latest report from Evalueserve for Intel Security is proof that we need to do more around proactive security.

In this study, over half of the companies surveyed had investigated more than 10 targeted attacks or advanced persistent threats in the past year. Many of these investigations uncovered the fact that the attackers had been in the environment, undetected, often for months, and even sometimes years. To gain insight into tactics for disrupting the attack before the compromise, the report also shares the experiences of our Foundstone investigators, Ismael Valenzuela and Jake Babbin, who have assisted with more than 200 investigations this year. The experts on my team were asked about the types of indicators that were the most meaningful in real-world situations.

The Foundstone incident-response team found that a few indicators have a high probability of signaling that an attack is imminent or underway. Generally, examples we have seen reflect a pattern of unusual alerts, inbound, internal, or outbound. An inbound example might be caused by probing or reconnaissance testing for vulnerabilities. An internal suspicious pattern might be anomalous traffic within the LAN such as repeated login attempts from one user account across a range of hosts, which may reveal stolen identities or privileges. Finally, patterns of suspicious outbound traffic expose likely compromised hosts, command and control activities, and data exfiltration. Many of these patterns score higher on the relevance radar when there are many of them in a short period of time, since concentrated activities show an active and determined actor.

It has been my experience that every organization should assess its ability to collect and correlate security data as it relates to these eight possible Indicators of Attack:

1) Internal hosts communicating with a foreign country where you do not do business, or to known bad destinations.

2) Internal hosts communicating to external hosts over non-standard ports or ports that do not match the protocol being used.

3) Publicly accessible (DMZ) hosts communicating with internal hosts, indicating a potential leak that could be used for infiltrating your systems or exfiltrating data.

4) Alerts that happen outside your standard operating hours signaling a compromised host.

5) Network scans and probing by internal hosts, which could reveal an attacker moving laterally within the network.

6) Duplicated events across multiple machines in the same subnet over a 24-hour period, such as repeated authentication failures.

7) Repeated reinfection of a system after being cleaned, signaling the presence of a rootkit or persistent compromise.

8) A user account trying to log in to multiple resources within a few minutes from/to different regions – a sign that the user’s credentials have been stolen or that a user is up to mischief.

Every minute counts in almost every one of these attack scenarios, but specifically the report uncovered three issues that directly affected response times and effectiveness:

  1. The full potential of the enterprise’s security defenses were not active, with some systems still at default or weak security settings.
  2. Important data was not being captured or shared.
  3. Dated security information and event management (SIEM), firewalls, and endpoint protection may lack real-time correlation.

I’m excited that we have this report to share with the public, because knowledge and awareness are critical in defending against these attacks. What the report confirms is that, while new technology will likely help, security teams often fail to leverage the capability they already have, missing out on insight that could be gained from data, tools, and tactics available today. Download your free copy of this special report to see our detailed recommendations and findings: http://www.mcafee.com/us/resources/reports/rp-when-minutes-count.pdf 

View the original post on Dark Reading.

The post When Every Minute Counts (Part 2) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/when-every-minute-counts-part-2/feed/ 0
Perimeter Inversion: Turning Digital Security Inside Out https://securingtomorrow.mcafee.com/executive-perspectives/turning-digital-security-inside-out/ https://securingtomorrow.mcafee.com/executive-perspectives/turning-digital-security-inside-out/#respond Thu, 10 Dec 2015 14:00:05 +0000 https://blogs.mcafee.com/?p=46515 We need security solutions that are designed from the ground up to operate in today’s dynamic environment. The idea of a network perimeter is quickly morphing into something more complicated. We work outside of the corporate network on our own devices, storing and moving things through clouds of applications, storage, and service providers. How will …

The post Perimeter Inversion: Turning Digital Security Inside Out appeared first on McAfee Blogs.

]]>
We need security solutions that are designed from the ground up to operate in today’s dynamic environment.

The idea of a network perimeter is quickly morphing into something more complicated. We work outside of the corporate network on our own devices, storing and moving things through clouds of applications, storage, and service providers. How will security change in the next few years to adapt to this new reality?

Almost since its inception, digital security has followed a perimeter model, which may seem like the Maginot Line of cybersecurity. We are spending more and more time outside the firewall, so we need to think beyond it. At the same time, attackers are finding new vulnerabilities to get under the walls, developing new techniques to get around them, and finding softer targets with valuable assets to compromise. With the wide scale adoption of server virtualization and cloud computing, the concept of an enterprise data center has evolved into private and hybrid clouds that span on-premises and cloud-hosted servers in a seamless fashion.

The new security model needs to follow the data and users, as well as their devices and services. This does not mean that security will be completely cloud-based, with no on-premises component. Cloud computing and storage will still incorporate a perimeter and access approach, as will the data center. The data center needs to shift focus from servers to applications and data, which move in a dynamic manner with decreasing emphasis on location or ownership of hardware. But it will have to augment this with multiple vantage points of traffic flows, analytics, and collaborative intelligence. Encrypted communications make it difficult for firewalls to inspect individual traffic flows, increasing the importance of multiple perspectives.

This is strikingly similar to the physical security world we find around us. Attackers are not defined by physical borders, so defenses need a much higher level of collaboration, large volumes of intelligence, and powerful analytics to pull insight out of the noise and chatter.

Real-Time Security

The key to successful security operations in the new data center is real-time dynamic provisioning and orchestration. Security must follow the data, follow the application, and follow the user. One approach is a dynamic perimeter that forms around every flow. The network is no longer static or deterministic; it has become fluid, and security needs to be agile. This means implementing cloud security solutions that can redirect flows between endpoint devices and applications for inspection, analysis, and prediction. These solutions need to ask, “Is this normal activity between this device/location/user/application?”

With mobile users and IoT devices connecting directly to the cloud, the new model means securing the channel between endpoints and applications, not just with encryption but by watching out for attacker redirection and man-in-the-middle attacks that could disrupt devices or data enough to affect your operations. Encryption and tokenization become critical when corporate data is stored on shared resources in hybrid or public clouds. Data must be secured both at rest and at all points of the flow to protect it from hardware or virtualization exploits. Identity and policy management will become extremely important in such a dynamic environment, defining and enforcing policies that prevent sensitive information such as personally identifiable data or health details from straying outside of secure locations and devices.

Another approach of real-time dynamic provisioning and orchestration is shrinking the perimeter around each individual device, forcing the devices to protect themselves. Many devices will not have the compute power necessary to do this, requiring a mix of hardware-enabled trust and cloud-based processing.

Perhaps the most important part of this new security model is the analytics necessary to put together multiple observations from different agents at varying points in the cloud into a cohesive picture that can differentiate signal from noise, without an overwhelming number of false positives.

An interesting analogy to this method is how airplane flight control systems were developed. Different developers in different locations using different languages and algorithms running on different hardware developed systems for the same set of controls. In operation, only when multiple systems were within tolerance would the airplane actually take action. In security, this approach not only reduces false positives, it makes it far more difficult for attackers to develop threats that can evade the detection algorithms because multiple are in use at any time.

We need to build security solutions that are designed from the ground up to operate in this new dynamic environment: Multiple perimeters, hardware-based trust, and cloud-scale analytics fuelled by large volumes of shared threat intelligence must enable local and cloud-based agents to detect and disrupt attacks at machine speeds.

View the original post on Dark Reading.

The post Perimeter Inversion: Turning Digital Security Inside Out appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/turning-digital-security-inside-out/feed/ 0
FirstNet Enabled Devices for First Responders Set to Revolutionize Public Safety Landscape https://securingtomorrow.mcafee.com/executive-perspectives/firstnet-enabled-devices-first-responders-set-revolutionize-public-safety-landscape/ https://securingtomorrow.mcafee.com/executive-perspectives/firstnet-enabled-devices-first-responders-set-revolutionize-public-safety-landscape/#respond Wed, 02 Dec 2015 23:55:25 +0000 https://blogs.mcafee.com/?p=46448 As French safety officials pieced together information following the attacks in Paris at the hands of ISIS, there’s no doubt they meticulously tracked witnesses interviewed, items recovered from the crime scenes and other helpful notes for the ensuing investigation. While the U.S. has robust security practices, often local police are still writing field interview notes …

The post FirstNet Enabled Devices for First Responders Set to Revolutionize Public Safety Landscape appeared first on McAfee Blogs.

]]>
As French safety officials pieced together information following the attacks in Paris at the hands of ISIS, there’s no doubt they meticulously tracked witnesses interviewed, items recovered from the crime scenes and other helpful notes for the ensuing investigation. While the U.S. has robust security practices, often local police are still writing field interview notes by hand and thus would be sifting through stacks of notecards full of information – hardly helpful for putting the pieces together until they’ve been logged in a database.  The private sector is rapidly developing solutions for law enforcement, however, and when FirstNet is built out, there will be a network to unify those communications – safely and securely, if current plans hold.

Here are just two advances that will greatly enhance law enforcement’s communications efforts. Haystax Technology recently introduced its Mobile Field Interview™ application, enabling public safety personnel to capture field interview (FI) information from an iOS or Android device. Rather than relying on cumbersome, inefficient paper notecards, law enforcement officials can conduct these FIs through the app and sync the resulting notes to the cloud. Indexed FIs become viewable and searchable by other members of the organization, resulting in increased information sharing and efficiency.

Another product unveiled recently is Mutualink’s Wearable Smart Gateway (WSG), the world’s first wearable for first responders. The WSG, powered by the tiny, low-power Intel® Edison™ chip, is the first in a series of devices emerging from the Internet of Public Safety Things (IoPST). This palm-sized, high-performance multimedia gateway will reduce response times and help first responders coordinate more effectively.

Solutions like Mutualink’s WSG and Haystax’s Mobile Field Interview™ will soon have a home with the development of FirstNet, a first-of-its kind broadband network dedicated to public safety, providing a single, interoperable platform for emergency and daily safety communications. The network will enable public safety officials and first responders to send and receive data, video, images and text – all on one shared network. This exclusive network will provide a shared operating picture and increased situational awareness, further improving emergency response times and increased efficacy during emergencies.

Our first responders have an incredibly difficult job as it is; their communication and coordination shouldn’t be hampered by outdated technology or an unreliable, insecure network. Connectivity and speed are critical; so is security. We need to ensure FirstNet is built with security in mind from the ground up, for without security, the network’s effectiveness is severely compromised. It’s possible to engineer both speed and reliability into FirstNet, and that’s what we need to do. Then new apps and products coming to market will be even more valuable, as emergency responders will have the benefit of a robust, secure network. The private sector is great at innovating, and it’s good to see that innovation directed toward law enforcement. Now we just need the network to bring it all together – securely.

The post FirstNet Enabled Devices for First Responders Set to Revolutionize Public Safety Landscape appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/firstnet-enabled-devices-first-responders-set-revolutionize-public-safety-landscape/feed/ 0
Where Is Ransomware Going? https://securingtomorrow.mcafee.com/executive-perspectives/where-is-ransomware-going/ https://securingtomorrow.mcafee.com/executive-perspectives/where-is-ransomware-going/#respond Tue, 01 Dec 2015 14:00:41 +0000 https://blogs.mcafee.com/?p=46391 As PCs and servers get better protected and employees more knowledgeable about the ransomware threat, criminals will go after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices. Ransomware, the malicious software that encrypts your files until you pay to get the encryption key to unlock them, is having quite a …

The post Where Is Ransomware Going? appeared first on McAfee Blogs.

]]>
As PCs and servers get better protected and employees more knowledgeable about the ransomware threat, criminals will go after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices.

Ransomware, the malicious software that encrypts your files until you pay to get the encryption key to unlock them, is having quite a successful run. Initially targeting consumers, criminals are turning toward businesses and government organizations, demanding higher ransoms for more valuable data. An FBI agent has even commented that ransomware is so good the bureau often recommends that people just pay the ransom.

That is obviously not an acceptable long-term solution to the problem, especially as it appears the criminal technique continues to evolve.

We typically see malware threats go through several phases, starting off with attacks in small volumes, as the authors evaluate target systems’ defenses until they identify approaches that achieve reasonable success rates. Then the attacks increase in volume, going after consumers, then businesses, as the technique matures and gets monetized through massive campaigns. The next phase is a shift from volume to highly targeted attacks, as defenses adapt to the generic approach, criminals identify higher value targets, and special interest groups adopt the technique for their own specific purposes.

Ransomware is currently moving from the volume to targeted phase, increasing in sophistication of the delivery mechanism and looking for more valuable ways to get money from its victims.

Ransomware is nasty because, unlike other malware infections, you cannot run a cleaning or removal tool to get rid of it so defenses have to catch it before it can act. However, an offline backup is a reasonable and effective precaution that disarms most of the power of the ransomware. We (law enforcement and security industry) have also had a fair amount of recent successes finding and taking down ransomware servers such as CryptoLocker.

As a result, we are seeing changes to the ransom model, where encryption of your data is just one step. Using targeted attacks such as emails that look like they originate from within your company, attackers are getting their malicious encryption tools into vulnerable systems. Then, after encrypting the files or data stream, they threaten to publish something that you will pay to keep secret, whether it is valuable financial information or embarrassing emails. A recent ransomware campaign in Germany called “Chimera” threatens to publish your files if you do not pay the ransom of more than 600 euros, according to the Anti-Botnet Advisory Centre. It is not clear if Chimera actually exports your files and can carry out the threat, but if it cannot, the next one will.

Ransomware’s Next Target

Where will ransomware go next? As we adopt more and more technology in our lives, we are also fueling the creativity of our attackers. As PCs and servers get better protected and employees more knowledgeable about the ransomware threat, criminals will change and multiply their attack vectors, going after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices.

Think about the risk to your organization of criminals threatening to release audio captured from an executive’s television, video from a board meeting, or embarrassing details from your personnel files. This could result in new opportunities for them to make more money than they do today, charging a ransom to decrypt your data and a premium to not publicly release it.

When threats go from volume to targeted mode, you need a shared intelligence strategy that can detect threats at multiple points, across both your network and the cloud. You need to be aware of the potential motivations, whether that is organized crime looking for payment or hacktivists looking to expose corporate secrets. Understanding the attacker profiles helps you identify what material is valuable and vulnerable, and helps you prioritize your security efforts.

Ransomware is just one threat that is evolving with our technology usage. Whether it is cloud computing, IoT devices, or virtualization, security needs are changing to require greater integration between defenses; broader collaboration with law enforcement, industry organizations, and supply chain partners; and increased automation that can react at digital speeds.

View the original post on Dark Reading.

The post Where Is Ransomware Going? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/where-is-ransomware-going/feed/ 0
Incident-Response Imperative: Take Immediate Action https://securingtomorrow.mcafee.com/executive-perspectives/incident-response-immediate-action/ https://securingtomorrow.mcafee.com/executive-perspectives/incident-response-immediate-action/#respond Tue, 17 Nov 2015 19:26:47 +0000 https://blogs.mcafee.com/?p=46160 Something malicious this way comes. A fast reaction can reduce your risk. You have just detected an attack and alerted the incident-response team, one of 38 investigations you will likely conduct this year. Half of these are probably generic malware attacks, but the rest are higher-risk targeted attacks or data breaches. Now you are working …

The post Incident-Response Imperative: Take Immediate Action appeared first on McAfee Blogs.

]]>
Something malicious this way comes. A fast reaction can reduce your risk.

You have just detected an attack and alerted the incident-response team, one of 38 investigations you will likely conduct this year. Half of these are probably generic malware attacks, but the rest are higher-risk targeted attacks or data breaches. Now you are working against the clock and against the potentially exponential rate of further infections, trying to get your systems back to a known state.

What happens if you cannot stop the attack soon enough? We have all seen the immediate and public effects of a security breach, but what happens afterwards? You have isolated the machines that you think are infected and begun the laborious process of cleaning them. Or you buy new machines and operate completely separate networks while you carefully scrub and transfer data from the old to the new. Or maybe you find yourself so deep in a hole so quickly that you cannot dig your way out, so you just work around the infected machines.

These and other security scenarios are playing out at organizations around the world. Attackers are shifting to focused, designer attacks targeting specific companies and individuals. They have been testing the behaviors of preventative technologies and are learning how to get through security defenses and minimize detection. A fast and active incident-response capability is now an important part of your overall security plan.

Our research underlines the importance of responding effectively within the first hour. You are probably already struggling with the volume of security data. There is so much data flowing in from your existing tools that it takes a long time to analyze it, delaying your response. Or you have made compromises on the data being collected, and you are missing important indicators of attack.

Risk Reduction

Speeding up incident detection and gaining an understanding of the potential impact and scope are the most important tasks in reducing risk. What you need is the ability to perform live investigations. Using historical data as the foundation, automated endpoint collectors can learn the system’s state and context, watching for any changes to network flow, registries, or processes that may indicate an attack. This also includes deleted files or dormant components, tricks that are commonly used to evade detection.

Quickly alerted to an attack and its potential scope, the next important tasks are taking action to minimize the impact, identifying which assets remain vulnerable, and updating security controls. When the endpoint collectors detect an attack event, they send alerts to security central. But you can also configure them to trigger other actions, depending on the nature of the alert. Do you want additional data collection, temporary changes to user privileges, or some other custom action that will assist the response team?

You can also trigger an investigation across all systems in the organization, greatly expanding the scale of your response. You no longer need to make assumptions about the attack’s progress, which can result in an artificially limited view of the affected systems. If you cannot scale the response fast and far enough, you could allow the criminals to work freely in one area while you try to contain just a portion of the infection.

Time and scale are the prime limiters of incident response. Greater automation of data collectors, security triggers, and predefined reactions helps you detect sooner, respond faster, and hunt farther than you could before.

View the original post on Dark Reading.

The post Incident-Response Imperative: Take Immediate Action appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/incident-response-immediate-action/feed/ 0
What Is Your Customer Data Worth? https://securingtomorrow.mcafee.com/executive-perspectives/customer-data-worth/ https://securingtomorrow.mcafee.com/executive-perspectives/customer-data-worth/#respond Mon, 09 Nov 2015 19:30:15 +0000 https://blogs.mcafee.com/?p=46046 How to make sense of the market for stolen information. Personal data about you, me, and, most importantly, your customers is being openly sold via online marketplaces. Stolen data has become a mature commodity market, not unlike oil or metals, with supply-driven price fluctuations, different qualities of product, and a range of values and scarcities. …

The post What Is Your Customer Data Worth? appeared first on McAfee Blogs.

]]>
How to make sense of the market for stolen information.

Personal data about you, me, and, most importantly, your customers is being openly sold via online marketplaces. Stolen data has become a mature commodity market, not unlike oil or metals, with supply-driven price fluctuations, different qualities of product, and a range of values and scarcities. This market has expanded far beyond credit card numbers, mirroring the growth of big data in legitimate organizations.

We recently published a report titled The Hidden Data Economy, detailing key types of information that are available and how much they cost. Since you cannot trust criminals, some of these marketplaces may be scams or may be using reputable brand names to perpetrate a different type of fraud, but that does not reduce the overall impression of a vibrant cybercrime economy.

Credit card numbers and other payment information are the most common stolen data, with the lowest price point and widest range of values. Large scale thefts, the increasing use of chip-and-PIN cards, and rapid response from credit card companies have driven down the value of basic card information. After a big data breach floods the market with new numbers, they may go for only a few dollars each.

However, add in some additional data and the price goes up quickly. Combine payment card information with date of birth, which is a common fraud prevention question, and the value jumps to $15 in the US and about $30 in other major countries. Add in the billing address and the username and password for the account, and the price goes up to between $30 and $45. Many options are available for the discerning criminal, including issuing bank, country, available balance, maximum withdrawal limit, and usability at an ATM, store, or online.

The Stolen Data Value Chain

Credit card numbers are the base metal of stolen data markets — widely available but not worth that much without additional info. Moving up the value chain are account login credentials for payment accounts or banking services, which appear to be priced based on the balance in the account. For less than 5% of the account balance, you can purchase login information for an online payment account. More valuable are full banking services, especially those with the ability to transfer funds to US banks, which sell for about 8% of the balance. Some sellers offer replacements if the purchased account no longer has the advertised balance, while others rely on reputation rankings, purchase feedback, and other common tools of online shopping to reassure customers.

High demand and automated theft operations have made the market for premium content account information attractive and apparently profitable. Whether you want to read some comic books ($0.55), watch online video (up to $1), get access to premium cable channels ($7.50), or watch live professional sports ($15), stolen login credentials are readily available. In an ironic twist, you can even buy stolen credentials to Dark Web markets.

Rare and more specific are logins for individual companies, open vulnerabilities to valuable systems at banks and airlines, access to industrial machines or critical infrastructure, and even stolen enterprise datasets. Just like rare art or jewels, this type of stolen data does not typically carry a direct price tag; instead, value is negotiated between the buyer and seller. Also like stolen art, the prospect of commissioned thefts is probably not very far away, if it is not here already.

With such a significant number of data breaches making headlines over the last two years, it’s not surprising to see so much consumer data for sale. But the wide variety of data and related profit-making schemes never cease to surprise those of us monitoring the Dark Web on an ongoing basis. Beyond the aforementioned stolen data types, you can also find personal identities, social media access, email accounts, medical information, and much more.

I know from direct conversations with organizations that there is quite a bit of apathy on the subject of cybercrime. Even today, after all the headlines, cybercrime still seems intangible. Too many of us still fail to realize cybercrime is simply the digital evolution of crime, and given the widespread apathy, the emergence of an increasingly established hidden data economy is the destination at which we are bound to arrive. It’s a constant and important reminder for those of us committed to making our connected world safe for our connected lives.

View the original post on Dark Reading.

The post What Is Your Customer Data Worth? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/customer-data-worth/feed/ 0
Saving time, saving lives: Mutualink’s world-first wearable tech for first responders uses Intel® technology https://securingtomorrow.mcafee.com/executive-perspectives/saving-time-saving-lives-mutualinks-world-first-wearable-tech-first-responders-uses-intel-technology/ https://securingtomorrow.mcafee.com/executive-perspectives/saving-time-saving-lives-mutualinks-world-first-wearable-tech-first-responders-uses-intel-technology/#respond Thu, 05 Nov 2015 21:08:53 +0000 https://blogs.mcafee.com/?p=45997 Intel® Edison module-powered Wearable Smart Gateway* for first responders delivers seamless inter-agency access to real-time situational intelligence Thomas Edison was all about connecting people. His lab in Menlo Park, New Jersey, was where the Hungarian Tivadar Puskás invented the humble telephone switch in 1877. Prior to that, telephone lines had been hardwired between users, but …

The post Saving time, saving lives: Mutualink’s world-first wearable tech for first responders uses Intel® technology appeared first on McAfee Blogs.

]]>
Intel® Edison module-powered Wearable Smart Gateway* for first responders delivers seamless inter-agency access to real-time situational intelligence

Thomas Edison was all about connecting people. His lab in Menlo Park, New Jersey, was where the Hungarian Tivadar Puskás invented the humble telephone switch in 1877. Prior to that, telephone lines had been hardwired between users, but the introduction of the switches—combined in a switchboard or telephone exchange—allowed a user to connect to any other user on the same network for the very first time.

This vision of interoperability has inspired the work of Mutualink for over 20 years, leading them to develop the Wearable Smart Gateway* (WSG*). Powered by the Intel® Edison board, the WSG is the world’s first wearable communications gateway that lets first responders share multimedia information over secure wide-area networks in real-time. Designed to give command posts and cooperating agencies an unprecedented level of access to live situational intelligence, the technology is built for saving time and, ultimately, lives.

Intel collaborated closely with Mutualink from the early days of WSG development: running design-thinking sessions to refine the design and implementation, and assisting in the analysis of feedback from first responders regarding WSG features and usage needs.

Our ongoing role with the WSG is specifically with the First Responder Network Authority (FirstNet*) currently being developed for use nationally within the United States. I will shed more light on the WSG and its larger role as part of Intel and Mutualink’s Internet of Public Safety Things * (IoPST*) initiative.

The WSG is a compact on-body hub with the tiny and ultra-low power Intel® Edison™ board at its heart. It uses Wi-Fi*, wire, or Bluetooth* to connect to devices on or near the user and shares data from those devices via a secure cloud connection with the command post and any other stakeholders or cooperating agencies who need access to it.

Anything that can be digitally measured or captured can be transmitted by the WSG, including video, personal biometric data, GPS coordinates, positions of locator beacons, air composition, or even radiation level. There are many useful applications of this across the police, medical, and fire services: for example, multiple SWAT team members can transmit real-time video giving the command post a holistic view of a “dynamic entry”; a firefighter’s pulse and respiration can be monitored remotely for signs of distress; the position of dropped Bluetooth beacons can help a second wave of paramedics find victims in an environment where GPS data is unavailable or compromised.

Data is transmitted from the WSG by tethering it to a mobile phone using any commercial 4G network or, once available, to FirstNet.  FirstNet is a very exciting national program to provide a network dedicated to the sole use of first responders. It’s currently in its consultation phase and in some areas of the United States is actually being tested. The WSG is exactly the kind of device that FirstNet is designed for: it’s secure, and it sidesteps the limitations of public networks, such as the bandwidth throttling you see in emergency situations where everyone tries to connect in one place at the same time.

Security is crucial when transmitting over any network, particularly one dedicated to public safety, and Mutualink puts its years of experience to great use with the WSG, connecting the device securely through the cloud using Mutualink’s tried-and-tested encryption and virtual private network (VPN) technology. From an Intel Security perspective, we approached the security of the WSG from the ground up, ensuring the integrity of data and advanced malware protection, are there, but engineered to ensure the speed and efficiency associated with public-safety networks are never compromised.

Testing, Testing

The user experience is key to the successful introduction of any new technology, even more so when it comes to wearable tech for first responders working in fast-moving, high-pressure situations. The last thing they want to worry about is a new piece of kit they have to find a pocket for.

With Mutualink we ran a field test of the WSG at Urban Shield, an annual event where global teams of SWAT, Fire, EOD, and EMS first responders compete and collaborate through a series of realistic scenarios. The event is an invaluable test bed for new tactics and technologies, and this September the WSG was put through its paces over 48 hours of rigorous SWAT exercises.

Over two test scenarios, multiple WSG devices were used to stream real-time video, heart-rate, and beacon-proximity data back to the command post. We were very happy to see that in terms of UX, the teams had no problem adding the WSG to their kit. While there were certainly important learnings we took away from the test, overall the WSG performed as intended technically, providing mission commanders a window into live situations that they hadn’t ever had before.

Internet of Public Safety Things*

The WSG is the first device to emerge as a result of the Internet of Public Safety Things* (IoPST*) initiative that Intel and Mutualink are spearheading. The long term aim is to leverage IoT technologies to seamlessly interconnect the next generation of first responders, helping save lives.

With Mutualink, we’re in the process of exploring all kinds of potential applications for the smart gateway technology in the context of the IoPST. One idea that we recently showcased at Maker Faire in New York is the integration of the smart gateway technology into infrastructure such as fire boxes or even—coming full circle back to Roger’s reference to Edison—light bulbs. One potential use is to provide a dedicated emergency Wi-Fi network in emergency situations when normal bandwidth is choked or inaccessible.

We’re expecting commercial rollout of the WSG in 2016, and in the meantime we’re continuing to work with Mutualink to iterate on the device and put it through its paces. Work is ongoing to add on-board 4G LTE connectivity which will remove the need for cell phone tethering and shrink the form factor even further. And the team is also tweaking the video compression to squeeze the data volume and speed up video streaming—a key piece of WSG functionality.

Further down the line, the modular construction and agnostic connectivity of the WSG will help make sure it’s ready for whatever software updates and hardware advances are thrown at it as we head further down the road to interconnected public safety. We’re working on making the future a much safer place.

 

The post Saving time, saving lives: Mutualink’s world-first wearable tech for first responders uses Intel® technology appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/saving-time-saving-lives-mutualinks-world-first-wearable-tech-first-responders-uses-intel-technology/feed/ 0
What’s.Next? Taking you on a journey to the future https://securingtomorrow.mcafee.com/executive-perspectives/whats-next-taking-journey-future/ https://securingtomorrow.mcafee.com/executive-perspectives/whats-next-taking-journey-future/#respond Tue, 03 Nov 2015 01:20:05 +0000 https://blogs.mcafee.com/?p=45972 The threats of tomorrow are more than malware and malicious files. They are multifaceted attacks, using a wide range of techniques and vectors. At FOCUS 2015, we explored where attackers are going, how the environment you need to defend is changing, and what we are developing and delivering to help you deal with these adaptive …

The post What’s.Next? Taking you on a journey to the future appeared first on McAfee Blogs.

]]>
The threats of tomorrow are more than malware and malicious files. They are multifaceted attacks, using a wide range of techniques and vectors. At FOCUS 2015, we explored where attackers are going, how the environment you need to defend is changing, and what we are developing and delivering to help you deal with these adaptive attack techniques.

Attacks are coming in from many new vectors, including hardware and firmware, virtual machines, supply chains, and of course the legion of cloud applications and services. Motivations are expanding to fill almost every conceivable niche, from financial gain to extortion, business disruption, blackmail, competitive intelligence, or simply wanting to watch the world burn. Our adversaries refuse to play by our rules, so we need to change the way we think about defending this new environment. Static security solutions for the endpoints, data center, and network are no longer sufficient to deal with adaptive attack techniques, cloud-based threats, and whatever else the cybercriminals will come up with to try and steal your data or disrupt your business.

One of the most significant changes to corporate computing over the last decade or more has been the rapid growth and adoption of cloud computing and storage. Efficient and elastic computing, application delegation, SaaS (really Anything-as-a-Service), IoT, and broad connectivity are supporting increased mobility and agility, which in turn is driving furious amounts of innovation. We don’t want this to stop, but the advantages that clouds have brought to businesses and security defenses are also available to attackers. Public clouds not only mean softer targets, but also provide virtually unlimited and anonymous compute and network resources for attacks. Something-as-a-Service means that businesses do not always have the details about their cloud service infrastructure, and has contributed to the emergence of cybercrime-as-a-service. And even private clouds are not safe, as their elasticity helps erode perimeters while introducing new forms of privilege escalation.

Gaining the advantage in this environment means fundamentally changing our approach to security, retooling and rebuilding to make sure that we can comprehend and respond to the threats of tomorrow. The cloud enables scale and agility like we have never seen before, giving us a fighting chance against these complex attacks. We need to think about data differently, examine how the pieces relate to each other, and how we use the information to triage and better assist the human security responders. Accurate intelligence generates better security, and so we are leveraging the cloud to deliver analytics at the scale and speed necessary to make a difference. This means gathering local and global telemetry, from internal and external sources, on an industrial scale. It means dynamically examining code to locate malicious instructions before they can be executed. It means combining and classifying the data and feeding it to next-generation analytics engines with machine-learning capabilities to build a comprehensive, real-time picture of threats, targets, and recommended responses. These and more are processes that would be impractical to run on premises.

Does this mean that on-premise security solutions are dead? Maybe sometime in the future, but for now the combination of cloud scale and local customization are a powerful asset. The cloud can easily work with data from multiple sources, for example correlating activity at one financial institution with an attack on another. On-premise tools are better positioned to work with private intelligence, identify artifacts unique to your environment, or work with your standard IT build. At the same time, we need to do the heavy lifting to shelter you from increasing complexity, so that you can focus on your business with security defenses that are tailored to your organization.

This is the philosophy behind McAfee Active Response and Endpoint Security; ensuring that our responders have the capabilities to respond to an actively changing threat landscape. It is unreasonable to assume that any product from any security vendor will be able to provide a one-size-fits-all solution to these threats or the next ones. So we are empowering our customers to act in their own defense, with the intelligence, analytics, and protections you need to protect your assets, detect emerging threats, and correct vulnerabilities before you can be compromised.

The post What’s.Next? Taking you on a journey to the future appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/whats-next-taking-journey-future/feed/ 0
Hardware.Next: Diving deeper into the stack—understanding the dangers of hardware and firmware vulnerabilities https://securingtomorrow.mcafee.com/executive-perspectives/hardware-next-hardware-firmware-vulnerabilities-provide-tools-attackers-defenders/ https://securingtomorrow.mcafee.com/executive-perspectives/hardware-next-hardware-firmware-vulnerabilities-provide-tools-attackers-defenders/#respond Tue, 03 Nov 2015 01:19:33 +0000 https://blogs.mcafee.com/?p=45974 The security industry has, for years, been developing technologies to secure our applications and operating systems. 2015 was the year, however, I feel hardware vulnerabilities truly became real. We saw multiple instances of attackers using hardware, firmware, and BIOS as an element of their attack, from Rowhammer exploiting DRAM to the Equation Group showcasing vulnerabilities …

The post Hardware.Next: Diving deeper into the stack—understanding the dangers of hardware and firmware vulnerabilities appeared first on McAfee Blogs.

]]>
The security industry has, for years, been developing technologies to secure our applications and operating systems. 2015 was the year, however, I feel hardware vulnerabilities truly became real. We saw multiple instances of attackers using hardware, firmware, and BIOS as an element of their attack, from Rowhammer exploiting DRAM to the Equation Group showcasing vulnerabilities in HDDs/SDDs. Despite our extraordinary efforts, attackers can effectively render what we do at the upper layers of the stack moot if the underlying hardware or firmware is vulnerable. Significant value lies below, if the adversaries have the patience and the intelligence to exploit it. As attackers move deeper into the compute stack, they are discovering significant benefits, including denying access to a machine permanently, surviving even a complete reimaging, and escalating into higher privilege levels. This has triggered serious discussions about hardware and firmware security.

 

The good news is that operating systems do continue to improve their compute security. For example, Windows 10 delivers tremendous new capabilities, offering much better protection for operating system secrets even if there is an admin or kernel level compromise, keeping secrets in a separate partition. Microsoft has also integrated regular updates to BIOS and other firmware via Windows Update to keep them current. However, vulnerable firmware could undermine these new capabilities, allowing attackers to work their way up the stack and into the entire physical platform, regardless of logical partitions, if system vendors are not careful. Intel continues to partner with Microsoft and the PC ecosystem to address BIOS vulnerabilities, but many persist on deployed platforms if systems go unpatched.

 

With these new threats, we need to expand our view of what needs to be secured beyond the operating systems and applications. Customers need tools with visibility into the lower levels of the platform so they can detect and correct systems before becoming compromised. For example, endpoint detection and response (EDR) tools could leverage capabilities such as Intel’s low-level CHIPSEC analysis toolkit, to find machines that are vulnerable and take faster, more effective action against attacks in progress. CHIPSEC could scan for BIOS that isn’t write protected, System Management Mode RAM that is unlocked, and Secure Boot Keys with insufficient access control. Feeding this information to EDR solutions could provide incident response teams a clearer picture of low-level system vulnerabilities, along with immediate response options if or when any of those vulnerabilities are detected in the future. Potential reactions include killing a malicious process or quarantining a vulnerable machine until it can be updated. Customers can personalize their own solutions, leveraging Intel’s customer-ready Software Development Kit (SDK), to add their own customized collectors, reactions, and workflows, using native OS commands and familiar languages such as Python, to hunt for and remediate vulnerabilities in their ecosystems.

 

The good news is that attackers are not the only ones who can take advantage of hardware and firmware. Hardware and firmware also give us new capabilities that are not possible with software alone. For example, Intel has added support for Software Guard Extensions to DXL 2.0 to protect the signing of keys, so that we have a high level of confidence that DXL data was sent by the machine we thought it was. This mitigates attack vectors that spoof or simulate DXL messages, increasing the integrity of the exchange layer. Protecting hardware and firmware, detecting low-level attacks, and correcting incidents before they become compromises are examples of how Intel Security is empowering responders with the adaptive capabilities they need to address the threats of tomorrow.

The post Hardware.Next: Diving deeper into the stack—understanding the dangers of hardware and firmware vulnerabilities appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/hardware-next-hardware-firmware-vulnerabilities-provide-tools-attackers-defenders/feed/ 0
Higher Education Must Save Cybersecurity https://securingtomorrow.mcafee.com/executive-perspectives/higher-education-must-save-cybersecurity/ https://securingtomorrow.mcafee.com/executive-perspectives/higher-education-must-save-cybersecurity/#respond Fri, 23 Oct 2015 21:24:25 +0000 https://blogs.mcafee.com/?p=45066 Sophisticated organizations defend themselves against cyber attacks with tools, products, services, and perhaps most importantly highly capable security professionals.  But it is becoming very difficult to attract and retain good talent.  The pool of qualified available resources has run dry and it is now up to the academic institutions to replenish the workforce population.  It …

The post Higher Education Must Save Cybersecurity appeared first on McAfee Blogs.

]]>
Sophisticated organizations defend themselves against cyber attacks with tools, products, services, and perhaps most importantly highly capable security professionals.  But it is becoming very difficult to attract and retain good talent.  The pool of qualified available resources has run dry and it is now up to the academic institutions to replenish the workforce population.  It won’t be easy, but higher education must save cybersecurity!

Cybersecurity may be fought with technology - quote


The demand for security professionals is at an all-time high, but the labor pool is largely barren of qualified candidates.  Various data sources paint a similar picture with estimates hovering around ~70% of security organizations are understaffed, ~40% of junior-level jobs are vacant and senior-level roles are unfilled ~50% of the time.  A lack of security talent, especially in leadership roles, is a severe impediment to organizations in desperate need of staffing in-house teams.

Hiring a quality cybersecurity professional is not as easy as you might think.  Universities are trying urgently to fill the gaps but are having difficulty in delivering the needed knowledgeable and experienced personnel.  Some experts have described cybersecurity as a “zero-unemployment” field.  In fact, the gap is widening, with 2020 predictions expecting the shortfall to reach 1.5 million workers.  Adding to the challenge, with demand high and supply low, security technology salaries are going up fast and are far outpacing their IT counterparts.  Specialty positions show strong double digit growth in salary over last year’s figures.  Leadership roles are in great demand as well, with compensation rising to match.  Relief of this situation will only come about by balancing the supply side of the equation.

Barriers to resolution

Higher education institutions and governing bodies are working feverishly to fill the tremendous demand with significant numbers of new security graduates, but serious barriers stand in the way.  Academic structures are not well aligned to the needs of the industry, there is a lack of consistent degree and curriculum standards, and educating students with relevant content, in a rapidly changing field, is proving difficult with traditional practices.

Positions within the industry are constantly evolving, with new roles and responsibilities emerging at a rapid pace.  The titles are changing as are the expectations for education and experience.  A recent inventory of federal job responsibilities showed more than 100 occupation-series which include a significant amount of cybersecurity work, representing ~1.6 million employees or roughly 4% of the workforce.  Adding to the mix are new industry jobs emerging around privacy, big data, internet-of-things, policy, customer protection, product design, testing, audit, investigation, and legal aspects of security.  Education institutions are having a difficult time in aligning the skillsets of graduates with the shifting landscape of what employers truly need at any given moment.

Consistency across different higher education institutions is a separate problem which must be addressed.  A nationally recognized degree in cybersecurity does not exist.  Instead, most programs are customized and can have a vastly different emphasis and graduation requirements depending upon the host university.  There is not even a consensus on which departments such programs should reside. A 2014 Ponemon report showed a variety of academic departments where cybersecurity is situated, ranging from engineering, computer science, library, military, business, and legal studies.  The result are clusters of graduates entering the workforce possessing vastly different sets of educational knowledge and security skills.  This is problematic for both potential employers trying to fill a position and prospective applicants desiring to show competitive aptitude.
Ponemon Report - 2014 Best Schools for Cybersecurity.jpg

Teaching cybersecurity is difficult in of itself.  The technology, threats, and attack methods rapidly shift.  It seems every eight to twelve months, the industry swings to an entirely new focus.  A fellow security professional stated “if they are learning from a book, it is already outdated”.  Traditional rote teaching styles are insufficient to train professionals as they rely heavily on static material.  More dynamic sources of information, and processes to integrate them into the classroom, are needed.  Cybersecuirty instruction must be agile and stay very close to the pulse of what is happening in the real world.

Expectations are not being realized by both recent hires into the field as well as companies who are investing in college graduates.  Students told me it was the last six months of schooling which was most relevant.  Before that, most describe the knowledge as an interesting history lesson, but not very practical.  Learning the fundaments are always required to understand the landscape and establish base skills, but the real value is in the pragmatic application of knowledge to supporting risk mitigation.  I have seen frustration with many companies who have hired graduates, only to discover they are not prepared for day-one.  They are glad to have them as part of the team, but the organization must start near square-one to teach them the current challenges and methods to be successful.  Simply put, both sides expect more.

With the vast differences in programs, teaching backgrounds, and content interpretation, sometimes even the basics are overlooked.  Many graduates don’t understand the practical distinction between obstacles versus opposition.  I have found that most, with the exception of those with a statistical background, don’t adequately grasp the relational difference between vulnerability andrisk-of-loss.  Most concerning is how many students have a very narrow viewpoint and overlook how cybersecurity is both a technology and behavioral based discipline.  Far too many technical graduates see security as solely an engineering problem, where the right hardware, software, or configuration will achieve the goal and forever solve the puzzle.  This is just not realistic.  Cybersecurity weaves both technology and human elements together in a symbiotic way.  Only addressing one aspect may improve the situation, but will ultimately fail as an isolated stratagem.  These are fundamental constructs every security professional should be fluent in before entering the labor force.

The solution is apparent

The solution will arrive in three parts.  First, partnerships between higher education and the industry will need to attract more talent into cyber sciences, including women and underrepresented minorities.  The current numbers of students are just not enough to satisfy demand and expanding diversity adds fresh perspectives to creatively tackle difficult problems.

Higher Education Asks.jpgSecond, students must be trained with relevant aspects and materials that take into account the highly dynamic subject-matter and environment.  Optimally, this should extend to post-graduates as part of continual learning programs.  The professionals of today also have a role to play.  They must contribute to the growth and security of tomorrow by advising and mentoring students, assisting educators, and contributing to the development of curriculums.  In a recent presentation to educators and academia administrators at the NSF Cybersecurity Summit, I recommended both an expansion of traditional topics and engaging industry practitioners to help provide timely insights and discussions for students.  Teamwork across academia and the private sector is mutually beneficial and will help raise the effectiveness of graduates as they enter the workforce.

Third, the curriculums must be designed to align to the security roles in the market.  An adequate level of consistency across teaching institutions, attesting to a completion of applicable studies is required.  In short, a recognized degree program for cyber sciences must be established.

Progress toward the goal

The shortfall in talent is no surprise as the industry has seen this coming for some time and a number of groups have been working diligently to change the academic system which supports cybersecurity professionals.  The US National Initiative for Cybersecurity Education (NICE) is a strategic organization tying together education, government and the private sectors to address cybersecurity education and workforce development.  The Association for Computing Machinery (ACM) is an international society for computing working to develop uniformed knowledge content for cybersecurity roles.

Working independently, many higher education institutions are taking the initiative to bring in experts to help teach and advise students to deliver more relevant education and better prepare them for the jobs they will be seeking.  They are reaching out to industry professionals to help staff and students stay current on latest trends, research, and best-practices.

The Cyber Education Project (CEP) Industry Advisory Board is leading a national academic accreditation program effort to formally establish a Cyber Science degree and necessary certification criteria.  Institutionally, we should see a formal Cyber Science degree be approved in 2016 to establish consistent guidelines for graduates across the landscape of higher education.

In the meantime however, businesses must adapt to the challenging employment environment.  Hiring of technical and leadership cybersecurity staff will continue to be difficult for the foreseeable future.  Human Resource (HR) departments can play a crucial role in planning and addressing problems.  In a presentation to a Chief Human Resources organization last year, I outlined a number of different areas where HR can facilitate practices to both hold on to good talent already in place and plan accordingly to hire qualified candidates.

Cybersec for HR.jpgHR team must staying on top of competitive salary reviews for current security professionals to insure compensation is at the right level to retain talent in the face of headhunters who are currently circling like sharks, hungry for any opportunity to harvest security professionals.  HR representatives should also be prepared to have candid discussions with managers asking to hire new security staff, as the market price may be misaligned to budgets, compensation disparity could be disruptive to current staffing expectations, and it may take an unusually long time to successfully fill a role.  In some cases, outsourcing may be the best option which should be up for consideration.

Must save cybersecurity

The industry is in trouble as a huge deficit of available professionals continues to grow.  Without well trained personnel, most organizations cannot establish or maintain a sufficient cybersecurity posture.  Academia is the gateway to prepare the next generation of professionals and universities are working purposefully to fill the gaps but are having difficulty in delivering the needed knowledgeable and experienced personnel.  Progress is slow, but inroads are being made by the best of academia.  Cybersecurity may be fought with technology, but it is people who triumph.  We must invest in the future generations of professionals who will carry-on the fight.  Higher education must save cybersecurity.

