McAfee’s Director of Product Management Robert Leong and McAfee’s Security Operations Solutions Strategist Andrew Lancashire reviewing the differences between Strategic Intelligence and Tactical Threat Intelligence.
One of McAfee’s Vice Presidents of Product Management Sadik AlAbdulla and Global Technical Director of Web & DLP Tom Bryant are at MPOWER 2019 discussing the newly announced Unified Cloud Edge.
The post ST10: Unified Cloud Edge with Sadik AlAbdulla and Tom Bryant appeared first on McAfee Blogs.
McAfee’s Director of Product Management Robert Leong and Security Operations Solutions Strategist Andrew Lancashire unpack the differences between strategic intelligence and tactical threat intelligence.
The post ST09: Strategic Intelligence vs. Tactical Threat Intelligence appeared first on McAfee Blogs.
In this exclusive episode featuring McAfee CEO Chris Young, we’re exploring EDR guided investigation and the opportunities it provides for reducing alert noise, maximizing the productivity of cybersecurity teams, and reducing triage and remediation times. Chris is joined by McAfee’s Chief Product Officer Ash Kulkarni, Forrester’s Principal Analyst Josh Zelonis, and GM Financial’s Assistant Vice President of Cybersecurity David Barron, who each provide their unique perspectives on how guided investigation can address the security challenges and needs of today’s enterprises.
The post ST08: Uncovering the opportunity of EDR with Chris Young, Ash Kulkarni, Josh Zelonis, and David Barron appeared first on McAfee Blogs.
Integration matters. We at McAfee have been advocating the administrative benefits of integrated, centrally managed endpoint security for decades, but you don’t just have to take our word for it. A recent independently written article in BizTech Magazine concurs.
BizTech explores technology and business issues that IT leaders and business managers face when they’re evaluating and implementing solutions. In “Businesses Find Endpoint Security Easier to Manage with Integrated Solutions,” journalist Kym Gilhooly references a number of independent security surveys as well as interviews a CISO, an IT manager, and a network administrator at three different companies. Each of these cybersecurity professionals and their respective small and medium-sized companies came to the conclusion that, to defend against today’s breadth of threats—from signature-based to zero-day, known and unknown— an integrated security approach combining endpoint detection and response (EDR), next-generation antivirus, and application control makes more sense than deploying discrete solutions.
Uniting these technologies in one integrated solution has allowed them to take action across the threat defense lifecycle—from detecting and blocking threats and whitelisting critical applications to tracking down malicious exploits during or before execution and helping incident response teams respond and remediate faster. As CISO Tony Taylor of dairy company Land O’Lakes points out in the article, “There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”
All the companies interviewed by Gilhooly affirm the importance of EDR in their security defense. As an IT manager at a 500-employee retail company states in the article, “The days when IT took a set-it-and-forget-it approach to endpoint security are over.” The ability to quickly investigate threats—whether reactively seeking to understand where a threat originated, how it spread and what damage it caused, or proactively hunting for anomalous behavior and dormant threats—is becoming a must-have tool to shrink the response and remediation gap.
What’s more, the article recognizes that an integrated EDR-EPP (endpoint protection software) solution makes much more sense than bolting on an EDR point solution. That’s because EDR and EPP can enhance each other’s effectiveness. For instance, if a company uses McAfee Endpoint Security or SaaS-based McAfee MVISION Endpoint alongside McAfee MVISION EDR, when the EPP part of the integrated solution detects anomalous behavior on an endpoint—but not enough to convict it—an analyst can use EDR to enrich the data, subsequently raising or lowering the incident’s severity ranking. On the flip side, when the EDR part detects an unknown threat in the environment, the analyst can query the threat reputation database and share new threat information instantly across endpoints via the EPP.
The more cyberdefense tools can collaborate and be managed as a unified solution, the more actions can be automated, IT staff burdens reduced, and time freed up for more proactive forensics and other activities.
In short, the BizTech article reiterates what we’ve been saying: Integration is more than just a buzzword. It’s time to stop thinking about EDR as an add-on, or EPP and EDR as separate entities. It’s also time to start moving endpoint security to the cloud. The article touches on that, too.
“There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”
— Land O’Lakes CISO Tony Taylor (as quoted in BizTech)
The post Easier Management with Integrated Endpoint Security appeared first on McAfee Blogs.
