Author Archives: McAfee Enterprise

How to Get the Best Layered and Integrated Endpoint Protection

Security teams have historically been challenged by the choice of separate next-gen endpoint security technologies or a more integrated solution with a unified management console that can automate key capabilities.

At this point it’s not really a choice at all – the threat landscape requires you to have both. The best layered and integrated defenses now include a broad portfolio of advanced prevention technologies, endpoint security controls, and advanced detection/response tools – all within an integrated system that goes beyond alerts and into insights that even a junior analyst can act on.

More Endpoints = More Vulnerabilities

Endpoints are long beyond on-premises servers, PCs, and traditional operating systems. Internet of things devices such as printers, scanners, point-of-sale handhelds, and even wearables are vulnerable and can provide entry points for organized attacks seeking access to corporate networks. Mobile devices—both BYOD and corporate issued—are among the easiest targets for app-based attacks. Per the 2019 McAfee Mobile Threat Report, the number one threat category was hidden apps, which accounted for almost one-third of all mobile attacks.

Many enterprises are unaware of their target-rich endpoint environments, resulting in security teams struggling to maintain complete vigilance. A 2018 SANS Survey on Endpoint Protection and Response revealed some sobering statistics:

  • 42% of respondents report having had their endpoints exploited
  • 84% of endpoint breaches include more than one endpoint
  • 20% didn’t know whether they’d been breached

Endpoint attacks are designed to exploit the hapless user, including web drive-by, social engineering/phishing, and ransomware. Because these attacks rely on human actions, there’s a need for increased monitoring and containment, along with user education.

The latest attacks have the ability to move laterally across your entire environment, challenging every endpoint until a vulnerability is found. Once inside your walls, all endpoints become vulnerable. Modern endpoint security must extend protection across the entire digital terrain with visibility to spot all potential risks.

Less Consoles = Better Efficiency

A 2018 MSA Research report on security management commissioned by McAfee revealed that 55% of organizations struggle to rationalize data when three or more consoles are present. Too many security products, devices, and separate consoles call for a large budget and additional employees who might struggle to maintain a secure environment.

In contrast, single management consoles can efficiently coordinate the defenses built into modern devices while extending their overall posture with advanced capabilities—leaving nothing exposed. With everchanging industry requirements, an integrated endpoint security approach ensures that basic standards and processes are included and up to date.

Why McAfee Endpoint Security

McAfee offers a broad portfolio of security solutions that combine established capabilities (firewall, reputation, and heuristics) with cutting-edge machine learning and containment, along with endpoint detection and response (EDR) into a single-agent all-inclusive management console.

Is it time you took a fresh look at your strategy? Learn more in this white paper: Five ways to rethink your endpoint protection strategy.

The post How to Get the Best Layered and Integrated Endpoint Protection appeared first on McAfee Blogs.

Cloud 101: Navigating the Top 5 Cloud Management Challenges

Cloud management is a critical topic that organizations are looking at to simplify operations, increase IT efficiency, and reduce costs. Although cloud adoption has risen in the past few years, some organizations aren’t seeing the results they’d envisioned. That’s why we’re sharing a few of the top cloud management challenges enterprises need to be cautious of and how to overcome them.

Cloud Management Challenge #1: Security

Given the overall trend toward migrating resources to the cloud, a rise in security threats shouldn’t be surprising. Per our latest Cloud Risk and Adoption Report, the average enterprise organization experiences 31.3 cloud related security threats each month—a 27.7% increase over the same period last year. Broken down by category, these include insider threats (both accidental and malicious), privileged user threats, and threats arising from potentially compromised accounts.

To mitigate these types of cloud threats and risks, we have a few recommendations to better protect your business. Start with auditing your Amazon Web Services, Microsoft Azure, Google Cloud Platform, or other IaaS/PaaS configurations to get ahead of misconfigurations before they open a hole in the integrity of your security posture. Second, it’s important to understand which cloud services hold most of your sensitive data. Once that’s determined, extend data loss prevention (DLP) policies to those services, or build them in the cloud if you don’t already have a DLP practice. Right along with controlling the data itself goes controlling who the data can go to, so lock down sharing where your sensitive data lives.

Cloud Management Challenge #2: Governance

Many companies deploy cloud systems without an adequate governance plan, which increases the risk of security breaches and inefficiency. Lack of data governance may result in a serious financial loss, and failing to protect sensitive data could result in a data breach.

Cloud management and cloud governance are often interlinked. Keeping track of your cloud infrastructure is essential. Governance and infrastructure planning can help mitigate certain infrastructure risks, therefore, automated cloud discovery and governance tools will help your business safeguard operations.

Cloud Management Challenge #3: Proficiency

You may also be faced with the challenge of ensuring that IT employees have the proper expertise to manage their services in a cloud environment. You may need to decide to either hire a new team that is already familiar with cloud environments or train your existing staff.

