Customers often ask us how to implement the suggestions provided in our blogs and threat advisories to better protect their environments. The goal of this blog is to do just that.
NOTE: Always test changes prior to implementing them in your environment.
1. DATs and product updates
One of the most common issues seen while in Support was an outdated DAT.
2. Make sure you have at least one scheduled product update task in McAfee ePO to run daily.
3. On-Access Scan (OAS) configuration for McAfee Endpoint Security and McAfee VirusScan Enterprise
Ensure that On-Access Scan (OAS) is enabled and set to scan on read and write and that entire drives aren’t excluded from being scanned. McAfee Endpoint Security and McAfee VirusScan Enterprise allow you to configure different scan settings based on the process. You can enable “Configure different settings for High-Risk and Low-Risk processes” to improve performance and reduce the need for file/folder exclusions. See KB88205 for more information.
Be sure that Artemis/GTI is enabled and that the first scanner action is “Clean” and the second action is “Delete”.
NOTE: Setting Artemis/GTI to High or Very High should be done gradually and with testing to reduce the risk of false positives. See KB53735 for more information.
4. On-Demand Scan (ODS)
A weekly On-Demand Scan (ODS) is suggested to ensure that your systems don’t have malware or PUPs. Do not run an ODS during peak business hours, as users may complain about system performance.
5. Access Protection (AP)
While the default Access Protection (AP) rules provide decent coverage, both McAfee Endpoint Security and McAfee VirusScan Enterprise allow for the creation of user-defined rules to prevent infection and the spread of worms or viruses. Below are some pre-created ones that should be tested and enabled in your environment to provide additional protection.
- Disabling Registry Editor and Task Manager — Certain malware may attempt to disable the Task Manager to prevent the user from terminating the malicious process. Enable this AP rule to prevent the Task Manager from being disabled.
6. Access Protection (AP) rules for virus and worm outbreaks
These rules should only be enabled during a virus outbreak and for workstations only. Implementing the last two shown below may cause issues with file servers running McAfee VirusScan Enterprise or McAfee Endpoint Security. Always test these rules before you enable them:
- Remotely Creating Autorun Files
- Remotely Creating or Modifying Files or Folders
- Remotely Accessing Local Files or Folders
NOTE: Only create a separate AP policy for workstations if you wish to continue using the AP rules below. Remotely creating files between workstations is unusual behavior.
7. User-defined AP file/folder patch locations
The user-defined rule below is one common location for malware.
8. Microsoft Office malware
Most threats come through email and are often downloaders for other malware. The AP rule below is intended to prevent Microsoft Office applications from executing PowerShell. You can include CScript.exe and WScript.exe as well.
9. McAfee Endpoint Security firewall
Almost all organizations have a firewall at the perimeter level. Some may opt to disable the built-in firewall on workstations and servers. The McAfee Endpoint Security Firewall is more comprehensive than the Windows firewall and can be used to prevent communication to malicious IPs and domains.
10. Blocking malicious traffic with the firewall
Blocking malicious network traffic prevents new variants from being downloaded and can minimize the impact on the environment. Environments that don’t block malicious traffic as one of the first steps often take longer to clean up.
The post Leveraging McAfee Endpoint Security to Protect Against Emotet and Other Malware appeared first on McAfee Blogs.
According to the SANS CTI 2019 survey results, 72% of organizations either consume or produce Threat Intelligence. Although most organizations have Intelligence data, they struggle with defining requirements and managing Cyber Threat Intelligence (CTI) as a program with measurable output. This likely results from threat data and intelligence being perceived as a technical function unrelated to business objectives.
We need to change this perception.
In my opinion, the key business objectives most closely related to threat intelligence are Risk Management and Cyber Resilience. Threat Intelligence can influence the outcomes of both.
Cyber Resilience itself requires risk management and adaptability. The need for businesses to become more resilient is driving the demand for an adaptable security architecture—one that not only effectively leverages threat intelligence to improve Security Operations, especially Incident Response, but also adapts cyber defenses such as endpoint and network controls to prevent the latest threats.
Meanwhile, regulations focused on improving cyber security are driving a continuous risk management approach. For example, in 2016, the European Union released the NIS (Network and Information Systems) Directive, which provides a legal framework to boost the overall level of cybersecurity in critical industries and calls specifically for threat intelligence and incident sharing among organizations and national authorities. With these drivers in mind, we now need to design a managed process with the goal of creating an efficient way to increase the business value of CTI. We can define this process as follows:
- Discovering the most valuable data sources
- Using automation to collect, investigate, respond and share
- Integrating CTI into cyber defense processes
- Measuring to prove the value of Threat Intelligence
1. Collection, Deduplication and Aggregation
The first step in the CTI Management Process is the collection, deduplication and aggregation of the data or feeds. One of the main gaps at the enterprise level is the collection of local produced Threat Intelligence. Local Threat Intelligence includes data generated from analytics solutions like sandboxes and from incidents. Sandboxes usually produce intelligence data in the form of Indicators of Compromise (IOCs). These local sources could expose targeted attacks, and therefore are potentially the most valuable threat data source.
