Category Archives: Cloud Security

Maximizing data privacy: Making sensitive data secure by default

Maximizing data privacy should be on every organization’s priority list. We all know how important it is to keep data and applications secure, but what happens when access to private data is needed to save lives? Should privacy be sacrificed? Does it need to be? Consider the case of contact tracing, which has become a key tool in the fight to control COVID-19. It’s a daunting task greatly facilitated by collecting and analyzing real-time identity … More

The post Maximizing data privacy: Making sensitive data secure by default appeared first on Help Net Security.

Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack

Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.

Source Code Leak – What We Learned and How You Can Protect Your IP

This week we learned about a leak of source code from 50 prominent companies, posted by a Swiss IT consultant. These come after another recent leak of source code from Nintendo, prompting us to comment on the issue of IP protection and secure development pipelines.  

The latest leak appears to stem primarily from a misconfiguration of SonarQube, an open-source tool for static code analysis, which allows developers to audit their code for bugs and vulnerabilities prior to deployment.  

Our own assessment found that SonarQube communicates on port 9000, which was likely misconfigured to be open to the internet for the breached companies, allowing researchers to gain access and discover the data now exposed in the leak.   

A search for SonarQube on the popular IoT search engine Shodan allows anyone to discover ports used by common software such as this. With this information so easily available, ports unintentionally left open can introduce a wide swath of intrusion attempts.  

Several of the source code repositories also contained hard-coded credentials, which open the door to accessing other resources and expansion of the breach. It is a best practice to never commit code with hard-coded/plaintext credentials to your repositories.   

How You Can Protect Your IP  

Mistakes like misconfiguration and accidental credential exposure will happen in the development process, which is where InfoSec teams need to step in. Auditing infrastructure code both prior to deployment and continuously in production is essential for companies practicing DevOps and CI/CD.  

Our solution to this problem is MVISION Cloud, the multi-cloud security platform for enterprises to protect their data, prevent threats, and maintain secure deployments for their cloud-native apps.  

Audit Cloud Accounts for Misconfiguration 

With MVISION Cloud InfoSec teams can monitor their company’s public cloud accounts, like AWS, Azure, or GCP, for configuration mistakes that may expose sensitive data. In the example below, MVISION Cloud discovered that a resource in AWS EC2 was configured with Unrestricted Access to ports other than 80/443, opening up potential breach scenarios like we saw with the source code leak.  

Scan Application Code for Vulnerabilities  

Companies with active container deployments should take this one step further, auditing not only for misconfigurations but also CVEs in their container images. In the example below, MVISION Cloud discovered that one container image contained 219 code vulnerabilities, many of which could be exploited in an attack.  

Scan Repositories for Hard-Coded Credentials and Secret Keys 

To mitigate the risk of credential or secret key exposure, within MVISION Cloud you can easily scan your repositories for specific data types and take multiple levels of action. Below we’ve set up a policy to scan Bitbucket and Github with our Data Loss Prevention (DLP) data identifiers for AWS Keys and Passwords. With Passwords, we are using keyword validation, meaning we will only trigger an incident if a keyword like pwd, p, or password is nearby. We’ve chosen the least disruptive action here – notifying the end user to remediate themselves, however the option to delete the data is also available.   

The speed of DevOps is allowing companies to innovate quickly, but without security audits built into the pipeline, misconfigurations and vulnerable code can go unnoticed and expose data in a breach. We strongly encourage the movement from DevOps to DevSecOps, building this audit process into the standard practice of application development. 

For more on how MVISION Cloud can enable you to implement a DevSecOps practice, get in touch with us today.  

The post Source Code Leak – What We Learned and How You Can Protect Your IP appeared first on McAfee Blogs.

Cisco SecureX – What’s driving our platform?

Learn about the latest innovations powering our integrated security approach

Cisco SecureX is the result of many years of developing industry-leading security technologies, and then finding ways to make them even better by enabling them to work together. It’s a careful balance of building a platform out of the capabilities of each product, which then adds to the experience of having all of those products and makes each product stronger. Sound like a lot to expect? It’s the least we can do for our customers.

“Having all of Cisco’s tools so well integrated really gives us defense-in-depth and layered protection,” said Don Bryant, CISO at The University of North Carolina at Pembroke, in our recent report, Simplify to Secure. “Having a more holistic security platform has really helped us make more progress toward our end goal in a short amount of time.”

Indeed, a platform should bring forth an already strong roster of security technologies, and then further improve upon them through integration, automation, and continued innovation. The Cisco Secure portfolio is built on a broad set of capabilities that protect your network, users and endpoints, cloud, and applications. And it’s backed by the unrivaled threat intelligence of Cisco Talos. SecureX draws from all of this to enhance collaboration among your teams, and visibility across your infrastructure, with the end goal of streamlining security operations and accelerating threat response.

And innovation continues across the products and platform. Along with the launch of Cisco SecureX came several new capabilities that help future-proof our solutions. We don’t just want to offer you a platform and call it a day. Cisco SecureX is meant to be a living, breathing entity that evolves with you as your needs change. It’s a mix of well-established and new security offerings, and it will continue to adapt as the threat landscape expands.

Our core technologies – made better

Cisco delivers unparalleled security analytics across network and cloud

When enterprise networks began to expand with the introduction of cloud and BYOD, for example, one of our core technologies, in this case providing network traffic analytics, was on the front lines. In fact, Cisco Stealthwatch was created two decades ago to provide much-needed visibility into enterprise environments. That need only grew as infrastructure extended beyond the physical walls of modern businesses. Now, Stealthwatch gives our customers the benefit of a network analytics offering that has grown up with the networks it helps secure.

As the attack surface has evolved over the years and threat actors have become more sophisticated, Stealthwatch has continued to serve as the eyes and ears of the network – delivering pervasive insight into who’s in your environment and what they’re doing – 24/7/365. Today, as much of the world’s population works from home, we find ourselves at another crossroads where there’s an unprecedented need for Stealthwatch’s in-depth, scalable analytics.

Stealthwatch is again rising to the challenge, closely monitoring organizations’ extended infrastructure for any anomalies that could signify an attack. In addition to on-premises network traffic, Stealthwatch can also monitor all major public cloud environments, as well as private clouds and endpoint data, to provide truly comprehensive visibility. And, it’s the only solution that can perform analytics on encrypted traffic without decryption.

By being a part of Cisco SecureX, Stealthwatch gains greater context into network and user behaviors from across the portfolio, and can also leverage the platform to take automated mitigation actions. Likewise, the other solutions within our portfolio can pull from Stealthwatch’s insights to increase their efficacy. This results in expedited incident investigations and remediation across the platform.

Cisco Talos brings unrivaled threat intelligence 

Cisco Talos is the largest, non-governmental threat intelligence team in the world, with over 350 professionals working around the clock to uncover emerging threats. For years, its findings have been fed into our entire security portfolio, including Stealthwatch, to strengthen our customers’ defenses.

Due to the breadth of Cisco’s security offerings and our immense volume of customers and partners, Cisco Talos has more visibility into emerging threats than any other security vendor in the world. But the team doesn’t just sit back and wait for intelligence to flow in. Every day, Talos researchers are proactively hunting for vulnerabilities and other issues that could impact global security. And when issues are discovered, coverage is pushed to all of our security products as fast as possible to ensure customers are protected.

If you think about Cisco SecureX as a car, with the various components of our portfolio working together to make it run smoothly, you can view Cisco Talos as the fuel powering the whole vehicle onwards.

What’s new?   

Making threat hunting more accessible

Despite all of the various defenses organizations have in place today to catch threats, some remain hidden and difficult to detect. The practice of threat hunting has emerged to try to combat these more covert security issues. However, threat hunting still remains challenging for many organizations due to a shortage of skilled professionals and advanced tools.

With the launch of SecureX, we unveiled SecureX Threat Hunting, fueled by Cisco Talos. SecureX Threat Hunting assists security teams by helping to uncover hidden threats and providing recommended next steps for further investigation and remediation. Offered as part of our endpoint protection, it allows organizations to take a more proactive approach to security. 

You’ve got (secure) mail

Email remains the number one threat vector for launching cyberattacks on today’s organizations. However, many security solutions are still missing effective email protection. The need for comprehensive email security has risen even further as more companies have transitioned from traditional email systems to cloud-based email solutions such as Office 365, and have found that they lack advanced security with those platforms.

Gartner expects that by 2021, 70% of public and private companies will be using cloud email services. Building off of our proven, multi-layered email security solutions, we’ve recently launched Cisco Cloud Mailbox Defense to address this transition to the cloud.

Cisco Cloud Mailbox Defense is a cloud-native email security platform that provides insight into inbound, outbound, and internal messages, as well as easy attack remediation. Like Cisco SecureX, it is built on the principles of visibility, simplicity, and integration. Being part of a larger security platform further enhances email security by increasing context and enabling a more efficient, coordinated response to email-based attacks.

Helping you embrace the cloud  

The cloud is being widely adopted not just for email, but for many other technologies – especially as employees work from home and demand more flexible, convenient access to business applications. We want to make sure that customers can embrace the many benefits of the cloud while still keeping their assets and data secure.

That is why we’ve collaborated with Amazon Web Services (AWS) to develop solutions that help Cisco customers accelerate their adoption of AWS cloud services, while maintaining a consistent security posture across their environment – from on-prem to cloud. We want to ensure that key security concepts including visibility, segmentation, threat protection, and identity and access management are carried over as customers transition to AWS.