In the end, training your existing staff is less expensive, scalable, and faster. Knowledge is key when transforming your business and shifting your operational model to the cloud. Accept the challenge and train your employees, give them hands-on time, and get them properly certified. For security professionals, the Cloud Security Alliance is a great place to start for training programs.

Cloud Management Challenge #4: Performance

Enterprises are continually looking for ways to improve their application performance, and internal/external SLAs. However, even in the cloud, they may not immediately achieve these benefits. Cloud performance is complex and if you’re having performance issues it’s important to look at a variety of issues that could be occurring in your environment.

How should you approach finding and fixing the root causes of cloud performance issues? Check your infrastructure and the applications themselves. Examine the applications you ported over from on-premises data centers, and evaluate whether newer, cloud technologies such as containers or serverless computing could replace some of your application components and improve performance. Also, evaluate multiple cloud providers for your application or infrastructure needs, as each have their own offerings and geographic distribution.

Cloud Management Challenge #5: Cost

Managing cloud costs can be a challenge, but in general, migrating to the cloud offers companies enormous savings. We see organizations investing more dollars in the cloud to bring greater flexibility to their enterprise, allowing them to quickly and efficiently react to the changing market conditions. Organizations are moving more of their services to the cloud, which is resulting in higher spend with cloud service providers.

Shifting IT cost from on-premises to the cloud on its own is not the challenge – it is the unmonitored sprawl of cloud resources that typically spikes cost for organizations. Managing your cloud costs can be simple if you effectively monitor use. With visibility into unsanctioned, “Shadow” cloud use, your organization can find the areas where there is unnecessary waste of resources. By auditing your cloud usage, you may even determine new ways to manage cost, such as re-architecting your workloads using a PaaS architecture, which may be more cost-effective.

Final Thoughts

Migrating to the cloud is a challenge but can bring a wide range of benefits to your organization with a reduction in costs, unlimited scalability, improved security, and overall a faster business model. These days, everyone is in the cloud but that doesn’t mean your business’s success should be hindered by the common challenges of cloud management.

For more on how to secure your cloud environment, check out McAfee MVISION Cloud, a cloud access security broker (CASB) that protects data where it lives with a solution that was built natively in the cloud, for the cloud.

 

The post Cloud 101: Navigating the Top 5 Cloud Management Challenges appeared first on McAfee Blogs.

Kicking off 2019 with Recognition Across the McAfee Portfolio

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude of technologies. Excellence that we believe is validated by our larger peer and analyst community.

We’ve just announced that McAfee was named a Gartner Peer Insights Customers’ Choice for another two technologies. Our customers have recognized us as a January 2019 Gartner Peer Insights Customers’ Choice for Secure Web Gateway for McAfee Web Protection, McAfee Web Gateway, and McAfee WebGateway Cloud Service. In addition, for the second year in a row McAfee’s MVISION Cloud (formerly McAfee Skyhigh Security Cloud) was named a January 2019 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers. In 2018, McAfee was the only vendor named a Customers’ Choice in the Cloud Access Security Brokers market.

Our team at McAfee takes great pride in these distinctions, as customer feedback is essential in shaping our products and services. We put our customers at the core of everything we do and this shows pervasively across our portfolio. We believe our position as a Gartner Peer Insights Customers’ Choice for Secure Web Gateway, Data Loss Prevention, SIEM, Endpoint Protection and Cloud Access Security Broker (CASB) is a testament to the strength of our device-to-cloud strategy. This adds up to recognition’s in the last year in five different markets.

We also think it’s a signal of the way enterprises are approaching security – with the innovative technology solutions and integrated strategies that must evolve to fight a threat that is constantly evolving, too.

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates

Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared.

“Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to new ways of serving up information to customers,” says Butler, whose firm provides a full range of cybersecurity services, from one-time red team engagements to managing security operations, primarily for midsize enterprises. “It’s exciting what technology can do to transform what we do with computers. … We’re seeing a huge uptake in collaboration technology, with a lot of customers moving to AWS [Amazon Web Services].”

But Butler acknowledges his clients’ fears—putting sensitive data in the cloud introduces new risks. “Our job is to help customers leverage digital transformation positively without having to worry about the risks, [such as] breaches and brand reputation damage,” he says. “We’ve had to focus on how we protect them in [the cloud and] those areas of their business—areas that have traditionally been quite dark.”

The Challenge of Securing the Cloud

“Setting up security for the cloud can be quite technical,” Butler explains. “There are a lot of configuration options. … Yes, the cloud brings a lot of speed and scale, but one wrong configuration and suddenly you have an AWS S3 bucket available to the broader public with all of your confidential information on it. The cloud brings benefits, but it also brings new and different risks.”

