The threats of tomorrow are more than malware and malicious files. They are multifaceted attacks, using a wide range of techniques and vectors. At FOCUS 2015, we explored where attackers are going, how the environment you need to defend is changing, and what we are developing and delivering to help you deal with these adaptive attack techniques.
Attacks are coming in from many new vectors, including hardware and firmware, virtual machines, supply chains, and of course the legion of cloud applications and services. Motivations are expanding to fill almost every conceivable niche, from financial gain to extortion, business disruption, blackmail, competitive intelligence, or simply wanting to watch the world burn. Our adversaries refuse to play by our rules, so we need to change the way we think about defending this new environment. Static security solutions for the endpoints, data center, and network are no longer sufficient to deal with adaptive attack techniques, cloud-based threats, and whatever else the cybercriminals will come up with to try and steal your data or disrupt your business.
One of the most significant changes to corporate computing over the last decade or more has been the rapid growth and adoption of cloud computing and storage. Efficient and elastic computing, application delegation, SaaS (really Anything-as-a-Service), IoT, and broad connectivity are supporting increased mobility and agility, which in turn is driving furious amounts of innovation. We don’t want this to stop, but the advantages that clouds have brought to businesses and security defenses are also available to attackers. Public clouds not only mean softer targets, but also provide virtually unlimited and anonymous compute and network resources for attacks. Something-as-a-Service means that businesses do not always have the details about their cloud service infrastructure, and has contributed to the emergence of cybercrime-as-a-service. And even private clouds are not safe, as their elasticity helps erode perimeters while introducing new forms of privilege escalation.
Gaining the advantage in this environment means fundamentally changing our approach to security, retooling and rebuilding to make sure that we can comprehend and respond to the threats of tomorrow. The cloud enables scale and agility like we have never seen before, giving us a fighting chance against these complex attacks. We need to think about data differently, examine how the pieces relate to each other, and how we use the information to triage and better assist the human security responders. Accurate intelligence generates better security, and so we are leveraging the cloud to deliver analytics at the scale and speed necessary to make a difference. This means gathering local and global telemetry, from internal and external sources, on an industrial scale. It means dynamically examining code to locate malicious instructions before they can be executed. It means combining and classifying the data and feeding it to next-generation analytics engines with machine-learning capabilities to build a comprehensive, real-time picture of threats, targets, and recommended responses. These and more are processes that would be impractical to run on premises.
Does this mean that on-premise security solutions are dead? Maybe sometime in the future, but for now the combination of cloud scale and local customization are a powerful asset. The cloud can easily work with data from multiple sources, for example correlating activity at one financial institution with an attack on another. On-premise tools are better positioned to work with private intelligence, identify artifacts unique to your environment, or work with your standard IT build. At the same time, we need to do the heavy lifting to shelter you from increasing complexity, so that you can focus on your business with security defenses that are tailored to your organization.
This is the philosophy behind McAfee Active Response and Endpoint Security; ensuring that our responders have the capabilities to respond to an actively changing threat landscape. It is unreasonable to assume that any product from any security vendor will be able to provide a one-size-fits-all solution to these threats or the next ones. So we are empowering our customers to act in their own defense, with the intelligence, analytics, and protections you need to protect your assets, detect emerging threats, and correct vulnerabilities before you can be compromised.