McAfee’s Open Architecture allows for the production, consumption and sharing of threat intelligence in various ways. Here is an example of how our architecture automates aggregation of various CTI sources with an open-source tool, MISP. The MISP platform subscribes to the McAfee Data Exchange Layer messaging fabric to consume IoCs from McAfee’s Advanced Threat Defense sandbox in real time. Additionally, MISP consumes and manages feeds from open or paid sources, providing an entry-level tool to manage the threat intel process.
Here is another example of how our architecture supports the aggregation process, this time by working with a commercial vendor, ThreatQ.
2. Investigation and Hunting
The second step in the CTI management process is investigation and hunting. Here, the biggest task is figuring out how to make Threat Intelligence actionable, which can be done by answering questions like:
- Have we seen any related artifacts (IP address connections, Hash/File executions) in my enterprise in the past?
- Do we have, right now, any devices that have related artifacts?
Before answering these questions, the right data must be collected from the enterprise sensors. Fundamental information should include IP address connections, file hashes on endpoints, web proxy, DNS and Active Directory logs. These logs provide the necessary data for correlation and historical analysis. The following example demonstrates how the architecture can automate some of the key triage steps.
MISP can push Threat Intelligence into McAfee’s SIEM solution, ESM (Enterprise Security Manager), to automate historical analysis. There, it can query McAfee’s Threat Intelligence Exchange server to identify which systems executed related artifacts, and where and when they did so. Furthermore, MISP can run real-time queries against McAfee-protected endpoints with McAfee Active Response to identify any persistent artifacts that are currently in the enterprise network.
Here is another example working with ThreatQ. This time, ThreatQ interacts with McAfee ESM, Active Response and McAfee TIE to identify systems that have or had artifacts related to Threat Intelligence indicators. These various integrations support manual enrichment task and investigations.
The screenshot below highlights the various McAfee integrations as part of an investigation.
The third step in the CTI Management Process is response. Cyber Threat Intelligence is essential to prevent the latest threats and should be integrated into key cyberdefense countermeasures. The following example demonstrates an automated update process using McAfee’s Open Architecture, with the Data Exchange Layer (DXL) fabric as the key component.
ThreatQ can communicate via the DXL fabric with McAfee technologies. During this process ThreatQ is able to update key cyber defense countermeasure tools with Threat Intelligence to protect against the latest threats.
Another part of this process step is sharing threat intelligence with other parties, such as partners and communities. Most Threat Intelligence Platforms (open source and commercial) support various protocols for external CTI sharing. This includes TLP, STIX, TAXII and DXL. These protocols support the automated exchange and governance of the shared data.
Another part of this process step is sharing threat intelligence with other parties, such as partners and communities. Most Threat Intelligence Platforms (open source and commercial) support various protocols for external CTI sharing. This list includes TLP, STIX, TAXII and DXL, which feature protocols facilitating the automated exchange and governance of the shared data.
Finally, the value of Threat Intelligence can be proven by measuring a variety of outcomes. The following are some of the metrics commonly quantified and reported on:
- Number of duplicate Threat Intelligence Artifacts removed
- Impact on Mean-Time-To-Respond
- Number of IOCs generated from Threat Intelligence
- Number of incidents identified based on Threat Intelligence
- Number of attacks blocked via Threat Intelligence
The creation and implementation of the right process is critical to the success of Cyber Threat Intelligence within the enterprise. In this blog, we defined a CTI management process of Collection, Investigation, Response and Measurement. McAfee’s research, management platform and open architecture enable you to implement this process and get the best value out of Cyber Threat Intelligence, promoting resilience and enabling better risk management.
Links to additional resources
- MISP Summit 2018
- SECURE Conference
- RISK Conference
- McAfee ATR
- ThreatQ Whitepaper
- MISP Tools
The post Improving Cyber Resilience with Threat Intelligence appeared first on McAfee Blogs.
Transformation is a popular buzz word in the tech industry. The market is full of companies promising to be the change your business needs to help it transform into the best player in its category. Many companies that have been around for a decade or more believe they’ve already transformed their business numerous times to keep up with the latest technology trends, while newer companies tend to practice business transformation daily to stay competitive. But is business transformation really needed? The answer is yes! However, transformation is an evolutionary process and won’t happen overnight. Organizations need to think about the future and embrace the fact they need to constantly change and move forward.
Transformation is Continuous
A disruptive and groundbreaking company will continually transform alongside its customers, adopting new applications and policies around the cloud, BYOD and more. As these items evolve, companies are confronted with the challenges and risks of change, including securing new endpoints on devices or in the cloud.