At the end of the day, Cisco SecureX is not just about us. It’s not just about making our own products work with one another. We want them to work with your other technologies as well – from security products to major infrastructure – so you can have all hands on deck when it comes to protecting your organization.

Protecting what’s now and what’s next

According to ESG, “Enterprise-class cybersecurity technology vendors can do a lot of the grunt work by tightly integrating their best-of-breed products into scalable and interoperable technology architectures.” That is our goal with Cisco SecureX. The solutions highlighted above represent just a few examples of how we’re helping customers secure what’s now and what’s next – by pairing long-time, industry-leading technologies with new, innovative solutions.

Whether you’re new to Cisco Secure, or you already use many of our technologies, you can begin benefiting from the integration and automation delivered by Cisco SecureX today. Get started now.

 

The post Cisco SecureX – What’s driving our platform? appeared first on Cisco Blogs.

Introducing MITRE ATT&CK in MVISION Cloud: Defend with Precision

The latest innovation in MVISION Cloud, the multi-cloud security platform for enterprise, introduces MITRE ATT&CK into the workflow for SOC analysts to investigate cloud threats and security managers to defend against future attacks with precision.

Most enterprises use over 1,500 cloud services, generating millions of events, from login, to file share, to download and an infinite number of actions meant for productivity yet exploited by adversaries. Until now, hunting for adversary activity within that haystack has been an arduous effort, with so much noise that many data breaches have gone unnoticed until it is too late.

MVISION Cloud takes a multi-layered approach to cloud threat investigation that can speed your time to detect adversary activity in your cloud services, identify gaps, and implement targeted changes to your policy and configuration.

First, the haystack of events is processed continuously against a baseline of known good behavior by User and Entity Behavior Analytics (UEBA) to identify the anomalies and actual threats in your environment, assessing behavior across multiple services and accounts.

Events processed by UEBA determined to be a compromised account

Events processed by UEBA determined to be a compromised account 

This takes your investigation process down to a manageable quantity of incidents. With this release, those incidents are now in the same language as the rest of the SOC – MITRE ATT&CK. Each cloud security incident is mapped to ATT&CK tactics and techniques, showing you adversary activity currently being executed in your environment.  

Multi-cloud MITRE ATT&CK view of adversary activity in MVISION Cloud

Multi-cloud MITRE ATT&CK view of adversary activity in MVISION Cloud 

You have three views within MVISION Cloud:  

  • Retrospective: viewing all adversary techniques that have already occurred in your environment 
  • Proactive: viewing attacks in progress, that you can take action to stop  
  • Full kill-chain: viewing a combination of incidents, anomalies, threats, and vulnerabilities into a holistic string of infractions.  

Multiple teams in your organization benefit from this addition to MVISION Cloud:  

  • SecOps Teams Advance from Reactive to Proactive: McAfee MVISION Cloud allows analysts to visualize not only executed threats in the ATT&CK framework, but also potential attacks they can stop across multiple Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) environments 
  • SecOps Teams Break Silos: SecOps teams can now bring pre-filtered cloud security incidents into their Security Information Event Management (SIEM)/Security Orchestration, Automation and Response (SOAR) platforms via API, mapped to the same ATT&CK framework they use for endpoint and network threat investigation  
  • Security Managers Defend with Precision: McAfee MVISION Cloud now takes Cloud Security Posture Management (CSPM) to a new level, providing security managers with cloud service configuration recommendations for SaaS, PaaS and IaaS environments, which address specific ATT&CK adversary techniques 

With McAfee, threat investigation isn’t just for one environment – it is for all of your environments, from cloud to endpoint and your analytics platforms. With McAfee MVISION CloudMVISION EDRand MVISION Insights, your enterprise has an extended detection and response (XDR) platform for the heterogenous attacks you face today.

Cloud Threat Investigation 101: Hunting with MITRE ATT&CK

The leading SecOps teams use MITRE ATT&CK. Now, Cloud threat investigation speaks the same language with ATT&CK built into MVISION Cloud, unlocking new, precise methods for Cloud defense.

Download Now

The post Introducing MITRE ATT&CK in MVISION Cloud: Defend with Precision appeared first on McAfee Blogs.

Have You Considered Your Organization’s Technical Debt?

TL;DR Deal with your dirty laundry.

Have you ever skipped doing your laundry and watched as that pile of dirty clothes kept growing, just waiting for you to get around to it? You’re busy, you’re tired and you keep saying you’ll get to it tomorrow. Then suddenly, you realize that it’s been three weeks and now you’re running around frantically, late for work because you have no clean socks!

That is technical debt.

Those little things that you put off, which can grow from a minor inconvenience into a full-blown emergency when they’re ignored long enough.

Piling Up

How many times have you had an alarm go off, or a customer issue arise from something you already knew about and meant to fix, but “haven’t had the time”? How many times have you been working on something and thought, “wow, this would be so much easier if I just had the time to …”?

That is technical debt.

But back to you. In your craze to leave for work you manage to find two old mismatched socks. One of them has a hole in it. You don’t have time for this! You throw them on and run out the door, on your way to solve real problems. Throughout the day, that hole grows and your foot starts to hurt.

This is really not your day. In your panicked state this morning you actually managed to add more pain to your already stressed system, plus you still have to do your laundry when you get home! If only you’d taken the time a few days ago…

Coming Back to Bite You

In the tech world where one seemingly small hole – one tiny vulnerability – can bring down your whole system, managing technical debt is critical. Fixing issues before they become emergent situations is necessary in order to succeed.

If you’re always running at full speed to solve the latest issue in production, you’ll never get ahead of your competition and only fall further behind.

It’s very easy to get into a pattern of leaving the little things for another day. Build optimizations, that random unit test that’s missing, that playbook you meant to write up after the last incident – technical debt is a real problem too! By spending just a little time each day to tidy up a few things, you can make your system more stable and provide a better experience for both your customers and your fellow developers.

Cleaning Up

Picture your code as that mountain of dirty laundry. Each day that passes, you add just a little more to it. The more debt you add on, the more daunting your task seems. It becomes a thing of legend. You joke about how you haven’t dealt with it, but really you’re growing increasingly anxious and wary about actually tackling it, and what you’ll find when you do.

Maybe if you put it off just a little bit longer a hero will swoop in and clean up for you! (A woman can dream, right?) The more debt you add, the longer it will take to conquer it, and the harder it will be and the higher the risk is of introducing a new issue.

This added stress and complexity doesn’t sound too appealing, so why do we do it? It’s usually caused by things like having too much work in progress, conflicting priorities and (surprise!) neglected work.

Managing technical debt requires only one important thing – a cultural change.

As much as possible we need to stop creating technical debt, otherwise we will never be able to get it under control. To do that, we need to shift our mindset. We need to step back and take the time to see and make visible all of the technical debt we’re drowning in. Then we can start to chip away at it.

Culture Shift

My team took a page out of “The Unicorn Project” (Kim, 2019) and started by running “debt days” when we caught our breath between projects. Each person chose a pain point, something they were interested in fixing, and we started there. We dedicated two days to removing debt and came out the other side having completed tickets that were on the backlog for over a year.

We also added new metrics and dashboards for better incident response, and improved developer tools.

Now, with each new code change, we’re on the lookout. Does this change introduce any debt? Do we have the ability to fix that now? We encourage each other to fix issues as we find them whether it’s with the way our builds work, our communication processes or a bug in the code.

We need to give ourselves the time to breathe, in both our personal lives or our work day. Taking a pause between tasks not only allows us to mentally prepare for the next one, but it gives us time to learn and reflect. It’s in these pauses that we can see if we’ve created technical debt in any form and potentially go about fixing it right away.

What’s Next?

The improvement of daily work ultimately enables developers to focus on what’s really important, delivering value. It enables them to move faster and find more joy in their work.

So how do you stay on top of your never-ending laundry? Your family chooses to makes a cultural change and decides to dedicate time to it. You declare Saturday as laundry day!

Make the time to deal with technical debt –your developers, security teams, and your customers will thank you for it.

 

The post Have You Considered Your Organization’s Technical Debt? appeared first on .

Fixing cloud migration: What goes wrong and why?

 

The cloud space has been evolving for almost a decade. As a company we’re a major cloud user ourselves. That means we’ve built up a huge amount of in-house expertise over the years around cloud migration — including common challenges and perspectives on how organizations can best approach projects to improve success rates.

As part of our #LetsTalkCloud series, we’ve focused on sharing some of this expertise through conversations with our own experts and folks from the industry. To kick off the series, we discussed some of the security challenges solution architects and security engineers face with customers when discussing cloud migrations. Spoiler…these challenges may not be what you expect.

 

Drag and drop

 

This lack of strategy and planning from the start is symptomatic of a broader challenge in many organizations: There’s no big-picture thinking around cloud, only short-term tactical efforts. Sometimes we get the impression that a senior exec has just seen a ‘cool’ demo at a cloud vendor’s conference and now wants to migrate a host of apps onto that platform. There’s no consideration of how difficult or otherwise this would be, or even whether it’s necessary and desirable.

 

These issues are compounded by organizational siloes. The larger the customer, the larger and more established their individual teams are likely to be, which can make communication a major challenge. Even if you have a dedicated cloud team to work on a project, they may not be talking to other key stakeholders in DevOps or security, for example.