Confidently Securing the Cloud with Help from McAfee

As one of the longest-running cybersecurity companies in Australia, Loop Secure has been a McAfee partner for over a decade. For its clients moving operations into the cloud, the firm primarily uses McAfee solutions to help them reach their security objectives—easily and effectively. For instance, for a midsize services client, Loop Secure implemented McAfee® Virtual Network Security Platform (McAfee vNSP), a complete network threat and intrusion prevention system (IPS) built for the unique demands of private and public clouds. Using McAfee vNSP allowed the company to apply the same robust security policies to endpoints within AWS as on premises.

“What McAfee brings to the table is a comprehensive portfolio, scale, and focus,” Butler explains. “Like us, McAfee focuses only on cybersecurity. That’s important. … To us, the McAfee ‘Together is Power’ mantra means that with McAfee we have a broader team—our people plus McAfee people and products—all dedicated to keeping our clients’ data and environments safe.”

Many of Butler’s clients use McAfee endpoint, networking, and/or web protection solutions and McAfee ePolicy Orchestrator® (McAfee ePO™). In the near future, Butler looks forward to offering them McAfee MVISION, an innovative, integrated, open system from device to cloud. McAfee MVISION could simplify security for these Loop Secure customers by providing consolidated visibility, comprehension, and control across their entire digital estate.

With the acceleration of cloud adoption by its clients and McAfee’s device-to-cloud approach, “The future’s pretty exciting for both us and McAfee,” Butler says.

View below for a short video interview with Patrick Butler. Get your questions answered by tweeting @McAfee_Business.

The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.

California Consumer Privacy Act

This blog was written by Gerald Jones Jr.

More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights.

Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of 2018 (CCPA), in June. Amid pressure to act or swallow a more stringent bill initiated by a private California resident, the CCPA broadens the scope of privacy rights for Californians. It includes data access rights and a limited private right of action, or the right to file a lawsuit.

The CCPA takes effect in January 2020 (or July 2020, if the California Attorney General implements additional regulations) and is widely regarded as the foremost privacy law in the United States. Yet the CCPA may have broader implications. The range of companies falling within the Act’s scope, i.e., not just the usual suspects in the technology industry, might pressure Congress into enacting a federal privacy regime, which would pre-empt the CCPA.

The Act grants consumers greater control over their personally identifiable information and prods companies doing business in the state to prioritize the practice of sound data governance. Here are some key takeaways under the CCPA:

  • It impacts companies doing business in California that meet one of the following thresholds:
    • Has annual gross revenues greater than $25 million; or
    • Receives or shares the personal information of 50,000 or more California consumers for monetary or other valuable consideration; or
    • Receives 50% or more of its annual revenue from selling consumer personal information.
  • “Personal Information now explicitly includes IP addresses, geolocation data, and unique identifiers such as cookies, beacons, pixel tags, browsing history, and another electronic network information. Consumer Information includes information that relates to households.
  • The California Attorney General will enforce the law, though Californians have a private right of action limited to circumstances where there is an unauthorized access to nonencrypted personal information or “disclosure of personal information because of a business failure to implement and maintain reasonable security procedures.”
  • Violators of the law are subject to civil penalties of up $2500 per each unintentional violation—failing to cure a violation within 30 days of receiving noncompliance notification from the California Attorney General—and a maximum of $7,500 for each intentional violation (not acknowledging the request for data, for example) if the civil action is brought by the California Attorney General.

What Does This All Mean?

Regulators are working on guidance, and there is still time for amendments to be made on the law, so things might change before the law goes into effect. Residents of the European Economic Area have been exercising their data subject access rights since late May. Now, Californians will join them in being able to similarly ask about the data that CCPA-applicable companies hold about them. The CCPA gives companies a 45-day window to comply with an individual’s request for access to data or deletion (a Data Subject Access Request, or DSAR) in contrast to the GDPR’s 30 days.

Companies may need to prepare for an increase in DSARs and implement new features to comply with the law, like providing two communication methods for consumers electing to exercise their rights (web portal, email address, toll free telephone number, or another viable mode of communication) and provide a conspicuous link on the company’s website that informs the consumer of her CCPA rights.

The California Legislature’s reference to Cambridge Analytica makes it apparent that legislators expect businesses to exercise transparency in their consumer data use practices. Even without legislative nudging, companies are slowly recognizing value in sound privacy and data governance practices. Companies no longer see privacy as a mere compliance checkbox, but instead as a competitive advantage that simultaneously builds consumer confidence.

We may see more changes to the California law, and we likely will see other laws come in to play both in the United States and abroad (Brazil, China, India, etc.), but companies with privacy in their DNA will have an edge over companies scrambling to meet compliance efforts.

The post California Consumer Privacy Act appeared first on McAfee Blogs.