As companies evolve and transform to keep up with the latest IT trends, overlooking the security of company data is a common misstep. A recent study by leading IT analyst firm Frost & Sullivan revealed that 83% of APAC organizations don’t think about cybersecurity while embarking on digital transformation projects. Although 72% of the organizations conduct regular breach assessment to protect themselves against cyberattacks, 55% of them were at risk.
A Plan of Action
Companies are predicted to spend $1.7 trillion on digital transformation by the end of 2019, a 42% increase from 2017, according to IDC. With IT budgets at nearly their highest point, it’s time to rethink your transformation strategy and make security a priority.
The cloud is transforming the enterprise, and as a market leader, McAfee is transforming the way businesses secure data in the cloud. We transform the nature of security itself with SaaS (security-as-a-service) consumption models. By partnering with us, organizations can transform confidently, leveraging security solutions purpose-built with transformation in mind, including those that secure every segment of the cloud and heterogenous device environments. McAfee cloud security solutions extend your security from device to cloud with data visibility, data loss prevention, and advanced threat protection on a platform that supports an open ecosystem. Our goal is to make the most secure environment for your business from device to cloud.
As you start your transformation journey, consider the following questions:
- How is your organization aligned? What are your organization’s goals?
- What are the biggest/most important strategic initiatives your company has over the next two to four years?
- What are your current major IT initiatives? Security initiatives? Cloud initiatives?
Looking to transform your business with McAfee? We’re here to help. Use the resources below for more information.
Email is a mature technology, but threats targeting email are evolving and getting more sophisticated. 97%1 of ransomware attacks come from email. That’s why there are so many email security vendors and solutions in the market offering different types of technologies and coverages. Picking the best email security solution for an organization can be overwhelming.
Maybe it doesn’t have to be. Forrester Research, a well-known independent research firm, released “The Forrester Wave: Enterprise Email Security, Q2 2019” report on May 16, 2019. Using its 32-criterion evaluation of enterprise email content security providers, Forrester identified the 12 most significant vendors and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk professionals select the right one for their needs.
Trend Micro has been named a Leader in the Forrester report. What’s special is that we also received the highest score in the Strategy category among all 12 vendors. Furthermore, we got the highest score possible for the “Technology leadership” criterion, which is a sub-criterion of the Product Strategy criterion. Trend Micro also received the highest score possible in the “Deployment options” and “Cloud integration” criteria.
Highest score possible for “Technology leadership” criterion in Strategy category – our takeaways
Building on 20+ years in email security, Trend Micro continues to make strong investment and technology innovation in this market. Email threats are evolving, so do Trend Micro’s email security solutions. To cite just a couple of examples, new technologies developed by Trend Micro to combat latest email threats include:
With a long and innovative history with email security, Trend Micro remains at the forefront of the industry with a strong strategy that continues to position its customers well over the long term.
Highest score possible in “Deployment options” and “Cloud integration” criteria – our takeaways
Trend Micro is the only vendor to offer dual layer email protection via a cloud-based API plus SMTP solution for advanced threat protection. This unique approach provides “best of both worlds”, offering the benefits of both deployment types. Email gateway (SMTP solution) is perfect for inbound filtering and outbound DLP or email encryption. Trend Micro’s API solution is quick and easy to deploy, and can protect internal phishing emails for your Office 365 or Gmail, as well as cloud file sharing services (e.g. OneDrive or Google Drive).
Trend Micro email security is proven to be effective in protecting customers. In 2018, Trend Micro Cloud App Security, the API solution, stopped 8.9 million high-risk threats that weren’t caught by Office 365 security.
By choosing Trend Micro, you are investing in a solution which will continuously evolve to combat tomorrow’s email security challenges.
Check out the report and see for yourself why Trend Micro is a leader in Enterprise Email Security.
1 TrendLabs 2017 Security Roundup, March 2018
The post Why You Should Pick a Leader for Your Enterprise Email Security appeared first on .
McAfee has a rich history in helping to shape the industry’s response to the ever-changing threat landscape. We started as a pioneer in cybersecurity over three decades ago. Today, we are the device to cloud cybersecurity market leader, supporting consumers to small and large enterprises to governments.
But we don’t do this on our own. And in order for us to be successful in our mission to make the digital world more secure, we need to have the right people in place.
One of the largest challenges facing the cybersecurity industry today is the lack of skilled personnel and the global talent shortage. Current research indicates that our industry will face more than 1.5 million unfilled cybersecurity positions by 2025.
This talent shortage, coupled with the increasing volume of threats and the changing cybercriminal landscape, presents a problem which is only getting worse. And not just for us, but the whole industry. Therefore, we must, as a group, collectively improve upon this talent shortage.
So how will we do this?