 

The result is that, in many cases, tools, applications, policies, and more are forklifted over from on-premises environments to the cloud. This ends up becoming incredibly expensive. as these organizations are not really changing anything. All they are doing is adding an extra middleman, without taking advantage of the benefits of cloud-native tools like microservices, containers, and serverless.

 

There’s often no visibility or control. Organizations don’t understand they need to lockdown all their containers and sanitize APIs, for example. Plus, there’s no authority given to cloud teams around governance, cost management, and policy assignment, so things just run out of control. Often, shared responsibility isn’t well understood, especially in the new world of DevOps pipelines, so security isn’t applied to the right areas.

 

Getting it right

 

These aren’t easy problems to solve. From a security perspective, it seems we still have a job to do in educating the market about shared responsibility in the cloud, especially when it comes to newer technologies, like serverless and containers. Every time there’s a new way of deploying an app, it seems like people make the same mistakes all over again — presuming the vendors are in charge of security.

 

Automation is a key ingredient of successful migrations. Organizations should be automating everywhere, including policies and governance, to bring more consistency to projects and keep costs under control. In doing so, they must realize that this may require a redesign of apps, and a change in the tools they use to deploy and manage those apps.

 

Ultimately, you can migrate apps to the cloud in a couple of clicks. But the governance, policy, and management that must go along with this is often forgotten. That’s why you need clear strategic objectives and careful planning to secure more successful outcomes. It may not be very sexy, but it’s the best way forward.

 

To learn more about cloud migration, check out our blog series. And catch up on all of the latest trends in DevOps to learn more about securing your cloud environment.

The post Fixing cloud migration: What goes wrong and why? appeared first on .

Multi-Cloud Environment Challenges for Government Agencies

Between January and April of this year, the government sector saw a 45% increase in enterprise cloud use, and as the work-from-home norm continues, socially distanced teamwork will require even more cloud-based collaboration services.

Hybrid and multi-cloud architectures can offer government agencies the flexibility, enhanced security and capacity needed to achieve what they need for modernizing now and into the future. Yet many questions remain surrounding the implementation of multi- and hybrid-cloud architectures. Adopting a cloud-smart approach across an agency’s infrastructure is a complex process with corresponding challenges for federal CISOs.

I recently had the opportunity to sit with several public and private sector leaders in cloud technology to discuss these issues at the Securing the Complex Ecosystem of Hybrid Cloud webinar, organized by the Center for Public Policy Innovation (CPPI) and Homeland Security Dialogue Forum (HSDF).

Everyone agreed that although the technological infrastructure supporting hybrid and multi-cloud environments has made significant advancements in recent years, there is still much work ahead to ensure government agencies are operating with advanced security.

There are three key concepts for federal CISOs to consider as they develop multi- and hybrid-cloud implementation strategies:

  1. There is no one-size-fits-all hybrid environment

Organizations have adopted various capabilities that have unique gaps that must be filled. A clear system for how organizations can successfully fill these gaps will take time to develop. That being said, there is no one-size-fits-all hybrid or multi-cloud environment technology for groups looking to implement a cloud approach across their infrastructure.

  1. Zero-trust will continue to evolve in terms of its definition

Zero-trust has been around for quite some time and will continue to grow in terms of its definition. In concept, zero-trust is an approach that requires an organization to complete a thorough inspection of its existing architecture. It is not one specific technology; it is a capability set that must be applied to all areas of an organization’s infrastructure to achieve a hybrid or multi-cloud environment. 

  1. Strategies for data protection must have a cohesive enforcement policy

A consistent enforcement policy is key in maintaining an easily recognizable strategy for data protection and threat management. Conditional and contextual access to data is critical for organizations to fully accomplish cloud-based collaboration across teams.

Successful integration of a multi-cloud environment poses real challenges for all sectors, particularly for enterprises as large and complex as the federal government. Managing security across different cloud environments can be overwhelmingly complicated for IT staff, which is why they need tools that can automate their tasks and provide continued protection of sensitive information wherever it goes inside or outside the cloud.

At McAfee, we’ve been dedicating ourselves to solving these problems. We are excited that McAfee’s MVISION Cloud has been recognized as the first cloud access security broker (CASB) with FedRAMP High authorization. Additionally, we’ve been awarded an Other Transaction Authority by the Defense Innovation Unit to prototype a Secure Cloud Management Platform through McAfee’s MVISION Unified Cloud Edge (UCE) cybersecurity solution.

We look forward to engaging in more strategic discussions with our partners in the private and public sectors to not only discuss but also help solve the security challenges of federal cloud adoption.

The post Multi-Cloud Environment Challenges for Government Agencies appeared first on McAfee Blogs.

McAfee Vision for SASE: Making Cloud Adoption Fast, Easy and Secure

While cloud services deliver on promised savings and convenience, keeping everything secure remains a moving target for many organizations.

That’s because the enterprise perimeter has not only expanded, it has pushed the service edge to anywhere business takes you—or employees choose to go. Consequently, many organizations must uplevel how they protect cloud-based apps, data and services. Achieving success will be difficult with walled-garden style defenses found in legacy environments.

Gartner suggests an Adaptative Zero Trust approach (CARTA) to secure use of cloud applications, and it recommends a Secure Access Service Edge (SASE) framework to deliver connectivity and security for Cloud applications.

A lot of SASE vendors have focused on convergence of networking and security, but the key business goal of SASE is to protect applications and data in the cloud by building a pervasive edge that spans all manners of accessing these applications and data.

McAfee’s MVISION Unified Cloud Edge (UCE) delivers this pervasive edge and enables organizations to apply consistent data protection and threat prevention policies across their entire estate, including users, devices, locations and applications. Under the covers, MVISION UCE is convergence of Cloud Access Security Broker (CASB), next-gen Secure Web Gateway (SWG), and data loss protection (DLP) technologies delivered via a single global cloud fabric –with consistent policy and incident management.  Each of the MVISION UCE components provide coverage over distinct controls points that seamlessly deliver the pervasive edge:

  • McAfee CASB provides direct visibility and control over cloud-native interactions that are impossible to broker via a network/man-in-the-middle approach. This not only includes real time data and threat protection for data being stored/created in the cloud, it also includes on-demand scanning over existing data to identify both sensitive data and malware. The data objects could include files, messages and field data such as structured data objects in business applications like Salesforce.com, ServiceNow, Workday, etc.
  • McAfee’s next-gen SWG establishes proxy-based visibility and control over web traffic with deep awareness of cloud activity and data interactions. This keeps users safe from accidental data loss or malware, and it delivers the most advanced threat protection against ransomware, phishing attempts and other advanced attacks by integrating Remote Browser Isolation (RBI), a recommended part of a SASE architecture in our next-gen SWG.
  • A common DLP engine that provides device-to-cloud visibility and control over sensitive data on personal or managed devices, data resident and transacted in the cloud and data transiting over the network. McAfee MVISION UCE shares data classifications with all enforcement points for device, network, and the cloud with a single incident management console and API.

The convergence of cloud-native SWG and CASB also enables use cases that can extend network-delivered SASE controls with deep context of cloud applications in a single fabric. Many cloud-application-centric use cases that are critical in a post-COVID work from home scenario cannot be delivered by pure-play cloud SWGs, including:

  • The ability to apply contextual access control to users connecting to sanctioned Cloud applications directly over the internet, without a VPN. MVISION UCE ensures a user with a corporate device has full access to Microsoft 365, whereas a user with an unmanaged device has read-only access, which can be delivered by an app-proxy or remote browser isolation.
  • The ability to control unsanctioned Cloud applications at different levels of granularity including tenancy, activity and data. McAfee provides consistent policies that specifically identify and grant permissions to unsanctioned or personal services like OneDrive where the cloud user can be blocked from synching any data to personal OneDrive, or can be blocked from synching only “classified or sensitive” data to personal OneDrive.
  • The ability to protect against day-zero threats from the cloud in real time without any friction to the user experience. McAfee helps prevent end-user synching or downloading malware delivered from a trusted cloud storage provider such as OneDrive, Google Drive or  Dropbox.

In addition, most SASE vendors today focus on user to cloud security – otherwise known as front door controls, but that is not sufficient. Data and threats also need to be protected across side doors in the cloud. Protection also needs to be extended to backdoors within the cloud. McAfee’s MVISION UCE delivers side- and back-door controls that are not offered by any other SASE

  • Connected Application Control

Enables your architecture to discover SaaS applications or home-grown applications connected to each other via API channels. It can then authorize these API connections based on policies, risk and behavior of the connected application. For instance, a Sales VP connecting Clari, a sales forecasting mobile application, to the corporate Salesforce.com instance and pulling all the Salesforce.com data into Clari. The SASE architecture needs to be able to discover all such app-to-app connections and have granular policies around what scope of access should be allowed.

  • SaaS Cloud Security Posture Management (CSPM)

Allows your SASE architecture to assess and manage the security posture of your SaaS provider’s control and management planes. Specifically, Microsoft 365 has more than 200 individual configuration settings that need to be evaluated for an appropriate security posture of 365. For example, the default sharing permissions on Sharepoint that make shared links available to anyone in the world and never expire.

  • Sharing and Collaboration Control

Enables your architecture to control the transaction flow of sensitive data being shared inappropriately between users within the organization or across organizations via popular collaboration platforms such Microsoft OneDrive, Microsoft Teams, Slack, Zoom, etc. For example, McAfee helps ensure sensitive data is not posted to external (guest) users in Microsoft Teams.