For episode seven, we have returning guest, Andrew Lancashire, joined by Chief Healthcare Technical Strategist, Sumit Sehgal, where they discuss protecting intellectual property with an emphasis on the healthcare industry.
The post ST07: Protecting IP in Healthcare with Andrew Lancashire and Sumit Sehgal appeared first on McAfee Blogs.
By Gwendolyn McAfee
My grandfather always told me that I could achieve anything the world has to offer if I put my mind to it. To me, that saying means that I am more powerful than anything else. I’ve always had a passion for technology, and somehow, everything I did, whether it was at school or in my personal life, technology was at the center of it.
So, when I started my junior year of college, I set a goal for myself to find a corporate internship in technology. Getting into an internship wasn’t as straightforward as I’d hoped. Determination and a little bit of good timing brought me to a career fair at my university, Prairie View A&M, where McAfee was in attendance. I spoke to the wonderful representatives and they encouraged me to apply for a position. I thought it was cliché. I mean, just because my surname is the same, does that mean I’m meant to work for McAfee? But then I said to myself, “The company is TOTALLY for you; it literally has your name (McAfee) on it. What other signs do you need?” So, I applied for a position, and eight months later, I found myself at McAfee as a Channel Operations Intern. Now, two months into my internship, McAfee has provided me with the real-world, hands-on projects and experience that I longed for in an internship.
Here are three reasons why my internship with McAfee has been a truly irreplaceable experience.
When I walked into McAfee on my first day, I felt the energy and strength of the people that make up McAfee. Everyone at McAfee innovates without fear. It is such an amazing sight to see McAfee employees so committed to creating and improving without fear of being judged or fear of failure. And instead of being told what to do, I got to share what my passions are and what I wanted to work on and, my what I hoped I could take away from my overall experience. My manager heard me and created a tailored plan for me. I create presentations, spreadsheets, and new strategies to help McAfee connect more with partners and customers. And I love the fact that I have the same expectations, responsibilities, and opportunities as any other team member. I truly feel like I get to add value to my team with every project that I complete. And that’s an exceptional feeling.
Through my internship at McAfee, I have gained a plethora of opportunities to attend different events and do things that I wouldn’t usually do. In my first few weeks in my internship, I collaborated with the university recruiters to create the first McAfee intern group community. Through this, we were able help interns connect with others, and with McAfee executives. This helps every intern grow professionally, which goes back to McAfee’s mantra, “Together is Power.” The impact of connecting and working together is something that I cherish and firmly believe is one of the greatest things about working at McAfee.
McAfee influences the world by providing top cybersecurity programs, giving back to the community, and being a top company to work for. McAfee has made an impact on my life, and my time here has shown me that I can truly make an impact on anything as long as I put my mind to it.
Whether you’re managing your enterprise’s cybersecurity or you’ve outsourced it to a service provider, you’re ultimately the one that will be held accountable for a data breach. If your vendor loses your data, your customers and board of directors will likely still hold you responsible.
McAfee’s recent report, Grand Theft Data II: The Drivers and Shifting State of Data Breaches, reveals a majority of IT professionals have experienced at least one data breach, and on average have dealt with six breaches over the course of their career. Nearly three-quarters of all breaches have required public disclosure or have affected financial results.
Enterprise threats are increasing in number and sophistication, while rapidly targeting new vulnerabilities. And while, the top three vectors for exfiltrating data were database leaks, cloud applications, and removable USB drives, IT professionals are most worried about leaks from cloud enterprise applications such as Microsoft OneDrive, Cisco WebEx, and Salesforce.com.
Cybersecurity hygiene best practices must not only be established but updated and followed to keep up with these agile, versatile threats. Here are eight steps your business should be taking to implement better cybersecurity hygiene:
For more on how to improve your enterprise’s cybersecurity hygiene using automation, integration, and cloud-based deployment and analytics, check out McAfee MVISION EDR.
The post Cybersecurity Hygiene: 8 Steps Your Business Should be Taking appeared first on McAfee Blogs.
McAfee’s Director of Solution Architects and Principal Engineer, Mo Cashman and Solution Architect, Martin Ohl team up with ThreatQuotient’s VP of Product Management, Leon Ward to discuss the lies and myths of threat intelligence.