One step that McAfee is investing heavily in is education. We are already doing a lot of work to support students and inspire them to take on careers in cybersecurity, for example our work in the UK with high school programs run at the home of the World War II code breakers Bletchley Park.
Now we’re delighted to be expanding this work even further as a founding partner of the new Master of Cybersecurity and Threat Intelligence at the University of Guelph which will launch in September this year. This graduate degree will train the next generation on how to stop cyberattacks before they happen, and give students expertise in threat intelligence, threat hunting, digital forensics, intrusion prevention, privacy, crypt analysis and more.
During the course, students will work with state-of-the-art cybersecurity tools where they can run real-world attacks within an isolated lab, engaging directly with active adversaries and learn their tactics, techniques and procedures to build state of art cyber defense and detection systems. They will learn the intricacies of how attacks are conducted and methods for preventing further intrusions. McAfee has already been involved with the development of the Lab, ensuring it replicates our real-world labs to give students the right experience from the very beginning.
But we’re not just supporting the lab. Alongside partners including Cisco and BlackBerry, we’re also going to be showing up throughout the course and inviting students to work closely with us inside McAfee to build the skills they need for a future career in cybersecurity.
As a Canadian, I am particularly proud that a Canadian institution is showing this level of innovation which will enhance not only our local talent pool but will also help solve the global talent shortage.
Cyber threats sometimes feel unrelenting and are becoming more dangerous every day. While the internet presents users with lots of information and services, it also includes several risks. Cyberattacks are increasing in sophistication and volume, with many cybercriminals using a combination of different types of attacks to accomplish a single goal. Though the list of potential threats is extensive, below you’ll see the most common security threats you should look out for.
Short for “malicious software,” malware comes in several forms and can cause serious damage to a computer or corporate network. There are various forms of malware ranging from viruses and worms to Trojans and beyond. Malware is often seen as a catch-all term that refers to any software designed to cause damage to a computer, server, or network.
Antivirus software is the most known product to protect your personal devices against malware and is a great start to prevent potential threats. While for enterprises, protecting your endpoint is essential to quickly detect, prevent, and correct advanced threats to your business.
2. Computer Worm:
The distinctive trait of a worm is that it can self-replicate and doesn’t require human interaction to create copies and spread quickly and in great volume. Most worms are spread though tricking internet users and are designed to exploit known security holes in software. Since many employees use their phones for work-related tasks when they are not within the perimeter of their corporate firewall, businesses are at a high risk for potential worms. If a machine is infected, the worm can: corrupt files, steal sensitive data, install a backdoor giving cybercriminals access to your computer, or modify system settings to make your machine more vulnerable.
Spam refers to unsolicited messages in your email inbox. From the sender’s perspective, spam is a great way to get their message across in an efficient and cost-effective way. While spam is usually considered harmless, some can include links that will install malicious software on your computer if the recipient clicks on it.
How do you recognize malicious spam? First off, if you don’t recognize the sender’s address, don’t open it. Also, if the email addresses you in a generic way, i.e. “Dear customer”, “Hi there” etc., don’t engage. Be aware of the embedded links and check if they have odd URL’s by hovering over them to see where it wants to direct you and if the destination URL matches the destination site you expect.
Created by cybercriminals attempting to solicit private or sensitive information, phishing schemes tend to be the starting point of nearly all successful cyberattacks. Phishing schemes can disguise itself in many forms, whether its posing as your bank or a common web service, with the sole purpose to lure you in by clicking links and asking you to verify account details, personal information, or passwords. Many people still associate phishing threats with emails, but the threat has evolved beyond your inbox. Hackers are now employing text messages, phone calls, phony apps, and social media quizzes to trick an unwitting victim.
Botnet malware is a network of computers that have been hijacked or compromised, giving hackers the ability to control infected computers or mobile devices remotely. When the malware is launched on your computer or mobile device, it recruits your infected device into a botnet, and the hacker is now able to control your device and access all your data in the background without your knowledge.
A botnet can consist of as few as ten computers or hundreds of thousands, and when bots come together, they are a force to be reckoned with. If a botnet hits your corporate website, it can make millions of requests at once ultimately overloading the servers knocking the website offline, slow web traffic, or affect performance. As many businesses are aware, a website that is offline or has a long lag time can be very costly, resulting in a loss of customers or a damaged reputation.
For more information check out our Security Awareness Resources and Reports.
The post 5 Most Common Types of Threats You Need to Know About appeared first on McAfee Blogs.
Last week, the RSA Conference painted San Francisco’s Moscone Center purple with the theme ‘Better’, and the cybersecurity industry did not disappoint in making the digital world a better and safer place. Below, we’re sharing a few McAfee highlights from this year’s event.