Cloud-native

Long promised, cloud transformation is catching on at a time when enterprises increasingly rely upon cloud services to support their expanding digital activities. It can support large parts of the workforce who are working remotely and from home. Data and Threat controls must work in real-time as data moves to and from cloud applications. Accordingly, organizations need a cloud-native security architecture that is frictionless and ensures cloud applications function without latency or application breakage, and with security delivered in real-time. This real-time capability is not just necessary for network controls delivered by the SWG service; they are equally essential for cloud-native controls delivered via API and email gateways. Gartner describes the use of Points of Presence (POP) for global distribution and scale for SASE architectures. Most vendors offering SASE describe their footprint in terms of their network POPs. McAfee MVISION UCE has more than 50 globally distributed network POPs, but it also has similar scale and capacity for API and email POPs to ensure pervasive real-time control.

By our estimate, load increases on cloud security services in the last three months have soared from between 200% and 700%. While this surge has caused many other SASE providers to buckle, McAfee has logged an amazing 99.999% uptime! This is largely driven by our cloud-native architecture which does not rely on racking and stacking network appliances in public cloud, or by purely relying in colocation POPs that might have longer lead times to build-out and support burst capacity. McAfee MVSION UCE is not only built in a cloud-native (i.e. software- defined) manner deployed in POPs around the world, it also has ability to leverage public cloud providers such as AWS, Azure and GCP for burst POP capacity in order to deliver surge capacity without delay.

MVISION UCE, with its focus on protecting data and preventing threats in the cloud, along with its approach to both network-based and cloud-native controls, marks a key milestone on the path to implementing Gartner’s SASE framework.

Click here to learn more about McAfee MVISION UCE.

The post McAfee Vision for SASE: Making Cloud Adoption Fast, Easy and Secure appeared first on McAfee Blogs.

What to Expect from the Next Generation of Secure Web Gateways

After more than a century of technological innovation since the first units rolled off Henry Ford’s assembly lines, automobiles and transportation bear little in common with the Model T era. This evolution will continue as society finds better ways to achieve the outcome of moving people from point A to point B.

While secure web gateways (SWGs) have operated on a far more compressed timetable, a similarly drastic evolution has taken place. SWGs are still largely focused on ensuring users are protected from unsafe or non-compliant corners of the internet, but the transition to a cloud- and remote-working world has created new security challenges that the traditional SWG is no longer equipped to handle. It’s time for the next generation of SWGs that can empower users to thrive safely in an increasingly decentralized and dangerous world.

How We Got Here

The SWG actually started out as a URL filtering solution and enabled organizations to ensure that employees’ web browsing complied with corporate internet access policy.

URL filtering then transitioned to proxy servers sitting behind corporate firewalls. Since proxies terminate traffic coming from users and complete the connection to the desired websites, security experts quickly saw the potential to perform more thorough inspection than just comparing URLs to existing blacklists. By incorporating anti-virus and other security capabilities, the “secure web gateway” became a critical part of modern security architectures. However, the traditional SWG could only play this role if it was the chokepoint for all internet traffic, sitting at the edge of every corporate network perimeter and having remote users “hairpin” back through that network via VPN or MPLS links.

Next-Generation SWG

The transition to a cloud and remote-working world has put new burdens on the traditional perimeter-based SWG. Users can now directly access IT infrastructure and connected resources from virtually any location from a variety of different devices, and many of those resources no longer reside within the network perimeter on corporate servers.

This remarkable transformation also expands the requirements for data and threat protection, leaving security teams to grapple with a number of new sophisticated threats and compliance challenges. Unfortunately, traditional SWGs haven’t been able to keep pace with this evolving threat landscape.

Just about every major breach now involves sophisticated multi-level web components that can’t be stopped by a static engine. The traditional SWG approach has been to coordinate with other parts of the security infrastructure, including malware sandboxes. But as threats have become more advanced and complex, doing this has resulted in slowing down performance or letting threats get through. This is where Remote Browser Isolation (RBI) brings in a paradigm shift to advanced threat protection. When RBI is implemented as an integral component of SWG traffic inspection, and with the right technology like pixel mapping, it can deliver real-time, zero-day protection against ransomware, phishing attacks and other advanced malware while not hindering the browsing experience.

Another issue revolves the encrypted nature of the internet. The majority of web traffic and virtually all cloud applications use SSL or TLS to protect communications and data. Without the ability to decrypt, inspect and re-encrypt traffic in a compliant, privacy-preserving manner, a traditional SWG is simply not able to cope with today’s world.

Finally, there is the question of cloud applications. While cloud applications operate on the same internet as traditional websites, they function in a fundamentally different way that traditional SWGs simply can’t understand. Cloud Access Security Brokers (CASBs) are designed to provide visibility and control over cloud applications, and if the SWG doesn’t have access to a comprehensive CASB application database and sophisticated CASB controls, it is effectively blind to the cloud.

 

What we need from Next-Gen SWGs

Fig. Next Generation Secure Web Gateway Capabilities

A next-gen SWG should help simplify the implementation of Secure Access Service Edge (SASE) architecture and help accelerate secure cloud adoption. At the same time, it needs to provide advanced threat protection, unified data control, and efficiently enable a remote and distributed workforce.

Here are some of the use cases:

  • Enable a remote work force with a direct-to-cloud architecture that delivers 99.999% availability – As countries and states slowly came out of the shelter-in-place orders, many organizations indicated that supporting a remote and distributed workforce will likely be the new norm. Keeping remote workers productive, data secured, and endpoints protected can be overwhelming at times. A next-gen SWG should provide organizations with the scalability and security to support today’s remote workforce and distributed digital ecosystem. A cloud-native architecture helps ensure availability, lower latency, and maintain user productivity from wherever your team is working. A true cloud-grade service should offer five nines (99.999%) availability consistently.

 

  • Reduce administrative complexity and lower cost – Today, with increased cloud adoption, more than eighty percent of traffic is destined for the internet. Backhauling internet traffic to a traditional “Hub and Spoke” architecture which requires expensive MPLS links can be very costly. Network slows to a halt as traffics spikes, and VPN for remote workers have proven to be ineffective. A next-gen SWG should support the SASE framework and provide a direct-to-cloud architecture that lowers the total operating costs by reducing the need for MPLS links. With a SaaS delivery model, next-gen SWG’s remove the need to deploy and maintain hardware infrastructure reducing hardware and operating costs. Per Gartner’s SASE report, organizations can “reduce complexity now on the network security side by moving to ideally one vendor for secure web gateway (SWG), cloud access security broker (CASB)…”  By unifying CASB and SWG, organizations can benefit from unified policy and incident management, shared insights on business risk and threat database, and reduced administrative complexity.

 

  • Defend against known and unknown threats – As the web continues to grow and evolve, web-borne malware attacks grow and evolve as well. Ransomware, Phishing and other advanced web-based threats are putting users and endpoints at risk.  A next-gen SWG should provide real-time Zero-day malware and advanced phishing protection via a layered approach that integrates dynamic threat intelligence for URL, IPs and file-hashes and real-time protection against unknown threats with machine-learning and emulation-based sandboxing. A next-gen SWG should also include integrated Remote Browser Isolation to prevent unknown threats from ever reaching the endpoints. Furthermore, a next-gen SWG should provide the capability to decrypt, inspect and re-encrypt SSL/TLS traffic so threats and sensitive data cannot hide in encrypted traffic. Lastly, a next-gen SWG should be XDR-integrated to improve SOC efficiencies. SOC teams have too much to deal with already and they shouldn’t settle for Siloed security tools.

 

  • Lock down your data, not your business – More than 95% of companies today use cloud services, yet only 36% of companies can enforce data loss prevention (DLP) rules in the cloud at all. A next-gen SWG should offer a more effective way to enforce protection with built-in Data Loss Prevention templates and in-line data protection workflows to help organizations comply with regulations. A device-to-cloud data protection offers comprehensive data visibility and consistent controls across endpoints, users, clouds, and networks. When incidents do happen, administrators should be able to manage investigations, workflows, and reporting from a single console. Next-gen SWGs should also integrate user and entity behavior analytics (UEBA) to further protect business sensitive data by detecting and separating normal users from the malicious or compromised ones.

SWGs have clearly come a long way from just being URL filtering devices to the point where they are essential to furthering the safe and accelerated adoption of the cloud. But we need to push the proverbial envelope a lot further. Digital transformation demands nothing less.

Live Webinar

Top Use Cases for a Next-Gen Secure Web Gateway

Thursday, July 16, 2020
10am PT | 12pm CT | 1pm ET

Register Now

 

The post What to Expect from the Next Generation of Secure Web Gateways appeared first on McAfee Blogs.

Working from Home in 2020: Threat Actors Target the Cloud

Like any enterprise, cybercrime focuses its resources where it can derive value, which is data. In the case of ransomware, data is held hostage for a direct monetary exchange, whereas many other data breaches seek to steal data and monetize it on dark web markets. These two methods are even starting to merge, with some cybercrime organizations now offering Data-Leaking-as-a-Service. For most of the history of cybercrime, resources and infrastructure used to steal data targeted endpoint devices and network stores, using malware to land an attack, find data, and exfiltrate. That’s where the data was.   