The post ST06: Building Resilience with Cyber Threat Intelligence with Mo Cashman, Martin Ohl, and Leon Ward appeared first on McAfee Blogs.
In the 17th century, poet John Donne wrote, “no man is an island entire of itself.” He also mentioned every man is “a part of the main.” Fast forward to the 21st century and you’ll find this concept still rings true, especially as it relates to security.
Like everything else in the world, the security industry is constantly evolving. More sophisticated, targeted threats are emerging at an exponential rate and organizations need high-caliber solutions – and strategy – to keep up. However, when organizations act independently, they put themselves at risk by not incorporating the lessons learned from others or they experience roadblocks that delay resolution when they do not have access to full context or information. Keeping true to Donne’s word, every organization must realize they are in the same fight together, which is why we’ve seen the rise of fusion centers across the globe.
Taking Security Operations Centers (SOCs) to the next level, fusion centers are designed to knowledge share. They connect all parts of an organization, with the end goal to increase transparency and visibility to rapidly uncover posed threats either before they happen, or quickly stop them in their tracks. Additionally, fusion centers have a key benefit: they help to advance the cybersecurity industry by identifying new cybersecurity product and solution needs to maintain a steady pace against the evolution of threats.
Operating at a global scale, fusion centers have proven to be an avenue to rapidly process and centralize seemingly unrelated and dispersed information. Using analytics to identify patterns and behaviors from a tremendous amount of data across multiple endpoints facilitates increased threat detection and correction – allowing for real-time remediation.
Access to intelligence and better, more coordinated strategies are imperative for enterprises to succeed in 2019 and beyond. To break it down, the intent of threat actors is to “beat” existing security measures in place, however it is harder for them to succeed attacking multiple pieces of technology. Fusion centers provide the self-actualization the industry needs, including using artificial intelligence and feedback mechanisms to present a more well-rounded approach to stop attackers.
For example, if an organization has one attack with an existing pattern, without the information fusion centers can provide, data breaches experience greater time to detect. The threats from this additional time spent can have dire consequences. A longer detection and response time can equate to damage to an organization’s reputation as well as financial impact through loss of revenue. Organizations should be striving to find a way to reciprocally share intelligence – it is absolutely a two-way street. The more structure behind identifying multiple data elements correlated with threat actors’ patterns, the greater chance threats will quicker to find and fix.
We’ve seen some additional benefits and lessons learned from fusion centers, including:
Knowing the talent gap the cybersecurity industry still faces, CISOs need to be prominent leaders in their organization to shape the future of how the SOC evolves and how fusion centers can be leveraged to thwart or quickly remedy attacks. The challenges will only get more complex, so investing in continual education, mentoring of existing and new employees and staying abreast of trends and new technologies will be crucial.
Ransomware has been around since the late 1980s, but in recent years, it has emerged as one of the largest financial threats facing the public and private sector alike. According to the U.S. Department of Homeland Security, ransomware is the fastest-growing malware threat—and according to a report by Recorded Future in May, more than 170 state and local governments have been the victims of ransomware attacks since 2013.
In addition to improved ransomware capabilities, such as military-grade encryption algorithms, two key factors have emboldened cybercriminals to launch such attacks: the rise of hard-to-trace cryptocurrency such as Bitcoin, and the tendency of unprepared targets to continue meeting scammers’ demands, even as these demands become increasingly audacious.
One such target was the city of Riviera Beach, Fla., a waterfront suburb north of Palm Beach, which recently paid a near-record 65 Bitcoins to a gang of hackers after a ransomware attack brought the city to a halt.
On May 29, a city employee opened an email containing a piece of malware, which quickly infected nearly every city computer network. With the municipal computer system held hostage, all operations were hobbled—everything from the city’s website, email server and VoIP phones to the water utility pump stations. 911 dispatchers were forced to take down caller information on paper, employees and vendors had to be paid with paper checks, utility payments could only be accepted by snail mail or in person, and police officers had to resort to digging through closets at headquarters to find paper traffic citation pads.
City leaders were told they could make all of these problems go away—if they simply complied with the ransomers’ demand to remit 65 bitcoin (roughly $600,000) in exchange for the decryption key.