 

This post was originally posted on Aug 24, 2015 on the Intel communities site 

The post Higher Education Must Save Cybersecurity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/higher-education-must-save-cybersecurity/feed/ 0
The New and Next at Intel Security https://securingtomorrow.mcafee.com/executive-perspectives/new-next-intel-security/ https://securingtomorrow.mcafee.com/executive-perspectives/new-next-intel-security/#respond Wed, 21 Oct 2015 22:47:02 +0000 https://blogs.mcafee.com/?p=45781 At Intel Security we’re re-defining how we envision security, beginning with a new, strategic focus on the threat defense lifecycle. That’s why in the coming days, weeks, and months you’ll see and hear us make a number of moves that layout our thinking around the next chapter in security, and further define the unique ways …

The post The New and Next at Intel Security appeared first on McAfee Blogs.

]]>
At Intel Security we’re re-defining how we envision security, beginning with a new, strategic focus on the threat defense lifecycle. That’s why in the coming days, weeks, and months you’ll see and hear us make a number of moves that layout our thinking around the next chapter in security, and further define the unique ways in which we protect the computing experience. Our goal is to help enterprises address more threats faster, with fewer people, and to help everyone better protect their data, systems, and personal information. With an unwavering focus on outcomes, we are making changes in our portfolio, in our investment strategy, and in our technology roadmap.

Our strategic vision is new, but our core focus of innovating and delivering solutions to protect digital platforms, and to detect and correct attacks on systems and data, remains job one. Our leadership team and I have partnered over the past year to put in place a long-term plan to transform our business.

Starting next Tuesday, October 27, at FOCUS15 in Las Vegas, Intel Security begins to unveil the results of our strategic decisions and investments. You can expect some important product announcements during my main stage keynote, with follow-on demonstrations of our technology in action, both today and tomorrow, by Brian Dye, our head of corporate products, and Steve Grobman, our CTO.

I’m proud of the news and announcements you’ll notice as a result of our new strategic vision. From the smallest of changes to the biggest of ideas, everything we’re doing begins and ends with the needs of our customers and partners. Intel Security’s singular focus is on creating technologies for the next horizon in security.

If you want to track headlines as they happen, bookmark our newsroom and check back often.

Chris

@youngdchris

The post The New and Next at Intel Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/new-next-intel-security/feed/ 0
Looking Forward to FOCUS https://securingtomorrow.mcafee.com/executive-perspectives/looking-forward-focus/ https://securingtomorrow.mcafee.com/executive-perspectives/looking-forward-focus/#respond Mon, 19 Oct 2015 16:05:15 +0000 https://blogs.mcafee.com/?p=45718 Security is a new game—with new threats and demands across your enterprise, but also with opportunities for the next horizon in security. At FOCUS15 we put the new and the next front and center. It’s a conversation that starts with you. That’s why in a few days we’ll meet in Las Vegas to shine a …

The post Looking Forward to FOCUS appeared first on McAfee Blogs.

]]>
Security is a new game—with new threats and demands across your enterprise, but also with opportunities for the next horizon in security. At FOCUS15 we put the new and the next front and center. It’s a conversation that starts with you.

That’s why in a few days we’ll meet in Las Vegas to shine a spotlight on the ways in which Intel Security Group is re-defining security, and helping you address more threats faster, with fewer people. We’ll lay out thinking around the evolving threat defense lifecycle—it’s Intel Security’s way of looking at the cyber security threatscape in a new way, and helping you to manage your security operations for better outcomes.

Today’s security landscape is unlike anything you’ve encountered before, as forces like IoT and BYOD expand the attack surface. Our new strategic vision is designed to help you better protect, and detect and correct faster…today, and tomorrow. I’m proud of everything the Intel Security team has been up to over the past year, starting with new solutions you’ll hear all about in Vegas. On the technology front alone, this promises to be a FOCUS unlike any other.

But of course, the best part of FOCUS is the chance to engage 1:1, and catch up with what’s new in your part of the security landscape. A great deal has changed since we met last at FOCUS14. For one thing, last October I’d been with Intel Security for just a couple of weeks. Even so, it was clear then that our need to partner closely in order to solve security’s biggest challenges was never more important. As an extension of your business operations, all of us at Intel Security are eager to share our vision for what the next chapter in this industry holds. Your enterprise is at the leading edge of innovation, smart thinking, and determined action to protect systems and data essential to your continued success. It’s gratifying to stand watch with you in that endeavor, and it’s my sincere hope that FOCUS15 advances your strategic goals. We designed this year’s event with your expectations and needs front and center, and we’re eager to unveil everything we have in store.

If you want to jump into the conversation ahead of FOCUS, I’m hosting a 30-minute Twitter Q&A on Monday, October 26th. You’re invited! Here’s your ticket, in three easy steps:

1. Starting Monday, October 19th, submit your security questions via Twitter, using the hashtag, #FOCUSQA

2. Questions can be submitted up through Sunday, October 25th

3. Sign in to Twitter at 10:30AM PT on Monday, the 26th, to see my answers, LIVE, via @youngdchris. I’ll get to as many as I can in 30 minutes!

Also be on the lookout for a number of other ways to participate across social media during FOCUS15. This is your opportunity to be part of a great security story.

I can’t wait to see you in Las Vegas—to share with you the inside track on the new and the next, and how we’ll shape the future of security technology, together.

Chris

The post Looking Forward to FOCUS appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/looking-forward-focus/feed/ 0
How Is Your Data Getting Out? https://securingtomorrow.mcafee.com/executive-perspectives/how-is-your-data-getting-out/ https://securingtomorrow.mcafee.com/executive-perspectives/how-is-your-data-getting-out/#respond Fri, 18 Sep 2015 15:49:53 +0000 https://blogs.mcafee.com/?p=45388 It’s 11:00 p.m. Do you know where your data is? Most reports on data theft events concentrate on how the bad guys got into the organization, what failed to stop them, and what information was taken. I often think about how the information was taken out, or exfiltrated, and who the likely culprits were. Intel …

The post How Is Your Data Getting Out? appeared first on McAfee Blogs.

]]>
It’s 11:00 p.m. Do you know where your data is?

Most reports on data theft events concentrate on how the bad guys got into the organization, what failed to stop them, and what information was taken. I often think about how the information was taken out, or exfiltrated, and who the likely culprits were.

Intel Security recently published a research study that addresses these questions. The most likely thieves are organized crime, hacktivists, and nation states, although insiders are accomplices in about 40% of the thefts, according to the study. When insiders were involved, including employees, contractors, and third-party suppliers, half of the breaches were intentional and the other half accidental.

We asked security professionals at midsize and large companies about their concerns and challenges around data theft. The top two were increasing sophistication of attackers and prevalence of malicious external threats.

On average, the professionals we surveyed have experienced six security breaches that resulted in data exfiltration over their careers, and four of those incidents were serious enough to negatively impact their companies’ financials or require public disclosure. Only half of the breaches were discovered by internal security teams. The other half were found by various external entities such as white hat hackers, law enforcement agencies, and credit card companies.

The Perpetrators: External vs Internal Actors

Figure 1. Actors involved in data breaches

Data thieves are interested in every piece of personal information that your company collects about customers and employees, from names and addresses to account credentials and health information. More than 60% of data theft incidents reported by survey participants involved personally identifiable information, with other valuable financial and payment information (25%) and intellectual property (14%) making up the rest. Structured data, stolen from databases, is the most likely theft when measured by quantity. However, when asked what proportion of incidents involved different data formats, participants said Microsoft Office documents were the most commonly stolen format, followed by CSV files and PDFs.

Open Season On Customer Data

How the data is getting taken out is perhaps one of the most interesting survey findings. Physical media was involved in half of the reported thefts by insiders — especially laptops and USB drives — and in 40% of the thefts by attackers from outside. When thieves leveraged networks to steal data, file and tunneling protocols were the top transport mechanism (25%), followed by Web protocols (24%), and email (14%).

However, increasingly sophisticated attackers are using a wide range of protocols and techniques to get data out, including peer-to-peer, secure shell, instant messaging, voice over IP, and hiding the data within images or video. They are also disguising the data to sneak it through defenses, using encryption, compression, and other obfuscation techniques and making it increasingly challenging to catch data theft with just perimeter and endpoint security.

For a detailed explanation of attacker motivations, typical data targets, and exfiltration methods, read “Data Exfiltration: An Important Step in the Cyber Thief’s Journey” in the just-published McAfee Labs Threats Report: August 2015.

Understanding the valuable targets, motivations, and techniques of cyber thieves is important to detecting data exfiltration and preventing data loss. Some important steps that will help you counter data theft include:

  • Build a data inventory to help prioritize defenses.
  • Identify normal data flows for sensitive data. Abnormal data movement is often the first sign of a compromise.
  • Data loss prevention (DLP) software adds additional controls to data movements and, along with intrusion detection and prevention systems, accounts for the largest proportion of data breach discoveries.
  • Policy and risk management software provide the necessary review and oversight to protect your sensitive data while keeping it accessible to those who need it for their jobs.

Together, these tools will defend your network in depth and help you to know where your data is and how to keep it from being stolen.

The post How Is Your Data Getting Out? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/how-is-your-data-getting-out/feed/ 0
Your “Check Security” Light is On https://securingtomorrow.mcafee.com/executive-perspectives/check-security-light-2/ https://securingtomorrow.mcafee.com/executive-perspectives/check-security-light-2/#respond Mon, 14 Sep 2015 04:00:38 +0000 https://blogs.mcafee.com/?p=45188 Please restart your car in safe mode Your car may not get a “Check Security” light in the future, but it might get an “Update Software” light. In addition to Drive, Reverse, and Park, it may also get a Safe mode with diminished but sufficient functions to get home or to a safe stop in …

The post Your “Check Security” Light is On appeared first on McAfee Blogs.

]]>
Please restart your car in safe mode

Your car may not get a “Check Security” light in the future, but it might get an “Update Software” light. In addition to Drive, Reverse, and Park, it may also get a Safe mode with diminished but sufficient functions to get home or to a safe stop in the event of an automotive security incident.

As automotive systems use more and more electronic control units and greater information sharing inside and outside of the vehicle, computer security and data privacy join safety and reliability as important aspects of vehicle design, production, and operations. Intel is part of a large ecosystem of manufacturers, suppliers, standards bodies, universities, and government organizations collaborating to advance the research and best practices on secure driving experiences. Consumer trust and confidence in the security of their vehicle will become as important as reliability and safety were when they emerged as critical consumer issues and competitive differentiators.

“Unsafe at any bandwidth” is not a title that anyone wants to see published. Vehicle designers, product engineers, and suppliers are all working to design in security that can detect, protect, and mitigate current and emerging threats. While networking in-vehicle systems and connecting cars to the Internet increases the threat level, distributed security architectures and layers of defenses that are intentional and proactive will help secure them from chip to cloud. These layers include:

  • Hardware security, such as secure boot, tamper protection, memory protection extensions, and device identity that defend the operating components from intentional or accidental damage.
  • Software security, such as virtualization, software containers, digital authentication, and behavior enforcement, that isolate vehicle functions, verify identities, and restrict inappropriate messages and activities.
  • Network security, such as firewalls, message authentication, and behavior enforcement that protects messages and personal information while it is in transit inside the vehicle, between vehicles, or to external services.
  • Cloud security, such as secure authenticated channels, remote monitoring, threat intelligence, and over-the-air updates that provide real-time connections to additional security services that help detect and correct threats before they get to the car.
  • Supply chain security, such as authorized distribution channels, component track and trace, and supply continuity that detect and protect the supply chain from compromise and from infiltration of tainted or counterfeit parts.
  • Data privacy and anonymity, such as encryption and authentication, data anonymization, and appropriate policies that protect personally identifiable information, control unauthorized data access, and constrain data leakage.

These tools and technologies can be designed in to the vehicle, but it also has to be protected once it has left the dealership, a lifecycle that can extend for 15 years or more. Increases in computing performance, storage capacity, and development of new attack methodologies could make currently impossible attacks possible. Securing cars over their lifetime means introducing techniques like firmware and software patches, over-the-air updates, and other countermeasures to quickly close vulnerabilities and reduce the cost of recalls. It also means developing incident response plans that encompass all of the stakeholders, including drivers, owners, manufacturers, suppliers, aftermarket parts, dealers and service operations, emergency or transportation agencies, and security vendors.

There are many open questions in this area, and we are just scratching the surface of the security and privacy issues facing the next generation of vehicles. However, we believe that collaboration on research, development, and operations makes the goal of trusted vehicles and confident driving experiences achievable. To learn more about Automotive Security, read our white paper:  www.mcafee.com/autosecuritywp

Other Resources:

The post Your “Check Security” Light is On appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/check-security-light-2/feed/ 0
On Vehicle Cybersecurity, We’re Pulling Into the Fast Lane https://securingtomorrow.mcafee.com/executive-perspectives/vehicle-cybersecurity-pulling-fast-lane/ https://securingtomorrow.mcafee.com/executive-perspectives/vehicle-cybersecurity-pulling-fast-lane/#comments Mon, 14 Sep 2015 04:00:08 +0000 https://blogs.mcafee.com/?p=45216 Automotive cybersecurity needs more focus on best practices, common ground, and standard platforms, and today Intel advances that cause by establishing a new Automotive Security Review Board. The ASRB will research and collaborate on auto cybersecurity technologies and products for a new era in transportation – one where a “Security Update” dashboard light may be …

The post On Vehicle Cybersecurity, We’re Pulling Into the Fast Lane appeared first on McAfee Blogs.

]]>
Automotive cybersecurity needs more focus on best practices, common ground, and standard platforms, and today Intel advances that cause by establishing a new Automotive Security Review Board.

The ASRB will research and collaborate on auto cybersecurity technologies and products for a new era in transportation – one where a “Security Update” dashboard light may be as common as the “Check Engine” indicator.

The board’s work is sorely needed. The auto industry realizes that diversity and complexity of onboard components is not a sufficient hacking inhibitor, as was once thought. A vehicle is a system of components that come together and increasingly we’ve been adding computing components and sensors to those systems.  Not long ago we started connecting them to the Internet.  Now that these complex computing systems, in vehicles, are connected to the Internet they can be attacked remotely, just like any other computing system.

What’s really unique here is that the consequences of attacks on these computing devices are potentially far greater than attacks on PC’s or servers.   Essentially we could lose a lot more than our data and information, people could be seriously hurt, or worse. Just like with any connected system, there’s no perfect security.  However we can raise the bar against cyber-attacks in vehicles and Intel is doing just that.

We have a lot of the right cybersecurity expertise in house to help design a solid connected vehicle system.  However, the board allows us to bring in outside talent, giving many different perspectives, and to manage the complexity more quickly and get to some good cybersecurity outcomes. This is a team effort Intel Security is proud to be part of.

In fact, we’re proud to be among the leading thinkers in security for autonomous driving. We’ve summarized our views of the challenges in a white paper released today, “Automotive Security Best Practices: Recommendations for Security and Privacy in the Era of the Next-Generation Car,” which I recommend you read.

Vehicles are undergoing a transformation unmatched since the starter motor put an end to hand-cranking the engine. We’re excited to help accelerate things.

See more: https://securingtomorrow.mcafee.com/executive-perspectives/check-security-light-2/ 

The post On Vehicle Cybersecurity, We’re Pulling Into the Fast Lane appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/vehicle-cybersecurity-pulling-fast-lane/feed/ 1
What Would You Do Differently If You Knew You Were Going To Be Robbed? https://securingtomorrow.mcafee.com/executive-perspectives/differently-knew-going-robbed/ https://securingtomorrow.mcafee.com/executive-perspectives/differently-knew-going-robbed/#respond Thu, 27 Aug 2015 16:37:17 +0000 https://blogs.mcafee.com/?p=45052 Neither prevention nor detection alone is sufficient in today’s cybercrime environment. Losing irreplaceable photos, laptops without current backups, and heirloom jewelry are among the biggest fears if your house is robbed. We use deadbolts, alarm systems, and other protection features to deter robbers, but what would you do if you knew for sure that someday …

The post What Would You Do Differently If You Knew You Were Going To Be Robbed? appeared first on McAfee Blogs.

]]>
Neither prevention nor detection alone is sufficient in today’s cybercrime environment.

Losing irreplaceable photos, laptops without current backups, and heirloom jewelry are among the biggest fears if your house is robbed. We use deadbolts, alarm systems, and other protection features to deter robbers, but what would you do if you knew for sure that someday in the near future you would be robbed? Back up the photos and laptop offsite? Put the jewelry in a safe? What if your alarm company told you that all of its customers had been robbed, some just don’t know it yet?

Some security experts say that there are only two types of companies: those that have been hacked, and those that don’t know they have been hacked. Since the beginning of cybercrime, security has focused on prevention. Firewalls got thicker, scanners more detailed, blacklists longer, and whitelists more specific. Unfortunately, as the threat volume continues to grow, attack surfaces grow wider, and new devices become harder to protect, we need to acknowledge that sometimes attacks will get through.

Clearly, we should not be giving up and accepting the notion that the only possible states are hacked, being hacked, and about to be hacked; there is still a lot we can do to improve protective and preventive measures. If we acknowledge the increased risk, then we should plan to be better prepared for the possibility of a breach, detecting it sooner, and correcting it faster. Many recent attacks on companies have gone on for months — sometimes even years — without being detected. We need to start shifting priorities so that we are balancing the amount of time and money being spent on prevention and allocating more time and budget to detection.

Protect And Prevent

If you lived in a neighborhood with a high probability of a break-in, you would have more protection. But you would probably also add some documentation and surveillance techniques: a detailed home inventory with photos so that you can identify missing items; external cameras or motion sensors to let you know that unauthorized people have been snooping around;  maybe even some spy tricks such as pieces of tape or hair across the door frame, light coating of powder near the jewelry box, or desktop items arranged to highlight tampering.

Your security incident-response strategy needs similar tools. Computer-protection systems generate alerts, events, and other messages in an attempt to help you determine if you have been hacked. Unfortunately, with so many of them working in isolation, it can result in more noise than help. The other major issue is time and scale.  When dealing with a major incident, trying to work through a massive data set takes time, and trying to do it en masse compounds the problem.

A detection strategy helps to remove noise from the security messages. One place to start is the endpoints. Assuming that you can set and forget your endpoint security tools is no longer valid. These devices, usually the first stage of an attack, can provide vital assistance that helps the security team react faster and contain sooner. This includes predefined and customizable indicators of compromise, real-time and forensic event analysis, rapid response to isolate suspected infections from the network, and roll-back of recent changes. A detection strategy should also include capability to alert on future critical events or state changes for specific indicators of compromise, or more important, to look for and alert on indicators of attack before you are compromised.

Neither prevention nor detection alone is sufficient in today’s cybercrime environment. You need to be able to prevent what can be prevented, but also quickly determine if you have been compromised, how it happened, and what was stolen so that you can move to contain and recover from the theft.

View the original post on Dark Reading.

The post What Would You Do Differently If You Knew You Were Going To Be Robbed? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/differently-knew-going-robbed/feed/ 0
From Vicious To Virtuous: A Plan Of Attack For Incident Response https://securingtomorrow.mcafee.com/executive-perspectives/vicious-virtuous-plan-attack-incident-response/ https://securingtomorrow.mcafee.com/executive-perspectives/vicious-virtuous-plan-attack-incident-response/#respond Thu, 27 Aug 2015 16:35:18 +0000 https://blogs.mcafee.com/?p=45054 How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency. Post-audit, post-breach, post-I-just-started-a-new-job, you know you should boost your incident-response efforts and may wonder where to invest. In a new SANS survey on incident response, co-sponsored by Intel Security, the top impediments to IR success were …

The post From Vicious To Virtuous: A Plan Of Attack For Incident Response appeared first on McAfee Blogs.

]]>
How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency.

Post-audit, post-breach, post-I-just-started-a-new-job, you know you should boost your incident-response efforts and may wonder where to invest. In a new SANS survey on incident response, co-sponsored by Intel Security, the top impediments to IR success were predictable, with shortage of skills and budget for tools and technology leading the list (see chart below).

Overall, there’s a correlation between many of the top 10 impediments. For example, a company’s visibility across events and domains and its ability to discern malicious from benign events would both be improved if it had the right tools and technology. This is a vicious circle.

How do you get off this hamster wheel? Through two strategies:

  • Increase the cost and effort required by the bad guys
  • Increase your efficiency

Harder For Them

First, make the bad guys lives’ difficult. For example, in a survey at Black Hat 2015, we asked where people were struggling most today across the attack chain (see chart below).

Mitigation of the number one challenge — exploitation — requires reducing the attack surface, not just structurally as you might with controls such as application whitelisting, but in an ongoing way with active vulnerability management.

Incident responders can provide the most valuable insights as to the nature and tactics of attacks and where your specific organizations may be vulnerable. Capturing and sharing that feedback quickly so administrators can refine policies and improve countermeasures can be tremendously helpful in staying on the pre-breachside of the attack timeline. And this effort is selfishly beneficial for incident responders: By raising the bar on protection, fewer security events enter their queue.

Threat-intelligence sharing is another way that you can make the cybercriminal business less profitable. Attackers have to keep moving on, keep evolving, keep investing. For instance, as you discover new malware in your sandbox, use STIX to share its details. In addition, consume select STIX feeds, hunt for those indicators within your infrastructure, and match your internal detections to industry findings to prioritize events (and the utility of external data). These efforts help address the command-and-control and delivery challenges that Black Hat attendees highlighted.

Easier For You

In addition, drive to increase your efficiency. As the SANS survey shows, there are many different opportunities for improvement in both detection and response such as better detection of stealthy maneuvering through expanded visibility and advanced analytics. This survey shows that correlation and anomaly detection are being adopted and having an impact. It aligns with other survey findings about the value of timely data.

Customers tell us they see ROI when they centralize event and threat data, processes, and policy management. They can distill and prioritize events that are most relevant to their organizations (detect the real malicious events), then contain and remediate compromised systems using centralized tools and workflows. These are the challenges the SANS survey respondents highlighted. Together, these strategies shrink dwell time, reduce the costs of attacks, and enhance that virtuous cycle.

View the original post on Dark Reading.

The post From Vicious To Virtuous: A Plan Of Attack For Incident Response appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/vicious-virtuous-plan-attack-incident-response/feed/ 0
Survey Says: Incident Response Is Fighting Back https://securingtomorrow.mcafee.com/executive-perspectives/survey-says-incident-response-fighting-back/ https://securingtomorrow.mcafee.com/executive-perspectives/survey-says-incident-response-fighting-back/#respond Tue, 25 Aug 2015 00:47:02 +0000 https://blogs.mcafee.com/?p=44980 Companies appear to be recognizing the need for increased incident-response spending. Today the SANS Institute released a new incident-response survey that we co-sponsored, with some useful and encouraging findings for practitioners and managers of security operations. There’s quite a bit of good news. At least in part thanks to the increased integration of correlation and …

The post Survey Says: Incident Response Is Fighting Back appeared first on McAfee Blogs.

]]>
Companies appear to be recognizing the need for increased incident-response spending.

Today the SANS Institute released a new incident-response survey that we co-sponsored, with some useful and encouraging findings for practitioners and managers of security operations.

There’s quite a bit of good news. At least in part thanks to the increased integration of correlation and analytics, time to remediation has dropped since last summer. The chart below comparing the two years’ of data shows an overall shift to the left — an improvement in the elapsed time from detection to remediation.

The area in red shows 2015 responses, the area in blue shows 2014 responses to the question: “From the time the incident was discovered, how much time elapsed until remediation was achieved?”

This survey also agreed with findings in other surveys that real-time analytics are helping companies progress. The SANS report says, “A notable 42% of respondents have fully integrated, and 33% have partially integrated SIEM [security information and event management] into their IR ecosystems for analytics during response. Some may also be relying on their CTI [cyberthreat intelligence] tools or services to do the analytics for them, with 26% fully integrating and 28% partially integrating CTI within their functions. The 13% of organizations not currently integrating analytics such as SIEM into their response should consider this a top priority to mature their SOC and IR processes.”

One of the reasons to integrate analytics and SIEM is that centralized tools can accelerate remediation. Even if the decision to remediate needs to involve a human, centralized tools simplify access to and implementation of the right correction. Specifically, centralized tools help more people, including surge resources, get involved in and accurately follow remediation workflows. Automation further improves results. SIEM, Endpoint Detection and Response (EDR), and unified policy management systems are all beneficial ways to centralize and automate approved remediation actions.

Companies appear to be recognizing the need for increased incident-response spending. IR teams should be pleased that the industry is planning increased investments in areas that simplify detection such as correlation and improved visibility into vulnerabilities and threats. (See chart below.)

Question: What improvements in IR is your organization planning to make in the next 12 months?

Our work with enterprises shows that these capabilities complement existing SIEM deployments and help companies mature their overall security operations.

Read the survey and see how your team and plans stack up to the industry’s.

View the original post on Dark Reading.

The post Survey Says: Incident Response Is Fighting Back appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/survey-says-incident-response-fighting-back/feed/ 0
Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware https://securingtomorrow.mcafee.com/executive-perspectives/vulnerable-from-below-attacking-hypervisors-using-firmware-and-hardware/ https://securingtomorrow.mcafee.com/executive-perspectives/vulnerable-from-below-attacking-hypervisors-using-firmware-and-hardware/#respond Fri, 21 Aug 2015 17:00:09 +0000 https://blogs.mcafee.com/?p=44947 Malicious attacks with firmware privileges can compromise an entire system, so it is especially important to apply measures to reduce the risks. Breaking hypervisor isolation and attacking — or exploiting — neighbouring virtual machines is a prominent goal of cyber criminals. At the Black Hat USA 2015 and DEF CON 23 conferences, a group of …

The post Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware appeared first on McAfee Blogs.

]]>
Malicious attacks with firmware privileges can compromise an entire system, so it is especially important to apply measures to reduce the risks.

Breaking hypervisor isolation and attacking — or exploiting — neighbouring virtual machines is a prominent goal of cyber criminals. At the Black Hat USA 2015 and DEF CON 23 conferences, a group of Intel Security researchers from the Advanced Threat Research team demonstrated that some hypervisors are vulnerable to attacks through system firmware launched from administrative guests. These attacks led to successful installation of a rootkit in the system firmware (such as BIOS), privilege escalation to the hypervisor privileges, and exposure of hypervisor memory contents.

Hypervisors employ a range of techniques to isolate software and I/O devices, block escapes from any compromised virtual machine to any other virtual machine, and protect each virtual machine’s secrets from the others, including their operating systems. However, these protections fall short when the physical machine system firmware is infected with a rootkit or when a compromised virtual machine is able to exploit vulnerabilities in the firmware.

In this case, the firmware rootkit was installed by reflashing the system firmware while it wasn’t adequately protected in non-volatile flash memory. Physical access controls should prevent this in some cases. However, the research also demonstrated that the rootkit could be installed from within privileged guests on the machines with inadequately write protected firmware. Our research demonstrated that a rootkit can open a backdoor for an attacker to access the memory contents of all other virtual machines by adding entries to the hardware-assisted page tables and mapping all of DRAM to the attacker’s guest address space. The attacker can then access the active memory of all the other virtual machines on this host and harvest data at will.

Solutions And Exploits

The obvious solution is to increase protection on firmware in flash memory. However, our research also demonstrated that an attacker can exploit other vulnerabilities if the hypervisor allows direct access to the firmware interfaces. For example, we comprised the hypervisor using the resume boot script table in memory that runs when a machine resumes from a sleep state (S3). From a privileged guest, this critical script table structure was changed to access the hypervisor memory spaces. We have published a whitepaper covering the technical details of this S3 resume boot script vulnerability, which has also been independently discovered and discussed by other researchers. In another example, we passed a bad input pointer to the run-time firmware executing in system management mode (SMM) to exploit a vulnerability and inject malicious instructions into this protected area.

In both examples, the attacker first had to exploit some vulnerability in the system firmware of the physical machine such as the SMI handler or BIOS, and then run malicious code with firmware privileges to attack the hypervisor. However, each interface to the firmware that is directly accessible to a virtual machine provides an additional attack vector. Hypervisors can minimize this risk and reduce their attack surface by removing unnecessary guest access to the firmware interfaces and memory locations. Hypervisors can also monitor and proxy interfaces that need to be exposed to the guests and, if possible, apply strict policies on the data passed through them.

Malicious attacks with firmware privileges can compromise the entire system, so it is especially important to apply measures to reduce the risk to applications, software services, and the operating system. You can test your system firmware with available tools such as the open source CHIPSECframework, which tests for many known vulnerabilities, including the attacks described here. To enable further security testing, we will shortly be releasing new functionality in the CHIPSEC framework to test how hypervisors emulate various hardware interfaces.

For more information, our Black Hat presentation can be found at:http://www.intelsecurity.com/advanced-threat-research/content/AttackingHypervisorsViaFirmware_bhusa15_dc23.pdf

–Yuriy Bulygin and John Loucaides contributed to this blog.

View the original post on Dark Reading.

The post Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/vulnerable-from-below-attacking-hypervisors-using-firmware-and-hardware/feed/ 0
Spiderbot, Spiderbot, Does Whatever A Hacker Thought https://securingtomorrow.mcafee.com/executive-perspectives/spiderbot-spiderbot-whatever-hacker-thought/ https://securingtomorrow.mcafee.com/executive-perspectives/spiderbot-spiderbot-whatever-hacker-thought/#respond Fri, 21 Aug 2015 16:00:11 +0000 https://blogs.mcafee.com/?p=44943 Virtual machine, she ignores, owns the bot, then controls yours.  At this week’s Intel Developer Forum, CEO Brian Krzanich demonstrated some gesture-controlled spiderbots during his opening keynote that lit up and danced across the stage, entertaining the crowd. These robots spawned from Intel’s investments in the maker movement, demonstrating the limitless creativity and innovation of …

The post Spiderbot, Spiderbot, Does Whatever A Hacker Thought appeared first on McAfee Blogs.

]]>
Virtual machine, she ignores, owns the bot, then controls yours. 

At this week’s Intel Developer Forum, CEO Brian Krzanich demonstrated some gesture-controlled spiderbots during his opening keynote that lit up and danced across the stage, entertaining the crowd. These robots spawned from Intel’s investments in the maker movement, demonstrating the limitless creativity and innovation of the developer community.

Big Mama spiderbot, reporting for duty

One significant upside to the evolution of technology is lowering the barrier to entry for developers. Innovations like Intel’s Edison board enable an individual or small team to create sophisticated, autonomous robots in days instead of weeks. During the mega-session of Chris Young, senior VP and general manager of Intel Security Group, the bots were assigned sentry duty, guarding a big donut because software developers need to protect important assets such as sugary food and drinks. All joking aside, the reality is that we really do need to protect key assets, and sound coding is critical to securing our infrastructure.

Spiderbot on duty, guarding the donut

Along with this development agility, however, come new risks that need to be understood by Intel Security and developers. As connected devices become more sophisticated, they are inherently more susceptible to attacks. We took the opportunity during Young’s mega-session to showcase how vulnerabilities in the computing ecosystem can be exploited if platform and application developers are not careful in their coding practices.

We replicated a common cloud environment with multiple virtual machines running on the same physical server. In this case, the robots had a control application running in a virtual machine, which was communicating wirelessly and giving the spiderbot commands. Then we asked one of our senior software engineers, Jenny Mankin, to see if she could commandeer the robot for her own nefarious purposes. She could, and she commanded the robot to stop performing its sentry duty.

Jenny Mankin commandeering Steve Grobman’s spiderbot

First, Jenny needed to steal credentials from the control application in the virtual machine. She took advantage of a vulnerability in the firmware implementation to install a rootkit inside the firmware. The rootkit allowed her to remap memory from the controlling VM to her own VM and monitor all activity in the controlling VM. (For more information on this class of attack, refer to the presentation from Black Hat USA 2015 by Intel’s Advanced Threat Research team.) This is a BIOS implementation vulnerability that breaks the VM isolation, moving the classic issue of privilege escalation in the realm of cloud, virtualization, and the Internet of Things. It also shows the attack technique of lateral movement, where the attacker uses her position in the environment (in this case, being on the physical machine) to take the next step in her attack.

In this case, once Jenny had the credentials she was able to reprogram the spiderbot by sending a return-oriented programming (ROP) exploit remotely to open a reverse-shell on the spiderbot. With ROP attacks, instead of trying to inject her own code into the software on the spiderbot, Jenny uses instructions that are already in memory and exploits a buffer-overflow vulnerability to chain together short sequences of instructions in an unintended order to execute the functionality she wants.

With Capabilities Comes Risk

As IoT devices become connected, we get much greater capabilities, but at the same time we expose ourselves to new risks. I think of the challenges demonstrated last month on automotive hacking, where a remote attacker completely took over control of a car. It is a big issue and one that developers need to comprehend in the world of rapid development, which can lead to quick but sloppy coding practices that are functional but susceptible to security vulnerabilities.

In the short term, our focus is helping the developer community understand good security coding practices. For more information, check out the following resources:

In the long term, Intel and Intel Security are looking at technology to detect and prevent this type of exploitation so that your spiderbot — and your donuts — remain yours.

View the original post on Dark Reading.

The post Spiderbot, Spiderbot, Does Whatever A Hacker Thought appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/spiderbot-spiderbot-whatever-hacker-thought/feed/ 0
Defending Critical Infrastructure Without Air Gaps And Stopgap Security https://securingtomorrow.mcafee.com/executive-perspectives/defending-critical-infrastructure-without-air-gaps-stopgap-security/ https://securingtomorrow.mcafee.com/executive-perspectives/defending-critical-infrastructure-without-air-gaps-stopgap-security/#respond Fri, 14 Aug 2015 22:56:48 +0000 https://blogs.mcafee.com/?p=44894 Traditional IT security solutions need modifications to successfully defend critical infrastructure on tomorrow’s cyber battlefields. There has recently been a great amount of discussion regarding critical infrastructure and its inherent security vulnerabilities. Critical infrastructure primarily comprises aging supervisory control and data acquisition (SCADA) and industrial control systems (ICS), which are far more pervasive than most …

The post Defending Critical Infrastructure Without Air Gaps And Stopgap Security appeared first on McAfee Blogs.

]]>
Traditional IT security solutions need modifications to successfully defend critical infrastructure on tomorrow’s cyber battlefields.

There has recently been a great amount of discussion regarding critical infrastructure and its inherent security vulnerabilities. Critical infrastructure primarily comprises aging supervisory control and data acquisition (SCADA) and industrial control systems (ICS), which are far more pervasive than most people realize: The Department of Homeland Security has defined 16 separate critical infrastructure sectors, many of which include outdated cybersecurity protections.

Security Through Obscurity No Longer Works

The vast majority of critical infrastructure consists of aging industrial control systems that were designed to operate on isolated, “air-gapped” networks. If considered at all during protocol development and network design, security took a back seat to more pressing considerations such as low latency and uptime. Multisite connectivity typically occurs via secure WAN links on private telecom networks, and operators tend to emphasize physical security over cybersecurity. Today, however, the lack of attention given to network security during early development is becoming problematic as critical infrastructure is increasingly being connected in some fashion to the Internet, giving hackers a potential access point.

Many of these SCADA and ICS systems run proprietary code on legacy operating systems that have been refined over the decades. In fact, most programmable logic controllers, protocol converters, and data-acquisition servers within these systems lack even basic authentication, making them highly vulnerable to hacking. Today, many operators believe the legacy nature of their systems confers protection, which simply isn’t true. If an asset has potential value, there are cybercriminals and nation states with the means and motives to target it.

New Thinking For The Next Generation Of Critical Infrastructure

Complicating matters further, the administrators and operations personnel tasked with supporting critical infrastructure frequently have different priorities. Operational technology (OT) teams that maintain SCADA networks focus primarily on high resiliency and availability to keep production online at any cost, while information technology (IT) teams that manage corporate networks are more concerned with connectivity, security, and compliance. However, both teams understand today’s security imperative, and within most organizations these teams are actively planning the next generation of security architectures.

As the threat landscape shifts over time, both IT and OT security infrastructure must be able to adapt to new security needs, policies, and threat-detection methods. Single-function security devices will soon be a thing of the past, as security architecture becomes increasingly versatile. Firewalls, intrusion prevention systems (IPS), VPN gateways, and routers all perform vital roles. To achieve the infrequent scheduled downtime requirements of OT environments, these software-based devices must be updatable on the fly while performing the security or networking tasks at hand. And to minimize unscheduled downtime, they must be highly reliable or support active-active clustering with transparent failover options.

In addition to support for OT protocols, it’s clear that traditional IT security solutions will need some modifications to successfully defend critical infrastructure on tomorrow’s cyber battlefields. Here’s a list of some potential features and requirements to get started:

  • Ensure High Performance, Resiliency, And Availability
    As the name implies, critical infrastructure must operate nonstop without performance degradation — even when performing processing-intensive, deep-packet inspection and real-time emulation. In many cases, there’s no such thing as “scheduled downtime.” Therefore, clustering, load balancing, and automatic failover must be standard features of security solutions within critical infrastructure.
  • Make Endpoints More Intelligent And Secure
    The devastating effects of rogue data-scraping apps on point-of-sale systems were made abundantly clear in the aftermath of recent high profile data breaches. Prior to that, Stuxnet opened our eyes to what can happen when industrial programmable logic controllers are compromised within uranium-enrichment facilities.New and existing endpoints must become sentry points capable of validating the use of trusted applications andobserving all connections made by executables. They must share insights with firewalls, IPS, and other security devices across the network and be able to enforce application whitelisting and blacklisting, as well as terminate operation if they become compromised.
  • Protect And Connect Multiple Security Zones
    Security architecture must provide advanced protection from both known and unknown threats within each security zone and be able to securely link traffic between security zones, including distributed facilities. This is another area where traditional security devices have come up short. Creating security devices that can be deployed in multiple roles — as stateful firewalls with VPN termination, IPsec VPN gateways for multisite connectivity, or next-generation firewalls with IPS and application control, for example — enables much tighter security throughout the organization. Moreover, the ability to manage the system with a common security console and share security data in a bidirectional manner — regardless of protocol or connection type — gives critical infrastructure architects and operators new levels of flexibility and management simplicity.
  • Monitor And Manage The Entire System
    It’s impossible to overstate the importance of integrated monitoring and management. Threats can pass between IT, SCADA, and ICS zones, so it’s essential to have end-to-end visibility of critical infrastructure and be able to correlate information across systems to identify and mitigate threats. Placing intelligence on all endpoints allows these devices to share security data and be managed as part of an overall architecture. A global management console not only allows remote provisioning, management, and updating of software on all critical infrastructure devices, it enables application whitelisting and other security policies to be pushed to devices. Tight integration between the global management console and security information and event monitoring (SIEM) solution will accelerate accurate situational awareness and reduce management time and expense. And last but not least, critical infrastructure solutions must simplify the task of compliance reporting and auditing. Integrated monitoring and management makes this possible.

Is our industry currently providing the security technologies, flexibility, and agility to empower critical infrastructure? In many cases I believe the answer is yes, which is good news, given that many of these solutions are also required to secure the Internet of Things and the future of IT overall.

View the original post on Dark Reading.

The post Defending Critical Infrastructure Without Air Gaps And Stopgap Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/defending-critical-infrastructure-without-air-gaps-stopgap-security/feed/ 0
Study Reveals the Most Common Attack Methods of Data Thieves https://securingtomorrow.mcafee.com/executive-perspectives/study-reveals-common-attack-methods-data-thieves/ https://securingtomorrow.mcafee.com/executive-perspectives/study-reveals-common-attack-methods-data-thieves/#comments Fri, 31 Jul 2015 21:46:03 +0000 https://blogs.mcafee.com/?p=44723 Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach. Sophisticated criminals using advanced techniques are behind most of the recent security breaches, targeting small network openings and user weaknesses left vulnerable by even the latest shiny new technology. The painful reality is that security operations are …

The post Study Reveals the Most Common Attack Methods of Data Thieves appeared first on McAfee Blogs.

]]>
Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.

Sophisticated criminals using advanced techniques are behind most of the recent security breaches, targeting small network openings and user weaknesses left vulnerable by even the latest shiny new technology. The painful reality is that security operations are struggling with the ever increasing number of threats and attack vectors, while trying to navigate the confusing landscape of security offerings. To add insult to injury, as operations is endeavoring to get its collection of security systems working together and defending every possible security gap, data thieves only have to find a single exploitable opening.

Our research report, A Thief’s Perspective, looks at the five attack methods that made up the majority of the almost 55 million attacks in Q1 2015. From browser blunders to denial of service, learning more about your attackers helps to improve your security profile and reduce the possibility of a breach. A related report surveyed security professionals on the security readiness of critical infrastructure; these professionals reported a high degree of confidence in their cyber defenses, even in the face of increasing threats. They also felt that increased cooperation between organizations, security vendors, and government agencies was critical to a successful cyber defense.

Interrupted Internet

Interrupting or denying access to Internet services remains the number one attack method, representing over 40% of all attacks. That is partially because this abuse of network resources is the easiest method, requiring only a few dollars in Bitcoin transactions to rent time on a distributed denial of service (DDoS) tool and flood a website with malicious traffic. Sometimes that is the whole attack, sometimes it is a deception tool to distract your security team while the real attack slips in unnoticed. Defenses against DDoS attacks have greatly improved, but they still rely on a solid understanding of normal volumes and patterns in order to quickly identify the beginnings of a DDoS flood, deep-packet and SSL inspection to understand the nature of the abusive packets, and powerful filtering to keep them away from your Internet resources.

When they want to actually get inside, thieves are still focused on users as the weakest point in your defenses. Whether it is from phishing emails, social engineering, or compromised websites, we have seen an 87% growth in suspect URLs in the last year, and browser-based attacks now make up over 35% of all attacks. Thieves are often focused on a specific department or a few key individuals, and will persistently target them until they get that one click they need. Not only is the number of malicious URLs growing rapidly, but thieves are also hiding their malware in feature-rich content such as Adobe Flash and JavaScript, making it harder to catch with static filters. Users need the added protection of intelligent content filtering that can emulate the browser functions to determine the true intent of any inbound scripting or multimedia file and dynamically adapt to user and attacker behavior.

Stealth Attacks

While the vast majority of attacks are knocking on the front door or trying to trick users with increasingly sophisticated Web lures, others are trying to sneak in by stealth, evade your defenses, or slip through in an encrypted stream. One of the big advantages attackers have is that they can analyze every aspect of your defenses, test various products, and try repeated approaches to figure out what might get through. They break malware up into small pieces for later reassembly, try to stay dormant during sandbox inspections, and randomize their callback addresses to get back-out. Finding these devious attacks requires collaboration from all of your defenses to correlate anomalous events and identify the malicious activities from the noise.

We believe that your information and systems can be protected, attacks can be detected, and breaches quickly corrected if we all act in concert. Information silos and shiny new toys will not reduce the number of threat vectors, but real-time information sharing and coordination between security defenses will significantly increase detection rates and reduce the time to contain and correct the situation if any manage to slip through. We need to change the way we think about security if we want a better prognosis about the realities of today’s threat landscape.

View the original post on Dark Reading.

The post Study Reveals the Most Common Attack Methods of Data Thieves appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/study-reveals-common-attack-methods-data-thieves/feed/ 1
Out of Aspen: State of Critical Infrastructure Cybersecurity, 2015 https://securingtomorrow.mcafee.com/executive-perspectives/aspen-state-critical-infrastructure-cybersecurity-2015/ https://securingtomorrow.mcafee.com/executive-perspectives/aspen-state-critical-infrastructure-cybersecurity-2015/#respond Mon, 27 Jul 2015 18:38:53 +0000 https://blogs.mcafee.com/?p=44637 The good, bad, and potentially worse of critical infrastructure protection. There has been a significant post-9/11 focus on securing critical infrastructure systems – many of which pre-date the Networked Age and were potentially more vulnerable to attack that newer networked systems. Cyber-attacks on critical infrastructure systems have not yet resulted in the loss of human …

The post Out of Aspen: State of Critical Infrastructure Cybersecurity, 2015 appeared first on McAfee Blogs.

]]>
The good, bad, and potentially worse of critical infrastructure protection.

There has been a significant post-9/11 focus on securing critical infrastructure systems – many of which pre-date the Networked Age and were potentially more vulnerable to attack that newer networked systems. Cyber-attacks on critical infrastructure systems have not yet resulted in the loss of human lives. And yet a number of recent events suggest that a closer look at the state of critical Infrastructure cybersecurity is necessary to determine progress and unfulfilled needs.