Behind the Scenes of MGM Resorts’ Digital Transformation at CSA Summit
In its tenth year at the RSA Conference, the CSA Summit welcomed Rajiv Gupta, Senior Vice President, Cloud Security Business Unit at McAfee and Scott Howitt, Senior Vice President & Chief Information Security Officer at MGM Resorts International to the stage. During the keynote, Howitt discussed MGM’s digital transformation and how adopting the cloud into MGM’s business model resulted in delivering a modern experience to customers and more engaged and productive employees. We also heard Gupta share statistics from our Cloud Report on how cloud data distribution has changed dramatically ,which now requires new and better solutions. Before attendees headed out for lunch, Howitt and Gupta closed the first half of the CSA summit by solidifying the positive impact the cloud can have on enterprise businesses.
Tapping into the Tremendous Power of Artificial Intelligence at RSAC
On Tuesday, SVP and Chief Technology Officer, Steve Grobman and Chief Data Scientist, Dr. Celeste Fralick, took the mainstage at RSAC. During their keynote, Grobman and Fralick discussed how the industry needs to think about artificial intelligence, its power, how it can be used against us and its adversarial uses. Fralick shared how “most people don’t realize how fragile AI and machine learning can really be” and voiced how her team is involved in a technical area called the adversarial machine learning, where they study ways that adversaries can invade or poison machine learning classifier. In closing, Grobman told RSA attendees that “we must embrace AI but never ignore its limitations. It’s just math. It’s fragile. And there is a cost to both false positives and false negatives.”
EXPO- nentially Better
This year’s RSAC expo didn’t disappoint, with over 400 exhibitors showcasing unique content from the world’s top cybersecurity minds and the latest security solutions. Every day our booth was full as we connected with our customers, partners, and prospects. At this year’s conference, we hosted a fun and interactive Capture the Flag challenge which tested the investigative and analytical skills of RSA attendees. Contestants were given various challenges and received “flag” details on how to complete each challenge as quickly and accurately as possible.
RSAC was full of announcements with new and better products along with the buzzing of cybersecurity professionals making better connections with peers from around the world, with the same goal of keeping the digital world safe and making the real world a better place.
The post Artificial Intelligence, Machine Learning and More at RSAC 2019 appeared first on McAfee Blogs.
In just a few weeks, San Francisco will be taken over by cybersecurity professionals and vendors at Moscone Center for the 2019 RSA Conference. There’s a lot packed into the conference—that’s why we’re breaking down the best ways to see McAfee in action. So take out your calendars and make note of the events below.
McAfee Leadership Takes the Stage
CSA Summit Keynote: Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation
Monday, March 4 | 11:35 am – 11:55 am | Moscone Center
Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee
Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International
As a leader in their industry, MGM is transforming into a digital business by aggressively adopting the cloud to make their employees more engaged and productive and to deliver modern experiences to their customers. Join Rajiv Gupta, SVP of McAfee’s Cloud Business, and Scott Howitt, SVP and CISO for MGM Resorts International, to hear how MGM is protecting their enterprise data across the whole spectrum of their evolving infrastructure, from on-prem, to the device, to their SaaS, IaaS and PaaS cloud instances. More, here.
Session: #Ransomware – The Rise, Death and Resurrection of Digital Extortion
Monday, March 4 | 4:45 pm – 5:15 pm | Session Code: SEM-M03
Head of Cyber Investigations
Chief Scientist, McAfee Fellow
Hear from cybercrime experts on the successes and lessons learned from the No More Ransom initiative, an online portal that has prevented millions of dollars in ransom payments to cybercriminals. Recent statistics point to a decrease in the number of ransomware variants. So, is ransomware dead? Not so fast. Get up to speed on what’s new in the ongoing effort to combat the threat of ransomware. More, here.
Keynote: Lightning in a Bottle, or Burning Down the House?
Tuesday, March 5 | 8:35 am – 8:55 am | RSA, West Stage
Dr. Celeste Fralick
Chief Data Scientist
Senior Vice President and Chief Technology Officer
Fire. In the wild, it’s a force for destruction. Controlled, it powers civilization’s forward evolution. But containing phenomena—natural or manmade—is a devilish challenge. Today’s regulatory hotspots include AI and quantum computing, because innovations that strengthen defenses can also fuel targeted threats. The weaponization of AI to amplify cyberattack impacts is enough to give anyone pause, so discussion of export controls on these and other technologies is a worthy conversation. What is the path forward to advance and protect human progress? How do we nurture sparks of innovation without burning bridges to the future? More, here.
Session: Using Machine Learning to Improve Security Predictions
Tuesday, March 5 | 11:00 am – 11:50 am | Session Code: SPO2-T06
Chief Information Security Officer (CISO) & Vice President of McAfee Labs Operations
Organizations are overwhelmed by data and dependent on outdated (nonpredictive) tools and methods. Security companies can’t keep up with the frequency of attacks, 50% of which are missed by traditional antivirus programs. In this session, McAfee’s CISO will share his experiences, providing valuable information for security organizations to predict attacks by relying on data science and machine learning. More, here.