Now, we have a dramatic shift of data moving to cloud service providers, held not within the confines of a customer’s managed network but instead a third party. The shift to working from home in early 2020 accelerated cloud use, just as it accelerated other trends like food delivery and telehealth. Read more about the increase in cloud use in our first post on this topic, here.  

With the acceleration of cloud adoption comes more data in the cloud, and in lockstep, threat actors shifting their attack resources to the cloudThrough the first months of 2020 as this shift occurred, we monitored attack attempts from external threat actors on our customer’s cloud accounts, which increased 630%: 

  

In this chart, we’ve plotted all threats across 30 million cloud end users, along with the two primary categories of external threat events targeted at cloud accounts. They are: 

  • Excessive Usage from Anomalous Location. This begins with a login from a location that has not been previously detected and is anomalous to the user’s organization. The threat actor then initiates high-volume data access and/or privileged access activity.  
  • Suspicious Superhuman. This is a login attempt from more than one geographically distant location, impossible to travel to within a given period of time. We track this across multiple cloud services, for example, if a user attempts to log into Microsoft 365 in Singapore, then logs into Slack in California five minutes later.  

The increase in threat events impacted some verticals more than others, with companies in Transportation/Logistics, Education, and Government agencies hit the hardest:  

 

Head over to the report below for more analysis on how specific verticals were targeted, where these attacks came from, and recommendations for how to protect your organization.  

 

The post Working from Home in 2020: Threat Actors Target the Cloud appeared first on McAfee Blogs.

Cybersecurity advice and tips for the remote workers

Sarah, an associate employed with EduWorldUSAsays that with the global pandemic of COVID-19, the entire dynamics of how we communicate, work, and collaborate with people has changed. A lot of government, private, and public-sector companies have made it a mandatory requirement for their employees to strictly work from home. For a lot of employees, it is the first time that they are working from home. Now, this might bring in a lot of challenges. In addition to the uncertainties and the stress of this pandemic, we also need to struggle every day with this transition in our work-life habits. It is going to be equally tough for the students who are told to take all their classes from the home online. So, in the tips cybersecurity practices that we have listed below, we not only target the remote workers but also the students. 

You must already know how difficult it is for you to ensure that you and your employees are cyber secure when they work in an office environment, where cybersecurity is already a quintessential part of the day-to-day culture. But, now when the employees are working from home, it has become twice as challenging as you need to make them aware of safe and cyber-secure habits and practices. 

Now, to help the employees, and the security leaders to fare well through this transition phase, we have come up with a list of tips that are exclusively dedicated to keeping the remote employees cyber secure.

Things employees and the remote workers should do to be cyber secure

To ensure that you and your employees are cyber secure, you need to adopt a bunch of practices. These include:

  • When you try connecting to your company’s network, only use a highly secure connection. You need to further ascertain that company’s Virtual Private Network is configured with a multi-level authentication. 
  • Do your office work only from your home Wi-Fi. Do not ever connect your office computer with a public or an open Wi-Fi. 
  • Never exchange or transfer the files, information, or the work data from your work computer to your personal devices or home computer. Robin, who works with a website that does your homework,says that he never does his office work on his home computer because that would put a lot of private and confidential data to risk. It so happens because your home computer’s browsers and systems do not have the high-end security software, and are thus, exposed to risks.
  • Ensure that you are only using the latest operating systems, applications, internal software, and network tools. Furthermore, at all times, on your work computer, you should get your office’s IT support cell to install anti-spam and malware protection software.   
  • Only use passwords that are strong for your email, laptop, and even your work phone. 
  • Only use the cloud applications that are approved for both storing or the sharing of the data. 
  • Do not ever print or store paper documents, which might have sensitive data at your home.  

At all times, the organizations should adopt and promote best security practices and tools. You can also leverage nano learnings, newsletters, micro learnings along with the other awareness tools. This ensures that the security stays a top-of-the-mind issue.  

How to ensure that the home computer is cyber secure?

To ensure that your and your employee’s home computer is cyber secure, you need to aware about the following:

Have all the software updated

Firstly, tell them that all their software and applications should be updated.  Furthermore, ensure that only the latest browsers, operating systems, or the apps are present in the devices or the computers, which you connect to the internet for your office work.

Use secure connection

Always use a Wi-Fi connection that is 100% secure. If possible, get a home firewall installed. It is important to be alert to ensure that all the important company assets are protected from all types of cyber-attacks. 

Have an antivirus software installed

You need to use antivirus software. It will help you automatically scan the files that you download, the websites that you visit, the email attachments that come in your mail, and the data that save on the USB sticks, hard drives, and memory cards. Jacob, an expert who works with a homework writing agency and offers online assignment help Sydney, says that when he associated with this agency, they installed the Anti-Virus in his system to ensure that the data stayed safe. 

Use stronger passwords

You need to have stronger passwords not only on your work devices but also on your home computers. Never use something as your partner’s name, your phone number, date of birth, favourite colour, or anything similar as your password.

Be click aware

Natasha, an educator who offers the best front end web development courseonline, says that though she works from home, she is always sceptical and vigilant but all the unsolicited text messages, emails, attachments, or the social media DMs that she gets. You have to follow the same. If there’s even a slight doubt, do not click on that link.  

Always ensure that your employees know, understand, and acknowledge the fact that they are the first line of protection against all forms of cyber-attacks. The best way to stay protected is by staying cautious. Always look at every unknown email, message, chat, or attachment as something that might be illegitimate. So, beware. 

Mobile Cyber Security Tips

The thing with cybercriminals is that they can attack you anytime and anywhere. That’s the reason even mobile cyber-attacks are common these days. Here, are a few things that you need to do for your mobile cybersecurity.

  • Disable the auto-discovery feature of Bluetooth

Rega, an online reviewer, who did an excellent ThanksForTheHelp Review, says that she always keeps the Bluetooth of her home and work phone off to keep it protected from cyber-attacks. Well, it is true, the cybercriminals always look for Bluetooth signals and use it to hack into your devices.

  • Turn off auto-connect Wi-Fi feature

Keep the Wi-Fi auto-connect feature off as that can get your phone connected to a public open Wi-Fi.

  • Enable Face ID or Touch ID

Instead of using passcodes, use visual and fingerprint authentication to ensure that your mobile phone data is safe. If you are using a password, pick one that’s unique and strong.

  • Have all the latest apps and software on your phone

Make sure all the apps are updated, and the latest software is installed. New updates are launched to keep you protected from all types of cyber threats.

The post Cybersecurity advice and tips for the remote workers appeared first on CyberDB.

Quantifying Cloud Security Effectiveness

Let’s start with the good news. Agencies are adopting cloud services at an increased rate. Adoption has only increased in times of coronavirus quarantine lockdowns with most federal, state and municipal workforce working from home. What’s even better news is that we also see increased adoption of cloud security tools, like CASB, which is commensurate with the expanding cloud footprint of US Public Sector agencies.

So now we have security tools in place to secure our cloud assets in SaaS, PaaS and IaaS. The next step is to determine what security controls need to be implemented. What DLP policies should the agency adopt? What capabilities of a cloud services should be enabled or disabled to maintain a robust security posture? How does an agency actually go about measuring the effectiveness of the security controls that were implemented? How do we find out how we stack up against our peer organizations?

To answer these questions, McAfee developed MVISION Cloud Security Advisor (CSA). Cloud Security Advisor is a portal that is provided “out-of-the-box” with your organization’s MVISION Cloud CASB tenant. CSA provides a comprehensive set of recommendations for organizations to prioritize efforts in implementing their cloud security controls. The recommendations are broken down into Visibility and Control metrics. There is also a section that provides quarterly reports on various parameters, which we will discuss in a little bit.

When you first access Cloud Security Advisor dashboard you are presented with a “magic quadrant” that shows your organization’s security posture relative to other peer organizations on the scales of Control and Visibility and provides a maturity score for both.

There is even an option to select a vertical market to see how your organizations stacks up to organizations in other business sectors.

On the right of the main dashboard are check list items that provide a short description and current progress in following Cloud Security Advisor’s recommendations. CSA scans the organization’s MISION Cloud environment once every 24 hours. Any changes to MVISION Cloud will be reflected in the next scan. In the screenshot below, for example, we see an environment that is not enforcing controls on publicly shared links in Collaboration SaaS apps.

From here, a security admin can simply click on the check list item and then on Enable Policy. This will automatically take the user to the DLP Policy Templates page to select the appropriate policy for enforcement.

Another powerful capability of MVISION Cloud Security Advisor is providing quarterly Cloud Security Reports. These are accessible from the main CSA dashboard by going to View Reports and then selecting a quarter for which you would like to see the report.

From there we can start examining our organization’s cloud footprint to identify total number of Shadow IT services discovered that quarter as well as some additional Shadow IT statistics.

Next we can look at IaaS resources in all our AWS, Azure and GCP environments.

We then proceed to look at summary statistics for DLP and access policy violations. Incidents show policy violations of each type detected across all of the organization’s cloud environments secured by MVISION Cloud CASB.

Next screen shows user behavioral anomalies and threats uncovered by MVISION Cloud UBA machine-learning engine.

The Malware section of the report provides insights into malware uncovered in SaaS and IaaS environments connected to MVISION Cloud.