The annual Aspen Security Forum takes place this week in Aspen, CO. This two-day line-up of national security panels and 1:1 discussions presents a great forum to gauge the state of critical infrastructure cybersecurity. In cooperation with the Aspen Institute, Intel Security surveyed security professionals in energy production, financial services, transportation, telecommunications, and many government functions to determine what progress has been made, and what areas require greater attention.

Our survey results revealed the good, the bad, and the potentially worse of critical infrastructure protection:

·       The good news: no catastrophic loss of life and an improve confidence in critical infrastructure cyber security postures

·       The bad news: cyber-attacks are real, increasing, and capable of real, substantive damage to our critical infrastructure

·       The potentially ugly: attacks are likely to become fatal and could escalate from the digital to physical realms.

First, consider the good news.

Respondents demonstrate a significant degree of confidence in the state of their cybersecurity posture – confidence registered by both satisfaction in their security defenses and a perceived decline in vulnerability to attacks in recent years. Half of respondents considered their organizations “very or extremely” vulnerable three years ago. By comparison, 27 percent believe that their organizations are currently “very or extremely” vulnerable today.

Eighty-four percent are “satisfied” or “extremely satisfied” with the performance of their own security tools such as endpoint protection, network firewalls, and secure web gateways. If anything, the greatest threat to critical infrastructure appears to be human rather than technical. As we’ve seen in other areas, the most common cause of successful attacks on critical infrastructure is human error – users falling victim to social engineering such as spear phishing.

This confidence does not mean that they are complacent.

More than 70 percent think the threat to their organizations is escalating. Almost 9 out of 10 experienced at least one attack in the last three years that caused some damage, disruption, or data loss, with a median of close to 20 attacks per year. Forty-eight percent believe it likely to extremely likely that a critical infrastructure cyber-attack will result in human fatalities in the next three years.

While they continue to look at further investment in various security areas, the vast majority think that greater cooperation and public-private partnerships with national and international agencies are important to keep pace with the escalating threat landscape.

What form would these joint activities take? Well, the top rated suggestions were joining a national or international defense council to share threat intelligence and defense strategies, taking coordinated direction on cyber defense, or even national legislation that requires cooperation with government agencies. The majority of respondents felt that their own government as well as international agencies could be valuable and respectful partners in cybersecurity, and many were open to sharing network visibility if it was deemed vital to national or global cyber defense.

However, one caution was that more than three-quarters of the security professionals supported the use of national defense forces to retaliate in response to a fatal critical infrastructure attack within the country. Given that only a third think that nation-state security services are behind the serious attacks on their organization, identifying a target for retaliation is problematic. Even if a nation-state is responsible, how do you conclusively determine the source of the attack, when it is using code borrowed or bought from organized crime in one country and servers spread across 5 other countries?

It is essential for the public and private owners and managers of critical infrastructure to act now. Nobody wins if a digital conflict escalates into conventional, kinetic conflicts between nations. Developing successful public-private cooperation today will help us avoid military escalation scenarios tomorrow.

View the original post on Dark Reading.

The post Out of Aspen: State of Critical Infrastructure Cybersecurity, 2015 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/aspen-state-critical-infrastructure-cybersecurity-2015/feed/ 0
Out of Aspen, Part 2: Sequestration is Penny Wise, but Pound Foolish for Cyber Security https://securingtomorrow.mcafee.com/executive-perspectives/aspen-part-2-sequestration-penny-wise-pound-foolish-cyber-security/ https://securingtomorrow.mcafee.com/executive-perspectives/aspen-part-2-sequestration-penny-wise-pound-foolish-cyber-security/#respond Fri, 24 Jul 2015 20:04:23 +0000 https://blogs.mcafee.com/?p=44621 Governments globally need to focus on the unintended consequences of across the board attempts to deal with deficit spending.  Saving pennies is important, but we need to make certain those savings do not cause large consequences for security that will cost much more in the long run. Cyber data breaches are a prominent topic this …

The post Out of Aspen, Part 2: Sequestration is Penny Wise, but Pound Foolish for Cyber Security appeared first on McAfee Blogs.

]]>
Governments globally need to focus on the unintended consequences of across the board attempts to deal with deficit spending.  Saving pennies is important, but we need to make certain those savings do not cause large consequences for security that will cost much more in the long run.

Cyber data breaches are a prominent topic this week at the Aspen Institute’s Aspen Security Forum in Aspen Meadows, CO, particularly given the recent series of high-profile data breaches in government. Both FBI Director James Comey and Homeland Secretary Jeh Johnson pointedly mentioned during their interviews that the great efforts of their respective organizations would be severely diminished should sequestration occur again due to a Congressional failure to reach a budget.

“Decapitating the budget” is the exact phrase Secretary Johnson used to refer to the potential impact of sequestration.  A 2013 Office of Management and Budget memo called out the cancellation of $85 billion of budget across the US federal government and further uncertainty from the expiration of continuing resolution during the last sequestration.

This budget elimination severely hampered ongoing operations and personnel, producing a terrible effect upon every government organization.  But the 2013 sequestration also produced an unintended result that could have inadvertently provided assistance to state-sponsored adversaries.

Many security experts agree that the first noteworthy activity performed by cyber criminals, state-sponsored adversaries, and activists alike is reconnaissance against their potential victim organization.  This reconnaissance gathers information on key individuals within the organization. This information fuels the social engineering needed to effectively target specifically identified individuals and systems through tactics such as spear phishing.  Information on personnel with credentials and access to critical mission or business systems is therefore intelligence of the highest order.  The possession of such intelligence significantly increases chances for success for the state-sponsored or criminal cyber-attack.

During the 2013 sequestration, the specific guidance from federal organizations was to identify personnel who were exempt from being furloughed during the government shutdown.  For example, DHS guidelines required the following, creating a focus group for adversaries:

“Retaining minimal personnel to maintain telecommunications as they relate to exempt activities.” 

These exempt activities included counter-terrorism efforts and protective Secret Service functions, and the information technology and security personnel required to ensure their success.  Government-wide guidance of this kind prioritized the most essential personnel as it related to supporting essential government missions – department by department, agency by agency.  By identifying ‘essential’ personnel and excluding non-essential personnel from government facilities through furloughs, state-sponsored adversaries were given a reconnaissance gold mine in which to drill.

The physical foot traffic in and out of government buildings during sequestration were in many cases the essential information technology and security personnel required to keep the electronic presence of a department or agency functioning – the same people that adversaries are desperately trying to identify in order to compromise credentials that give them the ability to operate with impunity on government networks.  The reduced number of people entering and exiting federal buildings directly correlated with a reduced amount of effort to identify and prioritize targets of opportunity.

In the TJ Maxx information security and privacy debacle in the early 2000s, cyber criminals were ‘war driving’ and ‘war parking,’ literally setting up shop in the parking lots of the TJ Maxx stores to capture the unencrypted wireless traffic which included millions of credit card records.  Is it really so difficult to believe that state-sponsored adversaries would utilize this same technique, parking outside public federal buildings in order to perform physical reconnaissance such as high resolution photography to begin to identify and capture information about the reduced number of personnel entering and exiting public federal buildings during sequestration-driven furloughs?

High-deficit government spending makes budgetary issues such as sequestration a constant and ongoing threat to federal operations.  If sequestration is to occur again, federal guidance needs to include how to protect organizations from giving adversaries reduced barriers to gaining valuable reconnaissance intelligence.

The post Out of Aspen, Part 2: Sequestration is Penny Wise, but Pound Foolish for Cyber Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/aspen-part-2-sequestration-penny-wise-pound-foolish-cyber-security/feed/ 0
Are Criminals Quicker Than The Flash? https://securingtomorrow.mcafee.com/executive-perspectives/are-criminals-quicker-than-the-flash/ https://securingtomorrow.mcafee.com/executive-perspectives/are-criminals-quicker-than-the-flash/#respond Mon, 20 Jul 2015 16:00:37 +0000 https://blogs.mcafee.com/?p=44517 Using the right technology, we can defeat the malicious exploitation of Flash and return it to its full superhero status. Flash is everywhere. Not the DC Comics superhero with impossible speed, but the Adobe multimedia and software platform that is ubiquitous in our digital lives. While criminals hate the superhero Flash, they appear to love …

The post Are Criminals Quicker Than The Flash? appeared first on McAfee Blogs.

]]>
Using the right technology, we can defeat the malicious exploitation of Flash and return it to its full superhero status.

Flash is everywhere. Not the DC Comics superhero with impossible speed, but the Adobe multimedia and software platform that is ubiquitous in our digital lives. While criminals hate the superhero Flash, they appear to love the Adobe one. Why? Because it is installed on so many devices, has many known and unpatched vulnerabilities, and the resulting exploits can be difficult to catch. As a result, the number of Adobe Flash malware samples has increased fourfold from Q4 2014 to Q1 2015. Some of this growth can be attributed to off-the-shelf exploit kits such as Angler that make it easy to deliver malicious payloads through Flash Player.

Adobe started a vulnerability disclosure program last year to address the vulnerabilities discovered in Flash and other Web applications. The best defense against these exploits is automatic installation of Flash patches. These are usually distributed the same day that a vulnerability is submitted, so the window of risk is small for systems that are regularly updated.

Another effective defense is blocking Flash files with .swf extensions from coming through Web gateways, email gateways, and other forms of file transfer within your organization. At the very least, companies should educate their users to use extreme caution when opening files of this type.

Unfortunately, one of the successful attack vectors for Flash is malicious advertisements on legitimate websites. The prevalence of legitimate Flash content makes it difficult or impossible to block all .swf files at the endpoint, so other defenses are necessary to detect and protect against zero-day Flash exploits or older exploits if your systems are not updated frequently enough.

The Evasive Nature Of Malware

Flash exploits are evading traditional signature-based malware detection, as well as more advanced malicious code analysis. They do this by taking advantage of the scripting functionality of Web browsers, the same functionality that makes Web applications so powerful and user-friendly. Malicious scripts dynamically change their code during execution, hide other parts within the HTML document, and then execute the necessary code to exploit the appropriate vulnerability. Detecting these attacks requires emulation of the script and the browser in order to observe and block the malicious behavior.

Using a Web gateway with full browser emulation, the malicious script is allowed to assemble and execute in captivity. If it exhibits malicious behavior, then it is convicted and blocked. Information about the malicious script or file can then be quickly shared with cloud intelligence to further restrict the spread of the attack, allowing other devices to immediately block the same threat.

As Web exploits advance, so does the security technology built to handle them. Port-level redirection to a Web gateway can remove the limitations of browser compatibility, looking at traffic from all browsers and even applications. Cloud-based Web gateways remove the limitations of network boundaries, allowing you to protect users in any location by redirecting traffic to the closest protection center.

The Internet provides tremendous benefits to our organizations. When it comes with vulnerabilities, the technology is available to detect malicious behavior and protect your organization. Using the right technology, we can defeat the malicious exploitation of Flash and return it to its full superhero status.

View the original post on Dark Reading.

The post Are Criminals Quicker Than The Flash? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/are-criminals-quicker-than-the-flash/feed/ 0
Root of Trust vs. Root of Evil: Part 3 https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-3/ https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-3/#respond Mon, 20 Jul 2015 04:00:06 +0000 https://blogs.mcafee.com/?p=44332 This is the third of three parts about root of trust and the Internet of Things. In Part 1 and Part 2, I covered how root of trust is an important approach to managing risk in virtualized network—especially compliance risks. The first two posts in this series examined several reasons to consider root-of-trust technologies. In …

The post Root of Trust vs. Root of Evil: Part 3 appeared first on McAfee Blogs.

]]>
This is the third of three parts about root of trust and the Internet of Things. In Part 1 and Part 2, I covered how root of trust is an important approach to managing risk in virtualized network—especially compliance risks.

The first two posts in this series examined several reasons to consider root-of-trust technologies. In addition, you should consider Cloud Integrity Technology (CIT) from Intel for its benefits in operational risk management and operational savings.

Operational risk management

There are options available to manage the emerging risks in transport network virtualization, satisfy regulators, and help the business at the same time. These options offer not only cost savings but might also generate new revenues.

As I mentioned earlier, regulatory compliance in IT can be a burden undertaken as grudgingly as any business overhead. With the new risks associated with virtualized networking, new regulatory burdens will follow.

Root of trust is not a regulated requirement for either data centers or virtualized network devices and may never be because there are other ways to show compliance with loosely written regulatory requirements. But few are as cost effective and elegant as root of trust.

As data is processed by more and more virtualized network infrastructure, new regulatory questions around virtualization, and eventually requirements, will emerge for the same reasons as they have evolved in the data center: sensitive information will not only be transported through the network but also be processed in the network.

For instance, the Internet of Things (IoT) will see “normalization” of sensitive data at the edge of the network to improve efficiency and reduce the daily cost of transporting terabytes of potentially superfluous information. Normalization will include functions like compression, authentication, authorization, error checking, and format validation prior to transmission to the processing and storage systems in the (distant) data center.

Network-based normalization functions will be performed on the widest array of information types imaginable: privacy health info, proprietary trade secrets, and information associated with national security. Quite reasonably, the owners of this information will want to have assurances about the information processing waypoints from end to end.

Eventually, beyond information management compliance, we will see regulatory discussions centered on the critical infrastructure protection aspects of network function virtualization (NFV) and software-defined networking (SDN). These technologies will underpin the infrastructure that makes everything from ambulance dispatching to buying groceries to controlling trains and bridges. Much as the legacy infrastructures of telecommunications carriers were regulated in the name of pubic safety and prosperity, the fundamental differences of the new infrastructures will require a significant reexamination.

The new risks generally associated with NFV and SDN as discussed above, coupled with further risks associated with data processing in the network, will require some novel solutions that go beyond old practices. Above all, the viability of the IoT will flourish or die based in large part on the security of technologies like NFV and SDN. But do the benefits of better security cease at “compliance”? Not at all.

Operational savings from root-of-trust technology

Financial benefits, not just compliance, can be derived from high-assurance, virtualized networks.

One of the basic functions of root-of-trust technology is that the trust is verified by centralized systems, which perform “authorization” functions rather than “authentication and validation” functions. The systems agree that a device can do something, instead of determining whether it is a device in the first place.

The key to the preceding paragraph is in the word centralized. Requests and approvals for hardware devices to enter the network and software workloads to start (and stop) on those approved devices are pushed through a centralized control system. These systems also tend to log such events.

In the root-of-trust technology I have described, which is available and evolving within Intel products (CIT), events related to hardware and software start-up and shutdown in the data center and network can be centrally recorded and exported (via integration services) into enterprise resource management (ERM) systems—enabling metered billing for virtualized network functions (VNFs).

Metered billing for VNFs amounts to paying for what you use—as it is consumed, instead of paying for excess capacity to accommodate what you might possibly use under a heavy load, the way most network services are sold today.

Metered billing is a derived benefit for root of trust, making it a dual-purpose technology. With the right integration into ERM systems, root of trust has compliance benefits and also pays dividends.

Hardware-based root of trust is arcane, geeky, and hard to understand. Yet it addresses a dilemma solved by the transport industry many years ago: Are there opportunities to pay a cabbie, rather than feed and stable a horse for every outing?

Conclusion

Hardware root of trust has significant operational and business advantages for telecommunications service providers and enterprises alike. As virtualized networks become part of our core transport networks and our critical infrastructure, new risks are emerging that require new mitigations.

For the beleaguered board member, CIO, or risk officer faced with a business imperative to move toward virtualized networking, root of trust offers an option to simplify and automate compliance efforts and create additional operational savings. Left unchecked, regulatory requirements associated with virtualized networking could become unmanageable.

 

The post Root of Trust vs. Root of Evil: Part 3 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-3/feed/ 0
What Morpho Means: Why Hackers Target Intellectual Property And Business-Confidential Information https://securingtomorrow.mcafee.com/executive-perspectives/morpho-means-hackers-target-intellectual-property-business-confidential-information-2/ https://securingtomorrow.mcafee.com/executive-perspectives/morpho-means-hackers-target-intellectual-property-business-confidential-information-2/#respond Fri, 17 Jul 2015 19:26:32 +0000 https://blogs.mcafee.com/?p=44511 A quiet, professional cyberespionage group steals what every company wants to keep secret: valuable information that drives business. Welcome to the new normal. Corporate cyberespionage made the front page yesterday with the news of Morpho, also known as Wild Neutron. Regardless of what you call it, these revelations were the latest reminder of the growing …

The post What Morpho Means: Why Hackers Target Intellectual Property And Business-Confidential Information appeared first on McAfee Blogs.

]]>
A quiet, professional cyberespionage group steals what every company wants to keep secret: valuable information that drives business. Welcome to the new normal.

Corporate cyberespionage made the front page yesterday with the news of Morpho, also known as Wild Neutron. Regardless of what you call it, these revelations were the latest reminder of the growing prominence of corporate espionage on the cyber landscape. The group targets major IT, pharmaceutical, legal and commodity companies spanning the globe, with concentrated efforts in the United States, Europe and Canada. They are highly organized, and hone in on victims to gather confidential information for future monetization.

The quick and dirty on how Morpho operates: the group’s modus operandi is a combination of watering hole attacks, zero-day exploits and multi-platform malware. They compromise websites pertinent to the target, exploit them and deliver either a Java-based zero-day exploit or a potential Internet Explorer zero-day exploit. Bottom line: this is cyberespionage via zero-day.

What we can draw from this is that they either have the technical know-how to discover zero-days— which is unlikely for a small group, as Morpho is suspected to be — or, they have the resources to purchase zero-day exploits on the black market. Such a reliance on what we refer to as the Cybercrime-as-a-Service marketplace would reinforce our assertion that if you are well-resourced, the “services” are available to get into the cybercrime game.

Morpho used custom Remote Access Tools (RATs) to sniff for targeted information, or other computers to infect. This group also installed backdoors allowing infected machines to communicate with C&C servers over encrypted connections. The smartest thing this group did, however, was clean up after itself – once emails and confidential information was stolen, they securely deleted files and event logs. It was as if they had never broken in.

It’s because of this careful cleanup and precise execution of zero-days, that Morpho has successfully operated since 2011. But, Morpho’s success can be attributed to one thing above all: its single-minded and professional approach to compromising, extracting and leveraging business confidential information (BCI) and intellectual property (IP).

Each is valuable to hackers and can spell trouble for any business if they are lost to competitors.

Intellectual property, any work or invention originating from a creative source—from art, books, designs, images, logos, and company names, to source code, product designs, pharmaceutical formulas, to building blue prints — is as much an asset as financial resources, property, or physical product. Massive resources are allocated to developing complex products and unique concepts the loss of which constitutes billions to companies working to develop ideas that boldly impact the future.

Large industries, like pharmaceutical, chemical, and technology — the very industries targeted by Morpho — are popular targets because their IP is easily reproduced or monetized. But smaller, disruptive companies, developing new ideas, technologies, and products to challenge existing businesses and entire industries, are by no means immune to such cyber-attacks.

To what cost? That’s difficult to quantify for obvious reasons. If a factory burns down, a public company is obligated to reflect that loss in its financial statements. Cyberespionage crimes are as difficult to quantify in cost as they often are to detect. But the U.S. Department of Commerce has estimated IP theft of all kinds (not just cybercrime) as a $200 to $250 billion annual hit to U.S. companies. The Organization for Economic Development (OECD) estimates that counterfeiting and piracy costs companies as much as $638 billion a year. Such numbers have prompted McAfee Labs to conclude that cyberespionage breaches are the “Crimes of the Century”—they impact both society’s present and future economics and progress.

Business confidential information could include investment data, resource exploration data, and sensitive commercial data such as trade secrets, processes, contracts, and operational information — is almost always valuable and actionable, making it an attractive target.

Not too long ago, business confidential information was at the center of a sport-related cyberespionage involving two professional baseball teams: St. Louis Cardinals and Houston Astros. As we saw there and are seeing again with Morpho, information pertinent to business plans, contracts, and transactions is as valuable a commodity (if not more so) than intellectual property. By gaining access to confidential information, Morpho and similar cybercriminals gain insight into an organization, discovering information that can be leveraged to pre-empt critical business transactions, product announcements, and investment news.

The Morpho group has succeeded because they have laser-like precision in what they’re looking for and how they go about getting it. Regardless of intention, tactics used, or business model, the main point is that one key common denominator is driving this sort of cybercrime: the value of information that drives business.

And, as the world’s economies grow increasingly dependent on information as critical capital, cyberespionage is simply part of the global competitive landscape upon which businesses are competing today. The Morpho and Wild Neutron revelations suggest that any other assessment by executive suites—anything less than the business critical need to protect IP and BCI—is dangerously naïve.

For more information on the cost of cybercrimes such as espionage, please see Intel Security’s report with the Center for Strategic and International Studies (CSIS) on the economic impacts of cybercrime and cyberespionage.

View the original post on Dark Reading.

The post What Morpho Means: Why Hackers Target Intellectual Property And Business-Confidential Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/morpho-means-hackers-target-intellectual-property-business-confidential-information-2/feed/ 0
Root of Trust vs. Root of Evil: Part 2 https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-2/ https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-2/#respond Fri, 17 Jul 2015 18:42:20 +0000 https://blogs.mcafee.com/?p=44329 This is the second of three posts about the root of trust and the Internet of Things. In my first post I wrote about the burden of technology compliance and how it may be changing as virtualization enters service provider and enterprise networks and underlies the Internet of Things (IoT). I also wrote about a …

The post Root of Trust vs. Root of Evil: Part 2 appeared first on McAfee Blogs.

]]>
This is the second of three posts about the root of trust and the Internet of Things.

In my first post I wrote about the burden of technology compliance and how it may be changing as virtualization enters service provider and enterprise networks and underlies the Internet of Things (IoT). I also wrote about a technology concept known as root of trust, which is available via Intel’s Trusted Platform Modules (TPM) and managed through Intel’s Cloud Integrity Technology (CIT) software.

Let’s now consider how root of trust will emerge as an opportunity for streamlined risk and compliance management, and some of the risks associated with transport network virtualization.

Emigration of virtualization

In the data center, root of trust is very useful for providing evidence that data and services are being securely managed by the highly automated systems in place around the world today; and, importantly from a compliance perspective, the data is kept on known hardware/software platforms.

Data center technology is rapidly being adopted outside the data center, in the carrier transport and enterprise networks. This technological emigration from data center to network is network function virtualization (NFV), and it is growing rapidly–in some cases in excess of 60% compounded annually.* The reason for this move from data center to network is that NFV greatly reduces operational and capital costs, much as virtualization has done in the data center for more than a decade. NFV also includes the potential to host and manage applications on the same platforms, on demand. For instance, if you need a firewall on a particular customer router, just “spin it up in software.” Need more DNS capacity in this part of your network? Spin it up. Need load balancing on that gateway? Spin it up. Previously, each one of these demands for more infrastructure meant a physical appliance had to be acquired, shipped, and configured onsite by a technician.

Root of Trust 2

Concurrent with the advent and growth of NFV is software-defined networking (SDN). Although NFV and SDN are not inextricably linked and can grow and operate independently, they have a certain mount of affinity to one another. As a result, they are often discussed in the same breath by many network stakeholders. SDN, like NFV, is expected to drive large efficiencies through the automation and granular control capabilities it brings to network management. Like NFV, SDN is expected to generate savings, and bring a wide variety of new value-added, network-based services to the market.

Together NFV and SDN offer amazing potential to automate and “chain” network-based services together in practically unlimited combinations, for users of all types.

But the advantages of NFV and SDN come with new or elevated risks.

Changes to plumbing = changes to risk

One of the benefits of legacy network and gateway infrastructure is that it was simple: single-purposes boxes, with customized software and hardware. This situation does not prevail in the world of NFV and SDN.

Here are a few risks that will change as networking infrastructure moves from appliances (dedicated, customized hardware and software) to NFV and SDN products based on utility computing platforms:

Risk 1: expanded attack surface. NFV systems are based on multiple control “layers”–each of which is a potential target of attack: an infrastructure layer that may be remotely managed by incumbent providers (ILECs) or competitive providers (CLECs); a hypervisor layer (trending to KVM in the network, but potentially VMware, Zen, etc.) that abstracts the hardware to the virtualized functions; a virtualized network function (VNF) layer (routers, firewalls, IPS, DNS, DHCP, etc.); and potentially a fourth “container” or workload layer dealing with application-specific functions, such as caching and replication, quality of service, or application security. Of course, it is also possible that not only will network services exist in the network, but cloud-based services will start to appear to process data closer to its source (the end point). With expanded service opportunities come expanded attack surfaces.

Risk 2: complexity. NFV and SDN infrastructure are more complex than legacy systems, meaning that small administrative (or malicious) changes (due to error or sabotage) can have chaotic impacts. An unauthorized change may have unforeseen, amplified affects through the network–without known limits. This is a hallmark of complex systems such as pharmacology (medicine) and weather. Telecommunications is entering the league of nondeterministic, chaotic impacts with the advent of NFV and SDN.

Risk 3: physical accessibility. Business and service imperatives will push NFV and SDN to the edges of the telecommunications network. In other words, into the ceilings of offices and hotels and subway cars, into homes and remote base stations, even into mobile devices managed by third parties (such as delivery vans) and possibly even private property (like a small, reserved portion of a smartphone). These systems will by necessity be accessible, and thus open to tampering, cloning, and all manner of communication analysis and interception. Academics have basically proven that with physical access, any software-based security system can be compromised.

The risk associated with the Internet (of Things) is changing, and regulatory compliance associated with new technology will bring new burdens. Root-of-trust technology offers part of the solution to managing these risks.

Root-of-trust technology offers platform assurance, through multiple layers of hardware and software, potentially across multiple service providers sharing the platforms and systems of virtualized network infrastructure. This type of platform assurance may create the efficiencies and automation associated with compliance that will allow the IoT to flourish to a greater extent than under the current regime of “compliance consultancy,” which is an albatross around the neck of any CIO.

In the final post in this blog series, we will look at other reasons beside technology compliance to embrace root-of-trust technology–namely, dramatic increases in cost efficiency related to security and other elements of network plumbing.

* SNS Research on NFV and SDN. The compound annual growth rate was figured from 2014 to 2019.

The post Root of Trust vs. Root of Evil: Part 2 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-2/feed/ 0
Root of Trust vs. Root of Evil: Part 1 https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-1/ https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-1/#respond Wed, 15 Jul 2015 06:56:39 +0000 https://blogs.mcafee.com/?p=44326 Regulatory compliance is an unloved cost of goods—an expense to be managed, like cafeteria subsidies or fleet fuel costs. Major regulatory gaps are opening around the Internet and Internet of Things (IoT), and especially in the plumbing under the IoT, which is rapidly evolving in a process known as network function virtualization (NFV). This future …

The post Root of Trust vs. Root of Evil: Part 1 appeared first on McAfee Blogs.

]]>
Regulatory compliance is an unloved cost of goods—an expense to be managed, like cafeteria subsidies or fleet fuel costs.

Major regulatory gaps are opening around the Internet and Internet of Things (IoT), and especially in the plumbing under the IoT, which is rapidly evolving in a process known as network function virtualization (NFV).

This future is compromised by two opposing scenarios that regulators are trying to manage: an amazing future of security and safe IoT services that create higher standards of living and prosperity (based on firm root trust); versus an unknowingly vulnerable infrastructure prone to selfish and criminal manipulation but with entities legitimate and illicit at the same time (becoming the root of evil). We have discussed IoT regulatory gaps in a previous post about new threats to the IoT.

This series is about broadly driving better assurance in the IoT and streamlining compliance and regulatory reporting related to the next generation of Internet technology required to support the IoT, namely the NFV.

Technology proceeds regulation

The complexion of the Internet is both changing fast and now a widely discussed phenomenon, with billions of “Things” flooding onto the network in a stunning array of variety and diversity: houses, cars, pets, people, factories and rail lines, wells, elevators, pace makers, and on and on. At the same time and largely unseen, the plumbing of the Internet is changing—fast.

The plumbing of the Internet connects millions of interconnected routers and switches and miscellaneous elements such as DNS servers and security service. The plumbing is fundamentally changing. It is “virtualizing,” based now on software not hardware. Dedicated and specialized network equipment is being replaced by generalized processing platforms that can be dynamically assigned and reassigned tasks—such as routing, switching, DNS, or security. The benefit is significantly reduced costs and increased flexibility and capabilities.

The risk is that these software-based systems can be hacked. These complex, software-based infrastructures have larger attack surfaces and more potential vulnerabilities. As virtualized infrastructure pushes rapidly into the Internet and enterprises, regulations will struggle to keep current; but they will eventually catch up. But what sort of guidance can regulation offer to a virtualized network infrastructure?

We propose a cost-effective solution to address these types of regulatory requirements in the evolving virtualized software defined networks: We need a “root of trust” based in physical hardware.

Root of trust

A root of trust is essentially a security process that starts with an immutable (unchangeable) hardware identity ingrained into the computer’s processor. This identity is then leveraged to verify all  the software running on the computing platform. For instance, a uniquely identifiable hardware processor (chip) starts, and its identity is validated. It is recognized and known by the system owner, and appears to be located in the expected logical and physical location.

In a virtualized infrastructure, a trusted processor may spawn succeeding layers of BIOS, hypervisor operating systems, and virtual environments. Each has its integrity validated at start-up. It is the expected version and no tampering has occurred.

Root of Trust 1

Root of trust in a virtualized network.

Alternately, if an unknown or rogue processor attempts to validate itself, it would fail authentication and be detected; the network can be reconfigured (automatically or manually) to avoid the device. Similarly, if an unapproved software load attempts to start on an approved hardware platform, it can be both detected and refused resources at the hardware level—and will fail to start.

Through root of trust operations, it becomes possible to get a reasonable proof that a given piece of information was processed by a given verified system, with a processor that is itself verified and known to be in a given physical location.

Through root of trust processes, auditors and regulators can validate that information processing requirements related to matters such as personal or commercially sensitive data have been managed by verified systems on verified hardware, located in appropriate domains. In other words, the information was not handled by unknown or ambiguous (insecure) systems, in places with incompatible or inappropriate legal systems.

In the world of appliance-based networking root of trust did not have a place. These devices were typically single-purpose, single-sourced, proprietary, and hardened.

This situation is changing rapidly as the Internet is changing both on the surface and in the plumbing.

Watch for Part 2 of this blog for a discussion of the risks and opportunities associated with network virtualization, root of trust, and compliance in the emerging Internet of Things.

Root-of-trust security technologies are part of a wide variety of Intel processors, and are also found in the Intel software Cloud Integrity Technology (CIT).

The post Root of Trust vs. Root of Evil: Part 1 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/root-trust-vs-root-evil-part-1/feed/ 0
Franchising Ransomware https://securingtomorrow.mcafee.com/executive-perspectives/franchising-ransomware/ https://securingtomorrow.mcafee.com/executive-perspectives/franchising-ransomware/#respond Thu, 02 Jul 2015 16:00:52 +0000 https://blogs.mcafee.com/?p=44238 Got a great business idea? Want to expand with less risk? Build a good product, develop some training, put them together into a repeatable formula, and collect the royalties from your franchisees. This model, used successfully for everything from fast food to hair salons to tax preparation, is now available for criminal ransomware. Cybercriminals have …

The post Franchising Ransomware appeared first on McAfee Blogs.

]]>
Got a great business idea? Want to expand with less risk? Build a good product, develop some training, put them together into a repeatable formula, and collect the royalties from your franchisees. This model, used successfully for everything from fast food to hair salons to tax preparation, is now available for criminal ransomware.

Cybercriminals have long been making their tools available to others, whether due to pride of authorship or as a means of raking in some extra cash. However, the ransomware-as-a-service model is relatively new and has resulted in a massive increase in ransomware attacks (as reported in the latest quarterly Threats Report). CTB-Locker and Tox are two examples of how malware uses different business models to flood the Internet with attacks, trying to catch more victims before threat notices, signature updates, and other defensive measures catch up.

Since the servers for CryptoLocker were taken down last year, CTB-Locker has become one of the most common sources of ransomware attacks. CTB-Locker uses an affiliate program to drive growth and revenue. Criminals who sign up as an affiliate get the tools to distribute this ransomware to their own selection of targets and collect 70% of the resulting revenue. Distribution vectors are typically phishing emails such as delivery notifications and fake software updates. Once your files are encrypted, you are left with .bmp, .txt, and .html files that contain information on how to pay the ransom to get your files back. Removing the malware is relatively easy. However, decrypting the files, which are encrypted with RSA 2,048-bit private-key encryption, is close to impossible. Payment is expected in Bitcoin, which preserves the criminal’s anonymity.

Malware For Hire

Tox is another ransomware that is growing in popularity. The authors of Tox offer a ransomware kit that requires very little in the way of technical skills. Simply provide the ransom amount and “cause” for which you are fundraising, and you get your own executable file. Install or distribute as you see fit for a mere 20% of your gross ransoms, also payable in Bitcoin. Both Tox and CTB-Locker use the TOR network to get their encryption keys and hide the IP addresses of their servers to avoid the fate of CryptoLocker and evade endpoint security systems.

Bitcoin and other virtual currencies are an important part of ransomware. By protecting anonymity, data kidnappers can go after more lucrative targets, which might otherwise have the ability to track down the perpetrators. As a result, these attacks are shifting from consumer systems to business systems, in the hopes of getting more and bigger ransoms. Many organizations appear to be paying ransoms to get their data back, validating the model and fueling further attacks.

Ransomware has evolved and is spreading quickly, but it can be stopped. Frequent backups and user awareness remain the best protection against ransomware, followed by multipoint defenses. Anti-spam systems will catch many of the phishing emails, especially if they are configured to detect and block compressed files and executables. Consider blocking TOR network connections to prevent the ransomware from getting the encryption keys. Finally, keep system patches up to date and advanced security features configured and enabled on the endpoints.

View the original post on Dark Reading.

The post Franchising Ransomware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/franchising-ransomware/feed/ 0
Securing Critical Infrastructure https://securingtomorrow.mcafee.com/executive-perspectives/securing-critical-infrastructure/ https://securingtomorrow.mcafee.com/executive-perspectives/securing-critical-infrastructure/#respond Wed, 01 Jul 2015 16:00:57 +0000 https://blogs.mcafee.com/?p=44215 Protecting the Industrial Internet of Things from cyberthreats is a national priority.  Industrial automation and control systems are increasingly online, sending out information and receiving commands from local and remote control centers and corporate data systems. Technologies in this Industrial Internet of Things (IIoT) have tremendous potential to improve operations, reduce costs, enhance safety, increase …

The post Securing Critical Infrastructure appeared first on McAfee Blogs.

]]>
Protecting the Industrial Internet of Things from cyberthreats is a national priority. 

Industrial automation and control systems are increasingly online, sending out information and receiving commands from local and remote control centers and corporate data systems. Technologies in this Industrial Internet of Things (IIoT) have tremendous potential to improve operations, reduce costs, enhance safety, increase revenue, and transform industrial processes. We cannot let security concerns undermine this transformation; security should enable it.

The threat of cyberattacks on industrial and critical infrastructure targets is growing rapidly, according to a global survey on cybersecurity. Companies are demanding effective cybersecurity to assist them in protecting their assets and people. Industrial control systems and plant operations need to ensure increased availability, reliability, and safety. This requires tighter collaboration among manufacturers, security developers, and industrial process vendors to protect control systems from known and unknown malware and misuse.

Security for IIoT devices has some unique characteristics. Unlike general purpose PCs, the data IIoT devices transfer can be categorized and controlled to reduce the likelihood and impact of a security breach. The code and applications these devices are allowed to run can also be similarly controlled, so application whitelisting is a useful technique to restrict access to only authorized code.

However, these systems may be separated from the corporate network or connected only intermittently. This makes it challenging to install system patches or signature updates. Security systems must be able to operate in either connected, disconnected, or isolated environments, defending against known and unknown attacks without relying on frequent updates.

Policy Management And Enforcement Are Key

The volume of these devices means physically touching all of them within a short period of time is highly unrealistic. It also means that having to manage individual devices is similarly unrealistic. Policy management and enforcement tools are required to ensure that only authorized changes are made to devices, without having to operate or review them individually. Analytic tools and event correlation need to bring serious and severe events to the attention of security operations quickly, without drowning the operations center in an overwhelming flood of minor events.

Protecting our critical infrastructure and the emerging IIoT from cyberthreats is a national priority. Collaboration enables integrated and validated industrial process solutions that can be more rapidly deployed, without sacrificing safety or reliability. The productivity potential of industrial automation and control systems is important to the future viability of manufacturing industries. Adequately addressing security will ensure the manufacturing base of our economy is not put at risk.

View the original post on Dark Reading.

The post Securing Critical Infrastructure appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/securing-critical-infrastructure/feed/ 0
Cyber Resilience And Spear Phishing https://securingtomorrow.mcafee.com/executive-perspectives/cyber-resilience-spear-phishing/ https://securingtomorrow.mcafee.com/executive-perspectives/cyber-resilience-spear-phishing/#respond Mon, 29 Jun 2015 23:19:55 +0000 https://blogs.mcafee.com/?p=44205 Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks. Spear phishing continues to be the most successful means of gaining entry to an enterprise network and to valuable business or personal data. According to the latest Verizon Data Breach Investigations Report, two-thirds of …

The post Cyber Resilience And Spear Phishing appeared first on McAfee Blogs.

]]>
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.

Spear phishing continues to be the most successful means of gaining entry to an enterprise network and to valuable business or personal data. According to the latest Verizon Data Breach Investigations Report, two-thirds of all cyber-espionage-style incidents used phishing as the vector. According to a recent study by the Ponemon Institute, the costs of such a breach continue to increase, whether it is legal costs, loss of reputation, customer defections, or other direct and indirect effects.

For the digital enterprise, loss of sensitive data means loss of customer trust and is a threat to future growth. Combating this problem requires an integrated prevent, detect, and respond capability comprising user readiness, anti-malware sensors at the network and endpoints, and well-rehearsed detection and response security operations processes. Combining this capability into an effective security architecture increases speed of response and improves cyber resilience.

Phishing is a difficult threat to defend against because it uses multiple vectors and can take advantage of a user’s work or personal life, or a combination of both, to increase the chance of success. Spear phishing targeted at a specific department or individual is even more difficult because the attackers often build a target profile, based on public and social media information, to gain inside knowledge of work relationships or job functions. This enables them to craft campaigns that appear authentic to the targets, increasing the likelihood of getting that critical click-through.

Increasing user training to identify phishing attempts, respond appropriately, and report them to security operations is the critical first line of defense and greatly reduces the chance of exploitation. Current statistics say we need to do much better in this area. It only takes about 80 seconds from the time a user clicks on the bait in a spear-phishing email until data exfiltration begins, according to Verizon’s Data Breach Investigations Report.

Shoring Up Cyber Defenses

Many enterprises rely solely on their endpoint security tools to catch these attacks. However, given the level of sophistication we are seeing — along with the human design of the attacks — an enterprise must no longer view endpoint security as a commodity but rather as an essential component in cyberdefense. Combating malware delivered through phishing requires additional endpoint sensor capabilities that identify, prevent, and analyze unknown behaviors.

For example, application whitelisting on end-user devices stops advanced and zero day attacks from infecting the system by preventing unauthorized code execution, protecting memory, and blocking attempts to exploit a whitelisted app before it gains a foothold and impacts the business. Application whitelisting is listed as a Quick Win in the SANS Critical Security Controls list and the Australian Government Top 4 Mitigating Controls cybersecurity guidance. According to Australian Signals Directorate Deputy Director Steve Day, attackers have not stolen any sensitive data from government networks because of their adoption of the Top 4 mitigating controls.

Since email and the Web are the most common delivery vectors for advanced malware, gateway sensors integrated with threat intelligence and malware analysis capabilities are important to amplify the protection gained by user readiness and improved endpoint security. This integration of sensors, analytics, and intelligence increases the speed of decision at the point of attack. Additionally, gateway sensor integration with other layers of defense increases effectiveness. For example, when a user reports a phishing attempt or their endpoint security identifies a malicious file, promptly exchanging intelligence on indicators of attack enables defenses at the Internet boundary to block future attacks from getting through, possibly to a user who would have not recognized them as attacks. This step helps prevent attacks targeting groups of users such as finance users with credentials for key databases.

Finally, if some malware gets delivered and manages to exploit one or more devices, Security Operations provides the critical detection and response capability. Once the infection is validated, whether from a user report, sandbox analysis, or shared intelligence, the prepared incident response plan is executed.

Having prepared response actions significantly reduces time to contain the attack. For example, one group would immediately search the gateway, email, and host logs to identify any other potentially affected systems. Another would analyze the file or link to expose the malicious behavior, exfiltration type, and targets. They would then determine if the existing controls are sufficient to contain the attack and prevent exfiltration, or whether additional actions such as system or network quarantines are necessary. Increasingly, these workflows are being predefined and automated through integrations between sensors, analytics, and SIEM (security information and event management). In a recent study, this real-time SIEM has been shown to shorten response to seconds or minutes, in pace with modern attack timeframes.

Executing the fundamentals consistently leads to an improved security posture. The SANS Institute’s Critical Security Controls and Quick Wins provide an excellent resource for security controls that provide real-world effectiveness. These tools focus on prioritizing what works and on processes that have demonstrated their effectiveness against the latest threats. Your security strategy should be reviewed to ensure effectiveness against targeted attacks such as spear phishing.

Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are the critical steps necessary to defend your business from spear-phishing attacks. Implementing these recommended solutions can increase your capability to prevent more attacks early and detect and contain infections faster, making your business more resilient.

View the original post on Dark Reading.

The post Cyber Resilience And Spear Phishing appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cyber-resilience-spear-phishing/feed/ 0
Astros’ Chief Recruiter Commits Cardinal Sin of Security https://securingtomorrow.mcafee.com/executive-perspectives/astros-chief-recruiter-commits-cardinal-sin-security/ https://securingtomorrow.mcafee.com/executive-perspectives/astros-chief-recruiter-commits-cardinal-sin-security/#respond Mon, 22 Jun 2015 21:20:24 +0000 https://blogs.mcafee.com/?p=44087 The F.B.I. and Justice Department are investigating whether or not officials associated with the St. Louis Cardinals gained unauthorized access to networks belonging to the Houston Astros, a rival baseball team. If the accusations hold true it would represent the first known case of corporate espionage through hacking between professional sports teams, according to The …

The post Astros’ Chief Recruiter Commits Cardinal Sin of Security appeared first on McAfee Blogs.

]]>
The F.B.I. and Justice Department are investigating whether or not officials associated with the St. Louis Cardinals gained unauthorized access to networks belonging to the Houston Astros, a rival baseball team. If the accusations hold true it would represent the first known case of corporate espionage through hacking between professional sports teams, according to The New York Times. And it all happened because of poor password hygiene.

The reasons behind this apparent case of corporate espionage — a case that is still under investigation — appear to be as embarrassing as they are sinister: one team, the Houston Astros, acquired a talented and capable executive, Jeff Luhnow, from the other team, the St. Louis Cardinals. Luhnow is known for his analytical approach to recruiting. He built a program to assist in recruiting and team management during his career with the Cardinals from 1994 to 2012. Luhnow brought that same analytical approach to the Houston, where the Astros have experienced a major turnaround since they hired Luhnow, placing first in their division.

A peer of mine once declared that the cardinal rule of passwords is that they should be exotic, secret, and changed often. It appears Mr. Luhnow ignored these principles and simply recycled the network passwords he used at the Cardinals for his new program at the Astros. Following the Eddie Guerrero principle that “if you’re not cheating you’re not trying hard enough”, it appears the Cardinals might have simply used Luhnow’s Cardinals network password to access the Astros’ network. Through this access, the Cardinals could have read valuable inside information about the players the Astros are looking to recruit, potential offers and opened doors to poach desirable recruits with counteroffers — potentially changing the course of the season.

Most people think of cyber espionage as a complex endeavor involving malware, Trojans, spear phishing attacks and teams of cybercriminals. That perception is the result of high-profile data breaches involving large enterprises or government agencies. Passwords are often central to the perpetration of these crimes, and the truth is that it only takes one recycled password to make them possible.

It does not take a technical savant to gain access to corporate assets if those assets are not properly secured.

According to Intel, up to 74 percent of Internet users employ the same password across multiple websites – personal and company-related. Given these numbers, it is likely that we will see more corporate espionage of this sort as time wears on.

This Astros-Cardinals scandal is the latest reminder of the human factor in cybercrime. Even the most secure of systems fail, when staff fail to discuss security practices or establish password policies with employees. It goes beyond sports leagues; every single organization, big and small, should revisit policies regarding network access and password usage in light of the Astros’ breach.