Session: Mulitparty Vulnerability Disclosure: From Here to Where?
Wednesday, March 6 | 9:20 am – 10:10 am | Session Code: PDAC-W03
As the world grows ever more dependent on complex technological systems, the risk of broadly impactful vulnerabilities in software and hardware is driving the need for improvements in how the global ecosystem addresses identification and disclosure of those vulnerabilities. This panel will discuss what works, what doesn’t, and suggest a path forward that can benefit everyone globally. More, here.
Moderator: John Banghart, Senior Director, Venable
Panelists: Kent Landfield, Chief Standards and Technology Policy Strategist, McAfee LLC
Art Manion, Vulnerability Analysis Technical Manager, CERT Coordination Center
Audrey Plonk, Director, Global Security Policy, Intel Corporation
Session: Law Enforcement: The Secret Weapon in the CISO’s Toolkit
Friday, March 8 | 11:10 am – 12:00 pm | Session Code: AIR-F03
Head of Cyber Investigations
This session will show you how to get the most out of working with law enforcement agencies (LEA) before, during or after a security breach. Learn why partnering with law enforcement can be a valuable strategic asset in the CISO’s ever-expanding toolbox of security measures. More, here.
Hack Your Way Through the Crowds at the McAfee Booth
We’re hosting a fun and interactive Capture the Flag challenge at our RSA booth to test the investigative and analytical skills of RSA attendees. Contestants will be given various challenges and will receive “flag” details on how to complete each challenge as quickly and accurately as possible. Want to know who is in the lead? Don’t worry, we’ll have a live scoreboard. The winner of the RSA Capture the Flag contest will get bragging rights and a cool prize to take home. Visit us at booth #N5745 in the North Hall.
Cloud Security BarCade Challenge
Tuesday, March 5 | 6:00 pm – Midnight | Coin-Op Game Room, San Francisco | 508 4th Street
We’re hosting an epic cloud security networking event at Coin-Op Game Room in San Francisco! What’s the challenge? Come out to see us and find out. There will be prizes, games, food, networking, and more. Register here.
RSA After-Hours Social & Cloud Security Panels
Wednesday, March 6 | 6:30 pm – 11:00 pm | Mourad, San Francisco | 140 New Montgomery Street
We’re bringing the cloud community together for a night of networking at Mourad, so grab your peers and head over to the after-hours social. We will have a DJ, awesome food, creative libations, and a VIP area upstairs for a private whiskey tasting. Throughout the night, we’ll be hosting cloud security panels, where you’ll hear perspectives from industry experts on the current security landscape, best practices, and how to elevate your cloud security posture. Register here and join us as we close out RSA at the after-hours social of the year.
There’s a lot to look forward to at RSA 2019, so be sure to stop by booth #N5745 in the North Hall for demos, theater sessions, and more. Feel free to use code XSU9MCAFEE for a free RSAC expo pass. Also, be sure to follow @McAfee for real-time updates from the show throughout the week.
The post The Best Ways to Catch McAfee at RSA Conference 2019 appeared first on McAfee Blogs.
It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude of technologies. Excellence that we believe is validated by our larger peer and analyst community.
We’ve just announced that McAfee was named a Gartner Peer Insights Customers’ Choice for another two technologies. Our customers have recognized us as a January 2019 Gartner Peer Insights Customers’ Choice for Secure Web Gateway for McAfee Web Protection, McAfee Web Gateway, and McAfee WebGateway Cloud Service. In addition, for the second year in a row McAfee’s MVISION Cloud (formerly McAfee Skyhigh Security Cloud) was named a January 2019 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers. In 2018, McAfee was the only vendor named a Customers’ Choice in the Cloud Access Security Brokers market.
Our team at McAfee takes great pride in these distinctions, as customer feedback is essential in shaping our products and services. We put our customers at the core of everything we do and this shows pervasively across our portfolio. We believe our position as a Gartner Peer Insights Customers’ Choice for Secure Web Gateway, Data Loss Prevention, SIEM, Endpoint Protection and Cloud Access Security Broker (CASB) is a testament to the strength of our device-to-cloud strategy. This adds up to recognition’s in the last year in five different markets.
We also think it’s a signal of the way enterprises are approaching security – with the innovative technology solutions and integrated strategies that must evolve to fight a threat that is constantly evolving, too.
The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.
Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared.
“Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to new ways of serving up information to customers,” says Butler, whose firm provides a full range of cybersecurity services, from one-time red team engagements to managing security operations, primarily for midsize enterprises. “It’s exciting what technology can do to transform what we do with computers. … We’re seeing a huge uptake in collaboration technology, with a lot of customers moving to AWS [Amazon Web Services].”