What You Need to Know About DNS Flag Day

This blog was written by Michael Schneider, Lead Product Manger.

The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive to their best knowledge and will be flexible if the data doesn’t fully match a specification. Senders should adhere to specifications and comply with protocol specifications, as laid out in Request for Comment documents (RFCs) by the Internet Engineering Task Force.

DNS was released as RFC 1035 in 1987 and was superseded by EDNS in 1999 with RFCs 2671 and 6891. EDNS, or extension mechanisms for DNS, aimed to flexibly deploy new features into the DNS protocol, including protection against DNS flooding attacks amongst other performance and security enhancements. These attacks can cause a major outage for cloud-based infrastructure, which happened in 2016 with the DDoS attack on DNS provider Dyn.

To avoid such attacks and improve DNS efficiency, several DNS software and service providers—like Google, Cisco, and Cloudflare—have agreed to “coordinate removing accommodations for non-compliant DNS implementations from their software or service,” beginning Feb. 1, 2019, or DNS Flag Day.

Before DNS Flag Day, if an EDNS server requested a name resolution from a non-EDNS resolver, it would first send an EDNS query. If there was no response, the server would then send a legacy DNS query. That means that the timeout for the first query would need to be reached before the legacy DNS query was sent, generating a delayed response. These delays ultimately make DNS operations less efficient.

But with the new changes introduced for DNS Flag Day, any DNS server that doesn’t respond to EDNS will be seen as “dead” and no additional DNS query will be sent to that server. The result? Certain domains or offerings may no longer be available, as name resolution will fail. Organizations should plan to provide a bridge between their internal DNS and a provider’s DNS to ensure that the EDNS protocol is used. They should also work with their vendors to verify that EDNS is part of DNS communication and obtain a version of the respective product that complied with the requirements of EDNS.

The DNS Flag Day protocols are a disruptive move, as they break from Postel’s law—servers can no longer automatically accept every query. But as with most internet-related innovations, progress requires a little disruption.

The post What You Need to Know About DNS Flag Day appeared first on McAfee Blogs.

McAfee 2018: Year in Review

2018 was an eventful year for all of us at McAfee. It was full of discovery, innovation, and progress—and we’re thrilled to have seen it all come to fruition. Before we look ahead to what’s in the pipeline for 2019, let’s take a look back at all the progress we’ve made this year and see how McAfee events, discoveries, and product announcements have affected, educated, and assisted users and enterprises everywhere.

MPOWERing Security Professionals Around the World

Every year, security experts gather at MPOWER Cybersecurity Summit to strategize, network, and learn about innovative ways to ward off advanced cyberattacks. This year was no different, as innovation was everywhere at MPOWER Americas, APAC, Japan, and EMEA. At the Americas event, we hosted Partner Summit, where head of channel sales and operations for the Americas, Ken McCray, discussed the program, products, and corporate strategy. Partners had the opportunity to dig deeper into this information through several Q&A sessions throughout the day. MPOWER Americas also featured groundbreaking announcements, including McAfee CEO Chris Young’s announcement of the latest additions to the MVISION product family: MVISION® Endpoint Detection and Response (MVISION EDR) and MVISION® Cloud.

ATR Analysis

This year was a prolific one, especially for our Advanced Threat Research team, which unveiled discovery after discovery about the threat landscape, from ‘Operation Oceansalt’ delivering five distinct waves of attacks on victims, to Triton malware spearheading the latest attacks on industrial systems, to GandCrab ransomware evolving rapidly, to the Cortana vulnerability. These discoveries not only taught us about cybercriminal techniques and intentions, but they also helped us prepare ourselves for potential threats in 2019.

Progress via Products

2018 wouldn’t be complete without a plethora of product updates and announcements, all designed to help organizations secure crucial data. This year, we were proud to announce McAfee MVISION®, a collection of products designed to support native security controls and third-party technologies.

McAfee MVISION® Endpoint orchestrates the native security controls in Windows 10 with targeted advanced threat defenses in a unified management workflow to visualize and investigate threats, understand compliance, and pivot to action. McAfee MVISION®  Mobile protects against threats on Android and iOS devices. McAfee MVISION® ePO, a SaaS service, is designed to eliminate complexity by elevating management above the specific threat defense technologies with simple, intuitive workflows for security threat and compliance control across devices.

Beyond that, many McAfee products were updated to help security teams everywhere adapt to the ever-evolving threat landscape, and some even took home awards for their excellence.

All in all, 2018 was a great year. But, as always with cybersecurity, there’s still work to do, and we’re excited to work together to create a secure 2019 for everyone.

To learn more about McAfee, be sure to follow us at @McAfee and @McAfee_Business.

The post McAfee 2018: Year in Review appeared first on McAfee Blogs.