Passwords will gradually be replaced by new technologies such as biometrics – facial, voice, and fingerprint recognition. Until that process plays out, IT management is responsible for enforcing protocols that will require diligent password management, regardless of the user’s willingness to self-govern. Changing passwords every 3-6 months and, making unique and previously unused passwords with each iteration, are simple and manageable steps any organization can take. Organizations should have a policy in place to change out passwords guarding sensitive material after any employee with access to such content leaves. This does not have to be complicated, which is what makes this breach all the more stifling in today’s security landscape.

The charges against the St. Louis Cardinals are serious. But the lapse in basic security best practices by Mr. Luhnow is just embarrassing. Potentially millions of dollars, depending on compromised offers and failed recruiting efforts, could be lost thanks to a reused password.

It’s critical that organizations recognize the importance of both the technical and human elements in establishing security policy, regardless of industry. Given that the Eddie Guerrero rule of competition extends into the corporate world, it’s critical we as individuals take the cardinal rule of passwords to heart in both our public and private lives.

The post Astros’ Chief Recruiter Commits Cardinal Sin of Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/astros-chief-recruiter-commits-cardinal-sin-security/feed/ 0
An Effective Community Is More Than Just An Online Forum https://securingtomorrow.mcafee.com/executive-perspectives/effective-community-just-online-forum/ https://securingtomorrow.mcafee.com/executive-perspectives/effective-community-just-online-forum/#comments Fri, 19 Jun 2015 23:47:59 +0000 https://blogs.mcafee.com/?p=44071 It is important to develop a strong base of contributors who can communicate effectively, answer questions, and summarize issues.  Like many companies today, our success is dependent on the community of customers and partners that grows around our products and services. This community augments and extends our capabilities with complementary products, places to go to …

The post An Effective Community Is More Than Just An Online Forum appeared first on McAfee Blogs.

]]>
It is important to develop a strong base of contributors who can communicate effectively, answer questions, and summarize issues. 

Like many companies today, our success is dependent on the community of customers and partners that grows around our products and services. This community augments and extends our capabilities with complementary products, places to go to learn more, and people that can answer questions.

It is admittedly challenging to effectively serve this type of community while balancing the needs and resources of a technology innovation company. The members easily outnumber our employees, let alone those able to respond to questions and suggestions. There is also a tendency to rely on numbers — such as how many members or how many page views — to quantify the value of the community. In our experience, this leads to misunderstanding the benefits and misallocating the resources necessary to build these relationships into an actual community, not just an online forum.

One of the biggest obstacles to community development is fear, which can lead to too much control and not enough openness to foster solid relationships. This fear could include a fear of open criticism of the company; fear of loss of brand image; or a fear of providing valuable intelligence to competitors. In our experience, and in the experience  of many other companies, the benefits of more open communications within the community far outweigh any public criticism or other potential negatives. In our connected world, the conversations and criticisms are happening online, and it is far better to actively participate in them than to try to control them.

Encourage Participation

In most product communities, the majority of participants consume information, a smaller number contribute tutorials and reviews and answer questions, and an even smaller number are development partners. As a result, it is important to develop a strong base of contributors in the community who can communicate effectively, answer questions, and summarize issues.

Another tendency with corporate communities is not allocating enough time and resources, with the thinking that the community will grow and regulate itself. While this may be true in some cases, the contributors are often looking for a stronger relationship with the company, not a hands-off attitude. Depending on the individual, they might want to be part of a focus group, beta test, or Q&A session with technical personnel. Done well, these people become a positive influence within the community, shepherding others, and providing valuable feedback on what the community wants and needs.

Our online community has about 85,000 registered users, and about 5% of these actively post in the forums. With over 2 million page views a month, there are many non-registered users viewing posts and getting answers to their questions. In addition to questions, we get posts on cyberthreats, product issues, feature requests, usage tips, and many other subjects. Active participants are sometimes invited to participate in more focused activities or engagements with product management and senior executives at Intel Security.

Over the last 18 months, we have increased the energy and scale of user outreach, introducing many new communication vehicles and resources. Customers can subscribe to a variety of topics, including product news, best practices, and educational information, and they can search the community archives and product KnowledgeBase.

What do you think? Let us know in the comments section below.

View the original post on Dark Reading.

The post An Effective Community Is More Than Just An Online Forum appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/effective-community-just-online-forum/feed/ 1
Mobile-First Marketing: 4 Aspects to Consider https://securingtomorrow.mcafee.com/executive-perspectives/4-aspects-mobile-first-marketing/ https://securingtomorrow.mcafee.com/executive-perspectives/4-aspects-mobile-first-marketing/#respond Thu, 18 Jun 2015 18:27:59 +0000 https://blogs.mcafee.com/?p=44064 This blog post was written by Penny Baldwin. Americans spend an average of 4.7 hours each day on their smartphones. Seventy-five percent of smartphone users access mobile Internet services through their device(s). These stats speak for themselves, and it’s clear: brands must put mobile first if they want to reach stakeholders online. But what exactly …

The post Mobile-First Marketing: 4 Aspects to Consider appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

Americans spend an average of 4.7 hours each day on their smartphones. Seventy-five percent of smartphone users access mobile Internet services through their device(s). These stats speak for themselves, and it’s clear: brands must put mobile first if they want to reach stakeholders online.

But what exactly does mobile-first thinking entail when it comes to your brands’ marketing strategy?

From mobile optimization to design considerations, there are four key aspects to consider when it comes to branding in today’s mobile-first world.

  1. Look to Analytics

With mobile-first marketing, it’s best to begin with an understanding of what you’re up against. By logging into Google Analytics, you can quickly see the percentage of visitors who are viewing your webpage from a mobile device. This way, you’re equipped with the knowledge you need to decide which pages should be your top priority when optimizing for mobile.

  1. Differentiate Across Devices

Want to increase traffic to your site, and get more eyes on your big summer campaign? Do so by using dynamic web design and differentiating in the content that you serve up on mobile. Keep the long-form assets and explanations optimized for desktop consumption and serve short, sweet and succinct pieces of content to mobile viewers. What is the best way to do this? Take your longer content and chop it down into bite-sized pieces. Pull the highlights out of your white papers, chop up your infographics, and slice and dice your videos. My motto: work with what you’ve got!

  1. Cut Down on Content

Since the majority of people consume content on their smartphones, we, in turn, need to consider the circumstances in which they are consuming our content. A mobile user who is exploring your mobile site while on the bus to work isn’t going to have the time, or focus to read through a lot of text. Highlight or bullet out your main points so that content is in an easily readable format.

  1. Keep It Simple

Although smartphone screens have increased significantly in size, they are still nowhere near that of a desktop. When it comes to mobile design, simple is best – avoid busy graphics and text-heavy pages. Stick to clean lines and easily recognizable shapes rather than overloading viewers with a multitude of complex graphics. This goes for your social strategy, as well. Twitter reports that 80% of its active users are on mobile and Facebook has 798 million mobile monthly users, meaning that your social content should be short and succinct, with images optimized for mobile consumption.

The reality is that mobile is now the first screen most people look to when searching for information. With smartphones so engrained in the user experience, marketers and brand strategists alike would all be wise to start “thinking mobile.”

How are you integrating mobile into your branding strategy? Tweet me @PennyRBaldwin to share your thoughts.

The post Mobile-First Marketing: 4 Aspects to Consider appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/4-aspects-mobile-first-marketing/feed/ 0
The Promises And Perils Of The Healthcare Internet Of Things https://securingtomorrow.mcafee.com/executive-perspectives/promises-perils-healthcare-internet-things/ https://securingtomorrow.mcafee.com/executive-perspectives/promises-perils-healthcare-internet-things/#respond Fri, 12 Jun 2015 21:42:25 +0000 https://blogs.mcafee.com/?p=43972 Connected devices are working wonders for managing treatment, but their integration with consumer technology and cloud computing raises significant security issues. What has been happening over the past week or month with your blood pressure, heart rate, glucose level, respiration, or oxygen levels? How much and what type of exercise do you do, and what …

The post The Promises And Perils Of The Healthcare Internet Of Things appeared first on McAfee Blogs.

]]>
Connected devices are working wonders for managing treatment, but their integration with consumer technology and cloud computing raises significant security issues.

What has been happening over the past week or month with your blood pressure, heart rate, glucose level, respiration, or oxygen levels? How much and what type of exercise do you do, and what effect is it having? While the answers to these questions may not be on the tip of your tongue, wearable medical technologies can monitor, store, and transmit this data, providing your healthcare team with more granular information than they have ever had outside of a hospital. These and other connected healthcare devices are improving diagnosis, treatment, and quality of life, while reducing costs.

How much do you weigh? What do you eat? What medications are you taking? What diseases or conditions do you have? Medical information is also one of the most personal and private aspects of our society. While it is important for your healthcare professionals to know these things, it is equally important to keep it private from those who may use the information to take advantage or discriminate against you.

Tiny devices that can be worn, implanted, or even ingested are being invented at an accelerating pace. And they are not just monitoring, but taking an active role in managing a long list of things, including hearts, pain, insulin, and seizures. These devices are working wonders for managing treatment and quality of life outside of hospitals. But their connectivity and integration with consumer technology and cloud computing raise significant security issues. The biggest concerns are privacy violations and intentional disruptions, and one high-profile security incident could discourage adoption for decades.

Personal medical information is valuable to cyber criminals. While stealing credit card numbers is big business, the stolen card has no value once it is reported stolen. Stolen medical data, on the other hand, can be sold for insurance fraud repeatedly and can continue to add value for years. And we can only imagine what other unethical and illegal uses criminals could come up with.

Security By Design

Managing and reducing these security concerns requires a change in how we design, develop, and regulate connected healthcare devices. The first step is a focus on security by design, making upfront investments that will pay back benefits to the device manufacturers and the healthcare community for years. Sharing best practices and building shared or open-source libraries of common functions would go a long way to quickly improving security across the industry.

Then we need better collaboration among vendors, medical practitioners, and regulators to openly discuss and resolve issues, enable innovation and effectiveness, and safeguard the public interest. Regulators themselves need to review the approval process, taking into consideration the pace of technological change and the cloud nature of data that crosses national and corporate borders, while continuing to protect patients. Finally, we need to learn from social media and customer centric design, listening better to the voices of the patients and families involved and incorporating their feedback.

Connected healthcare devices deliver highly personal benefits, embedding the Internet into medical processes. With these tools, we are already seeing improved medical outcomes, better quality of life, and lower healthcare costs, and we are just at the beginning of this transformation. Incorporating security by design, increasing collaboration, and evolving the regulatory process will ensure these benefits are not lost to crybercrime and security breaches.

For more information on the topic, check out Atlantic Council’s recent report at The Healthcare Internet of Things Rewards and Risks.

View the original post on Dark Reading.

The post The Promises And Perils Of The Healthcare Internet Of Things appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/promises-perils-healthcare-internet-things/feed/ 0
Beware of Emails Bearing Gifts https://securingtomorrow.mcafee.com/executive-perspectives/beware-emails-bearing-gifts/ https://securingtomorrow.mcafee.com/executive-perspectives/beware-emails-bearing-gifts/#respond Wed, 10 Jun 2015 16:00:04 +0000 https://blogs.mcafee.com/?p=43917 A security-connected framework can help your organization thwart cybercrime. Crime gangs are building very legitimate-looking emails as cover for phishing and ransomware, and they are having enough success that the attacks are escalating. In the first quarter of 2015, McAfee Labs registered a 165% increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker …

The post Beware of Emails Bearing Gifts appeared first on McAfee Blogs.

]]>
A security-connected framework can help your organization thwart cybercrime.

Crime gangs are building very legitimate-looking emails as cover for phishing and ransomware, and they are having enough success that the attacks are escalating.

In the first quarter of 2015, McAfee Labs registered a 165% increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, new ransomware families such as Teslacrypt and TOX, and the emergence of new versions of CryptoWall, TorrentLocker, and BandarChor. Dell Secureworks believes the ransomware business truly pays, with CryptoWall reaching at least 1 million victims and collecting about $1.8 million in ransom.

The growth of ransomware is likely to continue to surge given the rise of new “business models,” the growing availability and ease of operation of newer ransomware kits, and the general increase in tactical sophistication. For instance, CTB-Locker possesses clever techniques for evading security software, higher-quality phishing emails, and an “affiliate” program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages. In the case of TOX, ransomware is going the way of other malware, delivered in turnkey ransomware packages, simplifying the development, launch, and ongoing operation of ransomware campaigns. And where fewer technical skills are required, you have an increase of less-skilled perpetrators getting into a cybercrime business.

Encouraged by their successes, attackers are reusing content and contacts as they cycle through their scams in an attempt to hook people. They have tested and learned the behavior of antivirus, firewalls, and sandboxes, and are using code that is stealthier, more careful, and more difficult to defend against. Malware downloaders are varied frequently to avoid signature-based detection. Ports, IP addresses, and URLs are continuously modified to slip past firewalls. The most advanced code is becoming sandbox-aware and stays out of sight if it suspects it is not on a real endpoint.

Connected Security Is Critical

With the number and sophistication of attacks increasing, what can you do to reduce the threat profile at your organization? What new product can you buy to increase your protection?

The reality is that no single cybersecurity product provides effective coverage for all cyberthreats, just like no one physical security technique defends against all physical threats. As battlefield threats become more sophisticated, frequent communication between the front line, commanders, intelligence officers, and special forces is necessary to detect and counter or correct threats.

Integrating links between antivirus, advanced threat detection, and other connected security tools will provide security pros in the cybertrenches more capable and adaptive defenses for these types of threats. A framework of connected security tools accomplishes this by sharing relevant security data across endpoints, gateways, and other security products, enabling incident response and preventing the compromise of one system from resulting in the compromise of many.

A recent attack campaign in Australia involving ransomware showed the benefits of using such a framework in real time.

On the back of a legitimate looking parcel notification, a new variant of Cryptolocker was being installed on victims’ machines. The attack would start with a new malware variant that was evading most signature-based antivirus technologies. However, with a connected, adaptive security framework in place, an unknown and suspicious file on the endpoint was proactively sent to an advanced threat defense solution for decompiling and further analysis.

A mix of static code and dynamic analysis (sandboxing) on the suspicious file provided enough clues to detect the bad code and convict it as malicious.

First, the sample had some family classifications similar to other malware. Second, after decompiling we uncovered the capability to bypass proxy settings, search for specific file types, and exfiltrate the data. Finally, monitoring the behavior, we saw that it was using the same infrastructure as a known Trojan called Upatre, which is associated with botnets, ransomware, and banking fraud.

Having identified a new malware variant, the connected, adaptive security framework initiated a number of responses to correct the unwanted behavior. The endpoint systems began scanning to find out where the file had run or was still running, stopping the malicious processes or preventing the convicted file from executing. The first PC to see the ransomware may be in trouble, but the rest of the organization was protected.

Once resolved in one location, the organization’s advanced threat defense provided local threat intelligence on the largely unknown Upatre malware variant to the rest of the global organization. And with up-to-date reputation capabilities, all other systems across the organization were able to deny Upatre based on policy.

Phishing and ransomware attacks are hardly new, but the rapid changes in malware code and the legitimate-looking emails are making it harder for both users and antivirus programs to detect the surprise waiting at the other end of the link. No single security solution provides an adequate defense. When malware can sneak through a network firewall, lie low to trick a sandbox, and evade endpoint antivirus, a thorough defense requires the combined resources of a security-connected framework.

View the original post on Dark Reading.

The post Beware of Emails Bearing Gifts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/beware-emails-bearing-gifts/feed/ 0
Securing Private and Hybrid Clouds https://securingtomorrow.mcafee.com/executive-perspectives/securing-private-hybrid-clouds/ https://securingtomorrow.mcafee.com/executive-perspectives/securing-private-hybrid-clouds/#respond Fri, 05 Jun 2015 16:00:51 +0000 https://blogs.mcafee.com/?p=43836 As-a-service models offer huge opportunities, but also complicate security. Sometimes the easiest way to migrate to a new architectural modelis to let others do the work, others who are experts in their field. This has given rise to many as-a-service models throughout the industry and across the entire technology stack, from software to infrastructure. While …

The post Securing Private and Hybrid Clouds appeared first on McAfee Blogs.

]]>
As-a-service models offer huge opportunities, but also complicate security.

Sometimes the easiest way to migrate to a new architectural modelis to let others do the work, others who are experts in their field. This has given rise to many as-a-service models throughout the industry and across the entire technology stack, from software to infrastructure. While this has unlocked huge opportunities to accelerate the deployment of new capabilities or increase economic efficiencies within an organization, it has complicated and even compromised security.

Let’s take a closer look at this trend and the implications. A private cloud is nothing more than the virtualized components of a traditional data center, making it easier to provision, operate, and manage resources more efficiently. Hybrid clouds leverage larger scale public cloud environments to drive further efficiencies. Containers take this a step further, delivering greater micro-segmentation and isolation capabilities with much faster boot times.

In this new reality, the traditional perimeter security model is insufficient. How do you define a perimeter in an environment where any device goes through many networks to many services, both inside and outside the business, or many containers are operating in a single machine?

Security in this any-to-any world must become more dynamic. This means creating an abstract of security functions, like a hypervisor does for operating functions. Security becomes a shared virtual service, applied to workloads and flows instead of machines and physical networks.  Automated controls deploy security instances according to policy, reducing the cost and time of deploying new applications or services and taking advantage of the value proposition of virtualization and private/hybrid clouds. Hardware-level security functions help boost performance of the virtual environments while restricting opportunities for leaks. Like software, storage, and other parts of the stack before it, security becomes virtualized, with the same benefits and characteristics.

A Partnered Approach

This new approach to securing enterprise clouds is based on virtual isolation and micro-segmentation. By partnering with the leading virtualization companies, security vendors make sure that each workload deploys dynamically and automatically with virtual sensors that observe and report to the security manager, significantly increasing visibility and control over the virtual environment. Virtual perimeters surround each workload, separating them from each other and from the escalated privileges of the hypervisor. Security policies are linked to the workload, so if a virtual machine or container moves, suspends, or restarts, its policies stay with it. Workloads with different security levels are isolated whether they are on the same physical server or in different data centers, in a virtual machine or a container, reducing the risk of attacks based on privilege escalation or vulnerabilities in the hypervisor.

Security, of course, needs more than just perimeter defenses. The virtual security controller steers traffic to security engines for intrusion detection and prevention, deep file analysis and file reputation management, behavioral analysis, advanced threat defense, and bot detection as needed. Scaling security capacity simply means increasing the number or capacity of these security engines, reducing potential bottlenecks.

One key advantage to this cloud security model is that it applies between layers as well as between workloads. Whether data is flowing in and out of a data-center (north-south), from server to user, or within a data center (east-west) from server to server, it is protected and evaluated by the network gateway, data loss prevention, and other components as defined in your policies.

Consistent policies, protections, and enforcement across your virtual infrastructure are now a reality, as the agility, ubiquity, and efficiency of software-defined security joins the rest of the software-defined infrastructure. This is true cloud security.

View the original post on Dark Reading.

The post Securing Private and Hybrid Clouds appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/securing-private-hybrid-clouds/feed/ 0
It’s a Digital World…We Just Live In It! https://securingtomorrow.mcafee.com/executive-perspectives/its-a-digital-world/ https://securingtomorrow.mcafee.com/executive-perspectives/its-a-digital-world/#respond Mon, 01 Jun 2015 18:17:15 +0000 https://blogs.mcafee.com/?p=43678 This blog post was written by Penny Baldwin. The information age, the digital age, one thing’s for sure – the general marketing landscape has expanded and evolved beyond our wildest imaginations. But with the amount of innovative trends and methods entering the market, how do you narrow down the field and pinpoint the ones that …

The post It’s a Digital World…We Just Live In It! appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

The information age, the digital age, one thing’s for sure – the general marketing landscape has expanded and evolved beyond our wildest imaginations.

But with the amount of innovative trends and methods entering the market, how do you narrow down the field and pinpoint the ones that are right for your brand? In the B2B tech space in particular, this is inherently difficult to do.

While there’s no single strategy that is right for every brand, there are a few digital trends whose influence we can’t ignore, regardless if the market a brand calls home. Take a look at my top three trends and how your brand can utilize each of them: 

‘Mobile-friendly’ has become ‘Mobile-first’

More than 64% of American adults own a smartphone, meaning mobile is no longer simply a consideration – it’s a focal point. Take a look around – how many people can you spot focused in on the screens of their mobile devices? Even in the office, my bet is you’re able to count a few.

With more and more content consumption happening on the go via mobile, brands need to design with a mobile-first mentality. Be it ad campaigns, site optimization or even basic web copy, mobile should be a lead driver behind those decisions.

A picture may be worth a thousand words, but a video is worth a thousand more.

With apps such as Periscope and Meerkat entering (and disrupting) the market, video is proving to dominate. But even the realm of video is changing, as we are now finding that silence is golden when it comes to moving images. So are you leveraging all of this to your brand’s advantage?

Here’s an idea to consider: the next time you have a product announcement, speaking engagement, or company event, live stream it. Tell people when to tune in, send them a link and watch engagement soar. It doesn’t matter if it’s the launch of a new car, a live sporting event, or a tech user conference – live, moving content will engage and capture online communities and create a sense of belonging.

No matter how digital, brands should be increasingly human.

Never undervalue the power of a conversation. In the digital world especially, people want to know what others are up to, and that applies to brands as well. Take it one step further, and it’s been found that people primarily buy from companies they trust and can relate to.

So, weave emotion and authenticity into your digital experience and start interacting with your audience(s) on social media! A lot of positive can come from a brand showing it cares and listens to its customers.

What digital trends are you capitalizing on this year? Tweet me @PennyRBaldwin to share your thoughts.

The post It’s a Digital World…We Just Live In It! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/its-a-digital-world/feed/ 0
What Are You Doing During The Golden Hour After An Attack? https://securingtomorrow.mcafee.com/executive-perspectives/golden-hour-attack/ https://securingtomorrow.mcafee.com/executive-perspectives/golden-hour-attack/#respond Fri, 29 May 2015 16:30:00 +0000 https://blogs.mcafee.com/?p=43654 Take the time to detect the attack, isolate the infected machines, and restore them to a known state.  Are you one of the lucky 12%? That is how few companies we surveyed did not experience a successful targeted cyberattack in 2014. If you are one of the few, and think your luck is going to …

The post What Are You Doing During The Golden Hour After An Attack? appeared first on McAfee Blogs.

]]>
Take the time to detect the attack, isolate the infected machines, and restore them to a known state. 

Are you one of the lucky 12%? That is how few companies we surveyed did not experience a successful targeted cyberattack in 2014. If you are one of the few, and think your luck is going to hold in 2015, you can skip to the next article. Otherwise, please read on.

We recently concluded a research study with Vanson Bourne of security professionals at large and mid-size companies around the world (see chart below). According to the study, most of you are very busy analyzing large volumes of data as you try to find actionable issues amidst the noise. On average, you are responding to an attack every five to 10 days. Half of these attacks are generic malware or adware, annoying to users but not an especially large threat to your company. However, whether you are dealing with some generic malware or a targeted attack, it takes time to detect the attack, isolate the infected machines, and restore them to a known state.

Almost 30% of the attacks are finely tuned and targeted at a specific company, department, or even a few individuals. Why do the survey respondents think these attacks are having increased success? You told us that the attacks are often socially engineered to appeal to the target, and are leveraging multiple channels such as social networks, non-PC devices, and external cloud-based tools. As a result, they are more difficult to detect, and even security-savvy users are having a more difficult time telling which communications are malicious.

When fighting a targeted attack, security professionals surveyed reported that, on average, it took six days to move from discovery to remediation. Financial services, insurance, construction, business or consumer services, and energy and utility companies took the longest time — eight to 10 days. Government, IT, transportation, and healthcare took the shortest time, at three to four days. Once discovered, things moved more quickly, taking on average nine hours to contain the infected systems, 19 hours to restore them to their normal state, and 30 hours to identify the attack vector and ensure that the security defenses were ready to handle a repeat occurrence.

What is taking up the most time? The top three are at the intersection of human expertise and security data: scoping out the size of an incident, containing it, and working to detect the next one. All of these can be improved through faster interpretation of relevant data and appropriate automation. If so much time is spent trying to determine the scope of an attack, doing that faster means containing it and getting back to normal sooner.

Next, we asked “What is inhibiting your ability to quickly understand what is happening in the organization?” Two of the top issues were an inadequate understanding of user behavior and network behavior. These are not requests for more data, but more comprehension. Like many of the respondents, you are probably already flooded with data, collecting firewall logs, networking events, rule sets, and even data packets. These are requests for better tools and more effective ways to interpret the data.

Fighting The Good Fight

The survey respondents also told us that they are in a fight that is sometimes biased against them. Incident detection and response is a mix of disparate tasks, manual processes, and inefficiencies that slow down response time and cleanup. Respondents asked for monitoring tools that can generate a better understanding of normal behavior, whether it is users, network traffic, servers, or applications. This is critical to being able to quickly identify anomalous activity and separate critical alerts from the cacophony of security noise. And 80% of respondents believe that lack of security technology integration is an obstacle. According to the study, security professionals would like a higher level of tool integration, both between tools and from the security operations center to endpoint.

Finally, we asked what help was wanted to boost efficiency and effectiveness of incident response efforts. The top two requests, obviously related to that number one time sink, were better detection tools and better analysis tools. The next two asked for more training and more people. Surprising to me, only 15% asked for more automation. When I look overall at these responses, I see a need for better analytics and more automation.

Analytics will help improve detection accuracy based on deeper inspection and better threat intelligence. Automation is a necessity because we all know there are not enough people to deal with the volume of attack we face. Historically, the reasons not to automate have been fear of false positives and loss of control. However, in order to scale staff and skills to the volume of events, we need to harness intelligent analytics to identify incidents from the mountains of event data.

To gather information for the survey, we spoke with 700 IT security decision makers during February and March 2015, at mid-market companies (500-999 employees), large companies (1,000-4,999 employees), and large enterprises (5,000 or more employees). These people were located in Australia, Brazil, France, Germany, the United Kingdom, and the United States. They represented more than 10 different industries, including information technology, manufacturing, financial services, government, retail, and transportation. You can read the full report at: http://www.mcafee.com/us/resources/reports/rp-esg-tackling-attack-detection-incident-response.pdf.

View the original post on Dark Reading.

The post What Are You Doing During The Golden Hour After An Attack? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/golden-hour-attack/feed/ 0
The Cloud Revolution Requires High-Performance Attack Prevention https://securingtomorrow.mcafee.com/executive-perspectives/the-cloud-revolution-requires-high-performance-attack-prevention/ https://securingtomorrow.mcafee.com/executive-perspectives/the-cloud-revolution-requires-high-performance-attack-prevention/#respond Thu, 21 May 2015 16:00:51 +0000 https://blogs.mcafee.com/?p=43482 Where there is traffic, there are bandits.  Applications, data, and infrastructure are moving to the cloud, and traditional network architectures are gradually fading away. In their place, we have an increasing reliance on web and email protocols as the carriers of our information, moving digital information without regard for physical and political borders. Where there …

The post The Cloud Revolution Requires High-Performance Attack Prevention appeared first on McAfee Blogs.

]]>
Where there is traffic, there are bandits. 

Applications, data, and infrastructure are moving to the cloud, and traditional network architectures are gradually fading away. In their place, we have an increasing reliance on web and email protocols as the carriers of our information, moving digital information without regard for physical and political borders. Where there is traffic, there are bandits. Cybercriminals are taking advantage of the increased activity and valuable data, exploiting web and email protocols for millions of attacks every day. Targeted attacks often start with spear phishing emails or strategically compromised websites, delivering malware and leading to countless data breaches.

The security teams we talk to are getting fatigued by the volume of these attacks, with many breaches allowed to live in the network for days or weeks without any investigation. With this many attacks, no company can provide the security resources necessary to chase them all down. As network borders fade and become less relevant to digital information, security has to expand its reach. The traditional approach to perimeter defense is no longer adequate.

Secure web and email gateways, whether on-premises or in the cloud, sit between the criminals and your users, scanning all traffic for known and zero-day malware, wherever your users are. Malicious links, files, and emails are blocked, reducing the attack surface and can remove the vast majority of zero-day malware – up to 95% in best-of-breed solutions. Even if a website is infected after an email gets through the gateway, the attack can still be stopped when the user clicks on the link.

Stopping 95% is good, but it is not enough for the most sophisticated attacks, which may include files that are designed to evade detection by traditional defenses. Adding advanced malware detection as an extra stage of analysis reduces the attack surface even further. The secure gateways send files that are still suspicious to an advanced sandbox, with in-depth code analysis and dynamic observation, designed to find malicious code fragments, identify evasive maneuvers, and catch malicious behavior before these files can reach your users and exfiltrate information. Suspicious files can be held from the user during this analysis to prevent first infection, eliminating “patient zero”.

This multi-stage process is proven to detect the vast majority of attack attempts. Immediately sharing this information throughout the security infrastructure over a common communications channel can help stop multi-vector attacks network-wide. Active scans upon receipt of new attack intelligence by endpoints and other security sensors can identify existing compromises and produce new event correlations used to investigate future attacks.

Now, all of this is not going to stop 100% of attacks from breaching your defenses. What it will do is free up the security team to focus on a smaller number of critical threats, instead of a continuous and often overwhelming barrage of threats both minor and serious, false alarms, and attacks that you have already dealt with multiple times. Applying a data loss prevention solution on both the network and endpoint can play a vital role in halting the potential damage of a data breach initiated by an advanced attack. Real human capital needs to be applied not to prevention, but to monitoring security events, preventing data loss, and conducting incident response. Embracing the cloud revolution requires a reassessment of the traditional security model – one focused on where the data goes, not where you’ve built a network.

View the original post on Dark Reading.

The post The Cloud Revolution Requires High-Performance Attack Prevention appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/the-cloud-revolution-requires-high-performance-attack-prevention/feed/ 0
Teaming Up to Educate and Enable Better Defense Against Phishing https://securingtomorrow.mcafee.com/executive-perspectives/teaming-up-to-educate-and-enable-better-defense-against-phishing/ https://securingtomorrow.mcafee.com/executive-perspectives/teaming-up-to-educate-and-enable-better-defense-against-phishing/#respond Fri, 15 May 2015 17:51:22 +0000 https://blogs.mcafee.com/?p=43376 Companies need to both educate their employees and implement prevention technology. No matter who you are, or how you get your email, you’re bound to be a target. That’s the inconvenient truth about phishing. The sheer volume is astonishing — McAfee Labs found over 150,000 new phishing URLs in the fourth quarter of 2014 alone. …

The post Teaming Up to Educate and Enable Better Defense Against Phishing appeared first on McAfee Blogs.

]]>
Companies need to both educate their employees and implement prevention technology.

No matter who you are, or how you get your email, you’re bound to be a target. That’s the inconvenient truth about phishing. The sheer volume is astonishing — McAfee Labs found over 150,000 new phishing URLs in the fourth quarter of 2014 alone. Couple that with Verizon’s finding nearly one infive users will click on a link within a phishing email, and the reality sets in. This is an uphill battle, and end users are on the front lines.

But it’s not just volume that results in compromise. More often than not, the phishing emails that result in a successful breach utilize highly sophisticated malware, social engineering, and are targeted at the most vulnerable amongst us.

At Intel Security, we have our sights honed in on this problem. To help companies’ efforts to reduce their risk and susceptibility to phishing, we teamed up with CBSNews.com to bring the issue to light on a global scale, raise awareness, and further educate the public.

Back in December, we released the first stage of our educational program — an online quiz that asks people to identify whether a set of 10 emails are legitimate or phishing. Quiz takers can then review what they got wrong, and what they should have looked out for. It’s a simple concept, but a powerful one. Looking at our inboxes every day, not all of us think “Is this a real email?” But we should! Vigilance against social engineering is every individual’s responsibility. We recently published a report on this titled “Hacking the Human Operating System,” which I recommend reading if you want to dig further into the psychological forces at play in these attacks.

Bottom line: If more of us were able to spot fraud, then no matter whose information it is — whether personal or corporate — there would be less of a chance for a criminal to commit theft.

You’re probably wondering how people performed on this quiz. Check out a followup article on CBSNews.com here and a few highlights below:

  • Only 3% of all respondents were able to identify every example correctly
  • 80% of all respondents misidentified at least one of the phishing emails
  • The 35 to 44 year old age group performed best, answering an average of 68% questions accurately
  • Of the 144 countries represented in the survey, the U.S. ranked 27thoverall in its ability to detect phishing, with 68% accuracy

One of the key takeaways in the aforementioned report is that “during a social engineering attack, the victim is not consciously aware that his or her actions are harmful.” Of course, in most cases, users are not intentionally infecting themselves with malware or divulging sensitive information. Preventing the impact of phishing requires a two-pronged approach: Companies need to educate their employees, and they need to employ prevention technology. By scanning every email for known bad senders, malicious files, and malicious URLs, organizations can reduce the attack surface immediately. Innovative approaches to threat detection like click-time malware scanning for URLs in email and attachment file sandboxing are new and effective ways to stop attacks.

Take a look at your email environment. If you’re running traditional Exchange on-premises, or managed by a partner, make sure you have email protection scanning the inbound and outbound flow of mail. If you are like many others in IT right now, you’re probably evaluating or already moving to a hosted Exchange environment such as Microsoft Office 365. The same concept applies. You need strong threat detection for your email, including defenses like click-time malware scanning to keep up with the dynamic nature of malware infection used in sophisticated phishing attacks.

I’m sure this isn’t the first time you’ve heard about phishing, and it won’t be the last. Take the right steps now to protect your organization.

View the original post on Dark Reading.

The post Teaming Up to Educate and Enable Better Defense Against Phishing appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/teaming-up-to-educate-and-enable-better-defense-against-phishing/feed/ 0
Defenses Outside the Wall https://securingtomorrow.mcafee.com/executive-perspectives/defenses-outside-wall/ https://securingtomorrow.mcafee.com/executive-perspectives/defenses-outside-wall/#respond Tue, 05 May 2015 16:41:32 +0000 https://blogs.mcafee.com/?p=43154 Protecting the Internet of Things means protecting the privacy of customers and colleagues. Most of the devices in the Internet of Things (IoT) reside outside of your security wall. Some, such as mobile point-of-sale terminals and other publicly accessible devices, are outside because they could be a gateway for malicious attacks. Others, such as sensors …

The post Defenses Outside the Wall appeared first on McAfee Blogs.

]]>
Protecting the Internet of Things means protecting the privacy of customers and colleagues.

Most of the devices in the Internet of Things (IoT) reside outside of your security wall. Some, such as mobile point-of-sale terminals and other publicly accessible devices, are outside because they could be a gateway for malicious attacks. Others, such as sensors and remote monitors, may be too distant to include inside. And some, such as medical devices and other specialized tools, may be outside of IT’s sphere. However, all of these devices still need to be protected as they go about their tasks of collecting and communicating sensitive and valuable personal data.

Protecting the Internet of Things is not like protecting a data center. The devices are small, often publicly accessible and vulnerable, and have limited computing power. As we saw in recent security breaches, keeping some devices inside the firewall is not recommended. The devices themselves need to be hardened to withstand attacks and resist tampering, but without compromising front-line performance and battery life or increasing operating costs. By building the necessary security functions into silicon, IoT technology such as point-of-sale devices and self-serve kiosks can control their integrity from the factory.

Retailers must vigilantly secure the valuable information they hold. It is important for consumers to know that companies are working to protect their financial information from cyberthreats by deploying security deep into their retail systems. As connected retail continues to grow, directly addressing security challenges will be an important part of brand reputation and success. Antivirus, immutable identity, dynamic whitelisting, applications control, and secure boot are mandatory functions to defend the millions of connected point-of-sale and kiosk devices around the world regularly targeted by hackers. These tools provide immediate protection from zero-day vulnerabilities and unauthorized application changes, while reducing the frequency of software patches.

Secure Communications

With little or no local storage, IoT devices are heavily dependent on communications, so securing the communications path is as important as hardening the device. Having your credit card information stolen is annoying and potentially costly. Having your healthcare information stolen can be personally embarrassing, have long-term effects, and provide hackers with everything they need for identity theft.

As the IoT moves further and further into healthcare, medical devices are coming under attack because of the valuable information they contain. Standard security does not protect against insider attacks, staff errors, security lapses, or theft of data in transit. Adding powerful data encryption to healthcare devices protects confidential patient data in transit and at rest. As a side benefit, encryption can also monitor and control access to the systems and their data, sending alarms in the event of unauthorized attempts to access them. Even more than consumers, patients place a high value on trust and privacy. Security breaches or leaks of confidential healthcare data could be harmful or fatal.

Securing the IoT — whether in retail, healthcare, industrial, or home environments — means looking at the whole ecosystem, not individual points and devices, from silicon to software and from platforms to management. Industry specialists must be able to incorporate these tools into their unique solutions, addressing the specific needs of their target markets. Best practices demand that we not only harden the devices, but also secure the communications and monitor and manage the security state.  Most important, we need to remember that by protecting the data, we are protecting the privacy of our customers, colleagues, neighbors, friends, and families.

View the original post on Dark Reading.

The post Defenses Outside the Wall appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/defenses-outside-wall/feed/ 0
Application Layer Exfiltration Protection: A New Perspective on Firewalls https://securingtomorrow.mcafee.com/executive-perspectives/application-layer-exfiltration-protection-new-perspective-firewalls/ https://securingtomorrow.mcafee.com/executive-perspectives/application-layer-exfiltration-protection-new-perspective-firewalls/#respond Thu, 30 Apr 2015 21:27:04 +0000 https://blogs.mcafee.com/?p=43074 Organizations must adopt a new way of thinking about safeguarding sensitive data from theft and unauthorized exfiltration. The recent slew of high profile data breaches has prompted organizations to harden network perimeter defenses with the latest security technologies. In response, some cybercriminals are shifting their focus toward the human element, with phishing and social engineering …

The post Application Layer Exfiltration Protection: A New Perspective on Firewalls appeared first on McAfee Blogs.

]]>
Organizations must adopt a new way of thinking about safeguarding sensitive data from theft and unauthorized exfiltration.

The recent slew of high profile data breaches has prompted organizations to harden network perimeter defenses with the latest security technologies. In response, some cybercriminals are shifting their focus toward the human element, with phishing and social engineering scams that fool corporate users or contractors into giving up network access credentials. Others hackers are using more sophisticated methods to evade defenses such as advanced evasion techniques (AETs). Once inside, attackers often discover a lack of internal security controls. They can take their time to avoid detection while installing malware that exfiltrates data from internal file servers or devices such as point-of-sale terminals, ATM machines, critical infrastructure controllers, and healthcare endpoints. This exfiltration process can go on for weeks, months, and sometimes even years before discovery.

Data loss prevention (DLP) solutions do an excellent job of classifying, fingerprinting, and controlling access to “data at rest” on PCs, servers, and even removable storage devices. They also control how potentially sensitive “data in use” is handled at endpoints and discover and protect sensitive “data in motion” such as data sent through network traffic, email, and instant messaging. DLP is effective against both intentional and unintentional disclosure of confidential information. However, there are certain instances of data in motion where a next-generation firewall can also be effective in preventing data theft. As demonstrated in recent major retail breaches, attackers were able to bypass security controls by setting up their own communications back channels or encrypting exfiltrated data to bypass keyword filters. Because of their strategic locations at ingress and egress points throughout networks, NGFWs are able to work with endpoint management and DLP solutions to enhance existing protections and provide additional security in the battle against data breaches.

Getting More from Your Firewall

While cybercriminals keep changing their tactics, security best practices have not changed much over the years. Best practices still recommend deploying a standard set of processes and security tools, including firewalls, IPSs, and DLP solutions, with the same basic protection strategies. Firewalls are still positioned primarily for blocking intrusion attempts at the network perimeter or protecting data centers. However, when hackers circumvent perimeter defenses with phishing tactics and AETs, firewalls are rendered useless and other defenses must pick up the slack.

It’s time to challenge conventional thinking and get more from your firewall. Next-generation firewalls should serve a dual purpose — they should stop attackers from infiltrating the network and prevent attackers from exfiltrating sensitive data.

The most logical way to do this is to leverage the connection-blocking capabilities already built-in to most firewalls. Today’s next-generation firewalls have the logistical placement, performance capabilities, and application control features required to block unauthorized data streams from rogue applications before they leave the network. The challenge is that most firewalls are blind to these data exfiltration activities. Real-time, granular, actionable intelligence from endpoints is the critical information that firewalls need to enable application layer exfiltration protection. High level requirements for a more complete inbound and outbound protection solution are listed below:

  • Endpoint intelligence. Endpoint intelligence must work with firewalls and other security services across the network for risk correlation, analysis, and forensics.As a team, they should validate the use of trusted applications, inventory application processes, monitor communications activities, and scrutinize all outgoing connections made by executables. Applications must be associated with legitimate users, especially where BYOD or shared devices are a concern.
  • Minimal performance overhead and device footprint. Many endpoint devices have limited resources and storage capacities — especially in the case of retail POS systems, ATM kiosks, and medical devices. The endpoint implementation must be very lightweight, both in terms of size and processing requirements.
  • Whitelisting to allow only authorized activity. Firewalls and endpoints must both enforce the use of trusted applications, users, and associated connections with whitelisting technology, allowing legitimate, validated traffic to pass through to file servers, data storage, or trusted third parties such as merchant banks.
  • Blacklisting integration for corrective action. For real-time protection, firewalls and endpoints must also be capable of sending notifications when rogue application are discovered, blocking illegitimate traffic, and taking immediate corrective action. Compromised hosts must be quarantined and the identified malware and communications blacklisted to prevent data exfiltration.
  • Efficient management. A new approach must work within an existing centralized management schema to maximize management efficiency and minimize related expense.
  • Low cost. Upfront cost is always an issue. Perhaps more important, the solution should readily integrate with your existing security systems, reducing the deployment and operational impact to your security budget and staff resources.

Keeping Insiders Out

These requirements can also address one of today’s biggest challenges: insider attacks. Disgruntled employees and contractors with legitimate access to internal systems can deploy malware on shared workstations, making it difficult to monitor and block potentially malicious network communications. By associating user information and security identifiers with endpoint application processes, application layer exfiltration protection can greatly minimize the risks posed by insider attacks.

View the original post on Dark Reading.

The post Application Layer Exfiltration Protection: A New Perspective on Firewalls appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/application-layer-exfiltration-protection-new-perspective-firewalls/feed/ 0
The Courage to Change the Game https://securingtomorrow.mcafee.com/executive-perspectives/courage-change-game/ https://securingtomorrow.mcafee.com/executive-perspectives/courage-change-game/#respond Wed, 22 Apr 2015 17:34:42 +0000 https://blogs.mcafee.com/?p=42884 This week at RSA 2015 in San Francisco, I delivered a keynote where I served up one big, simple challenge to the industry: we must find the courage to change the security game. The security business is booming. In the past five years, more than 1,200 startups have joined the game, with Wall Street assigning …

The post The Courage to Change the Game appeared first on McAfee Blogs.

]]>
This week at RSA 2015 in San Francisco, I delivered a keynote where I served up one big, simple challenge to the industry: we must find the courage to change the security game.

The security business is booming. In the past five years, more than 1,200 startups have joined the game, with Wall Street assigning them record valuations. At the same time, high-profile data breaches seize headlines, and we find ourselves in a culture-wide trust crisis. Things must change in how cyber security gets done. And while it won’t be easy, it’s essential we step up to evolve how we think and how we operate in this new landscape.

Put simply, it’s time for a more thoughtful end-to-end security model. One that upends conventional wisdom, and sets aside an obsolete approach to our challenges – beginning with how we manage the information we track. Visibility is important, but the fact is, we’re inundated in data. In this sea of information we’re not pinpointing, and responding with discerning data analysis, to the nuggets of insight that matter. Ask yourself: do we have the ability to distinguish between suspicious behavior and malicious intent? Can we tell whether the attacker is opportunistic, or approaches with a focused goal? Not often enough. Consider this idea: what if we immediately measured the value of each threat alert as it arrives, and then mapped its probability as part of a campaign in order to predict its path, target, and agenda? If we understand alerts in the context of the campaigns we face, we can go on offense – and better contain and respond to attacks against our systems and data.

We all can agree that in the landscape we operate in, not all threats are created equal. That’s why we need to give ourselves permission to stop going after every alert that comes into our Security Operation Centers with equal focus. Around 98 percent of these events are low priority – let’s trust automation to handle them. Instead, we should put our talent on the hunt after the two percent of alerts that are the real problem. Here’s another question to ask: what if security managers used their SIEM tool not as a security inbox…a summary laundry list of what already happened…and instead used it to as a source of actionable intelligence to understand what may happen next? The idea is easy to grasp. Harder is the work to change processes and measures – and the minds of our peers – in our organizations. But it can be done. Change with the right goals in mind is worth the effort it takes.