But Butler acknowledges his clients’ fears—putting sensitive data in the cloud introduces new risks. “Our job is to help customers leverage digital transformation positively without having to worry about the risks, [such as] breaches and brand reputation damage,” he says. “We’ve had to focus on how we protect them in [the cloud and] those areas of their business—areas that have traditionally been quite dark.”
The Challenge of Securing the Cloud
“Setting up security for the cloud can be quite technical,” Butler explains. “There are a lot of configuration options. … Yes, the cloud brings a lot of speed and scale, but one wrong configuration and suddenly you have an AWS S3 bucket available to the broader public with all of your confidential information on it. The cloud brings benefits, but it also brings new and different risks.”
Confidently Securing the Cloud with Help from McAfee
As one of the longest-running cybersecurity companies in Australia, Loop Secure has been a McAfee partner for over a decade. For its clients moving operations into the cloud, the firm primarily uses McAfee solutions to help them reach their security objectives—easily and effectively. For instance, for a midsize services client, Loop Secure implemented McAfee® Virtual Network Security Platform (McAfee vNSP), a complete network threat and intrusion prevention system (IPS) built for the unique demands of private and public clouds. Using McAfee vNSP allowed the company to apply the same robust security policies to endpoints within AWS as on premises.
“What McAfee brings to the table is a comprehensive portfolio, scale, and focus,” Butler explains. “Like us, McAfee focuses only on cybersecurity. That’s important. … To us, the McAfee ‘Together is Power’ mantra means that with McAfee we have a broader team—our people plus McAfee people and products—all dedicated to keeping our clients’ data and environments safe.”
Many of Butler’s clients use McAfee endpoint, networking, and/or web protection solutions and McAfee ePolicy Orchestrator® (McAfee ePO). In the near future, Butler looks forward to offering them McAfee MVISION, an innovative, integrated, open system from device to cloud. McAfee MVISION could simplify security for these Loop Secure customers by providing consolidated visibility, comprehension, and control across their entire digital estate.
With the acceleration of cloud adoption by its clients and McAfee’s device-to-cloud approach, “The future’s pretty exciting for both us and McAfee,” Butler says.
View below for a short video interview with Patrick Butler. Get your questions answered by tweeting @McAfee_Business.
The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.
This blog was written by Gerald Jones Jr.
More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights.
Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of 2018 (CCPA), in June. Amid pressure to act or swallow a more stringent bill initiated by a private California resident, the CCPA broadens the scope of privacy rights for Californians. It includes data access rights and a limited private right of action, or the right to file a lawsuit.
The CCPA takes effect in January 2020 (or July 2020, if the California Attorney General implements additional regulations) and is widely regarded as the foremost privacy law in the United States. Yet the CCPA may have broader implications. The range of companies falling within the Act’s scope, i.e., not just the usual suspects in the technology industry, might pressure Congress into enacting a federal privacy regime, which would pre-empt the CCPA.
The Act grants consumers greater control over their personally identifiable information and prods companies doing business in the state to prioritize the practice of sound data governance. Here are some key takeaways under the CCPA:
- It impacts companies doing business in California that meet one of the following thresholds:
- Has annual gross revenues greater than $25 million; or
- Receives or shares the personal information of 50,000 or more California consumers for monetary or other valuable consideration; or
- Receives 50% or more of its annual revenue from selling consumer personal information.
- “Personal Information now explicitly includes IP addresses, geolocation data, and unique identifiers such as cookies, beacons, pixel tags, browsing history, and another electronic network information. Consumer Information includes information that relates to households.
- The California Attorney General will enforce the law, though Californians have a private right of action limited to circumstances where there is an unauthorized access to nonencrypted personal information or “disclosure of personal information because of a business failure to implement and maintain reasonable security procedures.”
- Violators of the law are subject to civil penalties of up $2500 per each unintentional violation—failing to cure a violation within 30 days of receiving noncompliance notification from the California Attorney General—and a maximum of $7,500 for each intentional violation (not acknowledging the request for data, for example) if the civil action is brought by the California Attorney General.
What Does This All Mean?
Regulators are working on guidance, and there is still time for amendments to be made on the law, so things might change before the law goes into effect. Residents of the European Economic Area have been exercising their data subject access rights since late May. Now, Californians will join them in being able to similarly ask about the data that CCPA-applicable companies hold about them. The CCPA gives companies a 45-day window to comply with an individual’s request for access to data or deletion (a Data Subject Access Request, or DSAR) in contrast to the GDPR’s 30 days.
Companies may need to prepare for an increase in DSARs and implement new features to comply with the law, like providing two communication methods for consumers electing to exercise their rights (web portal, email address, toll free telephone number, or another viable mode of communication) and provide a conspicuous link on the company’s website that informs the consumer of her CCPA rights.