The Data at Risk report is probably the most pertinent to gauging the effectiveness of the MVISION Cloud CASB solution. This report shows how much of the organization’s data was at risk and how it was secured using MVISION Cloud CASB. As seen from the image, there is a downward trend, indicating progress is being made to secure organization’s data.

The Sensitive Data report shows how organization’s sensitive data is distributed across all cloud services in use by the organization. This report also provides insights into cloud adoption trends for your organization.

The “Users” report is a pivot table of the Sensitive Data report that organizes incidents and policy violations by individual users. Ultimately, the report shows how much of a risk an organization’s users pose to organization’s data.

The Mobile Devices report shows incidents for each type of detected mobile device.

The next three pages of the CSA report provide a deeper dive into the data on the front page of the CSA portal we saw in the beginning of this blog. On the Scores page we see the “magic quadrant” with Control and Visibility axis, together with progress relative to previous quarters. Visibility score and Control score, both on a scale of 100, gauge your organization’s maturity in securing its cloud footprint.

Next, the Visibility metrics page. Visibility metrics measure how well an organization has been doing in gaining visibility into what is out there in their cloud environment and how secure it is.

Finally, the Control metrics page shows how well an organization has performed in placing controls and mitigating security risks for its cloud environment.

And that, in a nutshell, is it. By reviewing the screenshots from the Cloud Security Advisor dashboard you should now have a good idea of the metrics at your disposal to quantify cloud security effectiveness for your organization.

To see MVISION Cloud Security Advisor in action, please check out the video below:

The post Quantifying Cloud Security Effectiveness appeared first on McAfee Blogs.

Simplify Secure Cloud Adoption with Your Next-Gen Secure Web Gateway

Today, with increased cloud adoption, more than eighty percent of corporate network traffic is destined for the internet. Backhauling internet traffic to a traditional Web Gateway’s “Hub and Spoke” architecture can be very costly. Network slows to a halt as traffics spikes, and VPN for remote workers proved to be ineffective and low performance in a situation like COVID.

Figure 1. Legacy Secure Web Gateway architecture in a cloud world.

Performance aside, as you adopt new cloud services and move more data to the cloud, you’re probably thinking: how do I protect business critical data, and how can I prevent threats coming in from the internet and cloud applications?

Many organizations are either adopting cloud services faster than they can secure them, or applying on-premises Web Gateway tools and architectures that were not designed to meet the challenges of cloud traffic. This can lead to attacks, malware, data leaks, and an unproductive work force.

IT departments need a secure yet flexible direct-to-cloud Web Gateway solution that ensures availability, maintain employee productivity and defend against threats.

Here are some of the capabilities of a Next-gen Cloud Secure Web Gateway to consider:

Real-time Zero-day Malware Prevention: Today’s threats are frequently customized and targeted. Zero-day protection is essential, and traditional gateways handle this by offloading to an out of band sandbox. The key to a next generation gateway is to provide that protection in real time – not forensically after the fact.

Unification with CASB: Gartner recommends that to reduce complexity on the network security side is to move to ideally one vendor for secure web gateway (SWG), cloud access security broker (CASB).  The Next-gen Cloud Secure Web Gateway should be a cloud- managed solution that is unified with CASB with shared risk databases, closed loop remediation and unified workflow.

Scalability and Availability: A cloud-native architecture that can offer the cloud-scale which is required as your remote workforce mushrooms as opposed to a SWG that is simply hosted in the cloud. A true cloud-grade service availability provides five nines 99.999% uptime – consistently.   Ask yourself, can you afford 50+ minutes of downtime?

Figure 2. Downtime Calculation Example.

McAfee’s Next-gen Cloud Secure Web Gateway (offered via MVISION Unified Cloud Edge) is unified with MVISION Cloud (CASB) to offer cloud-delivered web security to protect web traffic, provide visibility into data flowing to cloud applications, and safely enable both on-prem and remote workers. Furthermore, it is a direct to cloud solution that helps drive down cost and increase scalability and performance.

To find out more, listen to our latest podcast.

 

The post Simplify Secure Cloud Adoption with Your Next-Gen Secure Web Gateway appeared first on McAfee Blogs.

Does your Next-gen SWG provide Next-Gen Availability?

Few organizations were completely prepared to support everyone working off-premises as pandemic-induced stay-in-place orders were imposed across the world. This has spurred many IT organizations to expand their cloud usage—shifting how they manage remote access and protect business critical data and infrastructure. This necessary change has exposed flaws in data-center-focused cyber defenses. Now, for many organizations, the next step is a deeper dive into the new cloud-native security paradigm.

No doubt, information security is only one of many professions tasked with making strategic or procedural shifts in response to the pandemic. Keeping remote workers productive, data secured, and endpoints protected from ransomware —may seem a bit overwhelming at times. Yet, these changes mark a progression toward a very flexible architecture.

Looking ahead, what are the performance and architectural paradigm shift being considered that we will prize several years from now? Consider these three factors:

1. Scalability

Organizations are taking a second look at how they use VPNs, which were never designed to handle a high density of remote workers. Backhauling network traffic through data centers exacts a productivity hit, because it hampers latency and strains networks to the breaking point. Now, 80 percent of remote workers are interacting directly with cloud services, rather than routing traffic through data centers and security appliances. McAfee’s Next-Gen Cloud Secure Web Gateways (SWGs) was designed ground up with a cloud-native architecture and is able to provide the cloud-scale that is required as your remote workforce mushrooms as opposed to SWGs that are simply hosted in a cloud.

2. Reliability

An effective cloud-native security approach demands low latency and high availability. And yes, the widespread shift to cloud services has load-tested cloud secure web gateways. We estimate that industry-wide, cloud security services have experienced load increases ranging from 200% to 700% in recent months. How have our cloud secure web gateways performed during this surge in demand? While others experienced more downtime, we recorded the highly coveted nearly five nines 99.999% uptime in the past three months.

3. Efficacy and Usability

We must change how we secure remote workers while enabling productivity without hampering usability. Organizations that find themselves stuck with a jumble of cloud-enabled (aka cloud-hosted) —rather than cloud-native secure web gateways products cannot take a consistent or effective approach to securing data as it shifts between mobile devices, networks, and the cloud. They are also unable to protect endpoints (both managed and especially unmanaged) from emerging malware like ransomware or phishing attacks fast enough. In these organizations, there’s no unified access controls, causing even more headaches for security teams at exactly the wrong time.

Fortunately, some hurdles can be avoided. Let’s examine a cloud-native, unified security solution that can oversee, and thrive in, cloud, on-premises, and hybrid environments.

Countering Cloud Threats

Now, as organizations ramp up cloud security, they may experience challenges such as:

  • Enabling cloud workspaces to increase productivity while simultaneously securing sensitive data and defending against threats
  • Shifting data to the cloud while managing the associated higher complexity and data protection costs
  • Increasing cloud access from mobile devices while ensuring data compliance.

Blame it on the pandemic, but many businesses are adopting cloud services faster than they can secure them. Only 36% companies can enforce data loss prevention rules in the cloud. Sixty percent currently have no way to stop a personal, unsecured mobile device from downloading sensitive data from the cloud, completely invisible to IT.

Once an organization becomes highly reliant upon cloud services, it becomes more susceptible to cloud-native threats such as phishing attacks and various forms of malware. This is an acute issue when 83% of companies store sensitive data in the cloud (according to our 2019 study).

In response, many organizations apply on-premises security tools that were not designed to address the unique challenges of cloud-native threats. This can result in coverage gaps for users, devices, data and cloud environments, too. And gaps sprout data leaks, which can lead to financial, reputational, IP loss, and compliance exposure such as GDPR or PCI fines.

Flying blind is a common cloud management challenge, but effective cloud security requires visibility, control and closed loop remediation. Establishing a complete view into your cloud usage and cloud data, you can begin to mitigate risk by implementing access controls, data protection, and threat prevention measures to your cloud services.

Live Webinar

Top Use Cases for a Next-Gen Secure Web Gateway

Thursday, July 16, 2020
10am PT | 12pm CT | 1pm ET

Register Now

Enter MVISION Unified Cloud Edge (UCE)

Consistent policy implementations become a key success factor when managing data and devices beyond your firewall. Only 30% of companies today can protect data with the same policies on their devices, network, and in the cloud. McAfee MVISION UCE architecture establishes visibility and control of data from device to cloud—all in one dashboard. The cloud-native approach helps reduce TCO, offers architectural simplicity with better performance and bandwidth, and reduces MPLS costs.

MVISION UCE combines a Cloud Secure Web Gateway (SWG) with Browser Isolation; a Cloud Access Security Broker (CASB); and Data Loss Prevention (DLP) capabilities to define next generation of cloud security gateway based on cloud native architecture. By converging these four core technologies into one solution, we enable Organizations to implement a simplified Secure Access Service Edge (SASE) architecture which delivers:

  • Comprehensive visibility and consistent controls over data from device to cloud
  • Consistent threat protection with unified management, and investigations.
  • Direct-to-Cloud architecture with enterprise scale and resilience.

While some may argue that cloud-based architectures were simply inevitable, many IT teams are still grappling with how best to support remote workers and implement cloud-based security. A cloud native approach, such as MVISION UCE, will safely enable cloud workspaces, reducing the risk of breaches, rogue employees or malware.

Register for our webinar to learn more about McAfee’s Next-Gen Cloud SWG, MVISION UCE and how to implement SASE.

The post Does your Next-gen SWG provide Next-Gen Availability? appeared first on McAfee Blogs.