That’s why during my keynote, I brought to the stage former Oakland A’s general manager, Billy Beane of ‘Moneyball.’ You’ll recall he got his ball club to the postseason, repeatedly, by looking at performance data differently and defying conventional wisdom – by literally upending how baseball gets done. Billy used unorthodox data analytics to make decisions, measure value, and win games. And he stuck to his new vision to operate differently. So must we.

Thinking different takes courage. It’s always easier to retreat to the tried and true. But the stakes have grown too high for that. Something has to change. Looking at data differently, leveraging it to go on offense, and providing best-in-class products to make it happen is how we defuse the trust crisis in computing today. It’s how we lead. It’s how we change the game.

The post The Courage to Change the Game appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/courage-change-game/feed/ 0
Fueling Change: The Power of Intel https://securingtomorrow.mcafee.com/executive-perspectives/fueling-change-the-power-of-intel/ https://securingtomorrow.mcafee.com/executive-perspectives/fueling-change-the-power-of-intel/#respond Mon, 20 Apr 2015 21:15:28 +0000 https://blogs.mcafee.com/?p=42828 This blog post was written by Penny Baldwin. Relentless innovation. It’s a powerful phrase. And it’s what we’re about at Intel. Increasing threats in cyber security call for relentless innovation and solutions that allow us to protect the world’s digital space in every facet of computing by integrating security into all of our devices. That’s …

The post Fueling Change: The Power of Intel appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

Relentless innovation. It’s a powerful phrase. And it’s what we’re about at Intel.

Increasing threats in cyber security call for relentless innovation and solutions that allow us to protect the world’s digital space in every facet of computing by integrating security into all of our devices. That’s where Intel comes in. From processors to smart products, Intel is behind the technology that we use every day.

This year, we’re changing the way businesses and consumers look at security. It’s about changing the norm, and demanding excellence from providers of the products we use every day, and putting the call to action for security to be integrated in everything that we use.

Tomorrow morning, Chris Young will take the stage at RSA to talk about how Intel will strive to fuel change in the security industry. We’re asking people to look at data differently, shift our priorities and usher in a new security model —one that is inherent in our everyday actions and sets the bar high enough so that hackers are left behind.

This is by far the most exciting RSA conference yet. If you’re unable to attend, be sure to follow @IntelSec_Biz for real time updates during Chris’ keynote and general news from the show floor.

This is the year we change the security game with Intel – are you in?!

The post Fueling Change: The Power of Intel appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/fueling-change-the-power-of-intel/feed/ 0
Predictive Analytics: The Future Is Now https://securingtomorrow.mcafee.com/executive-perspectives/predictive-analytics-the-future-is-now/ https://securingtomorrow.mcafee.com/executive-perspectives/predictive-analytics-the-future-is-now/#respond Thu, 16 Apr 2015 16:00:54 +0000 https://blogs.mcafee.com/?p=42742 Enhanced analytical capabilities will help organizations better understand how attacks will unfold, and how to stop them in their earliest stages.  Prediction is as old as humankind, as we’ve search for clues to the future. Big data, computer models, and sophisticated algorithms have brought us much closer to accurately predicting things such as actuarial tables, …

The post Predictive Analytics: The Future Is Now appeared first on McAfee Blogs.

]]>
Enhanced analytical capabilities will help organizations better understand how attacks will unfold, and how to stop them in their earliest stages. 

Prediction is as old as humankind, as we’ve search for clues to the future. Big data, computer models, and sophisticated algorithms have brought us much closer to accurately predicting things such as actuarial tables, inventory levels, and financial behavior. These tools help with pricing, manufacturing, and application approvals. Advanced analytics can also help security analysts understand the probable path of an attack and enable faster actions to contain or even stop it before it becomes a serious threat.

Security officers already bear some responsibility to predict threats, which affects budget, purchase, and staffing decisions. They use available information on today’s threats to prepare for tomorrow’s, on a broad scale. But how do you predict and respond to a single serious attack amid all of the day-to-day noise in a way that is actionable and sustainable?

Effective prediction requires a large amount of data from a range of activities, including normal behavior, historical events, and third-party intelligence. The bad news is that the sheer volume of security data we are collecting is already overloading the ability of human analysts to interpret. The good news is that this is exactly what predictive analytics needs to crunch through and present in an actionable format.

To use a simple example, you have data from a historical attack that used several IP addresses and domains. Those addresses are already flagged as malicious, but you investigate and find that there are another 200 domains with the same owners. Adding those domains to the watch list gives you an early warning that, if any of them is being accessed from your network, you are probably seeing the beginnings of a new attack.

This example is admittedly simple, and there are significant barriers to overcome before predictive security analytics becomes commonplace. The ability to distinguish between suspicious and malicious, to determine if someone has a weapon and is not merely loitering outside, requires more context about the data. Where did this information come from? How old is it? Why was it marked malicious? A threat intelligence exchange model can provide this much-needed context, sharing threat information in real-time among partners, other companies in the industry, security vendors, and government agencies.

Incomplete Alerts

Even with context, the alerts from predictive analytics are still going to be incomplete. They are not going to deliver the same certainty as matching a malware signature or known bad IP address. What they will do is provide enough probable cause for protective actions to start earlier, before you have all the details of the attack.

Is the market ready for these tools? Not quite. Most customers I meet with are so busy with collecting data for compliance and regulatory use cases that predictive analytics are an aspirational goal. But these organizations are slowly building the foundation needed for prediction by increasing integration and automation of their security forces. These foundational abilities include real-time hunting, prioritization, and scoping of security incidents seen in their environments. Blocking decisions are being made automatically, based on policies and increasingly detailed profiles of normal and abnormal behavior. And we continue to work with our industry partners to respond to rapidly changing and evolving attack patterns with tools that are smart, integrated, and adaptive.

Enhanced analytical capabilities will help those on the front lines better understand how attacks will unfold, and stop these strikes in their earliest stages.

The post Predictive Analytics: The Future Is Now appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/predictive-analytics-the-future-is-now/feed/ 0
Botnet to Cybersecurity: Catch Me If You Can https://securingtomorrow.mcafee.com/executive-perspectives/botnet-to-cybersecurity-catch-me-if-you-can/ https://securingtomorrow.mcafee.com/executive-perspectives/botnet-to-cybersecurity-catch-me-if-you-can/#respond Wed, 15 Apr 2015 22:00:43 +0000 https://blogs.mcafee.com/?p=42737 Tracking and disrupting the crime ring behind a polymorphic botnet.  On April 8, global law enforcement, with the assistance of Intel Security/McAfee, took down the Beebone botnet, which propagates a particularly tricky polymorphic worm. Law enforcement and criminals often act like predators and prey, each evolving and adapting, trying to gain an advantage. A few …

The post Botnet to Cybersecurity: Catch Me If You Can appeared first on McAfee Blogs.

]]>
Tracking and disrupting the crime ring behind a polymorphic botnet. 

On April 8, global law enforcement, with the assistance of Intel Security/McAfee, took down the Beebone botnet, which propagates a particularly tricky polymorphic worm.

Law enforcement and criminals often act like predators and prey, each evolving and adapting, trying to gain an advantage. A few have developed the ability to camouflage themselves by constantly changing their appearance. We are now seeing this type of adaptive, polymorphic behavior in malware, and it is our turn to respond and neutralize it.

Identifying a unique signature is one of the oldest methods of combating malware. But this worm — W32/Worm-AAEH, also known as VObfus, VBObfus, Changeup, and other names — tries to overcome signature-based detection by changing its form every time it moves to a new system and as often as six times per day within an infected system. We now have more than 5 million unique samples of W32/Worm-AAEH. The worm can detect sandboxes and antivirus software, block connections to security company websites, disable tools that try to terminate it, leverage encryption techniques, and dynamically change control server addresses and domain names. As a result, it has remained a threat since it was first discovered almost six years ago. The worm has been responsible for infecting tens of thousands of systems, and initial estimates from the sinkhole operation suggest that the botnet is considerably larger than our original estimates (more details to follow).

Although the polymorphic worm evades signature-based defenses, it is readily stopped with behavioral policies such as preventing programs from creating an AutoRun file, blocking file execution in user folders, and watching or blocking outbound connections on selected ports.

In March of last year, McAfee Labs built an automated monitoring system to mimic the communications between this worm and its hosts, helping us to reduce infections and understand its behavior. Details about that system can be found here.

Armed with information gathered through our monitoring system, we worked with a coalition of law enforcement agencies, the Shadowserver Foundation, and other security vendors to take down the botnet supporting this worm along with the crime ring behind it.

The takedown was led by the Dutch National High Tech Crime Unit. International engagement was coordinated through Europol’s European Cybercrime Centre (EC3), the FBI, and US-based representatives at the National Cyber Investigative Joint Task Force- International Cyber Crime Coordination Cell (IC4), along with additional intelligence from Kaspersky Lab. Collectively, we were able to seize and suspend the domains used by the criminal control servers, which were spread across Europe.

This type of operation demonstrates how critical collaboration is for the continued security of our computer systems. Our success was heavily dependent on the work and cooperation of multiple national and international law enforcement agencies, supported by detailed work and timely information from security vendors. Without working together, this botnet and the criminals behind it would still be in operation.

View the original post on Dark Reading.

The post Botnet to Cybersecurity: Catch Me If You Can appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/botnet-to-cybersecurity-catch-me-if-you-can/feed/ 0
Some of the Best Things in Security Are Free https://securingtomorrow.mcafee.com/executive-perspectives/some-of-the-best-things-in-security-are-free/ https://securingtomorrow.mcafee.com/executive-perspectives/some-of-the-best-things-in-security-are-free/#respond Thu, 09 Apr 2015 09:00:08 +0000 https://blogs.mcafee.com/?p=42492 Software tools are available from our consultants free of charge.  When our Foundstone consultants are working at customer sites, they sometimes realize that they can perform a task better if they write some code. They might want a tool that scans for vulnerabilities or malware, helps with forensic analysis, or tests security settings.  After the …

The post Some of the Best Things in Security Are Free appeared first on McAfee Blogs.

]]>
Software tools are available from our consultants free of charge. 

When our Foundstone consultants are working at customer sites, they sometimes realize that they can perform a task better if they write some code. They might want a tool that scans for vulnerabilities or malware, helps with forensic analysis, or tests security settings.  After the initial proof-of-concept tool is validated, we give them some dedicated time on the bench back in the office to clean the tool up, refine and enhance it, and then we publish it on our site or on the GitHub Open Security Research repositories.

These tools provide a wide range of useful functions, and not just for checking host or network weak points. ProxBrute, for example, tests your physical security by trying brute force attacks on proximity card readers, varying both the tag value and privileges. One of our consultants was running this test at a customer site and the software happened to try the tag of a recently terminated employee who was on a watch list. The security guards came running out, thinking that this former employee had gained access to the data center. Luckily, our consultant had a get-out-of-jail-free card from the CISO! Running similar tests at your site will help validate your physical access protocols.

A cross between network and physical weak points is impersonating a legitimate Wi-Fi access point. The hostapd-wpe tool is an 802.1X authentication server that establishes connections with a laptop or other wireless device and tricks it into giving up its client credentials. Now connected to the laptop, the attacker can act as a man in the middle, redirecting DNS queries, probing for vulnerabilities such as Heartbleed, and looking for data to exfiltrate. Or the attacker can use his newly stolen credentials to connect to the real access point and look for further vulnerabilities on your network. Hostapd-wpe is a useful tool for evaluating and improving the security posture of your mobile devices.

One of our popular network tools is JMSDigger, which tests for authentication and identification vulnerabilities of applications using Apache’s ActiveMQ Java Message Service. JMSDigger runs both anonymous and manual authentication checks against your apps, with automated brute force or fuzz-testing of credentials to help find potential weak points. This tool can also impersonate other applications or create new subscribers, topics, and message queues. You can verify broker configurations, test authentications, or dump queues and topics to attempt content extraction. Armed with this information, you can make sure your sensitive apps are properly protected with the necessary configuration settings.

Social engineering is another way that attackers will try to gain access to your sensitive data. Training people to identify and defend against these attacks is made easier with FSflow. This is an automated call-flow application, similar to those used in call centers. You can use this tool to run test calls and log the responses and the information you were able to extract. You can then use this information to customize security awareness training and identify weaknesses in training coverage or user understanding of what should be confidential.

These are just a few examples of the many free security tools available for you to assess your security posture, find and fix potential weaknesses, and advance your defenses against malicious attacks. Protecting your network and data is a continuous task, and these tools make it possible for you to cover more ground, in less time, at no cost.

View the original post on Dark Reading.

The post Some of the Best Things in Security Are Free appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/some-of-the-best-things-in-security-are-free/feed/ 0
Containing Security https://securingtomorrow.mcafee.com/executive-perspectives/containing-security/ https://securingtomorrow.mcafee.com/executive-perspectives/containing-security/#respond Wed, 08 Apr 2015 21:00:54 +0000 https://blogs.mcafee.com/?p=42490 How to identify the appropriate security for your container-based virtual applications.  Virtual machines and containers are similar but distinct ways of virtualizing infrastructure to deploy applications. And they have similar but distinct needs for securing those applications. Virtual machines are the most separate and secure method of virtualizing hardware, enforced by hardware. Each virtual machine …

The post Containing Security appeared first on McAfee Blogs.

]]>
How to identify the appropriate security for your container-based virtual applications. 

Virtual machines and containers are similar but distinct ways of virtualizing infrastructure to deploy applications. And they have similar but distinct needs for securing those applications.

Virtual machines are the most separate and secure method of virtualizing hardware, enforced by hardware. Each virtual machine is an instance of the whole operating system, providing all of the services and consuming all of the necessary resources. VMs talk to each other on the same hardware via network interfaces as if they were separate machines, and they have nothing in common except the bare hardware they run on. Hardware assists for virtualization further isolate the processor resources, physical memory, interrupt management, and data I/O between machine instances. Securing a virtual machine is like securing a physical machine. Security policies, firewalls, and intrusion detection and prevention all see each VM as a separate instance and are configured accordingly.

Containers are a hybrid between a single operating system and a virtual machine. Multiple containers run in a single instance of an operating system, but each has its own network stack, file space, and process stack. They also communicate with each other via network interfaces, but they do not yet have hardware assists for hardware-level isolation. With only one version of the operating system, the same hardware will support more containers than virtual machines — two to five times as many or more, depending on the container requirements. However, containers can be granted additional privileges, accidentally or intentionally, that weaken the walls between containers as well as the underlying operating system.

One of the safest features of containers is running them without full root privilege. Applications running in containers should be fully functional without all of the powerful tools available as root privileges such as access to unrestricted disk, network, and process operations. This means that should some malware manage to modify itself to root level within a container, it does not have unrestricted access to the rest of the machine. Similarly, make sure that each container is spawned in its own root directory, without access to the hardware root directory. This restriction, however, is only effective if there are no privilege escalation vulnerabilities in the operating system or container base code.

Beware of Security Holes

Containers can be configured to expose and share ports and files directly with another container. This is a very useful tool for efficiently passing information between applications, but it opens up a potential security hole. A further recommendation for secure containers is to only run applications on the same machine that you would run without containers. Do not mix data types, privilege levels, or user namespaces across multiple containers on the same machine. Containers provide additional separation between applications and should be considered an additional security measure, not a replacement.

Virtualization enabled the cloud-computing revolution. The fact that these environments are isolated at the hardware level creates the perfect environment for multitenant scenarios. Sensitive workloads from two different customers can be running on the same hardware without any compliance or security compromise, keeping customers comfortable with cloud deployments.

Containers do not currently provide this level of isolation. The weaker separation between containers creates security and compliance challenges when running workloads from different customers. As a result, it is vital to understand the security implications if you are using containers for multitenant scenarios.

The increasing use of containers and other software-defined virtualization tools continues to increase the agility of data center operations. Security configuration and management now needs to match that agility, demonstrating the emerging need for software-defined security, which I will cover in more detail in the next post.

View the original post on Dark Reading.

The post Containing Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/containing-security/feed/ 0
Defending Cyber-Physical Systems from Attack Chains https://securingtomorrow.mcafee.com/executive-perspectives/defending-cyber-physical-systems-from-attack-chains/ https://securingtomorrow.mcafee.com/executive-perspectives/defending-cyber-physical-systems-from-attack-chains/#respond Tue, 31 Mar 2015 22:00:17 +0000 https://blogs.mcafee.com/?p=42416 A strong defense against compromise involves three layers: hardening devices, securing communications, and monitoring behavior.  If criminals breach data security and steal credit card numbers or personal information, your company suffers loss of reputation and potentially significant intangible costs. If they breach security of your cyber-physical control systems, you could be facing damage or destruction …

The post Defending Cyber-Physical Systems from Attack Chains appeared first on McAfee Blogs.

]]>
A strong defense against compromise involves three layers: hardening devices, securing communications, and monitoring behavior. 

If criminals breach data security and steal credit card numbers or personal information, your company suffers loss of reputation and potentially significant intangible costs. If they breach security of your cyber-physical control systems, you could be facing damage or destruction of physical property and significant tangible costs.

Cyber-physical systems, where computers and the Internet meet the real world, cover a wide range of devices. Industrial automation, home control, smart grids, and medical devices are just a few examples. These machines make decisions and take actions based on inputs from physical readings. Cybersecurity for these systems is an extension of reliability, protecting them from faults or damage introduced by cyberattacks.

These attacks follow a similar attack-chain pattern to non-physical attacks, until the final stages. In the initial reconnaissance, they will research the types of equipment you use that could be compromised and then try to find a weakness in your defenses, whether it is digital, physical, or social. Building a weapon that can get through this weakness comes next, followed by attempted delivery. If delivery is successful, the weapon will exploit the security breach to download and install malware targeting the physical system or device.

Once the malware is installed, the attackers can command and control the compromised device, and this is where the game changes. With access to the device, they can observe your normal operations, query sensors, and run test probes to determine what effect they can have.

Nefarious Objectives

The objectives of a cyber-physical attack are usually not data exfiltration, at least not in the large amounts seen in other attacks. Instead, the attackers could be targeting corporate espionage, denial of control, disablement of alarms, manipulation of sensors or actions to adversely affect output, or physical damage. Overt control could be deferred for a long time while they watch, waiting for the right opportunity to execute or to coordinate with other actions.

A carefully researched and executed series of phishing emails gave attackers access to and control of the production systems in a German steel mill in 2014. Disabling various alarms and safety mechanisms, attackers instigated equipment failures that triggered an emergency shutdown of a blast furnace, causing a massive amount of damage.

In another attack in 2013, snipers shot at and damaged 17 electrical transformers in California, causing them to leak coolant, overheat, and shut down. Just before the attack, they cut the phone and data cables in an attempt to disable the alarms. While there was no cyber component to this attack, it provides an example of the potential of a coordinated cyber and physical attack on vulnerable physical systems.

Defending cyber-physical systems from attack and compromise involves three layers: hardening the devices, securing communications, and monitoring behavior. Older devices can be protected by hardened gateways with a tamper-resistant operating system and strong application execution controls, while new ones should have these functions designed in. Communications between all processes, devices, and systems, should be encrypted in virtual private network tunnels to keep them secure from unauthorized interception or modification. And monitoring of the system and all its components needs to be automated, based on clearly defined policies, to quickly distinguish between normal and suspicious behavior and to catch threats as early as possible.

Sharing intelligence on threats and attacks, with industry partners, government agencies, and security companies is another important step in moving up the attack chain. Given the importance of cyber-physical systems to our lives and communities, it is imperative that we secure them from attacks, and I am confident that we have the resolve and ability to do so.

View the original post on Dark Reading.

The post Defending Cyber-Physical Systems from Attack Chains appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/defending-cyber-physical-systems-from-attack-chains/feed/ 0
Cloud Computing – It’s a Question of Trust https://securingtomorrow.mcafee.com/executive-perspectives/cloud-computing-its-a-question-of-trust/ https://securingtomorrow.mcafee.com/executive-perspectives/cloud-computing-its-a-question-of-trust/#respond Thu, 26 Mar 2015 18:50:20 +0000 https://blogs.mcafee.com/?p=42351 Can we really trust cloud computing? Or perhaps more importantly do you trust the cloud? And does the perceived lack of transparency, combined with recent negative headlines, impact future investments in cloud computing? In conjunction with the Cloud Security Alliance, we have prepared a survey to gain a better understanding of the perceived trust within …

The post Cloud Computing – It’s a Question of Trust appeared first on McAfee Blogs.

]]>
Can we really trust cloud computing? Or perhaps more importantly do you trust the cloud? And does the perceived lack of transparency, combined with recent negative headlines, impact future investments in cloud computing?

In conjunction with the Cloud Security Alliance, we have prepared a survey to gain a better understanding of the perceived trust within cloud computing. Our Cloud Trust survey is intended to tell us about levels of trust and where the fundamental differences lie between certain geographies and organizations (by size).

The reality is that cloud computing plays an integral role in our digital lives and allows all of us to focus on what matters most while outsourcing the work required to deliver our email, host our websites and much else. Gaining an understanding of the emerging security and privacy requirements is important. It gives us a platform that we can trust and rely on, both as consumers and within our work lives.

We therefore really need your help. Please take five minutes to provide your feedback. Let us know your perception of how trustworthy cloud computing is and has been, and more importantly the measures that are required for the future cloud. The survey can be found here.

So far the results make for some really interesting reading, most notably that the cloud is seen as considerably more trustworthy than 12 months ago. We will keep the survey open a little longer and publish a report based on the findings. This will help all of us as an industry introduce the necessary trust within the cloud computing services that we rely on.

The post Cloud Computing – It’s a Question of Trust appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cloud-computing-its-a-question-of-trust/feed/ 0
Preparing for a Breach: The Charge of the Security Brigade https://securingtomorrow.mcafee.com/executive-perspectives/preparing-for-a-breach-the-charge-of-the-security-brigade/ https://securingtomorrow.mcafee.com/executive-perspectives/preparing-for-a-breach-the-charge-of-the-security-brigade/#respond Thu, 26 Mar 2015 16:00:50 +0000 https://blogs.mcafee.com/?p=42295 Automation is key to shorter response times and better containment. Breaches to the right of you, Breaches to the left of you, Breaches in front of you, Broken and plunder’d. (With apologies to Alfred, Lord Tennyson) Hopefully your security outlook is not as bleak as the ill-fated “Charge of the Light Brigade.” Sometimes it may …

The post Preparing for a Breach: The Charge of the Security Brigade appeared first on McAfee Blogs.

]]>
Automation is key to shorter response times and better containment.

Breaches to the right of you,
Breaches to the left of you,
Breaches in front of you,
Broken and plunder’d.
(With apologies to Alfred, Lord Tennyson)

Hopefully your security outlook is not as bleak as the ill-fated “Charge of the Light Brigade.” Sometimes it may seem that it is only a matter of time before there is a security breach where you work. All around you, organizations are being attacked and compromised, billions of pieces of personal or confidential data have been stolen, and it appears that no one is immune from attack. Security resources are under pressure, being asked to do more with less, while the rate of attacks increases and the amount of security data to sift through is mind-numbing.

Policy-based automation is a key security resource at hand that was not available to the Light Brigade.

“Automation Is The Answer. Given the consequences of data breaches, businesses can no longer rely on passive, manual procedures to defend against them. The only way to protect the exfiltration of our data by hackers and cybercriminals is to provide our security teams with a set of rules that will incentivize automated response.” —John Kindervag and Stephanie Balaouras, Forrester, “Rules Of Engagement: A Call to Action to Automate Breach Response.”

Normalization of security data, correlation of events, and automated remediation using security analytics can reduce the transactional workload of your security staff, freeing them to focus on the most credible and most important issues. It’s part of clearing away the clutter and noise so your experts can see the relevant signals.

Before you can automate your incident response, you need to establish a baseline of what is normal. For this, you must know your day-to-day infrastructure patterns and facts:

  • what devices should be present on which network segments
  • what software applications are approved
  • what are the valid configurations
  • what network protocols are permitted
  • where are the authorized wireless access points
  • a list of valid user accounts by segment

Armed with this baseline and corporate policies, security analytics can detect unapproved or undesired activities and tell the endpoints to automatically stop a malicious process, delete unwanted files, and create a forensic image for further investigation. If the host is too infected, it can be reimaged from a known good state. When a malicious file is confirmed, the analytics engine can mine historical data to locate any past events or related artifacts (indicators of attack or compromise), or add it to a watch list for future appearances. Humans can do all of these things, but it takes them longer to assess and take action, giving the attack more time to spread in an endless game of catch up.

At the network layer, security management-driven policies can drive automation to block unwanted traffic based on various parameters you define — such as IP address, system name, port, protocol, or physical switch port — and add the relevant information to a watch list. Suspicious traffic can be redirected for packet capture and later forensic analysis.

Aggregating and correlating security incidents into a centralized defensive system lessens the amount of noise in your security alerts. Automating responses to known threats, whitelist violations, unauthorized user accounts, and other clear indicators of attack or compromise reduces response time, containing the threat before it can achieve its objective. Visibility into these events and counteractions will inform the security team as potential evidence of an attack underway.

The Next Frontier: Incident Response

These host and network-based responses are all possible today, and they free up resources to tackle the next frontier: enriching and guiding incident response based on the event sequence and contents of a suspicious file. Within a malicious file, data such as related files and IP addresses contacted can drive targeted reactions. The file and its history also reveal a meaningful story for investigative tools and processes that can hunt throughout your infrastructure. Tools are becoming available that automate searches for file name, hash (MD5 or SHA-1), severity of the convicted file, the gateway or device that first detected it, the message that carried it, the source and destination systems, and the source URL. Leveraging a centralized platform, systems and traffic that share these attributes can be assessed for compromise while these things are monitored via a watch list for future events.

When events surface from historic or dynamic watch lists, the host and network-based automation options can be used again, with surgical precision.

These are some ways that automated cyberthreat response reduces the workload of your security team, freeing them to focus on improving defenses and responding to unknown incidents. These are all options today for active incident response. As we shift to adaptive security management, look to machine learning to automatically add newly identified threats to the watch list, training the system to respond to threats as they become known. The increased sharing of threat intelligence and indicators of compromise and the ability of security analytics and management systems to consume and respond to these via standardized interfaces build an additional layer of validation, credibility, and confidence. These advances will help analysts continue to focus on the unknown and suspicious — the place where the people factor remains critical.

Things may not be as bleak as the “Charge of the Light Brigade,” but you do need to be prepared for a security incident. Challenge your security analytics and management infrastructure to be your ally in the battle by understanding your business baseline and helping you detect, deflect, and facilitate correction. Otherwise, you are just charging off:

Yours not to reason why,
Yours but to do and die.

View the original post on Dark Reading.

The post Preparing for a Breach: The Charge of the Security Brigade appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/preparing-for-a-breach-the-charge-of-the-security-brigade/feed/ 0
Protect Your Web Applications https://securingtomorrow.mcafee.com/executive-perspectives/protect-your-web-applications/ https://securingtomorrow.mcafee.com/executive-perspectives/protect-your-web-applications/#respond Tue, 24 Mar 2015 21:00:26 +0000 https://blogs.mcafee.com/?p=42213 Reverse proxies are critical to shield Web apps from external attacks.  Many organizations today are concerned about how to safely provide customers, employees, and vendors access to their Web applications safely. They need to protect their internal assets against external malware attacks. Every day we read new horror stories in the press about hackers who …

The post Protect Your Web Applications appeared first on McAfee Blogs.

]]>
Reverse proxies are critical to shield Web apps from external attacks. 

Many organizations today are concerned about how to safely provide customers, employees, and vendors access to their Web applications safely. They need to protect their internal assets against external malware attacks. Every day we read new horror stories in the press about hackers who use phishing emails and drive-by malware downloads to steal money, identities, and sensitive internal documents.

Blocking this type of attack requires a combination of technologies. Email protection software is the key technology to help protects users against phishing emails, while a traditional Web gateway acts as a proxy to protect endpoint systems from malware, sites with poor reputations, and unauthorized exfiltration of protected content.

These tools generally protect against attacks launched against your end users. Conversely, if you need to provide a Web service to external users such as customers or business partners, how do you protect that system against attack?

To do that, you need a reverse proxy.

In a typical reverse proxy configuration, the proxy intercepts Web traffic that an external user is attempting to upload. At this point, complete malware scanning and even DLP rules can be applied to protect the company from both malicious files and incidental private user data being uploaded inadvertently. The proxy only allows clean data in, while blocking attacks, malware, and suspicious data.

In certain use cases, it may make sense to configure the Web server to use an application using the Internet Content Adaptation Protocol (ICAP) to redirect traffic to a separate malware scanning device for analysis. The ICAP scenario enables the Web server to treat the incoming content with greater flexibility.

Whether you chose a reverse proxy or the ICAP route, your organization enjoys multiple benefits:

  • You can securely expose internal enterprise applications to users outside of the corporate network without the need for a VPN.
  • You can authenticate user identity and apply authorizations before granting access to the Web server.
  • You can dynamically distribute the workload of a large user environment across multiple servers.
  • You can offload CPU-intensive tasks, optimizing Web server performance.

Using this type of configuration improves overall security, while allowing those outside the firewall who require access to critical applications to get it. Productivity is enhanced, without jeopardizing security.

View the original post on Dark Reading.

The post Protect Your Web Applications appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/protect-your-web-applications/feed/ 0
Trend Countdown: My Top 5 Digital Marketing Trends to Watch https://securingtomorrow.mcafee.com/executive-perspectives/trend-countdown-my-top-5-digital-marketing-trends-to-watch/ https://securingtomorrow.mcafee.com/executive-perspectives/trend-countdown-my-top-5-digital-marketing-trends-to-watch/#respond Mon, 23 Mar 2015 16:30:24 +0000 https://blogs.mcafee.com/?p=42186 This blog post was written by Penny Baldwin. Marketers, take note: A killer digital marketing campaign is no longer about a banner ad campaign and a lukewarm social presence. If you’re not staying on top of user behavior and of-the-moment trends, you’re not going to win over your market share. The good news: there are …

The post Trend Countdown: My Top 5 Digital Marketing Trends to Watch appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

Marketers, take note: A killer digital marketing campaign is no longer about a banner ad campaign and a lukewarm social presence. If you’re not staying on top of user behavior and of-the-moment trends, you’re not going to win over your market share. The good news: there are more members of the online community than ever, and that means there’s a magnitude of ways to tap into that community that were, until now, unimaginable.

This new digital landscape doesn’t have to be as daunting as it often appears. Sure, we’re going to read about companies serving up ads via smart refrigerators and connected cars, but the big marketing picture doesn’t have to be that specialized. Some of the trends that we’ve been seeing up until this point are actually pointing to a more tangible marketing experience, and can be adopted and integrated into day-to-day strategies.

So, what can we, as marketers, do to keep up with the digital transformation and stay on top of digital marketing trends?

Let’s let some numbers do the talking while we count down some of the top trends of digital marketing for 2015.

Five: Mobile Makes an Entrance

34% of those involved in B2B buying decisions in 2014 used their mobile devices across each stage of the purchase process. (Google)

Even if you’re not in the B2B space, it’s impossible to deny the emergence of mobile in the digital marketing mix. This year will be no different than 2014, and marketers thoughtfully integrating mobile strategies into their campaigns. At this point, it’s virtually unacceptable to have a site that isn’t optimized for the mobile experience. Content consumption is happening on the go, 24/7 – it’s our job as marketers to make the transition from desktop to mobile as seamless as possible. Even mobile advertising is getting in on the action, with the rise of companies like Millenial Media coming into play.

Four: Video on the Rise

70% of those researching B2B products and services now use video across the purchase path (Google)

First, content was king. Then it was visual content. Now, it seems that video is taking the throne. Video as a digital marketing tool is one of the top trends coming into play right now, and everyone is jumping on board. From product demos to brand awareness campaigns, marketers continue to turn to videos to help them tell their stories.

Three: Omnipresence is Key

52% of online adults use two or more social media sites. (Pew Research Center)

In 2015, we’re going to continue to see brands strengthen their Facebook and Twitter presences, while chasing after greener communities like Instagram, Pinterest and Vine. As marketers, we need to be where our audiences are, and according to the stats, they’re in more than one place.

Two: Cashing in on Conversions

Paid social leads to 25% more conversions than organic social. (AOL)

While it’s encouraging to see so many brands make the shift to an online-first marketing strategy, it also means that there aren’t enough pieces of the pie to go around. Twitter says that one tweet may only be digested by 30% of your followers, leaving a whopping 70% virtually untouched. Those users are your leads, your customers, your advocates – and paying for social advertising helps to capture them. We’re going to continue to see paid online media grow as a digital marketing tactic throughout 2015. 

One: Experimenting with the Mix

Consumers expect brands to have an active presence on at least 3-4 social channels. (Social Media Examiner)

With all of these trends, I think the biggest one we continue to see is how marketers are experimenting with their digital marketing mix. When looking at the buying cycle, there are more and more ways to target users at different points in the funnel, and brands certainly aren’t shying away from trying them all. From presence on multiple social networks, to PPC ad campaigns, to user-generated content and contests, we’re seeing it all.

We’re barely a quarter of the way through 2015, and already the year is proving to be an exciting time to be a part of such a dynamic marketing landscape. Hopefully we’ll continue to see innovation drive the engagement strategies of brands and marketers, and I’m looking forward to seeing what trends make it out of the year on top.

What are some of your favorite trends in digital marketing so far? Tweet me @PennyRBaldwin and let’s continue the conversation.

The post Trend Countdown: My Top 5 Digital Marketing Trends to Watch appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/trend-countdown-my-top-5-digital-marketing-trends-to-watch/feed/ 0
Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers https://securingtomorrow.mcafee.com/executive-perspectives/endpoints-gateways-and-networks-teamwork-is-better-than-lone-rangers/ https://securingtomorrow.mcafee.com/executive-perspectives/endpoints-gateways-and-networks-teamwork-is-better-than-lone-rangers/#respond Fri, 20 Mar 2015 17:00:34 +0000 https://blogs.mcafee.com/?p=42153 Security vendors have a common goal when it comes to protecting their customers from danger. What’s missing is a common language and protocols for how and what to share. In police work, multiple witnesses, pieces of evidence, and investigating officers are better than a lone detective and a smoking gun. They bring different perspectives to …

The post Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers appeared first on McAfee Blogs.

]]>
Security vendors have a common goal when it comes to protecting their customers from danger. What’s missing is a common language and protocols for how and what to share.

In police work, multiple witnesses, pieces of evidence, and investigating officers are better than a lone detective and a smoking gun. They bring different perspectives to the problem, comparing and analyzing elements and pursuing leads until the crime is solved.

Unfortunately, cybersecurity today seems more like a bunch of individual crime fighters or private investigators. Beat cops are checking for malware at the endpoints. Security guards are checking the comings and goings at each entrance and exit. Detectives are interrogating suspicious characters in the sandbox. Secret agents are gathering intelligence on potential threats. Thankfully, society’s law enforcement officials don’t work in silos; they actively share facts and ideas. However, in the cyberworld, a lack of orchestration is unfortunately the norm.

We have seen the silo effects of policing in the real world, and these groups are trying harder to work together. They have the benefit of common goals, shared language, and evolving protocols on how and what to share. We need the same thing in cybersecurity.

For example, when a suspicious email arrives, the firewall security guard can see the source IP and MAC addresses, but the endpoint cop only sees it as coming from the safe harbor of the internal mail server. If the email has a known malicious link, the email gateway can block it, but it should also be equipped to share that info with other controls such as the Web gateway to protect anyone from following that link, should they get it from another source.

I am certain that security vendors have a common goal when it comes to protecting their customers from danger. What’s missing is a common language and protocols for how and what to share. Intel Security has a remedy for this in the form of a real-time security Data Exchange Layer. DXL is built to deliver an architecture with a common communications framework that can connect to existing and future systems from Intel Security and, most importantly, to other systems in the ecosystem. DXL can be centralized or decentralized, as appropriate to the individual security functions and the network structure.

How DXL Works

With DXL, the combined system of security technologies is equipped to continually share intelligence for optimal protection. In our email example, when suspicious or malicious activity is detected, awareness of which endpoints have clicked the malicious email links helps identify those impacted hosts. This information allows the environment to automatically quarantine those hosts and perform in-depth inspection to identify the relevant components of the infection and any further potential impact. With this understanding, the environment rapidly corrects the impacted infrastructure by performing such actions as killing malicious processes, cleaning registry entries, removing malicious files, and killing connectivity to command-and-control infrastructure. This process contains the initially visible aspects of the event. Next, analysts can leverage various indicators found in these exercises to look for other affected systems that could result from lateral movement and persistence.

To facilitate this analysis, the environment queries the historic analytics repository for any other event artifacts. Any findings can be scoped and remediated, preferably using policies and scripts. Finally, with these new learnings, the environment continuously hunts going forward, looking for variants or related impacts. Pertinent newly found intelligence is ultimately shared with the rest of the organizational controls via DXL. This form of automated intelligence sharing and active defense rarely exists in most organizations, yet most will agree it is necessary in today’s cyberfight.

As our industry has evolved, some security vendors have developed proprietary systems that connect their own parts together. However the challenge is that these systems may not have all of the components you need, or worse yet, they deliver a false sense of security with great reports and tons of information, yet very little actual integration into the security fabric of the organization for delivering an active defense framework. These barriers can no longer be permitted to stand if we are to combat modern attack complexity with the velocity and accuracy needed to win the battle.

In law enforcement, catching and stopping criminals does not happen effectively in isolation, by one individual, one precinct, or one organization. Instead, disparate law enforcement organizations and entities work closely together to effectively thwart the most advanced of criminal activities. In the world of cybersecurity, we must rapidly evolve from the bankrupt isolated approaches of the past if we are to deliver on the active defense measures that are necessary against today’s adversaries.

View the original post on Dark Reading.

The post Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/endpoints-gateways-and-networks-teamwork-is-better-than-lone-rangers/feed/ 0
Techniques, Lures, and Tactics to Counter Social Engineering Attacks https://securingtomorrow.mcafee.com/executive-perspectives/techniques-lures-tactics-counter-social-engineering-attacks/ https://securingtomorrow.mcafee.com/executive-perspectives/techniques-lures-tactics-counter-social-engineering-attacks/#respond Wed, 11 Mar 2015 18:33:44 +0000 https://blogs.mcafee.com/?p=41885 If you are unsure of whether a destination link is safe, tools like TrustedSource are a good place to start. A recently released Intel Security report titled “Hacking into the Human Operating System” Investigates the role of social engineering within cybersecurity Dives into the lifecycle of a social engineering attack (Research, Hook, Play, Exit) Analyzes influencing psychological …

The post Techniques, Lures, and Tactics to Counter Social Engineering Attacks appeared first on McAfee Blogs.

]]>
If you are unsure of whether a destination link is safe, tools like TrustedSource are a good place to start.

A recently released Intel Security report titled “Hacking into the Human Operating System”

  • Investigates the role of social engineering within cybersecurity
  • Dives into the lifecycle of a social engineering attack (Research, Hook, Play, Exit)
  • Analyzes influencing psychological levers that yield the most success to engage the target for a successful attack execution.

If you’ve been following the news lately, the relentless string of major data breaches impacting millions of customers has affected every major business sector. What remains frightening is how a wave of phishing soars in the aftermath of any major breach, putting those that were impacted by the breach at possibly more risk, and putting those that were not impacted by the breach still in the crosshairs.

Social engineering almost always has a place in the success of these attacks; bringing to light the psychological levers these adversaries rely on to execute successful attacks can help disrupt these events from occurring. Of the six influencing psychological levers mentioned in “Hacking the Human Operating System,” scarcity is an influencing lever used as a mainstay of email phishing attacks, so I wanted to dive a bit deeper into this one.

Scarcity boils down to a limited window of time that’s available to act. It can stretch to both ends of the spectrum – act now to gain something, or act now or else lose something. By doing so, it appeals to targets who are motivated by the opportunity for gain, and conversely preys on targets fearing the risk of loss by inaction.

Examples of missed opportunity:

  • “I came across your profile and couldn’t help but get excited. We have a really great opportunity for you at our company.”
  • “For a limited time…”

Examples of fear of inaction:

  • “Failure to respond within 24 hours will result in restricted access to your account.”
  • “Click to upgrade your email by Friday for uninterrupted access.”
  • ”To ensure your privacy, log in within the next 48 hours to validate your settings.”
  • “Your email account has exceeded its limit, and you may not be able to send or receive messages. Click here to upgrade your account.”

Particularly, when lures are information-rich and target-relevant, a victim’s impetus to act is extremely strong. Let’s take a look at an example of an attack that uses the scarcity of time to prey on the victim. I’ve numerically annotated sections of the email below to help facilitate the analysis.

 

At first glance, a few things look correct when looking into the details:

1. The email sender appears to be from “American Express.”

3. Hovering over the “Contact Us,” “Privacy Statement,” and “Add us to your address book” appears to lead to the legitimate American Express site. All domains here begin with https://americanexpress.com.

Upon closer look, there are clues that reveal otherwise:

  1. While the email sender and sender address were fully displayed when I viewed the email on my desktop mail client, it wasn’t as obvious from my mobile device (see below). Upon further inspection, the sender email is fxC4480@amoricanexpress.com. The misspelling in the domain name, amoricanexpress instead of americanexpress, should trigger suspicion. It’s always worthwhile to take a closer look at the sender address.

  1. Hover over any links before you click on them. On my iPhone, holding down the “please click log” call to action link reveals it leads to http://xx.xxx.xxx.xxx/americanexpress. (IP address has been obfuscated as it leads to a malicious site.) The fact that an IP address was used in lieu of a domain name might be reason to raise suspicion, especially given that the links in item 3 use the proper domain name (www.americanexpress.com). Further, the inconsistency in using both IPs and domains on the same page may also raise a red flag.

If you are unsure of whether a destination link is safe, tools likeTrustedSource are a good place to start. You can leverage this type of resource to help you check the reputation of a Web page simply by querying its IP address, domain name, or URL. Keep in mind ultra-low prevalence targeted attacks may originate from a new server that lacks reliable reputation information, so while TrustedSource.org is a good place to start, it may not catch all poor reputations.

In this particular case, rather than click on the link, which may land me on a malicious site, I can go to TrustedSource.org and enter the IP address hiding behind the “please click log.” The results reveal that this IP address carries a high risk and is likely not safe (see chart below).

And indeed, the link leads to a spoofed phishing site. At a glance, can you tell which is the legitimate site and which is a spoofed phishing site? (Answer will be revealed at the end.)

 

To learn more about the psychology and nature of social engineering attacks, a full copy of the research report “Hacking the Human Operating System” can be found here. To test your skills and refresh your knowledge on how to detect phishing emails from legitimate ones, check out the phishing quiz at https://phishingquiz.mcafee.com. You can also run an awareness program within your organization using the quiz to better understand your risk profile.

And by the way, the first of the two images above is from the spoofed site, and the second is from the legitimate site. How did you fare?

View the original post on Dark Reading.

Resources:

7 Tips to Avoid Being Phished:

https://phishingquiz.mcafee.com/7-tips-to-avoid-being-phished

More about our anti-phishing technology:

https://phishingquiz.mcafee.com/learn-how-mcafee-can-help

American Express’s resources on steps to safeguard yourself:

https://www.americanexpress.com/us/content/fraud-protection-center/home.html

The post Techniques, Lures, and Tactics to Counter Social Engineering Attacks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/techniques-lures-tactics-counter-social-engineering-attacks/feed/ 0
Securing Our Electric Power Grid Is Critical https://securingtomorrow.mcafee.com/executive-perspectives/securing-electric-power-grid-critical/ https://securingtomorrow.mcafee.com/executive-perspectives/securing-electric-power-grid-critical/#respond Wed, 04 Mar 2015 18:15:24 +0000 https://blogs.mcafee.com/?p=41743 Highly complex infrastructure systems require protection against cyberattacks. Electricity is so much a part of our everyday lives that we really only think about it when it is not there. That is why it is so important to build better security for our national electric power grid and other critical infrastructure. The power grid is …

The post Securing Our Electric Power Grid Is Critical appeared first on McAfee Blogs.

]]>
Highly complex infrastructure systems require protection against cyberattacks.

Electricity is so much a part of our everyday lives that we really only think about it when it is not there. That is why it is so important to build better security for our national electric power grid and other critical infrastructure.