While the city had originally decided not to pay the ransom—opting instead to invest $914,000 into purchasing hundreds of new desktop and laptop computers and other hardware in an attempt to circumvent the issue—these measures ultimately failed. Three weeks after the original attack, based on the advice of an outside security consulting firm, the city council met to discuss next steps—and unanimously decided, after just two minutes of discussion, to acquiesce. The total cost, including the unbudgeted-for hardware, the consultation, and of course, the ransom itself, amounted to more than $1.5 million. For a city of just 35,000 residents, the cost was staggering, even after insurance paid its percentage.
While Riviera Beach was among the latest targets, it certainly won’t be the last, or the largest—according to a 2018 Deloitte-NASCIO survey, nearly half of states lack a separate cybersecurity budget, and a majority allocate under 3% of IT budgets to cyberthreat prevention.
But with ransomware attacks continuing to unleash a post-internet world on any unsuspecting target at any time, many targets are finding that, as much as they thought they lacked the resources to prevent such attacks, they’re even less prepared for the aftermath. Once infected, they’re left with two unsavory options: Pay the ransom, knowing that there’s no guarantee the hackers will decrypt the systems or that they’ll be decrypted perfectly. And even if they are, there are still the moral implications: When governments pay such ransoms, they’re not only putting taxpayer dollars directly into the hands of criminals, they’re also encouraging future ransomware attacks. The alternative, of course, is to try to rebuild…often from the ground up.
While cyberinsurance policies can give the illusion of protection, this solution will likely become less viable as the frequency of attacks continues to rise and the amount demanded continues to skyrocket. The goal, then, becomes for companies, government entities and individuals to prepare for and prevent these attacks before they’re targeted. While large-scale legislative solutions, such as outlawing the payment of ransomware demands, may eventually offer some relief, here are some steps that companies, individuals and government entities can take right now to prevent being victims:
In this episode, security operations solutions strategist Andrew Lancashire and Kate Scarcella discuss the important of protecting your intellectual property in the workplace.
The post ST05: Protecting Intellectual Property with Andrew Lancashire and Kate Scarcella appeared first on McAfee Blogs.
Security teams have historically been challenged by the choice of separate next-gen endpoint security technologies or a more integrated solution with a unified management console that can automate key capabilities. At this point it’s not really a choice at all – the threat landscape requires you to have both. The best layered and integrated defenses now include a broad portfolio of advanced prevention technologies, endpoint security controls, and advanced detection/response tools – all within an integrated system that goes beyond alerts and into insights that even a junior analyst can act on.
Endpoints are long beyond on-premises servers, PCs, and traditional operating systems. Internet of things devices such as printers, scanners, point-of-sale handhelds, and even wearables are vulnerable and can provide entry points for organized attacks seeking access to corporate networks. Mobile devices—both BYOD and corporate issued—are among the easiest targets for app-based attacks. Per the 2019 McAfee Mobile Threat Report, the number one threat category was hidden apps, which accounted for almost one-third of all mobile attacks.
Many enterprises are unaware of their target-rich endpoint environments, resulting in security teams struggling to maintain complete vigilance. A 2018 SANS Survey on Endpoint Protection and Response revealed some sobering statistics:
Endpoint attacks are designed to exploit the hapless user, including web drive-by, social engineering/phishing, and ransomware. Because these attacks rely on human actions, there’s a need for increased monitoring and containment, along with user education.
The latest attacks have the ability to move laterally across your entire environment, challenging every endpoint until a vulnerability is found. Once inside your walls, all endpoints become vulnerable. Modern endpoint security must extend protection across the entire digital terrain with visibility to spot all potential risks.
A 2018 MSA Research report on security management commissioned by McAfee revealed that 55% of organizations struggle to rationalize data when three or more consoles are present. Too many security products, devices, and separate consoles call for a large budget and additional employees who might struggle to maintain a secure environment.
In contrast, single management consoles can efficiently coordinate the defenses built into modern devices while extending their overall posture with advanced capabilities—leaving nothing exposed. With everchanging industry requirements, an integrated endpoint security approach ensures that basic standards and processes are included and up to date.
McAfee offers a broad portfolio of security solutions that combine established capabilities (firewall, reputation, and heuristics) with cutting-edge machine learning and containment, along with endpoint detection and response (EDR) into a single-agent all-inclusive management console.