The California Legislature’s reference to Cambridge Analytica makes it apparent that legislators expect businesses to exercise transparency in their consumer data use practices. Even without legislative nudging, companies are slowly recognizing value in sound privacy and data governance practices. Companies no longer see privacy as a mere compliance checkbox, but instead as a competitive advantage that simultaneously builds consumer confidence.
We may see more changes to the California law, and we likely will see other laws come in to play both in the United States and abroad (Brazil, China, India, etc.), but companies with privacy in their DNA will have an edge over companies scrambling to meet compliance efforts.
This blog was written by Michael Schneider, Lead Product Manger.
The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive to their best knowledge and will be flexible if the data doesn’t fully match a specification. Senders should adhere to specifications and comply with protocol specifications, as laid out in Request for Comment documents (RFCs) by the Internet Engineering Task Force.
DNS was released as RFC 1035 in 1987 and was superseded by EDNS in 1999 with RFCs 2671 and 6891. EDNS, or extension mechanisms for DNS, aimed to flexibly deploy new features into the DNS protocol, including protection against DNS flooding attacks amongst other performance and security enhancements. These attacks can cause a major outage for cloud-based infrastructure, which happened in 2016 with the DDoS attack on DNS provider Dyn.
To avoid such attacks and improve DNS efficiency, several DNS software and service providers—like Google, Cisco, and Cloudflare—have agreed to “coordinate removing accommodations for non-compliant DNS implementations from their software or service,” beginning Feb. 1, 2019, or DNS Flag Day.
Before DNS Flag Day, if an EDNS server requested a name resolution from a non-EDNS resolver, it would first send an EDNS query. If there was no response, the server would then send a legacy DNS query. That means that the timeout for the first query would need to be reached before the legacy DNS query was sent, generating a delayed response. These delays ultimately make DNS operations less efficient.
But with the new changes introduced for DNS Flag Day, any DNS server that doesn’t respond to EDNS will be seen as “dead” and no additional DNS query will be sent to that server. The result? Certain domains or offerings may no longer be available, as name resolution will fail. Organizations should plan to provide a bridge between their internal DNS and a provider’s DNS to ensure that the EDNS protocol is used. They should also work with their vendors to verify that EDNS is part of DNS communication and obtain a version of the respective product that complied with the requirements of EDNS.
The DNS Flag Day protocols are a disruptive move, as they break from Postel’s law—servers can no longer automatically accept every query. But as with most internet-related innovations, progress requires a little disruption.
2018 was an eventful year for all of us at McAfee. It was full of discovery, innovation, and progress—and we’re thrilled to have seen it all come to fruition. Before we look ahead to what’s in the pipeline for 2019, let’s take a look back at all the progress we’ve made this year and see how McAfee events, discoveries, and product announcements have affected, educated, and assisted users and enterprises everywhere.
MPOWERing Security Professionals Around the World
Every year, security experts gather at MPOWER Cybersecurity Summit to strategize, network, and learn about innovative ways to ward off advanced cyberattacks. This year was no different, as innovation was everywhere at MPOWER Americas, APAC, Japan, and EMEA. At the Americas event, we hosted Partner Summit, where head of channel sales and operations for the Americas, Ken McCray, discussed the program, products, and corporate strategy. Partners had the opportunity to dig deeper into this information through several Q&A sessions throughout the day. MPOWER Americas also featured groundbreaking announcements, including McAfee CEO Chris Young’s announcement of the latest additions to the MVISION product family: MVISION® Endpoint Detection and Response (MVISION EDR) and MVISION® Cloud.
This year was a prolific one, especially for our Advanced Threat Research team, which unveiled discovery after discovery about the threat landscape, from ‘Operation Oceansalt’ delivering five distinct waves of attacks on victims, to Triton malware spearheading the latest attacks on industrial systems, to GandCrab ransomware evolving rapidly, to the Cortana vulnerability. These discoveries not only taught us about cybercriminal techniques and intentions, but they also helped us prepare ourselves for potential threats in 2019.
Progress via Products
2018 wouldn’t be complete without a plethora of product updates and announcements, all designed to help organizations secure crucial data. This year, we were proud to announce McAfee MVISION®, a collection of products designed to support native security controls and third-party technologies.
McAfee MVISION® Endpoint orchestrates the native security controls in Windows 10 with targeted advanced threat defenses in a unified management workflow to visualize and investigate threats, understand compliance, and pivot to action. McAfee MVISION® Mobile protects against threats on Android and iOS devices. McAfee MVISION® ePO, a SaaS service, is designed to eliminate complexity by elevating management above the specific threat defense technologies with simple, intuitive workflows for security threat and compliance control across devices.
All in all, 2018 was a great year. But, as always with cybersecurity, there’s still work to do, and we’re excited to work together to create a secure 2019 for everyone.