The power grid is a highly complex system, with multiple layers of defense, backup systems, safety mechanisms, and human operators. These layers successfully protect the system from most single-point failures. As Professor Richard Cook points out in his paper How Complex Systems Fail, catastrophe requires multiple small failures joining together in a cascading effect. The 2003 blackout in the northeastern part of North America clearly confirmed this scenario, moving so quickly that it only took seven minutes from the initial failure to the full blackout – too fast for human operators to counter. It then took between two and seven days to restore power to customers.

Change introduces new forms of failure. The power industry is continually upgrading and evolving its systems, from generation to delivery. Smart meters enable time-of-day pricing, connected thermostats can be turned down during times of peak demand, and renewable energy sources need to be constantly monitored to adjust for fluctuations in their production. A lot of this involves equipment that is network-connected. And network connections mean the potential for cyberattacks.

Whether it is a gang of criminals trying to disrupt the electricity for extortion, terrorists attempting to damage it for headlines, or nation states attacking it as part of their intelligence or combat strategy, the end result of a successful attack is blackouts, economic damage, and potentially weeks or months of repair. And the risk of a successful attack is not theoretical, as repeatedly demonstrated by simulated attacks, field trials, and cyberwar games, dating back to at least 2007.

In our Internet of Things Security Solutions Group, we have been actively working on better protections for the electric power grid and other critical infrastructure. Our work with the Center for Strategic and International Studies (CSIS) has shown that this is a real and present danger. Of the 200 organizations from around the world that we surveyed, 85% have experienced network infiltration, 65% frequently find sabotage-capable malware on their systems, and 25% have been subject to cyber-based extortion.

Building security into the power grid is challenging, due to the importance of service availability and the amount of legacy infrastructure. Since December 2013, we have been field-trialing a joint project with Wind River for critical infrastructure protection at Texas Tech University, where our solution withstood penetration testing and protected the system from the Heartbleed vulnerability and Havex attacks. This solution, developed in collaboration with the Discovery Across Texas smart grid project, separates security management from operations, providing device identity, malware protection, and data protection in a secure platform. By understanding the needs of the industry, the solution works with both new and legacy infrastructure, with little or no changes to business processes or application software.

Electricity is critical to the daily operations of people, businesses, and governments around the world, and we need to improve its defenses against malicious attacks before some criminal group decides to demonstrate its capability to make us powerless.

View the original post on Dark Reading.

The post Securing Our Electric Power Grid Is Critical appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/securing-electric-power-grid-critical/feed/ 0
Social Engineering in the Internet of Things (IoT) https://securingtomorrow.mcafee.com/executive-perspectives/social-engineering-internet-things-iot/ https://securingtomorrow.mcafee.com/executive-perspectives/social-engineering-internet-things-iot/#respond Mon, 02 Mar 2015 17:51:30 +0000 https://blogs.mcafee.com/?p=41683 Successful social engineering attacks through IoT systems could lead to a perception of being surrounded by hostile devices, and greatly retard development; making the consequences of social engineering attacks in the IoT very significant. Social engineering attacks will certainly evolve into the Internet of Things (IoT), if they have not already. These attacks have the …

The post Social Engineering in the Internet of Things (IoT) appeared first on McAfee Blogs.

]]>
Successful social engineering attacks through IoT systems could lead to a perception of being surrounded by hostile devices, and greatly retard development; making the consequences of social engineering attacks in the IoT very significant.

Social engineering attacks will certainly evolve into the Internet of Things (IoT), if they have not already. These attacks have the potential to be lucrative for the threat agents in terms of fraud, identity theft, espionage and even property ransom.

My colleague Raj Samani recently published a paper where he defined social engineering as “The deliberate application of deceitful techniques designed to manipulate someone into divulging information or performing actions that may result in the release of that information.”

 The IoT represents a whole new and fertile territory for social engineering attacks, which blend some of the most effective attacks from the contemporary Internet with attacks more commonly found in the industrial-control world. Namely, attacks which seek to combine attacks intended to capture information with intrinsic value (passwords, account details, access to vulnerable systems), with attacks that seek to trick users into executing complex sequences of commands on the basis of mis-information.

The current generation of Things on the Internet have dubious security.   You will find plenty of reports of devices like baby monitors, TVs, medical devices, and even cars that have been hacked or are demonstrably vulnerable to hacks. At this point we have little reason to believe this situation will improve in the near term. The lack of standards, coherent regulations and the demand for cheaper, not more expensive, Things will ensure that opportunities for social engineering and hacking the IoT in general will not be in short supply.

Why is this different that social engineering today?

The consequences of social engineering attacks in the IoT could be worse than the same attacks in the “IT Internet” of today.

The perception goes from one of “living with weak devices”, to being “surrounded by hostile devices”! Devices that might at any time try and deceive you into doing something against your interests, like a malevolent robot from a science fiction movie. That would bad. It is one matter if your Things are being hacked and compromised behind your back, it is another matter if your Things are tricking you into hurting yourself, or others.   As an potential outcome:

  • Social engineering attacks in the IoT will delay adoption of technologies that otherwise might present major social and business benefits.
  • Social engineering attacks in the IoT will undermine confidence in the safety – not just the security – of the IoT. Social engineering in the IoT is a potent form of force-multiplier because people ultimately have control of all Things: hack the person and you have access to it all.
  • Social engineering attacks in the IoT might raise the levels of regulation in a reflexive and ill-conceived manner, with outcomes as uncertain as leaving the IoT at its current, low state of security-maturity. (See my blog post about regulators in the IoT.)

Where do we begin to address social engineering in the IoT?

Like social engineering on the Internet today, there is no single remedy. Layers of security and technology will need to be applied. Existing products from many vendors will need to be enhanced, and new solutions will need to be developed.

But I propose there are at least two specific areas that need to be a focus: one is a “management control” and one is a “technical control”:

  1. Management standards.   I blogged about IoT security standards This work needs to continue quickly, and 2015 looks like a good year of progress, with both NIST and the Industrial Internet Consortium set to release reference designs including security for the IoT. We will have to see if these designs are sufficient to address the vulnerabilities to social engineering in the IoT.
  1. Technical solutions around authentication and encryption that low-resource Things can support. The harder it is to send and display fraudulent messages via Things, the harder social engineering with Things will become. Things need lightly, faster, more efficient authentication and encryption technology that is typical today with symmetric and asymmetric crypto. I also blogged about this topic under the heading “Multi-party authentication in the IoT – part 1, part 2, part 3

The post Social Engineering in the Internet of Things (IoT) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/social-engineering-internet-things-iot/feed/ 0
Five Easiest Ways to Get Hacked – Part 2 https://securingtomorrow.mcafee.com/executive-perspectives/five-easiest-ways-get-hacked-part-2/ https://securingtomorrow.mcafee.com/executive-perspectives/five-easiest-ways-get-hacked-part-2/#respond Fri, 27 Feb 2015 18:25:40 +0000 https://blogs.mcafee.com/?p=41747 Continuing a conversation with principal security consultant Amit Bagree I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost …

The post Five Easiest Ways to Get Hacked – Part 2 appeared first on McAfee Blogs.

]]>
Continuing a conversation with principal security consultant Amit Bagree

I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost 10 years, and is a graduate of the prestigious Carnegie Mellon University Master’s program in Information Security Technology and Management. In the first installment of the interview, we discussed three weaknesses. This second part of the conversation addresses two more.

Previously, we talked about weak points primarily caused by simple configuration issues or user error. At the end of the last blog, you mentioned taking advantage of how Windows networks do name resolution. What is that?

Openness and ease of configuration are the weaknesses here. When a resource is requested that the server does not recognize, the end-client sends out a broadcast message to everyone in order to find it. Any device can respond to that broadcast claiming to be the missing resource, and the client may end up sending out its password or hash information. Since users frequently mistype the names of shared resources, such as printers or network drives, an attacker inside the network does not have to wait long to get an opening.

When passwords are sent across the network, they obviously should not be sent as clear text, and when they are hashed they should not be easily reversible. It is common to see unencrypted traffic such as http on an internal network. And unfortunately, the hash commonly used by older Microsoft systems (known as the LAN Manager Hash or LM Hash) uses a relatively short key space that current computing power can break quickly in a brute-force attack. Newer systems (post-Windows XP and Server 2003) use a more robust hash now, but it is still common to find some older systems on the network. Although Microsoft ends extended support for Windows 2003 Server in July 2015, people always procrastinate. There are still millions of these servers out there needing to be upgraded or replaced.

The best way to close this off is to upgrade all servers to something newer than 2003, and change the system configurations to refuse the LM hash. In addition, only encrypted traffic should be used on the network. Tools are available to monitor and detect spoofing attacks based on this vulnerability.

Speaking of vulnerabilities, what happens after a vulnerability is published? Is there some inflection point when the risk of being successfully attacked increases?

Unfortunately, yes. There are several online sources for exploits that attackers can easily search, specifying desired target and level of access. Once an exploit for a particular vulnerability becomes publicly available, the risk of attack increases substantially. Of the weaknesses we have discussed, public exploits generate the most attack traffic.

Defense-in-depth is the best approach to combating these types of attacks. First, develop a patch management strategy. Second, make sure your strategy keeps systems up to date. Third, even with up-to-date patches, regularly scan your network for vulnerabilities, especially those with available exploits.

Thanks Amit, any closing thoughts?

Too many breaches start with an easily gained foothold in some innocuous part of the network, and then work into systems that are more sensitive. Closing these five vulnerabilities can significantly improve your defenses and reduce your attack surface.

For more details on these security issues, read Amit’s detailed white paper,Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked.

View the original post on Dark Reading.

The post Five Easiest Ways to Get Hacked – Part 2 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/five-easiest-ways-get-hacked-part-2/feed/ 0
Five Easiest Ways to Get Hacked – Part 1 https://securingtomorrow.mcafee.com/executive-perspectives/five-easiest-ways-get-hacked-part-1/ https://securingtomorrow.mcafee.com/executive-perspectives/five-easiest-ways-get-hacked-part-1/#respond Tue, 24 Feb 2015 00:13:33 +0000 https://blogs.mcafee.com/?p=41491 A conversation with principal security consultant Amit Bagree. I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost 10 …

The post Five Easiest Ways to Get Hacked – Part 1 appeared first on McAfee Blogs.

]]>
A conversation with principal security consultant Amit Bagree.

I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost 10 years, and is a graduate of the prestigious Carnegie Mellon University Master’s program in Information Security Technology and Management.

Many recent security breaches started from a weak point in the network. Are you seeing a common set of weak points, or were these anomalous cases?

In my experience, there are several common weak points, or “low-hanging fruit,” that can be exploited to completely compromise a network. The first two are configuration issues: weak passwords and default credentials. A third is an all-too-easy mistake that results in leaving some network doors open.

Let’s start with the configuration issues, because they are probably the easiest to fix. Is that correct?

Yes, these two related issues are definitely the easiest to fix. The first one involves the credentials on your database. Not only does the database have information that is potentially valuable to an attacker, but most databases have functionality that allows direct access to the underlying operating system by interacting with a command shell. This typically gives the attacker system-level access to that machine, and probably large parts of your network as well.

Finding and breaching database servers is a simple attack that does not require any special skills. Downloadable tools with easy-to-use interfaces will scan for servers and provide an option to attempt a brute-force attack on the usernames and passwords. Common usernames are left in place, some with blank passwords, making this attack quick and successful for many databases. Fixing this is as simple as turning on the option to enforce password complexity, setting account lockout after several failed attempts, following strong password guidelines, and deleting or renaming common usernames.

The second configuration issue is weak credentials on sensitive resources such as web servers and remote-control applications. All too often there is at least one device, maybe a test machine, with default or weak credentials still in place. With readily available tools, attackers can scan your network and check for access via well-known default credentials. Even if they get access to “just” the test machine, with domain association and privilege escalation tricks they can readily hop to other machines and move laterally into more treasure-rich portions of the network. Again, the simple fix for this is deleting or renaming default accounts, using strong passwords, enforcing password rules, and enabling account lockout. The best news is that you can use the same tools the attackers would to scan and test your own network.

So passwords and credentials remain a key vulnerability, but one that can be addressed with simple steps. What else should IT security teams review?

Despite all of the publicity around security, there are still doors being left open on networks. They are, for the most part, a mistake caused by lack of education or awareness. Specifically, this weak point is network shared folders that do not require any credentials or authentication to access, often called open shares. The attack is simple. Downloadable tools, similar to Windows Explorer, can scan a range of IP addresses and simply display all shared folders, highlighting the open ones. Hackers can then scan each open folder looking for keywords, or use regular expressions to find formatted data like credit card or social security numbers. I have found open system shares that contain credentials, banking data, and personally identifiable information (PII) many times.

Unfortunately, there is no simple patch or configuration change for this weakness. Security teams should regularly scan for open shares on the network, and remind and educate those involved about the risks.

Thanks Amit. This is actionable guidance. What do you have for us in Part 2?

Next, we will look at two more weak points. The first is potential security pitfalls in Windows network name resolution. The second is moving too slowly to patch systems with known exploits.

For more details on these security issues, read Amit Bagree’s detailed white paper, Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked

View the original post on Dark Reading.

The post Five Easiest Ways to Get Hacked – Part 1 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/five-easiest-ways-get-hacked-part-1/feed/ 0
Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company https://securingtomorrow.mcafee.com/executive-perspectives/cyberespionage-youre-not-paranoid-someone-spying-company/ https://securingtomorrow.mcafee.com/executive-perspectives/cyberespionage-youre-not-paranoid-someone-spying-company/#respond Thu, 19 Feb 2015 14:00:09 +0000 https://blogs.mcafee.com/?p=41424 It’s time for all of your counter-espionage tools to work together. By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for …

The post Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company appeared first on McAfee Blogs.

]]>
It’s time for all of your counter-espionage tools to work together.

By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.

People have been watching your company from the outside for a long time. They may have even tried to get inside to sneak a peek at your secrets, posing as a customer, employee, or potential investor. And you were probably doing similar things to try to get inside the heads of your competitors, suppliers, or customers – all legally, of course.

The difference is that now there are more people, with access to more technology, trying to get inside. The worst part is that they will not necessarily be brazen about it, either. They may not go screaming from the rooftops about what they have stolen, or post the data on a darknet website. They may keep it to themselves and use the information carefully to keep you unaware, like the Enigma decoders in World War II, so you will not even know that you have been compromised.

In this new corporate cyberespionage environment, security vendors will often say “The old way has failed again; buy our gadget instead and it will protect you.” Unfortunately, this is just as risky as relying on any one sports play. Good defense is flexible, adaptable, and responds to the situation on the field. Most important, good defense relies heavily on communications among team members. Combining star players from several different teams rarely results in a superior defense, until they have learned to play together.

Similarly, no one style of defensive player is going to work for all plays, and no single security product is going to solve all of your security issues. You will need a broad mix of devices and services, but it should not be your responsibility to integrate them all. Look for end-to-end or standards-based solutions that have a proven ability to play well together.

Some espionage targets are obvious, while others can be quite obscure. You cannot know for sure what your adversaries are after, and you cannot lock down everything. You need to ask and honestly answer the questions about where you are vulnerable and what data could be used against you; not just core intellectual property, but information such as delivery schedules, contracts, inventory levels, product plans, and pricing analysis, just to list a few.

Using terminology from the spy world, your analysts will need to combine signals intelligence, human intelligence, open-source intelligence, and surveillance from your full complement of security agents. If they are not speaking the same language and using the same communication channel, there is an added risk of misunderstanding or miscommunication among systems.

You need your whole environment to share and understand threat intelligence, anomalous behavior, and suspicious files. Then you can detect the small percentage of alerts that could indicate cyberespionage, and your analytics team can combine forces and apply the context to evaluate these clues and act appropriately.

Combatting cyberespionage isn’t about hiring the latest silver bullet. It’s about building a collaborative team of special cyberexperts, a team with balanced and reinforcing skills; some network, some endpoint, some big data, some system. Harnessed together, that’s an effective weapon in modern cyberwarfare.

View the original post on Dark Reading.

The post Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cyberespionage-youre-not-paranoid-someone-spying-company/feed/ 0
Advice from a CMO: My Top Three Career Tips https://securingtomorrow.mcafee.com/executive-perspectives/advice-cmo-top-three-career-tips/ https://securingtomorrow.mcafee.com/executive-perspectives/advice-cmo-top-three-career-tips/#respond Fri, 13 Feb 2015 17:47:13 +0000 https://blogs.mcafee.com/?p=41366 This blog post was written by Penny Baldwin. Take it from me: sitting on the sideline is no way to make it to the top. Even if ‘the top’ isn’t your destination, to experience career success in some form requires active assessment and thoughtful steps along the way. I’ve been extremely fortunate to be able …

The post Advice from a CMO: My Top Three Career Tips appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

Take it from me: sitting on the sideline is no way to make it to the top. Even if ‘the top’ isn’t your destination, to experience career success in some form requires active assessment and thoughtful steps along the way.

I’ve been extremely fortunate to be able to work alongside some brilliant minds, and over the years I find myself taking inventory of all that I’ve learned along the way in an effort to regroup and brush up on my career strategies. I’m often asked about suggestions and tips for experiencing success in a marketing career, and at the end of the day, I think that any tips I might have can be applied to all industries, marketing or otherwise.

I’ve written in the past about habits of successful marketers, but this time around I’m taking a broader approach. Here are my tried and true three tips for those that seek career success:

Have a Clear Direction

I had the opportunity to work for Carol Bartz during my time at Yahoo, and perhaps one of the best things that I learned through watching her leadership style was the importance of having a clear direction. In order to lead a team, no matter what the industry or market focus, you must be consistent and clear in your vision. If something isn’t working, be concise with your feedback and adjust it straightaway.

Seek Out Opportunities to Learn, Every Day

Something that I learned pretty early on was that every day – every hour, even – is an opportunity to learn. I’m not just talking about learning from who is around you or your peers, although that is a huge piece of the pie. Learning should also come from trend lines across the marketplace. Even if you’re working in high tech, pay attention to popular culture and other markets and put those strategies into context to help influence your own. It’s hugely important to remind yourself that every individual has something different to offer. Soak it all in, especially when you’re still green in your career.

Take a Risk

At one point in my career, I took a pretty big risk. I’ll write more about this transition in another blog post, but to make a long story short, I saw a major market shift and took a bet on it. In the long run, it paid off. I’m now a part of a world-leading brand team at Intel and a trendsetting marketing team at Intel Security, and I wouldn’t have gotten to this place if it weren’t for that big risk that I took years ago. Sometimes, your career needs a jolt. If you see a trend happening, a market shift taking place, or even just a new opportunity, it’s usually worth it to take the leap.

Successful marketers, operators, financiers, and entrepreneurs – the list goes on – don’t get to the top by sitting by and accepting the status quo. They push the envelope, find opportunities to learn from every day actions, and express clarity in their visions. My advice is to address this checklist every day, and be sure that you’re open and willing to do the same.

Follow and tweet me @PennyRBaldwin to share your own career-making tips.

 

The post Advice from a CMO: My Top Three Career Tips appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/advice-cmo-top-three-career-tips/feed/ 0
We Tried the NIST Framework and It Works https://securingtomorrow.mcafee.com/executive-perspectives/tried-nist-framework-works-2/ https://securingtomorrow.mcafee.com/executive-perspectives/tried-nist-framework-works-2/#respond Wed, 11 Feb 2015 15:34:15 +0000 https://blogs.mcafee.com/?p=41290 By Kent Landfield, Director of Standards and Technology Policy, Intel Security, and Malcolm Harkins, Chief Security and Privacy Officer at Intel When the Administration released the Framework for Improving Critical Infrastructure Cybersecurity (the Framework) on February 12, 2014, many of us at Intel and Intel Security were familiar with the details, as we had participated …

The post We Tried the NIST Framework and It Works appeared first on McAfee Blogs.

]]>
By Kent Landfield, Director of Standards and Technology Policy, Intel Security, and Malcolm Harkins, Chief Security and Privacy Officer at Intel

When the Administration released the Framework for Improving Critical Infrastructure Cybersecurity (the Framework) on February 12, 2014, many of us at Intel and Intel Security were familiar with the details, as we had participated extensively in the public – private collaborative process to develop the Framework. What we didn’t yet know, however, was how the Framework would stand up when put to the test: what kind of learnings it would yield, what kinds of benefits it would really have. We knew theoretically that the Framework should be a valuable tool for organizations of all sizes, but we wanted to try it out ourselves to see if those expert assumptions were valid in a real organization. We aimed high: The business unit we partnered with to develop the Intel use case is sophisticated in terms of cybersecurity and manages a large range of products and services. We chose Intel IT and targeted the Office and Enterprise areas of our compute infrastructure to conduct our pilot project.

We focused on developing a use case that would create a common language and encourage the use of the Framework as a process and risk management tool rather than a set of static requirements. That aim proved successful, and we recently documented our experience in a white paper. Even in these early stages, the Framework has already helped us harmonize our risk management technologies and language, improve our visibility into Intel’s risk landscape, inform risk tolerance discussions across our company, and enhance our ability to set security priorities, develop budgets, and deploy security solutions.

One of the most valuable aspects of this pilot project is the discussions about security processes and terminology it has been generating. For example, a security policy might be written the same way across the corporation but implemented differently in groups such as manufacturing and human resources. Recognizing these differences is important, and discussing them becomes part of the security culture of an organization.

We plan to implement the Framework in other parts of Intel, and we encourage other organizations to implement it too. Some words of advice based on our experience:

For implementation of the Framework:

  • Do it yourself. Don’t rely on others to come in and give you an assessment, because the Framework is meant to be a tool for discovery – not a standard for measurement.
  • Start where you are comfortable. It made sense for us to start with the Office and Enterprise business functions because our IT Security organization had already begun similar efforts.
  • Tailor the framework to your business. Adding, changing or deleting categories and subcategories helps the Framework align with an organization’s business environment. Don’t be afraid to customize the Framework.
  • Engage decision makers in every stage of the process – continually. Cyber risk management is a dynamic process that doesn’t have a neat end result. A continuous process of iteration and validation will result in an ongoing dialogue about risk, which is the aim.

For continued work on the Framework:

  • Include cyberthreat intelligence. As the Framework continues to develop in the U.S., we believe it should include key elements such as the cyberthreat intelligence lifecycle, which is essential to developing a robust understanding of cybersecurity attacks.
  • Extend beyond the U.S. We believe the Framework’s benefits are not confined to the U.S. In fact, governments in other parts of the world have begun reaching out to learn more about its potential. We encourage transnational dialogue and adoption of the Framework across the globe.

Intel looks forward to continuing to use the Framework to analyze other areas of our business, as we believe it will provide value across our entire organization. Because we’ve taken the Framework out of the wrapper and made it a working tool, we feel confident in our belief that by focusing on risk management rather than compliance, the Framework has the potential to help transform cybersecurity on a global scale and accelerate cybersecurity across the compute continuum.

The post We Tried the NIST Framework and It Works appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/tried-nist-framework-works-2/feed/ 0
What a Car Wreck and a Data Breach Have in Common https://securingtomorrow.mcafee.com/executive-perspectives/car-wreck-data-breach-common/ https://securingtomorrow.mcafee.com/executive-perspectives/car-wreck-data-breach-common/#respond Tue, 10 Feb 2015 18:26:54 +0000 https://blogs.mcafee.com/?p=41232 This is part IV in a series on proactive defense using a proven professional services security methodology My heart sank as one of my employees was recently telling me a chilling story about her 18-year-old son’s rollover car wreck.  I kept waiting to hear the horrible outcome. But, the result was incredible.  With a Nissan …

The post What a Car Wreck and a Data Breach Have in Common appeared first on McAfee Blogs.

]]>
This is part IV in a series on proactive defense using a proven professional services security methodology

My heart sank as one of my employees was recently telling me a chilling story about her 18-year-old son’s rollover car wreck.  I kept waiting to hear the horrible outcome. But, the result was incredible.  With a Nissan Pathfinder packed with skiing and rock climbing gear, her son and his friend were able to unbuckle from their upside down positions and walk away from the wreck.  The car was destroyed but not one window broke, not one door was forced open, not one piece of gear caused injury, and both boys were restrained from going through the windshield.  I was incredibly relieved.  I asked her if she was doing okay and she said, “I’m so grateful.  First, I thanked God.  Then, I bought him another Nissan Pathfinder.”

After a few minutes of reflection and relief, I thought about the innate need for all humans to feel safe and secure – and how we proactively incorporate security into so many facets of our lives. The car wreck story is the perfect illustration of what we are striving to do at Intel Security, and even more specifically, within the Professional Services business unit.  We work hard to help organizations build a secure business – one that can protect their own assets, those of their customers, and the intellectual property and personal identity of their employees.  It may not seem at first glance like we’re creating something that can save a life, but then again, maybe we are.

The vehicle that saved my friend’s son from severe injury or even death was built by a company committed to following a proven methodology – from planning to design to assembly. The company has safety and quality embedded in its culture, and it is this core value that results in adoption and, in my friend’s case, brand loyalty.  My team of security services consultants, and the resellers who are part of the Intel Security Partner Program, are building something using a proven methodology too. And, our methodology is also steeped in creating safety and security for our customers.

The difference is that while my team doesn’t build the technology that protects the organization, we do design, deploy and optimize the technology to ensure that all the products work in harmony to create the most solid defense against cybercrime.  From a pure business perspective, the methodology we employ to protect our customers is one of the key drivers of adoption and brand loyalty – and according to benchmarking firm, TSIA, only about 44% of professional services organizations have a formal methodology in place to increase product adoption.  This puts us in a very strong position.

Gavin Struthers, Senior Vice President of Worldwide Channel Operations, is passionate about being relevant and driving adoption.  In his post entitled, “Big Thinking – Making a Case for Relevance in the Security Industry,” Gavin talks about how we must look at every business opportunity as a way to really dig in to learn about what customers truly need and want – even if what they want is simply the peace of mind that they are being protected by the best security products on the market, configured by the top security professionals in the industry. Because enterprise C-level executives now seem to recognize the need for a more cross-functional view of the business, security services consultants can increase their relevance by helping to ‘operationalize’ the myriad of security solutions they have in place to experience the full value of their investment.

At Intel Security, we strive to be trusted security advisors who look holistically at security rather than simply addressing point problems with point products.  As I’ve stated in my past few posts, we believe it takes a proven methodology to ensure that organizations are protected – inside and out – with a fully optimized ecosystem of security solutions.  The Intel Security methodology we administer consists of six phases: strategize, plan, design, implement, operate, and optimize.

Creating security that leads to adoption and brand loyalty requires a solid blue print – a design, if you will.  This is the third phase of the Intel Security methodology, which addresses many security-related details, but generally covers security deployment architecture to meet the organization’s operational requirements.  In the design phase, our security consultants will work closely with the enterprise to:

  • Define security policies
  • Develop security business process architecture
  • Specify reporting requirements

A data breach is a lot like a car wreck.  Within seconds, everything can be lost.  I’m so thankful that Nissan followed a methodology when it designed and manufactured my friend’s Nissan Pathfinder, giving him the chance to walk away with just a few bruises.  I believe that the Intel Security methodology is designed to protect against similar destruction – keeping the people, the IP, and the data safe inside the organization.  And, similarly, we hope that the safety we provide is exactly what it takes to create brand loyalty as advanced technology becomes necessary to defend against the newest breed of threat coming down the pike.

The post What a Car Wreck and a Data Breach Have in Common appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/car-wreck-data-breach-common/feed/ 0
The Complicated Relationship Among Security, Privacy & Legislation https://securingtomorrow.mcafee.com/executive-perspectives/complicated-relationship-among-security-privacy-legislation/ https://securingtomorrow.mcafee.com/executive-perspectives/complicated-relationship-among-security-privacy-legislation/#respond Thu, 05 Feb 2015 22:30:24 +0000 https://blogs.mcafee.com/?p=41086 The pace and advances in technology are greatly outstripping the capacity of government to effectively regulate. I have been speaking with senior security professionals around the world, asking about their top issues and priorities for the coming year. I was somewhat surprised that they only had one thing in common: the issue of security and …

The post The Complicated Relationship Among Security, Privacy & Legislation appeared first on McAfee Blogs.

]]>
The pace and advances in technology are greatly outstripping the capacity of government to effectively regulate.

I have been speaking with senior security professionals around the world, asking about their top issues and priorities for the coming year. I was somewhat surprised that they only had one thing in common: the issue of security and privacy legislation; specifically, the increasing challenge of complying with legislation across different countries, the disconnect between compliance and continuous security, and the growing gap between technology and government’s ability to regulate. The accelerated pace of technological innovation is making this even more difficult. For example, security and privacy of wearable technology was not even a discussion point two years ago, and now wrist-worn devices that can track your location and activity are commonplace.

As governments react to pressure from citizens, corporations, special interest groups, and governing philosophies, we are seeing a diverse set of security and privacy regulations. Some, such as in European countries, are focused on consumer privacy and include stringent requirements for disclosing security breaches. Others are concerned about cyber-attacks from criminals, or from terrorists and nation states, whether they involve the theft of intellectual property, attacks for financial gain, or vandalism to disrupt economic activity or physical infrastructure.

Staying compliant with these regulations is a complex task if your company operates in more than one country. What happens if there is a breach or an attack across borders? If attackers located in country A compromise a device that was made in country B, installed in country C, and exfiltrates data to country D, which rules apply? On this front, at least, we are seeing increasing collaboration across borders, among security vendors, law enforcement, and government agencies. Initiatives such as Structured Threat Information (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) are trying to make it easier for organizations to share threat information securely.

Interpreting Privacy

Your systems need to be secure to ensure consumer privacy, but what does privacy mean? Recent high-profile security breaches have focused attention on credit card numbers, personal photographs, or other bits of stored information. But what about the increasing volume of data that we are virtually giving away, whether by accident or by explicit consent? Do you know what data is collected by each of the apps on your phone, where it is sent, and who is using it? Much of this information may be contained in the 24-page end-user license agreement, but who reads those? Most people do not, and it does not seem to concern them. However, as privacy violations are publicized, expect the requirements for transparency and consent to increase, possibly as far as putting a dollar value on your information.

Finally, and perhaps the most difficult, are the privacy implications of new devices. Data from smart electrical meters can potentially tell whether you are at home or not, and what appliances are running. Decreasing the polling interval increases the granularity of the data and the ability to discern behavior. Within the next generation of these devices, utilities could capture more data about your behavior than Facebook. Google recently purchased NEST, not for their small thermostat and smoke alarm business, but for the expanding market of home-based telemetry devices and the data they produce. Where is that data going, how is it being used, and who is responsible for protecting it?

This is not just a problem in the home, either. The security breach at Target was achieved through an Internet-connected HVAC system. Surgical devices, heart monitors, LED lights, and photocopiers, are just a few of the devices in your building that may be connected to the Internet. The growth of this Internet of Things is forcing more attention on this problem, and solutions are forthcoming or already available in the form of IoT gateways, chip-based security, secure boot records, and encryption, among others.

Unfortunately, you can be compliant without being secure, and without doing much for privacy. Too often, the target of a security project is compliance, and the project reports are disconnected from the actual security posture or privacy capabilities. The pace and advances in technology, cyber attack adaptations, and device innovation are greatly outstripping the capacity of government to effectively regulate. In my view, security leads to privacy, which leads to compliance, not the other way around.

View the original post on Dark Reading.

The post The Complicated Relationship Among Security, Privacy & Legislation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/complicated-relationship-among-security-privacy-legislation/feed/ 0
Takeaways from International Data Privacy Day: The Internet of Things https://securingtomorrow.mcafee.com/executive-perspectives/takeaways-international-data-privacy-day-internet-things/ https://securingtomorrow.mcafee.com/executive-perspectives/takeaways-international-data-privacy-day-internet-things/#respond Mon, 02 Feb 2015 16:13:12 +0000 https://blogs.mcafee.com/?p=41024 Event looks at the future of data use and how we can – and should – protect personal privacy. Coincident with International Data Privacy Day, Lares Institute hosted an event on the future of the Internet of Things and privacy. With an audience full of privacy lawyers and Chief Privacy Officers, the event kicked off …

The post Takeaways from International Data Privacy Day: The Internet of Things appeared first on McAfee Blogs.

]]>
Event looks at the future of data use and how we can – and should – protect personal privacy.

Coincident with International Data Privacy Day, Lares Institute hosted an event on the future of the Internet of Things and privacy. With an audience full of privacy lawyers and Chief Privacy Officers, the event kicked off with a panel on the IoT in 2025. The discussion was fascinating – everything from an inventory of things our smart phones know about us to what potential buyers of that data want to do with it. One panelist showed us a B2B driver-safety system that, based on telemetry in the vehicle, records 12-second video snippets of both the driver and the view in front of the vehicle. It’s designed for employers to provide feedback to the drivers to improve safety. One video snippet showed a driver texting as he almost rear-ended the car in front of him. Obviously, this creates teachable moments for the drivers, but it’s also quite provocative with regard to privacy – and raises questions about how the video can be used in legal disputes after an accident.

Another fascinating example of IoT and data privacy was described by the privacy attorney for a company that delivers perishable food and flowers. He talked about how their service – and customer satisfaction – could be improved if they had information on when people were home (using their electricity-use data, for example) or the temperature and humidity characteristics of their homes so they could make product recommendations. (Smart sensors could communicate this.) If consumers wanted to share this information, it would be for a specific point in time, not indefinitely.

The broader issue here centers on the strong need for identity in IoT solutions so that trust can be established in a machine-to-machine context, and how Enhanced Privacy ID (EPID) technology can provide that while also protecting privacy. EPID allows for strong, hardware-based identity but can be used to identify the device or user associated with it as a member of a group instead of as an individual. For example, the smart driver’s license of the future could identify you as being of legal drinking age without sharing your name, birthdate, or address.

Another interesting topic at the event was data-use controls, or DUCS (has to be a favorite for a University of Oregon alumnus!). This work is really interesting in the context of the data-driven economy. This assumes that there is an understanding of data’s value by society as a whole, and that this understanding places value on individuals, businesses, and society. The idea is that people will increasingly make new types of personal data available in exchange for value. And personal data will be well protected, similar to financial data. Data-use controls could improve how our data is revealed and distributed, allowing it to be transacted. We could choose how services, businesses, and other individuals work with our data.

This event was a fascinating way to spend International Data Privacy Day – probably with the people who care the most.

View the original post on Dark Reading.

The post Takeaways from International Data Privacy Day: The Internet of Things appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/takeaways-international-data-privacy-day-internet-things/feed/ 0
To Make Security Work for Work, Companies Need to Invest in Automatic Solutions https://securingtomorrow.mcafee.com/executive-perspectives/make-security-work-work-companies-need-invest-automatic-solutions/ https://securingtomorrow.mcafee.com/executive-perspectives/make-security-work-work-companies-need-invest-automatic-solutions/#respond Thu, 29 Jan 2015 18:00:35 +0000 https://blogs.mcafee.com/?p=40992 In today’s digital computing world there is a device and application for almost everything we do. I wake up in the morning to the sound of an alarm that was set on my smart phone. I then take a glimpse into my day and check emails, calendars and the weather. Minutes later, I text my …

The post To Make Security Work for Work, Companies Need to Invest in Automatic Solutions appeared first on McAfee Blogs.

]]>
In today’s digital computing world there is a device and application for almost everything we do. I wake up in the morning to the sound of an alarm that was set on my smart phone. I then take a glimpse into my day and check emails, calendars and the weather. Minutes later, I text my best friend in Texas to see how her vacation was and am instantly distracted by the need to search for an answer to useless trivia brought on by a debate with my spouse.

As a society we have stopped thinking about computing and have started computing without thinking. When a behavior or action is top of mind we tend to do it with intention. We think about how we will accomplish it and what the consequences will be. When it becomes something ingrained in our daily lives, we don’t even notice we are doing it, and rarely give it a second thought. It’s much like our autonomic system. We don’t have to think about breathing, we just do it. The security implications of autonomic computing are a little scary from both a consumer and a corporate perspective.

Consumers are also employees so when they compute without thinking it has implications for the company that employs them. Employees use their phones for personal email, corporate email and calendar, banking, on-line shopping, game playing, bill paying, internet surfing, social interaction and even as an electronic nanny (nothing like Minion Rush to keep a child quiet during a long commute). Out of desperation I’ve even viewed a PowerPoint on my iPhone. Despite the fact that many of these uses involve bank account numbers, credit card information, and corporate data there are still over 30% of phones that don’t have a password, let alone any additional security. Consumers don’t ignore security because they intentionally want to put confidential information at risk, but because they frankly just don’t think about it.

It’s left up to the corporation to ensure that corporate data traversing a personal device is secure, and that a personal device accessing the corporate network does not introduce undue security risks. Most corporations that allow personal phones to access corporate data require password protection. In order to manage the security measures required to ensure company safe data, organizations can utilize some type of mobile device management capability and continually invest in end-user training. The weakest link in endpoint security is generally the end user. End users are very committed to getting their jobs done when a roadblock gets in their way they utilize creative tactics to get around it. Therein lies the challenge—the minute you think you have the end user trained on how to recognize and avoid cyber threats the threat changes or the remedy changes and the training cycle continues.

The post To Make Security Work for Work, Companies Need to Invest in Automatic Solutions appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/make-security-work-work-companies-need-invest-automatic-solutions/feed/ 0
Security Skills Shortage? Don’t Panic! https://securingtomorrow.mcafee.com/executive-perspectives/security-skills-shortage-dont-panic/ https://securingtomorrow.mcafee.com/executive-perspectives/security-skills-shortage-dont-panic/#respond Tue, 27 Jan 2015 20:16:51 +0000 https://blogs.mcafee.com/?p=40906 Focus your energies on building a comprehensive security strategy and turning to experts for guidance. Panic: a sudden overwhelming fear that produces hysterical or irrational behavior and that often spreads quickly through a group. Puzzle: a thing that is difficult to understand or explain. A new year always brings with it a round of predictions. …

The post Security Skills Shortage? Don’t Panic! appeared first on McAfee Blogs.

]]>
Focus your energies on building a comprehensive security strategy and turning to experts for guidance.

Panic: a sudden overwhelming fear that produces hysterical or irrational behavior and that often spreads quickly through a group.

Puzzle: a thing that is difficult to understand or explain.

A new year always brings with it a round of predictions. A notable one this year is panic about the cybersecurity skills shortage. I expect that some executives are feeling anxious about their security posture, but I doubt that this is going to become overwhelming fear. And unless we start seeing bidding wars, agents, and compensation packages for security talent like those usually associated with professional sports, we are a long way from irrational behavior.

What I do see is a puzzle. The security industry has been telling companies for years (more like decades) about the basics of secure digital systems. Yet, we do not seem to be listening or learning. I still see organizations (or read about breaches) that have weak passwords, default settings on firewalls, anti-virus covering less than half of the endpoints, poor application security, no encryption on sensitive documents, and on and on. To me, this is the irrational behavior. So what should we do?

Admit that you have a problem. The first step is to admit and accept that there is a problem with the current behavior. Without this acceptance, the attitude that security is an annoyance or an impediment to business will resist any changes. Getting acceptance can be tough. I suggest making it personal: Teach your people why and how to protect their data and personal info. Security awareness campaigns are not enough to change behavior. As you do this, you will see which security tasks are tedious (e.g. long random passwords changed every 60 days) and find ways to improve them (e.g. password management tools, multi-factor authentication).

Play strong defense and plan your incident response.  Security attacks are a reality so there are only two things to do: Play strong defense to prevent an attack and plan your response to minimize the impact of the inevitable incident.

Reduce your attack surface. Next, look at your attack surface: What are your vulnerabilities? What are credible threats? How would someone disrupt your business or profit from your data? Who are your potential attackers? If you do this thoroughly and objectively, you will probably find more than a few areas at risk that can be made more secure without advanced security skills, such as by updating and patching your systems, adding multi-factor authentication, and encrypting sensitive data. Document what you are doing, what you need to keep doing, and figure out how to automate as much as possible. Not to the point of creating so much red tape that no real work happens, but enough that if a key employee leaves you are not wondering what doors have been left open.

Use metrics to reduce risk. Think hard about how to measure what you are doing, because what gets measured gets done, and how to report on it from the cubicle level to the board level. Cubicle dwellers need to know what is expected of them and what the consequences of resistance or avoidance are. Your operations team needs to know when there is a mismatch between controls and objectives. Management needs to know which processes are leading to weak controls or outright bypass. The board needs to know the current risks, and whether the organization is getting more or less secure.

I am not suggesting that this is simple or easy, but most of it does not require advanced security or hacking skills. In the era of YouTube, SecurityTube, Black Hat (the conference, not the movie), hackerspaces, and so many more online resources, the information that you and your security people need is available. When you do have need for some specific or advanced skills, look to consultants, vendors, or managed service providers for a trusted expert.

Security is a web of dependencies, and you need a holistic approach to make it truly effective. Build a strategy that covers infrastructure, applications, data, people, and incident response. Consider calling some experts before bad things happen. But don’t panic.

View the original post on Dark Reading.

The post Security Skills Shortage? Don’t Panic! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/security-skills-shortage-dont-panic/feed/ 0
Redefining Privacy in the Information Age https://securingtomorrow.mcafee.com/executive-perspectives/redefining-privacy-information-age/ https://securingtomorrow.mcafee.com/executive-perspectives/redefining-privacy-information-age/#comments Mon, 26 Jan 2015 20:39:43 +0000 https://blogs.mcafee.com/?p=40867 If I had asked you a decade ago how you’d feel about people knowing and tracking your everyday whereabouts, your response would have likely been that it’s an invasion of your privacy. Or, you would have at least been a bit wierded out. If I told you that trotting after your every move and handing …

The post Redefining Privacy in the Information Age appeared first on McAfee Blogs.

]]>
If I had asked you a decade ago how you’d feel about people knowing and tracking your everyday whereabouts, your response would have likely been that it’s an invasion of your privacy. Or, you would have at least been a bit wierded out. If I told you that trotting after your every move and handing you department store sales offers, or ten cents off of the same Cocoa Crunchies that have had clippable coupons available for years, was a “service” or “personalization,” you would have thought I was nuts at best and a misguided stalker at worst. However, if I told you today that this is exactly the kind of information big companies collect and use to create targeted advertisements, would you feel the same way?

Electronic connectivity makes it possible for our electronic devices to collect and store individual data in order to customize our user experience. From wearable devices that help us track our daily physical activity, to phone apps that help organize our receipts, or help us find our way on the roads, there are countless ways that our devices help us get through our day with ease and efficiency.

This convenience, unsurprisingly, is a result of the massive amounts of data we provide to our technology on a constant basis—sometimes unknowingly. It is not uncommon for people, children and adults included, to know how to use their electronic devices without knowing the type of information that is being collected, or with what frequency. So, how can one enjoy the benefits and convenience of this technology, without worrying that our personal information may be used unethically and/or insecurely?

The first step is to keep ourselves educated. I encourage everybody to join me in celebrating International Data Privacy Day on January 28. Staying interested and learning more about the data economy and how it thrives on personal and situational information means remaining vigilant for risks that may harm, but also for opportunities to take healthy risks that allow you to engage and create new productive and protective ways to treat information.

At the very least, it is important for us to understand how valuable our data is to Commercial and government players.

Allow me to paint a picture for you: One Saturday afternoon, you decide to catch up on some work at a nearby coffee shop. You connect to the shop’s free Wi-Fi network to send a few emails out while enjoying your coffee, and then go about your merry way as soon as you’re done. If you have not taken the appropriate measures—like simply turning off your Wi-Fi signal—you may be unwittingly allowing third parties to track your location, even when you’re no longer actively using the shop’s connection! This may not be troubling for you; you were actually at the shop, after all. However, when paired with other data about you that is freely available on the Internet (public photos from social media sites, Internet search history, etc.) you may be offering your movements and intentions as a piece of inventory to be exploited by everyone but you. It’s a slightly sobering thought.

It would be unreasonable to suggest that people give up their devices for good. (It also would be pretty pointless to try.) However, I would argue that it is possible to maintain privacy without compromising the convenience that comes with new technology. Here are some simple steps you can take to ensure that your data is not being abused:

  • Commit to understanding how apps on your devices use your data. Companies are required to make their privacy policies and End User License Agreements simple enough for the common consumer to read, but if they’re not, contact them and let them know!
  • Visit Think Before You Link In School to download free educational resources for you and your family. While you’re there, be sure to enter your elementary school for a chance to win up to $10,000 in the Think Before You Link Sweepstakes.
  • Turn off Wi-Fi and Bluetooth on smartphones and tablets when not in use.
  • Schedule a regular password makeover. Pick one that’s exotic, keep it a secret and change it on a regular basis. Check out some of the new added security password products like True Key™ that use facial recognition to keep and manage access to up to 15 different websites.