Is it time you took a fresh look at your strategy? Learn more in this white paper: Five ways to rethink your endpoint protection strategy.
The post How to Get the Best Layered and Integrated Endpoint Protection appeared first on McAfee Blogs.
Cloud management is a critical topic that organizations are looking at to simplify operations, increase IT efficiency, and reduce costs. Although cloud adoption has risen in the past few years, some organizations aren’t seeing the results they’d envisioned. That’s why we’re sharing a few of the top cloud management challenges enterprises need to be cautious of and how to overcome them.
Given the overall trend toward migrating resources to the cloud, a rise in security threats shouldn’t be surprising. Per our latest Cloud Risk and Adoption Report, the average enterprise organization experiences 31.3 cloud related security threats each month—a 27.7% increase over the same period last year. Broken down by category, these include insider threats (both accidental and malicious), privileged user threats, and threats arising from potentially compromised accounts.
To mitigate these types of cloud threats and risks, we have a few recommendations to better protect your business. Start with auditing your Amazon Web Services, Microsoft Azure, Google Cloud Platform, or other IaaS/PaaS configurations to get ahead of misconfigurations before they open a hole in the integrity of your security posture. Second, it’s important to understand which cloud services hold most of your sensitive data. Once that’s determined, extend data loss prevention (DLP) policies to those services, or build them in the cloud if you don’t already have a DLP practice. Right along with controlling the data itself goes controlling who the data can go to, so lock down sharing where your sensitive data lives.
Many companies deploy cloud systems without an adequate governance plan, which increases the risk of security breaches and inefficiency. Lack of data governance may result in a serious financial loss, and failing to protect sensitive data could result in a data breach.
Cloud management and cloud governance are often interlinked. Keeping track of your cloud infrastructure is essential. Governance and infrastructure planning can help mitigate certain infrastructure risks, therefore, automated cloud discovery and governance tools will help your business safeguard operations.
You may also be faced with the challenge of ensuring that IT employees have the proper expertise to manage their services in a cloud environment. You may need to decide to either hire a new team that is already familiar with cloud environments or train your existing staff.
In the end, training your existing staff is less expensive, scalable, and faster. Knowledge is key when transforming your business and shifting your operational model to the cloud. Accept the challenge and train your employees, give them hands-on time, and get them properly certified. For security professionals, the Cloud Security Alliance is a great place to start for training programs.
Enterprises are continually looking for ways to improve their application performance, and internal/external SLAs. However, even in the cloud, they may not immediately achieve these benefits. Cloud performance is complex and if you’re having performance issues it’s important to look at a variety of issues that could be occurring in your environment.
How should you approach finding and fixing the root causes of cloud performance issues? Check your infrastructure and the applications themselves. Examine the applications you ported over from on-premises data centers, and evaluate whether newer, cloud technologies such as containers or serverless computing could replace some of your application components and improve performance. Also, evaluate multiple cloud providers for your application or infrastructure needs, as each have their own offerings and geographic distribution.
Managing cloud costs can be a challenge, but in general, migrating to the cloud offers companies enormous savings. We see organizations investing more dollars in the cloud to bring greater flexibility to their enterprise, allowing them to quickly and efficiently react to the changing market conditions. Organizations are moving more of their services to the cloud, which is resulting in higher spend with cloud service providers.
Shifting IT cost from on-premises to the cloud on its own is not the challenge – it is the unmonitored sprawl of cloud resources that typically spikes cost for organizations. Managing your cloud costs can be simple if you effectively monitor use. With visibility into unsanctioned, “Shadow” cloud use, your organization can find the areas where there is unnecessary waste of resources. By auditing your cloud usage, you may even determine new ways to manage cost, such as re-architecting your workloads using a PaaS architecture, which may be more cost-effective.
Migrating to the cloud is a challenge but can bring a wide range of benefits to your organization with a reduction in costs, unlimited scalability, improved security, and overall a faster business model. These days, everyone is in the cloud but that doesn’t mean your business’s success should be hindered by the common challenges of cloud management.
For more on how to secure your cloud environment, check out McAfee MVISION Cloud, a cloud access security broker (CASB) that protects data where it lives with a solution that was built natively in the cloud, for the cloud.
The post Cloud 101: Navigating the Top 5 Cloud Management Challenges appeared first on McAfee Blogs.