The Power of Convergence

This blog was written by Rodman Ramezanian, Pre-Sales Security Engineer at McAfee

In cybersecurity, integration has become a near-obligatory requirement for organisations considering new products. They want to know new products will complement existing investments to collectively produce more effective and efficient solutions.

But as of late, the term convergence has emerged as another key capability and expectation of technology platforms.

I’d like to explore how these terms differ and how those differences will shape security outcomes in the future.

Definitions

Let’s start with a stone-cold definition. According to the Merriam-Webster Dictionary:

  • Integrate means “to end the segregation of and bring into equal membership in society or an organisation”
  • Converge means “to come together and unite in a common interest or focus”

Are we splitting hairs here? Are they much of a muchness?

These days, integration typically refers to the establishment of a common communication channel or route between disparate solutions to solve a particular challenge – usually to enable data sharing of some sort. Standard examples we hear sound like, “we’ve integrated this tool with that platform via API/Syslog/PowerShell” or various other methods.

Convergence approaches things differently by consolidating features and capabilities onto a common scalable architecture and platform. To take a common example from daily life (nowadays, anyway), converged networks such as Cisco WebEx, Zoom, and Microsoft Teams to name just a few, amalgamate voice, video, and data services within a unified infrastructure.

Convergence aims to deliver the following benefits:

  • Lower costs and complexity

* Consolidating vendors and technology stacks should reduce licensing and operational costs, as well as management overhead

  • Enabling new digital business scenarios

* Apps, services, APIs, and data shareable to partners and contractors with lower risk exposure.

  • Ease of use/transparency

* Avoiding app bloat, fewer agents per device, consistency of experience regardless of user location or device

  • Centralisation

* Cloud-based centralised management with distributed policy enforcement and decision making

While these benefits may not come as a surprise to some, many could argue that integration could very well yield the same outcomes and thus, the differences are negligible. Let’s take a moment to walk through a real-world example to show the contrast between the two.

Challenges and Benefits

It may be helpful to elaborate with examples to highlight just some challenges typically faced with integrations.

Let’s consider an organisation that wants to improve its security attentiveness and overall posture by blocking access to websites and Cloud services based on business risk, not just standard reputational checks. In this given scenario, let’s assume the organisation has mandated that its lines of business must ensure Cloud services being used must store their data encrypted when at rest.

In order to achieve this from a workflow perspective, they would need to integrate the business risk attributes for a given website (such as whether or not data at rest is encrypted) from a Cloud Access Security Broker (CASB) solution, along with the content filtering and blocking capabilities from a Secure Web Gateway (SWG) solution. Usually, this would be done via custom API integration; assuming that no further re-architecture work or implementation of data sharing platforms is needed.

No alt text provided for this image

Considering this, ask yourself what happens if/when:

  • The API is changed during an upgrade?
  • The SWG appliance requires a patch or version upgrade?
  • The personnel who wrote or implemented the integration leave the organisation?
  • Credentials and/or certificates used to authenticate between the solutions need to be refreshed?
  • The connection between the solutions breaks down, is the customer ultimately responsible for restitching the products together? Or are the respective vendors then called into action?

Now, let’s reflect on the benefits we mentioned earlier. Complexity goes out the window the moment we begin to mention bespoke integration via coding and credential/certificate management. Version control for the code, along with the dependence on version specific APIs, draw out more complexity as change management for each iteration of the configuration needs to be tested. In addition, we need to consider the additional complexity brought by the need to open up firewall ports between the various components involved to make this integration work.

Centralised management and enforcement don’t exist as the two solutions and their ontologies don’t align. That is, a risk attribute for a Cloud service in the CASB product cannot be natively stored in the SWG as its ontology lacks this concept. This means that they must resort to a common lower value ontology which is common across the two – in this case, the URL. The resultant integration means a dumbed-down list of URLs must be used. This list would be routinely and regularly pushed from the CASB to a list within the SWG. At that point, its accuracy and timeliness become highly dependent on the synchronisation and polling period between the two products.

With this, ease of use diminishes as attrition in personnel brings about lost institutional knowledge and know-how unless knowledge is transferred or sufficiently documented. Also, in the event of an incorrect block on a website, troubleshooting would become troublesome.

No alt text provided for this image

We could simplify this integration and remove some of the barriers mentioned above were we to use a Cloud-delivered SWG – however challenges such as different ontology, API management, credential management and integration testing remain unchanged.

So then, how does one go from integration to convergence? The answer is simple – acceptance of the need to change the approach and a willingness to get it done.

In order to adequately address the use case at hand, the technologies involved need to come together to ultimately become one. While this seems like something that could be blurred in a Cloud-delivered offering through converging parts of the UI with microservices from both products, doing so would technically fall into the integration bucket as ontologies and UI/UX remain different and would lack simplification. So, what would it take to converge CASB and SWG solutions?

  • Merging ontology – Bringing both CASB and SWG elements together. An example of this may be, using the same Cloud “Service Group” object in both solutions
  • Leveraging common capabilities – It doesn’t just stop with ontology. The solutions need to merge other components such as incident management, logging, dashboards, policy definitions, user authentication, etc. This convergence would not only improve the end user experience, but also reduce future technical debt in maintaining overlapping capabilities and components
  • Refactoring UI/UX – Rethinking and re-working the user experience to bring about the simplest flow to achieve the converged use cases
No alt text provided for this image

In the figure below, we have a policy example that creates a grouping of all high-risk Cloud services, current and future, that can be used as a restriction for web access. The result is that any high-risk Cloud service will be blocked by the Cloud-native SWG, preventing users from accessing these services to keep them safe from accidental data loss and/or malware. All this with no bespoke integration, no polling or pulling, no scripts, no firewall rules, no credential or certificate management and most importantly, no complexity!

No alt text provided for this image

Now, this is just but one example of convergence as part of McAfee’s Unified Cloud Edge (UCE) solution. Further convergence is necessary to refactor many of the data protection workflows traditionally kept separate from other enterprise security platforms.

According to an industry survey conducted by McAfee, only 31% of companies said their Cloud security tools could enforce the same DLP policies at their Devices, Network, and Cloud Services.

As part of McAfee’s Unified Cloud Edge solution, the convergence of Data Loss Prevention (DLP) policies and attributes with SWG and CASB technologies will ultimately lead to the unification of data classifications, rules, incidents, workflows, and so much more across Devices, Networks, and Cloud environments.

Final thoughts

Blended threats require a blended security response. Converging security practices and capabilities creates a whole that’s greater than the sum of its parts. Even something as simple as unifying an organisation’s security visibility – spanning from Device to Cloud – through a converged and centralised portal yields powerful gains in specific incidents and over the long run.

Converging security processes should align your security operations with your business goals and amplify your organisation’s performance of its most important functions. A converged security program protects your organisation’s key assets and helps get them back up and running faster when something does go wrong. Ultimately, converged security practices can be part of your organisation’s competitive advantage.

If you’d like to discuss any of the points covered here, or more specifically McAfee’s converged security solutions in further detail, please feel free to reach out to me.

* Special thanks to my manager Sahba Idelkhani for his guidance and input into this blog *

The post The Power of Convergence appeared first on McAfee Blogs.

Working from Home in 2020: How Cloud Use Changed

2020 has been a tumultuous year, with health and economic stability shattered for most of the world in just months. For those in a fortunate position to do so, working from home has become the new norm, and will likely be for the foreseeable future. Major companies in the tech sector have cemented the practice, with Google for example announcing that its global workforce can remain home until the end of the year. Twitter was the first to announce that employees can work from home forever, if that is their preference.

It is a sign of our times and technological development that this is possible. The pace of development for cloud services met this moment near-perfectly. Over the past few years, we’ve reached a critical mass of businesses and employees who are ramped up and comfortable using collaboration services like Zoom, Webex, Slack, and Microsoft Teams. Storage apps like Box and collaboration suites like Microsoft (Office) 365 have largely replaced the software, thumb drives, and network storage we used to manage files.

All of these services made our shift to working from home possible, and seamless for many. Companies that hadn’t ramped up yet on cloud-based collaboration and productivity apps are now on their way.

As a global provider of cloud security technology, we have a unique view into the use of cloud services and threats companies face in the cloud.  Using anonymized and aggregated metadata, we can derive trends across our vase base of 30 million enterprise cloud users.  The shift to working from home was a catalyst for us to dive into this data and uncover trends in how the world changed.

All of these findings are in our new report, the Cloud Adoption and Risk Report: Work from Home Edition. Grab the full copy below if you want to skip the preview here and go straight to the full set of findings.

 

First, use of all cloud services from every industry grew 50% overall from the start of 2020. However, some industries had to undergo more changes than others to enable working from home:

Manufacturing and education increased their cloud use by 144% and 114% respectively. Every parent of school-aged children has felt the shift in education practices over the past few months, with much of the burden falling to them to set up virtual classrooms or even teach their kids themselves. Manufacturing may be playing catch up – with less in-person meetings requiring immediate replacement by cloud-based tools.

Of all categories, collaboration services saw the largest increase in usage, up several hundred percent across the board. We all watched as the world restructured their social lives around Zoom, while enterprises increased their use of Webex even further, and ramped up on Slack and Teams to keep collaboration alive from a distance.

This increase in cloud use, particularly collaboration directly correlates to more data being stored in the cloud. We monitored not only these increases in service use, but also a new wave of threats targeting the wave of data entering the cloud.