The post Redefining Privacy in the Information Age appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/redefining-privacy-information-age/feed/ 1
Cybersecurity and The State of the Union https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-state-union/ https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-state-union/#respond Wed, 21 Jan 2015 20:01:52 +0000 https://blogs.mcafee.com/?p=40796 I’m gratified to see President Obama assign cybersecurity the priority it deserves in his State of the Union speech. The president announced a legislative push to increase information sharing between the government and cybersecurity companies, and to help law enforcement apprehend international cybercriminals. Yes, the hard work of writing laws remains ahead. But the president’s …

The post Cybersecurity and The State of the Union appeared first on McAfee Blogs.

]]>
I’m gratified to see President Obama assign cybersecurity the priority it deserves in his State of the Union speech.

The president announced a legislative push to increase information sharing between the government and cybersecurity companies, and to help law enforcement apprehend international cybercriminals.

Yes, the hard work of writing laws remains ahead. But the president’s words are a good sign. He gets it. Protecting digital infrastructure is now central to this country’s vision for national and economic security.

We have to change the way people think about securing cyberspace. Merging private expertise with government resources ought to lead to more attacks averted – less picking up the pieces after a hit.

With the Internet of Things emerging, the president’s timing is perfect. “If we’re going to be connected, then we need to be protected,” he said last week at the Federal Trade Commission.

Intel Security is all in — pioneering a more thorough approach to cybersecurity with comprehensive, connected platforms. We want businesses and individuals alike to stay confident in our digital future.

Mr. President, we’re ready to help.

Use Twitter to tell me your thoughts on the State of the Union and cybersecurity @youngdchris.

The post Cybersecurity and The State of the Union appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/cybersecurity-state-union/feed/ 0
Recruit, Reward & Retain Cybersecurity Experts https://securingtomorrow.mcafee.com/executive-perspectives/recruit-reward-retain-cybersecurity-experts/ https://securingtomorrow.mcafee.com/executive-perspectives/recruit-reward-retain-cybersecurity-experts/#respond Wed, 21 Jan 2015 02:33:55 +0000 https://blogs.mcafee.com/?p=40778 How to create a better working environment for security professionals. January is a good time to get strategic and think about the bigger picture. The glut of security breaches in 2014 has increased the pressure to hire and retain cybersecurity experts, in a market that was already experiencing an acute shortage. Ranging from 50,000 to …

The post Recruit, Reward & Retain Cybersecurity Experts appeared first on McAfee Blogs.

]]>

How to create a better working environment for security professionals.

January is a good time to get strategic and think about the bigger picture. The glut of security breaches in 2014 has increased the pressure to hire and retain cybersecurity experts, in a market that was already experiencing an acute shortage. Ranging from 50,000 to 500,000 or more depending on whom you ask, the gap between supply and demand is large and growing.

At the same time, I still hear from many clients who perceive security as an annoyance and a sunk cost, not a proactive and positive force for their company. This opinion varies by role – our research shows CISOs and senior IT managers are less prone to this mindset than the teams with more operational roles.

Greenberg Survey sponsored by Intel Security, November 2014, N=700.

Perception is important because it translates into attitude to the team, communicated in body language, nicknames, and reluctance to comply with rules. Security staff may play along and participate in the jokes, but internally being treated this way in your job is slowly soul-destroying.

When asked about what keeps them enthusiastic about their jobs, security professionals will often mention meaningful and challenging work, opportunities for professional development, and a belief that their skills are being put to good use. When asked about the challenges in their jobs, top of mind are lack of understanding from senior management and lack of adequate investment.

Here are three ideas for creating a better work environment for your security team:

1) Reaffirm that the threat is real. People are trying to get into your network to steal your data. This is not meant to be a scare tactic, but an awareness campaign. Show the company why your security team matters and that it’s not just a necessary evil. Talk about public breaches or internal incidents. Demo how to hack an online account. How did it happen and what can you do about it? Communicate that your team does more than make security rules, they are also the people who work long hours in the event of a breach.

2) Make it personal. What aspects of the job does your staff dislike? Try to reduce or eliminate those tasks through automation, education, or managing up. Then give them challenging tasks and more of what they like doing. Use words that indicate support and positive reinforcement. Make each member feel respected and rewarded, that they are making a difference, and are an important part of the Security Battleground.

3) Have fun. Send them to conferences and give them time to learn new things and participate in local security events and hackerspaces. Invite consultants or experts that have experienced a breach to share war stories. Interacting with smart, like-minded people in similar situations helps to build team spirit and a sense of value beyond the cubicle.

Banks do not view vaults, cameras, or safety deposit boxes as an annoyance, but as an important part of minimizing their risks. Customers would not deal with a bank that reduced expenses by keeping cash in cardboard boxes in a back room with only a simple door lock for security. Your enterprise information security should not be viewed as an impediment to the business, but as a critical part of making the Internet a valuable and secure business tool.

View the original post on Dark Reading.

The post Recruit, Reward & Retain Cybersecurity Experts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/recruit-reward-retain-cybersecurity-experts/feed/ 0
Coaching and Consulting: How Planning Changes the Game https://securingtomorrow.mcafee.com/executive-perspectives/coaching-consulting-planning-changes-game/ https://securingtomorrow.mcafee.com/executive-perspectives/coaching-consulting-planning-changes-game/#comments Mon, 19 Jan 2015 22:37:35 +0000 https://blogs.mcafee.com/?p=40745 This is part III in a series on proactive defense using a proven professional services security methodology As I was watching the Cowboys and the Packers fight it out in the NFL playoffs a few weeks ago, I found myself thinking about the mindset of the coaching staff as certain plays were called and executed.  …

The post Coaching and Consulting: How Planning Changes the Game appeared first on McAfee Blogs.

]]>
This is part III in a series on proactive defense using a proven professional services security methodology

As I was watching the Cowboys and the Packers fight it out in the NFL playoffs a few weeks ago, I found myself thinking about the mindset of the coaching staff as certain plays were called and executed.  I know that sounds odd, but since I lead people and teams for a living, it’s always on my mind.  I watched and analyzed the offensive coordinators and similarly, the plays called by the defensive coordinators.  Each of these coaches has a very specific, almost myopic goal as they instruct the players.  The head coaches, on the other hand, must operate with the big picture in mind – how all the plays from both the defense and the offense must come together to garner a win.

Here’s where my thinking will probably surprise you:  even though I’m an executive at Intel Security, I don’t consider myself the head coach of our team.  You see, I lead a team of professional services consultants who I feel are wired to see the big picture when they engage with their clients.  In my opinion, they each behave like the head coach who often has to manipulate the disparate ‘plays’ that are passed on through the sales staff to pull everyone and everything together to create a win.

My mind started down this train of thought because I had recently read a new post by Gavin Struthers, Senior Vice President of Worldwide Channel Operations, in which he explains how the industry is clamoring for something more.  Our customers need trusted advisors “who lead with services.”  We have those trusted advisors – they are the folks that make up my team of security services consultants and those who are part of the Intel Security Partner Program – but we need more.  We need to nurture and grow our talent pool of security experts who can see beyond the current, product-centered issues.  According to Gavin, “Consultants have a different approach and often think differently about customer problems.  [They tend to] work backwards to solve challenges.”  And, much like acting as a head coach versus a defensive coordinator, “We need to look holistically at security rather than simply addressing point problems with point products.”

In my last post, I explained that staying ahead of the game requires that service professionals get closer to customer operations, understand the organization’s end goals, and help to optimize their ROI.  Using a proven methodology to integrate the best technology is key to gaining the full value of your security investment – monetarily and functionally.  The Intel Security methodology consists of six phases: strategize, plan, design, implement, operate, and optimize. The strategize phase usually begins the engagement and then drives the phases through to the final optimization phases.  Much like an NFL head coach, the game plan of our security consultants includes finding the right balance needed to win – a balance of technology, people, and processes.  The greatest difference is that in our business, winning means managing digital risk and leveraging security investments to create a more secure corporate network.

Creating that security requires planning, which is the second phase of the Intel Security methodology and address dozens of security-related details.  In general, the phase covers the development of the project plan and then reviewing that plan against the objectives.  A few activities include:

  • Discussing project and business objectives
  • Developing high-level plans and detailed work packages
  • Identifying business applications, administrators and application owners
  • Verifying hardware and software requirements
  • Discussing security requirements
  • Discussing product features
  • Discussing integration with other McAfee solutions

IT security is not a game of chance, it’s a game of skill.  And like all games that require skill and experience, good planning is often a core component of ultimate success – winning or losing, failing or excelling.  Our strategy, and the strategy of our Intel Security Partners, is to help organizations run the defensive and offensive plays necessary but with a proactive approach – starting with a plan and moving through full optimization.  In my next post, I will share how the design phase is the critical next move in the security playbook.

The post Coaching and Consulting: How Planning Changes the Game appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/coaching-consulting-planning-changes-game/feed/ 1
Understanding Internet Of Things for the Home https://securingtomorrow.mcafee.com/executive-perspectives/understanding-internet-things-home/ https://securingtomorrow.mcafee.com/executive-perspectives/understanding-internet-things-home/#comments Mon, 19 Jan 2015 22:14:10 +0000 https://blogs.mcafee.com/?p=40729 Last week Rory Cellan-Jones, a reporter for the BBC, tried to explain in his CES2015 news article why we, all of us, should be interested in the progress of “Internet of Things” (IoT) for the home. Even our Intel President admitted it’s a hard topic to generally appreciate   I asked Intel’s President Renee James …

The post Understanding Internet Of Things for the Home appeared first on McAfee Blogs.

]]>
Last week Rory Cellan-Jones, a reporter for the BBC, tried to explain in his CES2015 news article why we, all of us, should be interested in the progress of “Internet of Things” (IoT) for the home. Even our Intel President admitted it’s a hard topic to generally appreciate

 

I asked Intel’s President Renee James whether she thought anyone outside the show got this idea – and she admitted that they probably didn’t. “It means a lot to us,” she said “but this show is largely about the industry talking to itself.”

Rory Cellan-Jones, BBC News 

In my opinion Rory also misses some of the real value that’s being created in this space, so let me relate some thoughts on the good, and bad of “Home IoT”

Firstly, let’s talk about the bad:

Here we have a set of LED light bulbs connected to a IOS/Android App, so you can turn your lights on and off using your phone, and even change their color to match your mood.

Sounds cool – in my home, we started by putting them in the bedside table lights – no need to reach over and try to find the switch in the middle of the night etc – but reality is far from this heady dream. Having to find your phone, enter the pin, start the app, navigate the pretty dire UI just to turn on the bedroom light is really, really painful. In fact, we soon learned that if you flick the switch, the hue light will turn itself on (bypassing the need for the phone, or smart bulb entirely).

Next, an experiment between IFTTT and Hue – we set up some rules, like if I send my wife an email, the light flashes red. Funny for a couple of hours, then SO annoying. Then a rule that changed the light color if the weather was stormy. That saved us looking out of the window, then there was the inevitable fun with one of us turning the light on from a different room, and the other turning it off..

Now for the good – things you might care about. You may remember at CES, Intel announced a deep partnership with ADT, and they themselves announced technology partnerships with IFTTT etc.

Brian Krzanich demonstrated a great system where we used a very accurate 3D camera and facial recognition to automatically unlock your ADT secured front door – no more fumbling for keys when your arms are full of groceries. Sure, we could have used the same technology that many cars use – proximity based key fob devices etc – but why not eliminate the need to carry anything, when your face can authenticate you ?

Obviously connected devices let you do clever things – you could put those Hue bulbs on the outside of your house, and tie them into your security alarm motion detector, so they light up when a car comes up the drive – use technology to replace a $20 motion sensor in other words.

What about this though – with IoT and connectivity between your alarm system and door locks, you can use logic like “if this doesn’t happen”. For example, you can create rules like “If the front door does not open between 3:30 and 4:00 using my child’s pin code, send me an email”.

And, you can start integrating information from other sources – for example calendar and alarm clock – “If my calendar indicates I have a flight the next morning, change my alarm to be 2:45 hours before the departure time.”

How about a security system/network detection/calendar integration? – “If the garage door does not open before 9am, and my car is still present, and the calendar indicates my housekeeper is due, send them an email asking if they can delay for two hours”.

Or your heating system and calendar to make sure you’re not heating/cooling your house when you’re at work – “Make sure the house is at 75f at 5pm unless my calendar shows I have a meeting, in which case set it to be 75f by 45min after the meeting expires.”

When you connect personal information, like your calendar, with the physical world – you can create a kind of “digital butler” experience. Of course it requires you to be dedicated to making sure your online calendar is accurate – but with the popularity of smart phones that’s becoming ever more common.

Home IoT is not just about about remote control – though that is a fundamental characteristic of IoT devices. Home IoT is all about automating the way devices work to make our lives easier and more efficient, by combining the data from different devices and other sources together.

Finally, two of my favorite cost-saving rules which have shown that IOT can really make things safer and easier for my family –

“Dim the Hue lights to 10% if the quirky motion sensor  does not detect activity for 5min, turn them completely off after 10min”

Living in a flood zone – “Turn all the lights on, sound the alarm, and email my wife and I if the Quirky overflow sensor  in the garage detects water”

And one that’s close to reality, completely possible given current technology, but not there yet.

“Warn me in my car if I am driving near a gas station, and my calendar indicates I have an early morning flight within 3 days, and I don’t have enough range in my car for my normal average daily mileage plus a return trip to the airport”

What ideas do you have?

Please feel free to tweet me, Simon Hunt, @CTOGoneWild

The post Understanding Internet Of Things for the Home appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/understanding-internet-things-home/feed/ 1
Can your organisation detect and report a data breach within 72 hours? https://securingtomorrow.mcafee.com/executive-perspectives/can-organisation-detect-report-data-breach-within-72-hours/ https://securingtomorrow.mcafee.com/executive-perspectives/can-organisation-detect-report-data-breach-within-72-hours/#respond Fri, 16 Jan 2015 09:54:19 +0000 https://blogs.mcafee.com/?p=40708 It’s fair to say that 2014 was the year of the data breach with frequent high-profile incidents compromising personal customer information and credit card details. That’s backed up by PwC’s Global State of Information Security survey of almost 10,000 business and IT executives, which shows the number of incidents detected up 48 per cent on …

The post Can your organisation detect and report a data breach within 72 hours? appeared first on McAfee Blogs.

]]>
It’s fair to say that 2014 was the year of the data breach with frequent high-profile incidents compromising personal customer information and credit card details.

That’s backed up by PwC’s Global State of Information Security survey of almost 10,000 business and IT executives, which shows the number of incidents detected up 48 per cent on last year to 42.8 million worldwide.

If that in itself isn’t worrying, then what should really be making businesses across Europe sit up and take note is the new EU General Data Protection Regulation (EU GDPR) looming on the horizon.

Put simply, if this update to European data protection laws is implemented in line with the current draft version it will be a game changer for data breach reporting. There are still plenty of hoops to jump through before that happens. The member states are still at loggerheads over several key parts of the proposed legislation and it currently looks unlikely agreement will be reached before 2016. Even after that there will then be a two-year transition period for individual countries to implement it at a national level.

However, the latest proposal would make it mandatory for companies to report a breach of personal data to the supervisory authority “without undue delay and, where feasible, within 72 hours”. It’s important to note here that this isn’t about the reporting of all security breaches in an organisation. The legislation specifically applies only to personal data breaches that might lead to “physical, material or moral damage” to individuals, such as identity theft, financial loss or damage to reputation.

And this will be backed up by stiff penalties. According to the current draft, failure to comply with the EU GDPR could lead to fines of up to €100m or five per cent of annual turnover.

Here at Intel Security we commissioned a survey by Vanson Bourne of 450 IT decision-makers across eight major European countries and the US (because the EU GDPR will cover non-EU companies operating in the EU or transferring data across its borders) to find out how prepared companies are.

Only 35 per cent in the Vanson Bourne survey said they have the capacity to report a breach within 72 hours. The average was eight days and a fifth admitted it would take them between two weeks and a month. There are variations across countries, however. In the UK some 54 per cent of companies claim to be able to report a breach within 72 hours, while in Spain and Italy that is just 22 per cent and 20 per cent respectively. And across the whole survey there’s an extremely worrying seven per cent in the ‘don’t know’ category.

There are also other reasons why companies can’t – or won’t – meet these regulations. In our survey 34 per cent said reporting a breach is too expensive, while 30 per cent even admitted they would rather risk a fine than report a breach because of the “stigma” and bad PR that would come their way.

All this means organisations will need to place greater emphasis on building privacy into processes and data life cycles, along with audits and privacy impact assessments. It also means having internal data breach incident response procedures agreed, rehearsed and locked down.

Technology also offers a way of helping organisations prepare for the EU GDPR by ensuring stronger data protection. For example, as it stands the EU is proposing lighter consequences when data that has been compromised has been encrypted or safeguarded by “appropriate technological protection measures.” In this case there would be no mandatory obligation to report the breach to the authorities or the individuals affected.

So how ready is your organisation for these changes? How confident are you about how quickly your company could both detect and then report a personal data breach to the regulator and the individuals affected?

Please feel free to respond in the comments section or connect with me on Twitter: @Gert-Jan Schenk

The post Can your organisation detect and report a data breach within 72 hours? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/can-organisation-detect-report-data-breach-within-72-hours/feed/ 0
Something old, something new: threat in the Internet of Things https://securingtomorrow.mcafee.com/executive-perspectives/something-old-something-new-threat-internet-things/ https://securingtomorrow.mcafee.com/executive-perspectives/something-old-something-new-threat-internet-things/#respond Thu, 15 Jan 2015 17:57:50 +0000 http://blogs.mcafee.com/?p=40692 In the Internet of Things (IoT), there are probably two new sorts of threat agents: “Chaotic actors” – people who don’t want money, information, attribution or really have specific goals, they just want to watch it burn. “Regulators” – yes, we mean “government” and potentially self-regulating industry bodies (like medical “colleges” or bar (legal) associations), The …

The post Something old, something new: threat in the Internet of Things appeared first on McAfee Blogs.

]]>
In the Internet of Things (IoT), there are probably two new sorts of threat agents:

“Chaotic actors” – people who don’t want money, information, attribution or really have specific goals, they just want to watch it burn.

“Regulators” – yes, we mean “government” and potentially self-regulating industry bodies (like medical “colleges” or bar (legal) associations),

The chapter on Threats in our upcoming book on Risk and the Internet of Things (IoT) is underway at this time, and expands on this discussion significantly.

Something old

Threats (versus vulnerabilities, which are different things and covered in a different chapter) and threat agents in the IoT largely include the same players as on the contemporary Internet and towards IT systems generally.

In the Internet of today you have several categories of Threat Agents that are well discussed. In quick succession the typical Threat Agents in an IT system or on the contemporary Internet are:

  • Criminals
  • Hackivists
  • Industrial Spies
  • Nation States
  • Terrorists
  • Insiders

Many Threat Agents will, in reality, be a combination of these profiles, not easily described as occupying just one single motivation. For instances, some Nation States are known to use their sovereign, cyber-offensive capabilities for the purposes of spying on other countries industries.

Threat agents are also usefully understood in terms of:

Skills: how good are they at cyber-attack and what do they know?

Motivation: how strongly are they driven to success? How long and hard will they work on a target?

Resources: how much money do they have to invest in an attack? How many people, machines, tools, networks can they afford? Can they “buy” or hire the skills they lack?

Access: what to they know about the target? How close can they get to the target, without arousing suspicions?

Something new

It is not that there are completely new threats in the IoT; it is that what were formerly inconsequential or unimaginable threats in the IT world are becoming more identifiable to risk managers in the IoT.

These new threat agents might be called “Chaotic actors” – which would be something fairly new to risk management jargon, and “Regulators” – which is something well known as a stakeholder in the IoT but not specifically identified as an actual threat agent!

Chaotic actors

Why are Chaotic actors different are far as IoT risk managers are concerned? Because they simply don’t care what happens. They will press buttons and send data and rely on near random, non-deterministic impacts. They will look to take advantage of the complexity of IoT systems and the difficulty in understanding the interdependencies among and even within these systems.   In the following chapters, we will discuss this as a critical vulnerability that must be managed in the IoT – and Chaotic Actors are the ones most likely to take advantage of these vulnerabilities.

Chaotic actors just want chaos. They might have an aim, but it is not obvious like that of spies or terrorists, it is probably more personal than all that. Chaotic actors will again be composed of elements of all the other threat agents, resulting in another hybrid; but there may be one distinguishing feature:   they prize anonymity. They want to create confusing and disruptive situations and conditions but don’t want to be found out or associated with the conditions – like spies.   Unlike spies they don’t have a mandate and probably don’t have a budget. They want to throw a wrench into the machinery and sit back to watch what happens. To the extent they have a plan, it is about targeting specific systems, assets and entities. [1]

TM table 1

Regulators

This is not a diatribe against “big government” or regulation; nonetheless, Regulators pose a threat to the IoT because they can be a force for good and bad.

The core reason Regulators are a new threat agents in the IoT is that they – like everyone else – lack of awareness about the complexity or service and supply relationships in the IoT; an environment where service fragmentation is driving new economies and opportunities – but obscuring clear functional views end-to-end.   A change in one part of these complex systems will have untold impacts on other parts of the system; and Regulators have a lot of ability to compel small and large changes alike – with unforeseen impacts.

Like Chaotic actors, arbitrary and even well considered decisions will have unpredictable consequences in the IoT: much more so that in the “IT Internet” of computers, smartphones and cyber-only transactions.

Regulatory prohibitions or market-shaping laws will probability destroy some IoT business opportunities – for difficult to establish social benefit. Similarly, unlike a “technical” attack on an IoT system that can be recovered from in a matter of hours or days, undoing bad regulation can take months and years. A regulatory error will persist and linger and potential cause far more business damage that a cyber attack that usually ends quickly, once treated. (Liability resulting from the attack, aside.)

Regulators come in many shapes and sizes. There are privacy regulators who develop statutes and laws to safeguard personally identifiable information from undue collection, exploitation and loss.   There are health and safety regulators that are bespoke to many industries who might require certain types of inspections, reports or audits, against stipulated minimum requirements or “standards”. There are environmental protection regulations, labor and workforce regulations and even international regulations and laws for sharing the commons – such as the sea or the radio spectrum. Throw into this mix cross-border technical differences among Regulators and the regulatory environments can become as unpredictable complex as the IoT system they purport to manage!

TM table 2

TM table 3

To sum up

The IoT, because of its richness as a target and growing complexity will attract new types of threat agents at that usefully identified: Chaotic Actors and Regulators.

From a risk managers perspective this means:

  1. Don’t spend much time asking “why” a threat agent would want to cause damage – because they don’t need a reason anymore.
  2. Pay attention to emerging regulation and Regulators – even if this means something as simple as joining and participating in Industry Associations. Or, in the case of new IoT industries – form your own Association to create a communications and business interface to putative Regulators. Be proactive – propose security and risk management standards and reference models before you “get told” what they should be.

[1] Example of Chaotic Actor group in 2015 called “Lizzard Squad” – http://www.theregister.co.uk/2015/01/02/lizard_squad_ddos/

[2] http://www.businessweek.com/articles/2014-12-18/u-dot-s-dot-mobile-spectrum-auction-a-44-billion-windfall-so-far

The post Something old, something new: threat in the Internet of Things appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/something-old-something-new-threat-internet-things/feed/ 0
10 Branding Resolutions for 2015 That You’ll Actually Stick To https://securingtomorrow.mcafee.com/executive-perspectives/10-branding-resolutions-2015-youll-actually-stick/ https://securingtomorrow.mcafee.com/executive-perspectives/10-branding-resolutions-2015-youll-actually-stick/#respond Wed, 14 Jan 2015 18:47:17 +0000 http://blogs.mcafee.com/?p=40679 This blog post was written by Penny Baldwin. With a new year, comes a fresh start, and who doesn’t love that?! Typical New Year’s resolutions tend to be geared toward personal goals such as getting to the gym more often; cleaning out the garage… you know the drill. This year I challenge you to do …

The post 10 Branding Resolutions for 2015 That You’ll Actually Stick To appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

With a new year, comes a fresh start, and who doesn’t love that?!

Typical New Year’s resolutions tend to be geared toward personal goals such as getting to the gym more often; cleaning out the garage… you know the drill. This year I challenge you to do something different: model your 2015 goals to make a splash and drive your brand forward. All too often I read resolution lists filled with lofty expectations, and that’s not what this is about. This year set some resolutions that you and your team can, and will, hold yourselves accountable for. This will make for high team productivity and sweet success when the resolutions are achieved.

Running low on creativity or need help getting started? Here are my ten brand resolutions that you’ll actually stick to:

1. Pay attention to metrics. Numbers, and any patterns or trends you may see in them, are a great way to determine what things are (or are not) working for your brand.
2. Keep it simple. You should be able to sum up the focus of your brand in a clear and succinct manner. Goals and mission statements getting too long-winded? Scale it back in 2015.
3. Be consistent. Streamline your content review process to help make sure your brand is portrayed the same across different platforms, ensuring a consistent overall voice.
4. Prioritize visual. Visual elements tend to outperform others, so this year, leverage infographics and platforms such as Instagram, Vine, or Slideshare as part of your amplification strategy.
5. Stay social! Social media is one of the best ways to connect your brand with a large audience – so use it consistently.
6. Engage with your audience. Let 2015 be a year of proactive engagement. Reach out to your communities more, and leverage the power of two-way communication.
7. Diversify. Avoid spinning your wheels in a creativity rut and switch things up by trying something new every once in a while. Encourage team members to think outside of the box, and give them the tools (and time) to do so.
8. Listen to feedback. What do your audience and metrics tell you?
Don’t try and fight for aspects of your campaign that don’t move the needle.
9. Be authentic. It can be tempting to look to other brands for guidance when setting a strategy, but try to resist! Standing apart from the masses will garner your brand more attention and respect.
10. Reconnect with your brand strategy and goals. Has your brand strayed from its original strategy? Set checkpoints for yourself throughout the year to ensure you are staying aligned with and focused on your goals.

Whether you choose to focus on all or just a few of the above tactics, the most important part is that you stick with them. This way, when 2016 rolls around you can look back on 2015 and be proud of your hard work—while reaping the benefits.
What resolutions are you making for your brand this year? Tweet me @PennyRBaldwin and share your thoughts.

The post 10 Branding Resolutions for 2015 That You’ll Actually Stick To appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/10-branding-resolutions-2015-youll-actually-stick/feed/ 0
6 security threats you need to know about for 2015 https://securingtomorrow.mcafee.com/executive-perspectives/6-security-threats-need-know-2015/ https://securingtomorrow.mcafee.com/executive-perspectives/6-security-threats-need-know-2015/#respond Tue, 13 Jan 2015 10:40:05 +0000 http://blogs.mcafee.com/?p=40651 An unprecedented series of high-profile security events and data breaches marked out 2014 as the ‘year of shaken trust’ but what does 2015 have in store? Our annual Threats Predictions report forecasts a combination of more attacks exploiting long-established internet trust standards, such as SSL and digital signatures, and new attack vectors in mobile and …

The post 6 security threats you need to know about for 2015 appeared first on McAfee Blogs.

]]>
An unprecedented series of high-profile security events and data breaches marked out 2014 as the ‘year of shaken trust’ but what does 2015 have in store?

Our annual Threats Predictions report forecasts a combination of more attacks exploiting long-established internet trust standards, such as SSL and digital signatures, and new attack vectors in mobile and the Internet of Things (IoT). We also expect the wider use of cyber espionage techniques by non-state actors for extended targeted attack campaigns.

To put this into some context McAfee Labs detected more than 307 new threats every minute in the third quarter of 2014, with mobile malware samples growing by 16 per cent during the quarter and overall malware rising by 76 per cent year on year.

Here are just six of our top threat predictions for the next 12 months:

1. Cyber warfare and espionage tactics

These will continue to increase in frequency both by nation-states and cybercriminals. They will enhance their ability to remain hidden on systems and networks with attacks aimed at gathering high-value intelligence on individuals, intellectual property and operational intelligence.

2. Severity and frequency of IoT attacks to increase

The rush to deploy IoT devices at scale will outpace the priorities of security and privacy. Attacks on IoT devices will increase rapidly due to hypergrowth in the number of connected objects, poor security hygiene and the high value of data on those devices. This is particularly worrying for the use of IoT devices in healthcare and hospitals.

3. Privacy debates intensify

This will be particularly true in Europe with the new EU General Data Protection Regulation legislation due to be finalised and approved in 2015, bringing with it the threat of greater fines for failing to protect personal data and mandatory breach reporting for businesses. We will see continued discussion and lack of clarity around what constitutes ‘personal information’ and to what extent that information may be accessed and shared by governments and businesses.

4. New mobile attack surfaces and capabilities

The growing availability of malware-generation kits and malware source code for mobile devices will lower the barrier to entry for cybercriminals targeting these devices. Untrusted app stores will also continue to be a major source of mobile malware.

5. Shellshock sparks rise in Unix and Linux attacks

Non-Windows malware attacks will increase as a result of the Shellshock vulnerability. The aftershocks of Shellshock will be felt for many years given the number of potentially vulnerable Unix or Linux devices, from routers to TVs, industrial controllers, flight systems and critical infrastructure.

6. New evasion tactics for sandboxing

Escaping the sandbox will become a significant IT security battlefield. Vulnerabilities have been identified in the sandboxing technologies implemented with critical and popular applications and we predict a growth in the number of techniques to exploit those vulnerabilities.

Restoring trust in 2015 will need stronger industry collaboration, new standards for a new threat landscape and better use of threat data to shrink time-to-detection.

For an in-depth look at our 2015 security threats predictions – including the evolution of point-of-sale (POS) attacks, ransomware in the cloud and growing exploitation of software flaws – download a full copy of our report

Connect with me on Twitter: @GertJanSchenk

 

The post 6 security threats you need to know about for 2015 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/6-security-threats-need-know-2015/feed/ 0
A Simple and Safe Solution for Remembering Your Passwords, from Intel Security https://securingtomorrow.mcafee.com/executive-perspectives/true-key-simple-safe-password/ https://securingtomorrow.mcafee.com/executive-perspectives/true-key-simple-safe-password/#comments Wed, 07 Jan 2015 14:00:50 +0000 http://blogs.mcafee.com/?p=40546 This blog post was written by Penny Baldwin. Passwords – both a blessing and a curse! When used correctly, they keep you safe and protected from those attempting to steal your personal information. However, with a different password for every site or app, remembering each one becomes a difficult task. I’ve become all too familiar …

The post A Simple and Safe Solution for Remembering Your Passwords, from Intel Security appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

Passwords – both a blessing and a curse!

When used correctly, they keep you safe and protected from those attempting to steal your personal information. However, with a different password for every site or app, remembering each one becomes a difficult task.

I’ve become all too familiar with the turmoil that a forgotten password can bring. Really, though, who hasn’t? Between personal and work email logins, all corporate and personal social media properties, internal portals, and blog sites (need I go on?), we have a lot of passwords to keep track of.

What if I told you there’s a better way to keep track of all of your passwords in one simple and safe service, alleviating the headache of remembering them at all?

Introducing True Key™ from Intel Security. An easier, safer way to unlock your digital world.  You can download True Key on your phone, tablet or computer and get where you want to go faster – without the hassle of having to remember, or type multiple passwords. True Key unlocks your apps, websites and devices using things unique to you—like your facial features, the devices you own, or a fingerprint, for flexible multi-factor protection.  From there, True Key takes your current passwords and makes them stronger, remembers them and instantly logs you in.

Sayonara, passwords!

Right now, True Key is available in limited release, and for those of you present at CES, we’ll be showing the product details live.

Make sure you stop by the Intel booth #7252 at CES to participate in some exciting demos of our new technology, and anyone who visits will receive a free 1-year premium subscription to True Key!

For more information on this product and the Intel Security events at CES, follow myself and @IntelSec_Home on Twitter, and Like us on Facebook.

The post A Simple and Safe Solution for Remembering Your Passwords, from Intel Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/true-key-simple-safe-password/feed/ 3
Threat Intelligence: Sink or Swim? https://securingtomorrow.mcafee.com/executive-perspectives/sink-swim-coming-flood-threat-intelligence-data-internet-things/ https://securingtomorrow.mcafee.com/executive-perspectives/sink-swim-coming-flood-threat-intelligence-data-internet-things/#respond Wed, 07 Jan 2015 01:16:17 +0000 http://blogs.mcafee.com/?p=40561 The coming flood of threat-intelligence data from the Internet of Things and new classes of endpoints has organizations seriously evaluating their strategies. Some customers that I speak with are uncertain about the nature, value, and best usage of threat intelligence. The term can mean global threat intelligence (very general), industry threat intelligence (more relevant to …

The post Threat Intelligence: Sink or Swim? appeared first on McAfee Blogs.

]]>
The coming flood of threat-intelligence data from the Internet of Things and new classes of endpoints has organizations seriously evaluating their strategies.

Some customers that I speak with are uncertain about the nature, value, and best usage of threat intelligence. The term can mean global threat intelligence (very general), industry threat intelligence (more relevant to you), or local threat intelligence (what your own users, infrastructure, and systems experience). Harnessing any, let alone all, of these intelligence sources creates a big data challenge, now addressable with the combination of innovative threat intelligence platforms and security information and event management (SIEM) systems. Most companies are just getting their strategies in place for threat intelligence and its impact on traditional endpoints. When you factor in the Internet of Things (IoT)  we’ll either drown in the data or find a way to swim.

According to new Forrester research, “One in 10 US online adults has already used a fitness tracker,” and “Today, 68% of global technology and business decision-makers say that wearables are a priority for their firm, with 51% calling it a moderate, high, or critical priority.” (Source: Forrester, Five Urgent Truths About The Future Of Wearables That Every Leader Should Know, December 2014.

The IoT includes connected consumer devices like personal wearables for monitoring health and fitness, thermostats, smoke detectors, and home video monitors. Business systems, such as heating and air conditioning systems, lighting, interior and exterior signage, and transportation sensors, are joining point-of-sale terminals and manufacturing controllers on the IoT. In addition, corporations are dreaming up innovative uses for devices such as smartwatches and silent sensors, whether as services to sell to their customers, or that make their own employees more productive, effective, or safe.

All of these devices process, transmit, and store data, from innocuous to highly personal. They also have vulnerabilities, making them not only potential attack targets but also potential entry points to connected systems. As the newest members of the network, we expect that targeted attacks will increasingly aim at these devices and their vulnerabilities to gain entry to the enterprise.

With devices proliferating and the most mundane becoming network connected, the number of potential backdoors is almost immeasurable. We have already seen networks compromised via their HVAC system, surveillance cameras, or smart meters. Why not through a water pump, light bulb, or door lock?

Vendors are actively working to protect the IoT, with chip-level security, firewalls, gateways, secure boot functions, authentication and access controls, and constraints on application execution. Intelligence from this front line will be critical to reducing time to detection and containment.

The challenge is making sense of this intelligence given the size and expanding scale of the data set. Visualize the number of devices on an electrical grid, manufacturing site, or city neighborhood: There are many more zeros on that number than in your typical enterprise network. Each device, firewall, and gateway will publish information on local behavior. Security messaging buses can quickly carry this info to affected and interested systems, making it available to the appropriate security operations center and incident response team.

And then what?

As networks shift from a majority of human-interface devices (PCs and smartphones) to a majority of machine-to-machine devices, networked systems become more and more industry specific. Threat intelligence and defenses are one aspect of this path, gathering event and context data for vertical industries.

This new flood of data adds to security’s existing big data problem, when security analysts are already being overwhelmed with events and alerts, trying to leverage high performance analytics like Hadoop to find meaning in the masses of information. Log management- oriented SIEM is already giving way to advanced systems that are very proficient at filtering, processing, and evaluating this data, picking out anomalous events for further investigation. The IoT will accelerate this transition and put an even heavier burden on appropriate automation—this year’s “must-have” gift for security operations teams.

Vertical threat intelligence, such as we are seeing with FS-ISAC and from governmental initiatives, will be normalized and correlated with local (my company) and global (the world) threat intelligence to help systems and their people decide what to do.

Vendors will provide device and vertical-industry level threat intelligence, just like they do today for existing endpoints. Your IoT can be protected, but protection will come by thinking about security as an integral part of the infrastructure, not as an afterthought.

Once anomalous behavior is detected and identified as a potential indicator of attack or indicator of compromise, it will be important to share it quickly within a trusted community. With the speed of execution and adaptation of current attacks, keeping a threat private will no longer be acceptable, nor will waiting for security alerts from centralized security teams. It will just take too long to rely on humans to notice and respond to urgent alerts. Instead, community-level information sharing and analysis centers will automatically gather and redistribute threat information to members. The goal remains the same: security practice needs to move from farming all of the data reactively to hunting with it proactively. Shared threat intelligence, linked by a threat intelligence exchange, combines global, national, local, vertical, and targeted threats into a customized, holistic view for each organization.

View the original post on Dark Reading.

The post Threat Intelligence: Sink or Swim? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/sink-swim-coming-flood-threat-intelligence-data-internet-things/feed/ 0
What a Breach can Teach: It Starts with a Strategy https://securingtomorrow.mcafee.com/executive-perspectives/breach-can-teach-starts-strategy/ https://securingtomorrow.mcafee.com/executive-perspectives/breach-can-teach-starts-strategy/#respond Tue, 06 Jan 2015 18:28:23 +0000 http://blogs.mcafee.com/?p=40514 This is part II in a series on proactive defense using a proven professional services security methodology To me, the human body is a miracle and a mystery.  But, I often think the same thing about the growing complexity of enterprise networks and the security solutions that are intertwined throughout them like our delicate circulatory …

The post What a Breach can Teach: It Starts with a Strategy appeared first on McAfee Blogs.

]]>
This is part II in a series on proactive defense using a proven professional services security methodology

To me, the human body is a miracle and a mystery.  But, I often think the same thing about the growing complexity of enterprise networks and the security solutions that are intertwined throughout them like our delicate circulatory system.  I’m thinking about this as I run through the neighborhood with two pain-free knees that wouldn’t be so strong today had I not found a doctor who, in many ways, is like a professional network administrator trained to tie all the systems together for optimum performance.

You see, after years of knee pain, my boss recommended that I visit an orthopedic surgeon he knew.  He said, “You’ll appreciate this guy.  He has the same security services mentality as we do.”  I wasn’t quite sure what he meant, but I assumed it had something to do with the doctor’s innate ability to holistically evaluate my ‘network’ (so to speak).  I was really hopeful that this new doctor would finally be able to uncover the foundational issues causing my pain.

From the minute I walked into his office, I knew this doctor was different. The questions he asked intrigued me.  His approach reminded me of the way professional services consultants assess a project – first working to understand the client’s pains and challenges, and then using a systematic methodology to move forward with the solution.  In my case, the doctor first asked questions to get deep into the heart of the issue and then he analyzed the same MRI that had been reviewed by several doctors in the past.  Instead, he dissected it frame by frame.  The root of the problem was bone chips – compounded by severely atrophied quad muscles.

The doctor uncovered the core problem, devised a solution, and executed it on it.  The answer was months of physical therapy in preparation for surgery.  The doctor’s approach is what we mean when we talk about being relevant – having a greater understanding about what our customers need even if they’re not even quite sure what they need.  This ties in nicely with my last post where I discussed relevance as it relates to digital security and protecting our customers’ data – how it’s not just about having all the ‘right’ security solutions in place, but about operationalizing them all in order to experience the full value of their investment.

Whether he knows it or not, my doctor provided me with Level Three service from the Emerging Supplier Model – a model that Gavin Struthers, Senior Vice President of Worldwide Channel Operations, describes in his last post.  This level requires that service professionals get closer to customer operations, understand the organization’s end goals, and help to optimize their ROI.  In the case of security services, I know firsthand that there’s no way to guarantee that an organization is secure, but using a proven methodology to integrate the best technology is key to gaining the full value of your security investment – monetarily and functionally.

The Intel Security methodology is tried and true – consisting of six phases: strategize, plan, design, implement, operate, and optimize. While these phases are not necessarily linear, the strategize phase ultimately begins the engagement and drives the phases through optimization.  At any phase, however, the environment may require that we revisit one of the former phases. Developing a strategy can often be triggered by a recent event – like a breach – that has threatened the security of an organization.  When this happens, the organization will typically seek out the experience of incident response professionals, like those with McAfee Foundstone, who are trained to uncover vulnerabilities and begin remediation to secure the network and the corporate data.

After the initial triage, the questions begin to flow in from the CISO or the CTO.  “We’ve invested in state-of-the-art security solutions.  How did this happen?  Where did the breakdown occur and why?  How can we avoid this in the future?”  Experienced security services professionals can usually explain why this particular breach occurred, but in order to avoid something similar in the future, the team must use a strategic approach – one that identifies need and implements the right balance of technology, people, and processes to manage digital risk and leverage security investments more effectively.

Although the strategy phase must address dozens of security-related details, in general our team of professionals will identify corporate requirements and set strategic business objectives for security management and risk mitigation.  This includes activities like:

  • Identifying strategic objectives and priorities
  • Assessing high-level structure of the existing security environment
  • Developing a strategy for deployment for the entire network

The good news about a security breach is this: It’s usually the event needed to bring security to the top of the organization’s priority list.  Only when it’s top of mind can the focus shift from reactive to proactive – starting with a plan and moving through full optimization.  In my next post, I will share how the planning phase from our proven methodology is born out of the strategy phase and feeds into the design phase – all critical to securing your organization’s assets and reputation.

The post What a Breach can Teach: It Starts with a Strategy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/breach-can-teach-starts-strategy/feed/ 0
Big Thinking: The Way Forward https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-way-forward/ https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-way-forward/#respond Mon, 05 Jan 2015 22:42:52 +0000 http://blogs.mcafee.com/?p=40504 This is the fourth of four-part blog series on the IT security inflection point. The way forward for the future partner in security begins with committing to a strategy. And Intel Security has it. You have it. Partner Connected was designed to be flexible and scalable as the industry evolves. And as I wrote about …

The post Big Thinking: The Way Forward appeared first on McAfee Blogs.

]]>
This is the fourth of four-part blog series on the IT security inflection point.

The way forward for the future partner in security begins with committing to a strategy. And Intel Security has it. You have it.

Partner Connected was designed to be flexible and scalable as the industry evolves. And as I wrote about in my last three posts, the IT landscape is changing as threats to it become more sophisticated and prevalent. In fact, Cybersecurity is now a top of mind issue likely to “shock the global economy” for executives next year, according to McKinsey’s year end survey.  69% of N. American executives polled in this survey believe a cyberattack is likely or very likely to occur in 2015.

The dizzying pace of change is not new. We’ve moved faster and achieved more success together than any of our competitors. But a flexible strategy is designed to change when we need it to, and that time is now.

Are you willing to make investments and declare you are moving strongly into levels two and three of the emerging supplier model? Level two is selling a product and then providing a level of maintenance and implementation services, delivering a higher level of security posture for the customer. The third level organically builds from there as it requires managed security services, optimizing ROI, and other advanced security services.

Forging partnerships is critical. There’s an expertise gap and a consumption gap and this simple approach works. Partner Connected is not only about technology, but people and processes. We have the ecosystem—let’s lead with a process that brings us closer to our customers and covers services gaps. Some of our partners are already doing this, and it’s working.

Talent and enablement are also important to this evolution. There’s a place for services-only providers that serve as the delivery mechanism for other partners. It’s worked across the networking industry and it can work for us. It may require your building a team of several consultants that can specialize and scale in technology services and business-specific areas. But whatever the areas, consulting sales acumen will be required. You will require a different type of sales professional who must understand the larger security context and targeted customer pain points.

Having the most knowledgeable consultants and the best products and methodology is the recipe for great customer outcomes. We have a methodology and many of you do too.  We call it SPDIOO (strategy, plan, design, implement, operate, and optimize). Being able to demonstrate and speak to your own services methodology adds a higher level of credibility to your organization and provides a sense of comfort to your clients—you’ve been there and you’ve done this before.

Although each methodology has their nuances and can be unique and branded accordingly, there are core functions that are fundamentally the same. It’s the alignment of these principles across our services, product, and partner ecosystem that help ensure successful product deployment the way it was meant to be and technology consumption based on best practices and industry trends.

Inherent in the transition from a level two to a level three supplier is the ability of the technology company to partner with its customers in new ways—to play a decisively active part in its customers’ consumption and value realization from the technology solutions they purchase. In short, EVERY tech firm is going to need an “adoption playbook.”

This is no small thing. The Technology Services Industry Association (TSIA) states professional services benchmark data indicates that only 44 percent of professional services organizations have a formal methodology in place to increase product adoption. In short, the majority do not have an adoption playbook. You will need to develop the appropriate pricing models, partnerships and your go-to-market model for driving a services-led model.

This is the way forward, and it’s rife with opportunities. There’s never been a better time to partner with Intel Security because we are ready to work with partners committed to embracing the future of security services. Security is everywhere and so we need to be everywhere, working together to guide each other, advise our mutual customers, and integrate our combined expertise into their organizations. We can do this by thinking big and being relevant.

The post Big Thinking: The Way Forward appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-way-forward/feed/ 0
One of the Best Gifts you can give to your child this Holiday Season https://securingtomorrow.mcafee.com/executive-perspectives/one-best-gifts-can-give-child-holiday-season/ https://securingtomorrow.mcafee.com/executive-perspectives/one-best-gifts-can-give-child-holiday-season/#respond Mon, 22 Dec 2014 23:30:22 +0000 http://blogs.mcafee.com/?p=40307 As parents, we want to provide our children with the best of everything. We know, as they grow, they will develop specific skills and hone talents for what soon may be their calling in life. As a mother and a technology professional, I have a passion for the tech industry which may or may not …

The post One of the Best Gifts you can give to your child this Holiday Season appeared first on McAfee Blogs.

]]>
As parents, we want to provide our children with the best of everything. We know, as they grow, they will develop specific skills and hone talents for what soon may be their calling in life. As a mother and a technology professional, I have a passion for the tech industry which may or may not influence my son’s career choice. He has great talents across a variety of domains. Technology and my role as an IT executive have increased his awareness and technical savvy – whether or not he selects this field, only time will tell. Either way, his experiences have been positive and they most certainly have increased his awareness that a woman can flourish and succeed in this field.

As a woman, I know the challenges girls face when entering the engineering, scientific and technical fields. Recent studies have illustrated that we can still do much more to encourage young girls to experience technology and possible technical career choices.
Instilling a curiosity for tech in your child – boy or girl – is one of the best gifts you can give them this Holiday season. Guide some of their exploration toward tech, and you will open up the technological world to them in ways you never imagined. Most children love exploring new worlds and expressing their own ideas. Share your love of technology with your children and allow them the possibility to discover their individual and unique passion for tech.

Here are a few suggestions on how to go about doing so with your children.

1. Expand your children’s technical exposure. Depending on their age and skill level, children can be exposed to tech in many ways.

2. Be a tech advocate by modeling skills used in tech every day. Sharing your own love of tech demonstrates the traits and excitement derived from the field, for whatever purpose – work or pleasure, you are shaping your children’s perception.

3. Encourage children to notice technology and look at how tech products are created and work. Whether you are walking through a store, watching a commercial, driving by a roadside advertisement board or reading from a newspaper or website, share the different forms of technology that exists in the world with your children. Discuss their purpose and ask them what they understand from what they see.

4. Share your enthusiasm and excitement for this time of bonding and sharing with your child. Make it a positive and meaningful experience for all members involved.
Most importantly, express to your children that career choices within the scientific and technological fields are not exclusively for one sex or the other. Great talent, drive, and skill are equal opportunity attributes. Their career decision should and most definitely will be theirs to make. Let’s help them out by increasing their awareness of options within these fields. It could very well be one of the most important gifts you can give your child this Holiday season – and throughout the year.

The post One of the Best Gifts you can give to your child this Holiday Season appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/one-best-gifts-can-give-child-holiday-season/feed/ 0
Big Thinking: The New Era of the Customer https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-new-era-customer/ https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-new-era-customer/#respond Mon, 22 Dec 2014 18:36:51 +0000 http://blogs.mcafee.com/?p=40305 This is the third of four-part blog series on the IT security inflection point. In my first two blogs in this series I wrote about the imperative for us all to change how we deliver value to our mutual customers. We need to move from selling products to focusing on business outcomes. We need to …

The post Big Thinking: The New Era of the Customer appeared first on McAfee Blogs.

]]>
This is the third of four-part blog series on the IT security inflection point.

In my first two blogs in this series I wrote about the imperative for us all to change how we deliver value to our mutual customers. We need to move from selling products to focusing on business outcomes. We need to be trusted advisors who lead with services—the security partner of the future requires a focus on developing, honing, and scaling your services business.

Key to this shift  will be  providing more sophisticated professional services offerings. In their 2013 B4B report, the Technology Services Industry Association (TSIA) states that “professional services is in the eye of the hurricane.”

This is primarily due to that fact that many of the services, talents, and capabilities that are required by technology companies to morph their value proposition from product offerings  to more outcome-oriented services currently reside in the professional services organization.

Consultants have a different approach and often think differently about customer problems. A consultant’s DNA is to think about customer challenges and work backwards to solve their challenges. This aligns to that emerging services model I wrote about in my last post. We need to look holistically at security rather than simply addressing point problems with point products. We’re no longer tactical, but strategic.

Furthermore, the transformative technologies of mobile, cloud, big data and the Internet of Things will necessitate increased security help via assessment, strategy, design, and planning services. As more technologies come online and the IT landscape evolves, our customers will look to the market for strategic vendors that enable business outcomes.

This is why customers are asking for and embracing services. There is an expertise gap and a consumption gap. This is not just about the lack of expertise to deploy technology, but an overall lack of ability for an organization to consume the new technology or newest features at the pace with which we produce it. Add to that increasing threats and compliance demands, and customers are facing more challenges to their business while not fully understanding how their business is evolving. As a result, they’re unable to determine acceptable risk, predict costs, and effectively manage growth.

Becoming a trusted advisor is paramount to your future. What is your organization planning three years out? How will you implement the change necessary to meet customer demand? What’s your security services play?

Not too long ago I shared with many of you the data and trends from numerous industry sources, including Gartner’s “Future of IT Services” white paper, that customers will switch out 70 percent of their existing service providers for specialists. If that’s true, you stand to lose at least two out of three of your customers.  That was a ”boom” moment for me about the change that is afoot in the industry and our role as a vendor to help work with partners to avert this catastrophic outcome.

Now, the fallout from that boom is a clear vision of the new era of the customer. The dust of the one-off products approach is settling, and our path is clear: Become specialists and trusted advisors and work together within our ecosystem to solve problems. Security is one of our customers’ business priorities and that will only become more critical to the business by driving upgrades to the infrastructure and simplifying the IT environment. The gauntlet has been laid—which partners will make it through to deliver what customers expect?

The partners that make it across will embrace and execute a strategy that is outcome-focused. It’s the way forward, and I’ll discuss that in my next post.

The post Big Thinking: The New Era of the Customer appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-new-era-customer/feed/ 0
Big Thinking: The Emerging Supplier Model https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-emerging-supplier-model/ https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-emerging-supplier-model/#respond Mon, 15 Dec 2014 20:04:41 +0000 http://blogs.mcafee.com/?p=40135 This is the second of four-part blog series on the IT security inflection point. In my last blog, I discussed how we can become more relevant to each other and our mutual customers in a rapidly changing IT security industry. Every organization will become a digital business, and as a result, protecting critical data and …

The post Big Thinking: The Emerging Supplier Model appeared first on McAfee Blogs.

]]>
This is the second of four-part blog series on the IT security inflection point.

In my last blog, I discussed how we can become more relevant to each other and our mutual customers in a rapidly changing IT security industry. Every organization will become a digital business, and as a result, protecting critical data and assets is no longer a tactical, tick-box exercise. It’s strategic and revolutionary.

IT security is now about packaging value in a way that enables our customers to achieve the results they want for their business; it reaches beyond security. According to the Technology Services Industry Association (TSIA), operating models of technology providers are about to be revolutionized. We’re the providers, so what does this mean for us?

The TSIA has a framework called the “Emerging Supplier Model,” which demonstrates four levels of supplier offerings. It’s a simple yet profound pathway that delineates the motions we need to understand and then make in order to move from a product focus to what they call an outcomes focus. In short, it’s the services model of the future.

In their book B4B, this is positioned as somewhat of a warning. But I see it as the biggest opportunity we’ve had in front of us to date and it’s an integral part of our Partner Connected strategy. We’re not starting net new—we have the infrastructure and technologies to not only move forward on this path, but blaze it.

The first level of this model is simply selling point products, but that’s no longer effective. While Intel Security products are the best in the industry, we cannot simply push pre-packaged products that deliver value in bite-sized nuggets; our customers are tired of this and they want more.

Level two, then, is selling a product and then providing a level of maintenance, support and implementation services, delivering a higher level of security posture for the customer. Most vendors, and many of you are squarely stuck in level two. You’ve developed complex offers aimed at standing up technology assets within your customers’ environments, educating your customers’ users on the product’s functionalities, and maintaining and repairing the asset once it’s operational.

This has been effective, but again, we need to change—this approach is running out of steam.

More and more of your success as technology suppliers will be about whether you are able to make your customers successful. This requires a level of maturity and change that includes getting closer to customer operations, managed security services, and optimizing ROI.  This is level three.

Level four represents pure outcome offers that are platform-based with a much lower TCO. This is where “born in the cloud” operators exist. Our challenge is to move to level three and even level four. This is the state of the security partner of the future and it requires a focus on developing, honing, and scaling your security services.

In the absence of that motion, you face a grim reality of being marginalized to the “irrelevant pile.” We need to move along the services continuum from security services that are focused on deployment and maintenance to those that are higher-value and higher-margin. This includes security assessment services and advanced services for solutions such as threat intelligence, incident response and forensics.

Security touches every aspect of an organization and it will continue to impact business decisions at all levels, regardless of role and regardless of business objectives. For a long time now, we’ve discussed the value of our Partner Connected strategy. This is all about combining our security expertise with you as trusted advisors to bring together the solutions that address our mutual customers’ business needs. Together with you, we’re going to lead the transformation by providing security innovation from the chip to cloud.

But it won’t be easy; change never is. And we need to be not only security experts, but business partners who anticipate what our customers want and need before they do.

In my next blog, I’ll discuss in-depth the role we need to embrace in order to make our transition to this emerging supplier concept. In the meantime, how are you preparing your security practice to be services-led? What do you need from Intel Security to make this revolution a reality?

The post Big Thinking: The Emerging Supplier Model appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-emerging-supplier-model/feed/ 0
How to ‘speak security’ to the board https://securingtomorrow.mcafee.com/executive-perspectives/speak-security-board/ https://securingtomorrow.mcafee.com/executive-perspectives/speak-security-board/#respond Wed, 10 Dec 2014 12:46:44 +0000 http://blogs.mcafee.com/?p=40070 There has been an age-old debate about the gap between ‘the business’ and ‘IT’. And nowhere is this more acute than when it comes to information security. The CEO and the rest of the C-suite in the boardroom know that security is important and that the threats in this digital age are increasing. But they …

The post How to ‘speak security’ to the board appeared first on McAfee Blogs.

]]>
There has been an age-old debate about the gap between ‘the business’ and ‘IT’. And nowhere is this more acute than when it comes to information security.

The CEO and the rest of the C-suite in the boardroom know that security is important and that the threats in this digital age are increasing. But they often lack the depth of technical knowledge to fully understand the risks to their business and, therefore, what security investments they need to make.

Yet ultimate responsibility for any security breach falls to the top table – some of the big breaches in the past year have led to several C-level executives paying the ultimate price. That’s got to be a wake-up call for any board members who think they can bury their heads in the sand or who believe that IT security is something they don’t need to concern themselves with in any detail.

So, how can the CIO or CISO communicate security risk to the board to justify investment in the necessary technology to protect the business?

It’s good to talk

The first step, of course, is to make it a responsibility for everyone around the boardroom table. A study by McKinsey and the World Economic Forum examined cybersecurity risk management practices with more than 60 of the world’s 500 largest companies. It found that senior management time and attention was the single biggest driver of maturity in managing cybersecurity risks.

Regulation and compliance

Traditionally one of the main reasons for CEOs and CFOs to sign off on security investment is for regulatory compliance. That’s both vertical industry regulations and national or regional legislation, such as the new – still to be finalised – EU General Data Protection Regulation and the EU Cybersecurity Directive. This is likely to be a strong driver in countries with very strict data protection laws, such as Germany and Sweden. There is a danger in just ticking boxes, however, and analyst Gartner warns that being compliant doesn’t necessarily mean your business is secure and says security should be “protection driven”.

Scare tactics

CIOs and CISOs have often resorted to fear to try and justify IT security investment. For sure while there is a responsibility to make the board aware of risks, simply touting ‘world might end’ scenarios isn’t the best approach. Gartner studied 300 board presentations on risk and security and comes to the conclusion that using FUD (fear, uncertainty and doubt) to get board support just doesn’t work.“Executives don’t want to hear how bad everything will be if they don’t invest,” says the analyst.

Risk

Rather than presenting worse case scenarios and then holding out the security collection tin to the board, the C-suite wants an honest assessment so it can make judgments on what is an acceptable level of risk – locking everything down is both too expensive and impractical. Does the company know what it’s most sensitive data is? Deloitte advises identifying the top information security risks to the business and assigning risk factors to each of them. The board can then make an informed call about where to place its security investment bets.

Business value and ROI

The best language to use to justify security investment to the board, of course, is that of business value and return on investment. Every other department has to use ROI metrics and security shouldn’t be any different. Yet security investment is notoriously difficult to justify in terms of ROI. But CIOs and CISOs can talk about the enabling effects of new security technologies. Think about the example of some banks deploying two-factor authentication, which boosts customer confidence in digital and online services and reduces losses from fraud. Or an oil company using security to connect its smart oil fields to the business infrastructure and avoiding downtime or interruption to oil production.

Don’t baffle the board with dashboards of technical operational security metrics and terrifying breach disaster scenarios. Encourage executives to take a proactive approach to information security by talking the language of the C-suite – risk versus reward and business value. Put the emphasis on security as a business enabler.

Connect with me on Twitter: @GertJanSchenk

The post How to ‘speak security’ to the board appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/speak-security-board/feed/ 0
How Do I Defend Against Threats in the Latest McAfee Labs Report? https://securingtomorrow.mcafee.com/executive-perspectives/defend-threats-mcafee-labs-report/ https://securingtomorrow.mcafee.com/executive-perspectives/defend-threats-mcafee-labs-report/#respond Tue, 09 Dec 2014 05:01:52 +0000 http://blogs.mcafee.com/?p=39984 McAfee Labs provides important information about threats in a variety of ways, from our McAfee Global Threat Intelligence service that feeds into many of our products, to published Threat Reports, our online Threat Center, and many active bloggers. Although it is useful for security professionals to know about the latest threats, one question that I …

The post How Do I Defend Against Threats in the Latest McAfee Labs Report? appeared first on McAfee Blogs.

]]>
McAfee Labs provides important information about threats in a variety of ways, from our McAfee Global Threat Intelligence service that feeds into many of our products, to published Threat Reports, our online Threat Center, and many active bloggers. Although it is useful for security professionals to know about the latest threats, one question that I often hear from customers is “How does McAfee technology protect me from this threat?”

Along with today’s publication of the McAfee Labs Threats Report: November 2014, we are also publishing two solution briefs that answer this question for key threats highlighted in the report. These documents identify which McAfee products will help protect you from these threats and how that protection works.

One solution brief explains how to defend against the recent BERserk vulnerability. BERserk is not your typical unlocked backdoor or another way to steal passwords. Instead, this flaw makes it possible to forge RSA signatures. An attacker can then act as a man in the middle, capturing sensitive data or hijacking the session, while the user sees a supposedly secure and authenticated session. Servers and websites are the primary targets of BERserk attacks, so it is up to you to protect your company’s assets. McAfee Vulnerability Manager and McAfee Asset Manager work together to scan your network and build an inventory of network-connected systems. When new threats are discovered, they enable you to quickly and confidently identify which systems are running vulnerable versions. Armed with this information, your security department can patch or isolate the vulnerable machines, reducing your time to containment. Another product, McAfee Application Control, provides a similar function for your applications. McAfee Application Control maintains a dynamic whitelist as applications are patched or updated. For the BERserk vulnerability, it can block execution of applications that call the vulnerable RSA code.

BERserk is one of the most recent examples of a vulnerability or malware that takes advantage of people’s trust in systems and the Internet. Other examples include malicious advertising, which deliver malware through popular ad-driven websites. Or malware that uses valid certificates from a Certificate Authority (CA) that are similar to the name of a legitimate company. Or counterfeit applications that pretend to be an update to familiar and widely distributed apps, such as Adobe Flash Player.

Protecting against trust abuse is the subject of the second solution brief. Multiple McAfee technologies have a role in defending the trust that has been carefully nurtured between you and your customers. For example, at the remote end, McAfee VirusScan can detect and defeat copycat malware without disrupting your workday. McAfee Global Threat Intelligence delivers real-time information on certificate, site, and file reputation to proactively defend against digital con men. McAfee Email Gateway and McAfee Web Gateway watch for malicious URLs, deleting them from phishing emails and web traffic.

McAfee will continue to develop and publish solution briefs with each new McAfee Labs Threats Report and you will be able to find them here. We hope you find these solution briefs useful.

The post How Do I Defend Against Threats in the Latest McAfee Labs Report? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/defend-threats-mcafee-labs-report/feed/ 0
Spruce Up Your Holiday Brand Campaign With These Three Tips https://securingtomorrow.mcafee.com/executive-perspectives/spruce-holiday-brand-campaign-3-tips/ https://securingtomorrow.mcafee.com/executive-perspectives/spruce-holiday-brand-campaign-3-tips/#respond Fri, 05 Dec 2014 18:20:37 +0000 http://blogs.mcafee.com/?p=39934 This blog post was written by Penny Baldwin. From Budweiser losing its Clydesdales to Gap helping people ‘Dress Normal’, brands have decked the halls with holiday campaigns since Halloween. For some, it appears that unless you have a massive budget or are driven by individual consumers, you’re not going to get a piece of the …

The post Spruce Up Your Holiday Brand Campaign With These Three Tips appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

From Budweiser losing its Clydesdales to Gap helping people ‘Dress Normal’, brands have decked the halls with holiday campaigns since Halloween. For some, it appears that unless you have a massive budget or are driven by individual consumers, you’re not going to get a piece of the pie until January (the ‘pie’ here being share of voice, not pecan). However, that is simply not the case.

The bottom line is this: during the holidays, consumers have a lot of decisions to make – and brands are right there trying to coach them every step of the way. Sure, it can be fun to see which companies get creative or change messaging, but it can also be exhausting, and at some point the message gets lost and the market becomes saturated with grand ideas.

It’s at the advantage of a brand to remember the little things in times like these. I’ve got a list for you to check twice, to help ensure your campaign – no matter the size – catches the attention of your audience.

  1. Don’t be a Scrooge – Show Gratitude!

The holidays are a time for reflection, nostalgia, and positivity. The best way to hit a home run that will last into the New Year is to show your gratitude toward everyone that makes it possible for your brand to survive. Whether with a big budget ad campaign or a corporate blog post, or even a simple tweet, employees, investors, stakeholders, and of course customers, will be sure to remember this when they’re checking their naughty and nice lists.

  1. Elves Help Santa, Let Your Audience Help You

Run a contest that encourages users to submit answers to social channels, ask a question that sparks a visual response, or create a unique hashtag to accompany users’ posts about their favorite holiday moments. Take to social media and let user-generated content help you tell the best part about your story: the story of the people that make your brand tick.

  1. Stay on the Nice List

With moods high and microscopes dialed in, the holiday period is a good opportunity to boost brand sentiment. Share photos of your staff holiday events on social channels to convey transparency. Have some fun with your content and use Christmas carol lyrics to your advantage. There is so much that you can do for your brand organically with little to no budget to help move the needle on perception, and often times throughout the year these small things are forgotten.

Use the holidays to your advantage! Reconnect with users, give credit where it’s due, and be jolly when appropriate. Happy holidays, and may your branding campaigns be filled with joy!

The post Spruce Up Your Holiday Brand Campaign With These Three Tips appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/spruce-holiday-brand-campaign-3-tips/feed/ 0
Big Thinking – Making a Case for Relevance in the Security Industry https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-making-case-relevance-security-industry/ https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-making-case-relevance-security-industry/#respond Tue, 02 Dec 2014 21:18:54 +0000 http://blogs.mcafee.com/?p=39876 This is the first of four-part blog series on the IT security inflection point. During our recent Security Alliance Partner Summit, I talked to more than 700 partners about change and thinking big. Why? Because our business today is largely dependent on how we anticipate the future – how our business models need to evolve …

The post Big Thinking – Making a Case for Relevance in the Security Industry appeared first on McAfee Blogs.

]]>
This is the first of four-part blog series on the IT security inflection point.

During our recent Security Alliance Partner Summit, I talked to more than 700 partners about change and thinking big. Why? Because our business today is largely dependent on how we anticipate the future – how our business models need to evolve to address customers needs. My challenge to you then was to think big and break the traditional thinking around IT and security. That challenge remains. And it’s all about change.

I love this quote by Dave Jakielo: “If you don’t like change, you’re going to like irrelevance even less.” For me, the flipside of that sums up what the future of our partnership means: Being relevant to each other.  I usually measure that by how meaningful we are to your strategic success, but also to your top and bottom line contribution. Your relevance to Intel Security can primarily be measured by how much new business you bring to our partnership and the value you add in the sales and delivery chain.

Relevance to one another begins with understanding our customers and what they need and want—not only today, but tomorrow. Consider that 56 percent of the Technology Services Industry Association (TSIA) Top 50 services companies have experienced flat or declining product revenues in the past 12 months, while 66 percent have experienced growth in services revenues. Additionally, over the next three years, on-premise deployments will decline faster than cloud/hosted deployments will increase.

This means that the market is at an inflection point. What we do today will determine our course tomorrow. Today, technology is driving more change in organizations than ever before. And it all needs to be secured.

To do that, your business models and how you deliver value and monetize must change. Many of you are already organizing to focus on service models—managed services, support services, professional services, and consulting services.

It’s imperative that we all move in this direction. The market is demanding it. Customers will be more demanding because they have to be. According to TSIA, operating models of technology providers are about to be revolutionized. Customers are looking to transfer the risk to us, the suppliers (you and Intel Security), where we take the assets on our balance sheet and deliver utility-based models focused on delivering value and business results.

Moreover, the future of security will lie in helping customers navigate the escalating threats by being able to respond with context and automation, leveraging a connected security architecture from the Endpoint to the Cloud.  This is our Security Connected architecture that we have been building for several years and that no one else has, helping customers navigate the course, and doing so with a services-led approach.

Simply put, customers are expecting outcomes.  The question and challenge before us is how to do this effectively together? To be relevant, we have to be more than a technical handyman or procurement clearing house. We need to be an indispensible business consultant.  And we can’t be allergic to change.

In my next few blogs I’ll discuss the drivers of this change and areas on which we need to focus in order to guide us towards a partnership that lasts not only 3-5 years, but thrives for the long term.

In the interim, what do you see as a major driver or trend in your business? What will need to change in your business to anticipate the future? Then, tell me how you’re addressing it and preparing for the future. One thing is for certain, we need to think big and cross the raging river together.

The post Big Thinking – Making a Case for Relevance in the Security Industry appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/big-thinking-making-case-relevance-security-industry/feed/ 0
Three Pillars for A Stronger Content Strategy https://securingtomorrow.mcafee.com/executive-perspectives/three-pillars-stronger-content-strategy/ https://securingtomorrow.mcafee.com/executive-perspectives/three-pillars-stronger-content-strategy/#respond Tue, 18 Nov 2014 21:03:49 +0000 http://blogs.mcafee.com/?p=39451 This blog post was written by Penny Baldwin. The content marketing trend is in full swing. Now, the question is not whether to create your own branded content—it’s how to serve up the most digestible assets to a targeted audience, and actually see ROI. As marketers, we produce a lot of content. From technical white …

The post Three Pillars for A Stronger Content Strategy appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

The content marketing trend is in full swing. Now, the question is not whether to create your own branded content—it’s how to serve up the most digestible assets to a targeted audience, and actually see ROI.

As marketers, we produce a lot of content. From technical white papers and solution briefs to blogs and infographics, we’re constantly changing up the mix. A strong content strategy is the foundation of brand messaging. The building blocks of that strategy should be diverse, thoughtful and engaging.

Whether you’re building out a new content strategy or beefing up an existing one, it’s important to establish some basic pillars for success. Here are three:

Pillar One: Be the Educator

Utilize content marketing to become an informative hub, rather than a marketing microphone. Find a new angle that hasn’t been covered and take an educational stance. There is so much content out there to sift through, and yet quite often it’s not digestible enough for the average reader. First, remove your brand or product from the picture and provide educational information to the audience about the issue at hand—what it is, how it works, and what’s in it for them—then insert some product or branded messaging.

Pillar Two: Open Both Lanes

Online readers are tired of being funneled into a one-way street. Including the thoughts and experiences of your user base gives a more authentic feel to what should be a give and take, as opposed to a single lane output. Crowdsourcing content or engaging with comments and shares is the new wave of content marketing, and helps to open up the discussion to a broader audience. Look at outlets like Buzzfeed, whose success can be attributed to engagement and crowd-sourced posts. 

Pillar Three: Syndicate!

Yes, you want to have a single platform for your content. However, if you’re not using syndication to your advantage, your message may not be available to those searching for it. For example, employee blogs can be reposted to LinkedIn, infographics can be sliced and diced for Slideshare, and all of it can be promoted via social media.

The most successful content marketing strategies are those that implement tactics to educate, interact, and syndicate. There are larger strategies that can be implemented here as well, but we’ll save that for another blog post.

Have any additional insights for maintaining a successful content marketing strategy? Tweet me @PennyRBaldwin and share your thoughts.

The post Three Pillars for A Stronger Content Strategy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/three-pillars-stronger-content-strategy/feed/ 0
White Networks https://securingtomorrow.mcafee.com/executive-perspectives/white-networks/ https://securingtomorrow.mcafee.com/executive-perspectives/white-networks/#respond Fri, 14 Nov 2014 17:14:15 +0000 http://blogs.mcafee.com/?p=39268 Internet of Things (IoT) needs “white networks” to scale and deliver the assurance we require for machine-things; white as in “clean and pure”. The IoT will contain all the devices on the current internet, plus many new devices used for machine-to-machine and industrial applications and services.  In contrast to a “white network” I would assess …

The post White Networks appeared first on McAfee Blogs.

]]>
Internet of Things (IoT) needs “white networks” to scale and deliver the assurance we require for machine-things; white as in “clean and pure”. The IoT will contain all the devices on the current internet, plus many new devices used for machine-to-machine and industrial applications and services.  In contrast to a “white network” I would assess the regular Internet as “black” – filthy, full of attacks and threats and no place for a wave small, simple, cheap device which were never engineered for the open ocean of the internet; most home and small business networks are probably dark grey – unhygienic at best and usually poorly protected; enterprise networks are “ash grey” – not clean but a respectable balance of risk and cost, and perhaps the best military-grade networks as merely off-white: because there really is no such thing as pure networks.   This illustrates the conditions of today’s heterogenous-network environments: even with good resources it is difficult to remain “clean”, and with little or no resources it is pretty much wishful thinking.

IoT services will be a vast range and combination of new Business-to-Business, and Business-to-Consumer applications:  like home energy management, healthcare services, smart transportation, augmented reality in entertainment, and on and on. (In an up-coming book called “RIOT Control” we list several dozen examples of IoT use-cases, and security implications.)

It is a hallmark of many IoT/industrial/machine networks and devices that they are fragile:   they do not respond well to “internet-like” conditions such as regular or occasional network probes and scans by adjacent devices, or seemingly random increases or decreased in traffic volumes, latency and packet loss. Many IoT services will see merely degraded network services as a service failure – a very different situation from what mosy users and applications expect from the current internet. Many industrial services will fail or become unpredictable in performance if subjected to even mild forms of reconnaissance or attack over the network. Similarly, a large population of devices coming onto the IoT will mean that some of them will be defective or possess manufacturing defects (hardware or software) which result in them generating excess or malformed network traffic, sometimes to the point of making the network unusable.   Another affect of large numbers of devices coming on the network will be that some will not be properly secured physically, and will become platforms for unauthorized access to the IoT.  They will become back doors and side doors into the IoT. In other cases, administrative errors in network management will see logically differentiated and segregated networks accidentally combined, or linked – with traffic from one “polluting” the other, with uncertain impacts on these fragile networks.  Administrative errors such as this are already unfortunately common in both carriers and enterprises alike – the complexity of the IoT and the growth of the many interconnected networks supporting the IoT can only increase this operational challenge.

Another aspect of industrial/machine networks in the IoT is that they will increasing support critically sensitive, cyber-physical, logical-kinetic interfaces:   the IT world controls the real world. In these instances, the potential for an IT security issue to manifest as physical harm and damage becomes very real. Already we are seeing instances of the potential criticality of the logical-kinetic interface and the hard that can result from insecure and fragile networks and devices.(See these story about failed in-home, IP-based security systems, or IP based utilities) .

White networks will be benefical as a simplified form of security for the simplified forms of networking required by industrial and machine applications. White networks will be a matter of allowing only very prescribed machine traffic, and then deny=* (all). In other words, a white network is like application whitelisting (where only allowed software may start and stop on desktops, devices and servers), but for networking: only explicitly allowed ports, protocols, sources, destinations, frequencies, volumes and possibly even application payloads and time-of-day, are allowed. (This list could even be extended to empirical criteria like environmental conditions, for instance, rain versus sun). Everything else is denied and sets off alarms.

White networks are highly antiseptic, and a value-added service which might be offered by carriers or IOT service providers. They will need to be configured for the IoT services in question – so they will not be a commodity. And they will need to be established and managed carefully. But, once established they should run and provide substantial assurance in an automated manner.

The post White Networks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/white-networks/feed/ 0
Joining Forces Against Cybercrime https://securingtomorrow.mcafee.com/executive-perspectives/joining-forces-cybercrime/ https://securingtomorrow.mcafee.com/executive-perspectives/joining-forces-cybercrime/#respond Mon, 03 Nov 2014 19:08:06 +0000 http://blogs.mcafee.com/?p=38895 How many times today have you used the internet? And from how many different devices? I’m guessing the answer to both questions is “A lot”. The simple fact is that the internet is as indispensable as the roads we drive on. Some even claim Wi-Fi should be included alongside food and safety in Maslow’s Hierarchy …

The post Joining Forces Against Cybercrime appeared first on McAfee Blogs.

]]>
How many times today have you used the internet? And from how many different devices? I’m guessing the answer to both questions is “A lot”. The simple fact is that the internet is as indispensable as the roads we drive on. Some even claim Wi-Fi should be included alongside food and safety in Maslow’s Hierarchy of Needs. It’s that critical to our everyday lives.

And of course the bad guys know all of this. The exploding ubiquity and diversity of our digital systems are creating almost infinite attack vectors for our adversaries. As our dependence on the internet continues to grow, so too does our vulnerability. You only need to look at the latest headlines to see cybercriminal activity is at a tipping point. Cybercrime is no longer an emerging threat, it is here and it’s a new way of life, in many ways.

But it’s not all doom and gloom. We believe we can meet these attacks with not only innovative technology and expertise but also deeper industry collaboration to ensure our defence is at its strongest. This is why we recently co-founded the Cyber Threat Alliance (CTA) alongside some of our competitors.

Sounds like an obvious decision, right, and perhaps not unlike past initiatives? The truth is that the CTA will – for the first time – share fresher, more complete and more actionable data on the complex and subtle aspects of modern threats. In essence, the alliance puts business first.

Of course collaborating against cybercrime isn’t new. In my home country of the Netherlands, the recently launched National Cyber Security Strategy 2 Report outlines initiatives for greater cyber security information sharing. In the UK, the Bank of England is working with HM Treasury, financial watchdog the FCA and leading financial institutions to improve and test defences against cyber attacks through an initiative known as CBEST. These are all much-needed and certainly laudable efforts but they’re still not enough.

Our adversaries won’t be slowing down anytime soon and so until more substantive legislation is in place, fostering the exchange of intelligence data, more must be done. I believe the security industry must lead the way – it is up to us to reinvent cyber security so the internet earns trust for the long term.

This makes the alliance an important milestone in tackling today’s cyber security threats. The CTA shows an industry in which there will still be competition but where there is a willingness to put businesses first.

The next step beyond talking about collaboration and sharing intelligence is action around security products in the form of standards. Is the adoption of industry-wide standards a good thing? That’s a subject for a separate post but I’d be interested to hear what you think about the CTA.

Connect with me on Twitter: @GertJanSchenk

The post Joining Forces Against Cybercrime appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/joining-forces-cybercrime/feed/ 0
McAfee IT Solutions Delivery Team Wins Oracle Excellence Award https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-solutions-delivery-team-wins-oracle-excellence-award-2/ https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-solutions-delivery-team-wins-oracle-excellence-award-2/#respond Thu, 30 Oct 2014 21:39:39 +0000 http://blogs.mcafee.com/?p=38871 I am extremely excited and very proud to make this announcement. Following a competitive process, with over 250 worldwide  nominations spanning all major industries, Oracle’s evaluation committee has selected McAfee as the winner of the 2014 Oracle Excellence Award for Fusion Middleware Innovation in the WebCenter category at Oracle OpenWorld in San Francisco. Congratulations to …

The post McAfee IT Solutions Delivery Team Wins Oracle Excellence Award appeared first on McAfee Blogs.

]]>
I am extremely excited and very proud to make this announcement. Following a competitive process, with over 250 worldwide  nominations spanning all major industries, Oracle’s evaluation committee has selected McAfee as the winner of the 2014 Oracle Excellence Award for Fusion Middleware Innovation in the WebCenter category at Oracle OpenWorld in San Francisco.

Congratulations to the IT Solutions Delivery team who built the self-service Customer Service Portal to achieve this incredible milestone for the company, and thank you to the management team who has helped fast-track this team to success.

“This award highlights McAfee’s commitment to making it easy for our customers and support teams to find the right security resources and tools to keep their IT infrastructures secure,” said Deepa Gopinath, senior director, IT Solution Delivery, who accepted the award. “We’re honored to receive this prestigious award from Oracle.”

OracleAward

I am very proud of the IT Solution Delivery team. They are an exceptional representation of the IT organization. Their work and award shows how far this team reaches to ensure that they have built a successful product and provide an exceptional experience for our customers. They truly deserve this award.

McAfee and the IT Solution Delivery team was recognized for the innovative development of Customer Service Portal using Oracles’ WebCenter Portal and Content Framework. McAfee’s self-service Customer Service Portal, which went live in February 2014, integrates McAfee’s knowledge base, Threat Center information, Siebel CRM data and provides seamless access to McAfee supportability tools through a single experience. The portal is used to enable the company’s global gold and platinum customers to research solutions, manage problem tickets, download patches, submit malware samples, manage user profiles and more. As a result, the portal now provides the company’s gold and platinum customers, as well as our internal McAfee support agents with a world-class and seamless user experience. Many thanks to everybody who helped us build this exceptional product and for your enthusiasm along that long road!

 

 

 

 

 

 

The post McAfee IT Solutions Delivery Team Wins Oracle Excellence Award appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/mcafee-solutions-delivery-team-wins-oracle-excellence-award-2/feed/ 0
Intelligence for Adaptive, Active Security: Now Shipping Threat Intelligence Exchange and Data Exchange Layer https://securingtomorrow.mcafee.com/executive-perspectives/intelligence-adaptive-active-security-2/ https://securingtomorrow.mcafee.com/executive-perspectives/intelligence-adaptive-active-security-2/#respond Wed, 29 Oct 2014 16:43:42 +0000 http://blogs.mcafee.com/?p=38739 FOCUS 14 Today we are releasing to the world the Threat Intelligence Exchange (TIE), which, in collaboration with partners in the security industry, uses an open Data Exchange Layer (DXL) to rapidly share information between security sensors, controllers, and endpoints. The goal is to significantly improve the flow of information among your organization’s security products …

The post Intelligence for Adaptive, Active Security: Now Shipping Threat Intelligence Exchange and Data Exchange Layer appeared first on McAfee Blogs.

]]>
FOCUS 14

Today we are releasing to the world the Threat Intelligence Exchange (TIE), which, in collaboration with partners in the security industry, uses an open Data Exchange Layer (DXL) to rapidly share information between security sensors, controllers, and endpoints. The goal is to significantly improve the flow of information among your organization’s security products from all vendors, allowing them to act as one unified system. The result is a more complete, evidence-based picture of attacks on your digital information, earlier detection of potential attacks, a reduction in threat response times and a significant improvement in fixing or remediating issues.

It could also change the economics of hacking itself for the adversary. For instance, by more effectively identifying the reuse of malware code in attacks, we can more aggressively render such threats useless, force the cybercriminal community to develop more original threats from the ground up, and, in doing so, raise the costs of engaging in cybercrime from a development and execution perspective.

The Data Exchange Layer is a management backplane designed for today’s fast-attack threats, and for tomorrow’s evolving threat landscape. Massively scalable, the system confidently handles millions of connections with a small network footprint of existing Mcafee and Partner products. Analogous to a modern soldier’s command-and-control network, DXL brings together multiple information sources for analysis and decision-making, and immediately dispatches tactical commands to the front lines.

Let’s look at an example. In a typical situation, a user on your network downloads a program that is not currently in either a blacklist or whitelist, downloaded from an unclassified IP address. The user wants to run it immediately, but their local security agent cannot conclusively determine if it is safe or not. Instead of just defaulting to safe to avoid a false positive and annoying the user, the endpoint allows execution and it may spread via shares and links.  Without TIE and DXL, this potential attack or infestation is spreading throughout your network with few visible signs.

In an environment enabled with TIE and DXL, the local security agent is allowed to say “I don’t know” and send the file to a sandbox or inspection point for further analysis. The user is still allowed to operate but in a quarantined state and lateral connections are cut off.

In a matter of seconds, sending this file off to an isolated sandbox will enable you to detect whether or not it is malicious. With the Threat Intelligence Exchange, you get real-time notification of this download, and can quickly review the legitimacy of the program. If you decide that the program is legitimate, you just change its status to ‘Trusted’, and all authorized users on the network can immediately run the program. If you decide that it is a threat, all gateways and firewalls are notified to block execution, and all endpoints notified to terminate any running processes.

In a related example, a user launches a ‘Trusted’ program, but their usage of it is unusual or suspicious, such as a network protocol analyzer. It is too late to block the program from starting. However, collaborating with the common management agent on the computer via DXL, the currently running process is shutdown. This information is immediately shared to other systems, blocking a potential internal attack. Endpoints are protected based on malware detected by network gateways, while network gateways block access to systems based on endpoint or controller convictions.

We’ve also designed DXL to enable the joint McAfee-partner solutions of our Security Innovation Alliance. This week at McAfee FOCUS 14, Security Innovation Alliance partners ForeScout Technologies, CyberArk and TITUS are showcasing product integrations that will leverage DXL’s capabilities:

  • TITUS will integrate DXL within its next release of security and compliance solutionsto send data usage events in real time to McAfee Enterprise Security Manager for active monitoring, correlation and analysis. By allowing companies to gain prompt detection of suspicious event and chain of creation/usage visibility, they can understand who is using their information, how, and when, and quickly take the offense with an appropriate response.

In the coming weeks, I’ll take a deeper dive on the technical details of DXL, and illustrate some potential threat-response scenarios that DXL now makes possible.

The balance of power with cybercriminals is moving back to the enterprise, this time with a sustainable advantage.  This is Security by design.

 

 

The post Intelligence for Adaptive, Active Security: Now Shipping Threat Intelligence Exchange and Data Exchange Layer appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/intelligence-adaptive-active-security-2/feed/ 0
Putting Things in FOCUS https://securingtomorrow.mcafee.com/executive-perspectives/putting-things-focus/ https://securingtomorrow.mcafee.com/executive-perspectives/putting-things-focus/#respond Mon, 27 Oct 2014 20:30:26 +0000 http://blogs.mcafee.com/?p=38792 This blog post was written by Penny Baldwin. Today marks the first day of our annual FOCUS 14 Security Conference—we’re extremely proud of this event. For the past six years, McAfee has put its best foot forward to roll out some of the most impressive keynote lineups, product announcements, and breakout sessions that the industry …

The post Putting Things in FOCUS appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

Today marks the first day of our annual FOCUS 14 Security Conference—we’re extremely proud of this event. For the past six years, McAfee has put its best foot forward to roll out some of the most impressive keynote lineups, product announcements, and breakout sessions that the industry sees from one company in a calendar year.

The best part about FOCUS for me, is engaging with our partners and customers on a more personal level. I love the opportunity to hear first hand how we’re helping them secure digital lives.

This year, I’m thrilled I was able to participate in our Partner Summit, where I shared our big mission, where we’re going, how we’re expanding our hold on the market, and what partners can expect to see from us in the coming months.

image

2014 has been an exciting year. We launched the Intel Security brand, increased our presence and elevated our brand profile on major media platforms and on Capitol Hill.

FOCUS presents the perfect opportunity to really drill down into what’s important: how we’re going to continue to keep digital lives safe by making security ubiquitous.

If you’re not able to attend FOCUS this year, not to worry – follow the hashtag #FOCUS14 for live updates, or the designated conference Twitter handle, @FOCUSConference. I’ll also be chiming in when I can on my own, so check in with me at @PennyRBaldwin to get a behind the scenes look at our keynotes, sessions, and my own presentation.

 

The post Putting Things in FOCUS appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/putting-things-focus/feed/ 0
FOCUS Conference: Security and Strength in Unity https://securingtomorrow.mcafee.com/executive-perspectives/focus-conference-security-strength-unity/ https://securingtomorrow.mcafee.com/executive-perspectives/focus-conference-security-strength-unity/#respond Thu, 23 Oct 2014 22:27:25 +0000 http://blogs.mcafee.com/?p=38743 I look forward to the seventh annual McAfee FOCUS security conference next week in Las Vegas, NV. FOCUS is a great time for security professionals to come together to strategize, to network, and to learn about the newest and most innovative ways to ward off advanced cyber-attacks. I’ll be speaking alongside my colleagues about understanding …

The post FOCUS Conference: Security and Strength in Unity appeared first on McAfee Blogs.

]]>
I look forward to the seventh annual McAfee FOCUS security conference next week in Las Vegas, NV. FOCUS is a great time for security professionals to come together to strategize, to network, and to learn about the newest and most innovative ways to ward off advanced cyber-attacks. I’ll be speaking alongside my colleagues about understanding data risk management and the amount of control we have over cloud security with the application of appropriate security techniques.

Security is everyone’s responsibility. Cyber hygiene isn’t just about protecting you, it’s about protecting all of us. Cyber crimes cost companies and consumers billions each year, threaten economic security, and disrupt lives. I’m glad to take part in empowering others with the information they need to stay ahead of the latest, most creative cyber threats during my time at FOCUS and every day as McAfee CIO.

FOCUS 14 runs Monday, October 27 through Wednesday, October 29, 2014. Follow me on Twitter, @PattyHatter, as I live tweet from the event!

FOCUS features keynotes from prominent industry leaders, informative breakouts and technical deep dives, a partner solution expo, numerous networking events and opportunities, and much more. To learn more about FOCUS or to register to join me at the event, visit: http://www.mcafeefocus.com/

The post FOCUS Conference: Security and Strength in Unity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/executive-perspectives/focus-conference-security-strength-unity/feed/ 0
Game Day: How to Stay One Step Ahead of The Competition https://securingtomorrow.mcafee.com/executive-perspectives/game-day-stay-one-step-ahead-competition/ https://securingtomorrow.mcafee.com/executive-perspectives/game-day-stay-one-step-ahead-competition/#respond Mon, 20 Oct 2014 19:58:21 +0000 http://blogs.mcafee.com/?p=38675 This blog post was written by Penny Baldwin. In order to prepare for a big game, athletes train like crazy. For marketers, it’s no different – boosting share of voice or setting record site visits require the same kind of attention and preparation that it takes for athletes to increase their time in the 100M …

The post Game Day: How to Stay One Step Ahead of The Competition appeared first on McAfee Blogs.

]]>
This blog post was written by Penny Baldwin.

In order to prepare for a big game, athletes train like crazy. For marketers, it’s no different – boosting share of voice or setting record site visits require the same kind of attention and preparation that it takes for athletes to increase their time in the 100M dash. That said, I have some tips for marketers looking to stay one step ahead of their competition:

Recognize an opportunity to pivot. As your industry changes and trends come and go, there is often room to pivot your messaging and redirect from the original approach. I spoke about this with AdWeek at the beginning of the year – if you don’t realign at the proper time, the competition will overshadow your share of voice. As brand experts, we need to accept change and innovation when the time is right.

Influence the influencers. Po