We’ll dive into our threat research in part 2 of this series. To see our threat analysis before that blog is released, download the full report now.

 

The post Working from Home in 2020: How Cloud Use Changed appeared first on McAfee Blogs.

Mirror Mirror On The Wall, Is My Cloud The Most Secure?

What is the value of your cloud security investment?

How does your cloud security measure up with industry peers?

Amongst all the cloud security measures available, where should you get started?

Do you think nothing short of a magic will help answer these questions? If you answered YES! to any of the above questions, read on.

Cloud Adoption is Mainstream!

Cloud computing has evolved from being a market disruptor to the expected approach for IT. Today, businesses are evolving from being “cloud-first” to “cloud-only” According to the McAfee Cloud Adoption and Risk Report 2019, 87% enterprises said they experienced benefits from the cloud that helped drive business acceleration.

Need for Cloud Security Solutions is Paramount!

With businesses moving more sensitive data into the cloud, the need for cloud security solutions is paramount. Consider this – the average cost of a data breach for the US is $8.19 million1! The cost of loss of reputation, non-compliance or credibility is immense. Businesses recognize this truth and the need for cloud security as part of their cloud adoption journey.  As organizations adopt new infrastructure and software, cloud security spending is continuing to increase. By 2023, spending on global cloud security solutions is expected to reach $12.7 billion, according to the Forrester Analytics: Cloud Security Solutions Forecast, 2018 To 2023 (Global) report.2

So, does IT really need a magical mirror to help answer foundational questions like measuring the value of their cloud security spending?

McAfee MVISION Cloud has the Answer!

McAfee MVISION Cloud, a leading Cloud Access Security Broker that provides comprehensive visibility and control across enterprise SaaS, PaaS, and Infrastructure as a Service environments, and the MVISION Cloud Security Advisor (CSA) might just have the answer!

Join us for a live webinar with Kima Hayuk, Senior IP Protection Manager for Electronic Arts and Thyaga Vasudevan, Head of Product, MVISION Cloud, McAfee.

When: May 14th, 10AM PST | 10 AM SGT | 1:00PM BST

Where: Register here Mirror Mirror On The Wall, Is My Cloud The Most Secure?

What:

  1. Learn about Electronic Arts’ cloud journey and how McAfee MVISION Cloud helps address their complex cloud security requirements
  2. Introducing MVISION CSA and how it works:
    • CSA as a tool to measure your cloud security maturity and risk posture
    • CSA as a tool to measure the value generated by your cloud investment
    • CSA as a tool to measure your cloud security posture vs. industry peers
    • CSA as a tool to get a list of unique and actionable recommendations to guide on your cloud journey.

Join Us to learn more about what customers and analysts are calling a game changer!

 

1 https://www.ibm.com/security/data-breach

2Forrester Analytics: Cloud Security Solutions Forecast, 2018 To 2023(Global) report, 1 April 2019, Jennifer Adams, Andras Cser and Sanjeev Kumar

 

The post Mirror Mirror On The Wall, Is My Cloud The Most Secure? appeared first on McAfee Blogs.

Cyber Security Roundup for May 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2020.

As well reported, UK foreign exchange firm Travelex business operations were brought to a standstill after its IT systems were severely hit by the Sodinokibi ransomware at the start of the year. It was reported that
 REvil group were behind the attack and had stolen 5Gbs of customer personal data, and then demanded $6 million (£4.6m) in ransom. The Wall Street Journal reported in April 2020 that Travelex had reached a deal, paying $2.3 million (£1.84m) in Bitcoin to the cybercriminals. This sort of response incentivises future ransomware activity against all other businesses and could lead to an inflation of future cyber-extortion demands in my opinion.

Cognizant, a US large digital solutions provider and IT consultancy, was reportedly hit by the Maze ransomware.  Maze, previously known as the 'ChaCha' ransomware, like the Travelex attack, not only encrypts victim's files but steals sensitive data from the IT systems as well. Enabling the bad guys to threaten the publishing of the stolen data if the organisation cough up to their cyber-extortion demands, so the bad guys are very much rinsing and repeating lucrative attacks.

Microsoft wrote an excellent blog covering the 'motley crew' of ransomware payloads  The blog covers ransomware payloads said to be straining security operations especially in health care, Microsoft warned, urging security teams to look for signs of credential theft and lateral movement activities that herald attacks.

Researchers continue to be busy in exposing large sensitive datasets within misconfigured cloud services.  In April researchers reported 14 million Ring user details exposed in misconfigured AWS open database, fitness software Kinomap had 42 million user details exposed in another misconfigured database, and Maropost had 95 million users exposed, also in a misconfigured database.

Nintendo confirmed 160,000 of its users' accounts had been accessed, exposing PII and Nintendo store accounts. The gaming giant Nintendo said from April, its user's accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming. The company is unaware exactly how the intrusion had occurred, saying it “seems to have been made by impersonating login to “Nintendo Network ID. “If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account,” Nintendo said. In response to these issues the company has abolished user’s ability to log into their Nintendo account via NNID and passwords for both NNID and Nintendo accounts are being reset and the company is recommending multi-factor authentication be set up for each account.  The account breaches weren't the only cyber issue affecting Nintendo in April, it reported that a bot, dubbed 'Bird Bot' was used by a reseller to buy up Nintendo Switches before customers could make their Switch purchase from Nintendo. The bot using reseller benefits at the expense of consumers, in buying up all available Switches directly from Nintendo, they are able to sell them on for higher prices, so making a quick and easy tidy profit, due to the current high demand of Switches and lack of supply.

April was a busy month for security updates, Microsoft released security patches fixing 113 vulnerabilities on Patch Tuesday and an out-of-band patch for Teams found by researchers at CyberArk. Patch Tuesday for a quiet one for Adobe, though they released fixes for 21 critical vulnerabilities in illustrator and Bridge at the end of the month.  Oracle released a huge 397 fixes for 450 CVEs in over 100 products, which I think is a new record for a patch release!  

Sophos said it and its customers were attacked when a previously unknown SQL injection vulnerability in their physical and virtual XG Firewall units was exploited. “The attack affected systems configured with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone. In addition, firewalls manually configured to expose a firewall service (e.g. SSL VPN) to the WAN zone that shares the same port as the admin or User Portal were also affected,Sophos said.

There were security critical patch releases for Mozilla Firefox, Chrome (twice), and for 8 Cisco products. A bunch of VMware patches for including a CVSS scored 10 (highest possible) in vCenter, a critical in vRealize Log Insight and a critical cross-site scripting vulnerability in ESXi 6.5 and 6.7. And finally, on the patch front, Intel decided to discontinue multiple products, as it was unable to keep ahead of patch their vulnerabilities.

Stay safe, safe home and watch for the scams.

BLOG
NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

    Safe Collaboration with McAfee and Microsoft Teams

    McAfee MVISION Cloud for Microsoft Teams, the first and only CASB certified for Microsoft Teams, now offers a frictionless approach to data protection collaboration within Teams with new support for Microsoft encrypted webhooks. McAfee enforces compliance in Microsoft Teams via Data Loss Prevention (DLP) policies by using Microsoft Graph change notifications that provide a secure way to monitor chat messages in Teams via encrypted resource data in the payload. This enables McAfee customers to improve productivity of their employees by letting them use Microsoft Teams as a collaboration platform and participate in conversations and calls, and upload and share documents without compromising security.

    Working from home has become a new reality for many, as more and more companies are requesting that their staff work remotely. Already, we are seeing how solutions that enable remote work and learning across chat, video, and file collaboration have become central to the way we work. Microsoft has seen an unprecedented spike in Teams usage and they now have more than 44 million daily users,* a figure that has grown by 12 million in just the last few  weeks. Those users have generated over 900 million meeting and calling minutes on Teams each day during the week of March 16.1 They recently shared the data below on their third anniversary.

    McAfee MVISION Cloud for Microsoft Teams offers a cloud-native solution for organizations to consistently protect their data and defend against threats in the cloud. Here are a few of the use cases:

    • Modern data security. IT can extend existing DLP policies to messages and files in all types of Teams channels, enforcing policies based on keywords, fingerprints, data identifiers, regular expressions and match highlighting for content and metadata.
    • Collaboration control. Messages or files posted in channels can be restricted to specific users, including blocking the sharing of data to any external location.
    • Comprehensive remediation. Enables auditing of regulated data uploaded to Microsoft Teams and remediates policy violations by coaching users, notifying administrators, quarantining, tombstoning, restoring and deleting user actions. End users can autonomously correct their actions, removing incidents from IT’s queue.
    • Threat prevention. Empowers organizations to detect and prevent anomalous behavior indicative of insider threats and compromised accounts. McAfee captures a complete record of all user activity in Teams and leverages machine learning to analyze activity across multiple heuristics to accurately detect threats.
    • Forensic investigations: With an auto-generated, detailed audit trail of all user activity, MVISION Cloud provides rich capabilities for forensics and investigations.
    • On-the-go security, for on-the-go policies. Helps secure multiple access modes, including browsers and native apps, and applies controls based on contextual factors, including user, device, data and location. Personal devices lacking adequate control over data can be blocked from access.

    Here’s a video introduction to MVISION Cloud for Microsoft Teams

    Available now, MVISION Cloud for Teams helps meet customer demand in securing their most important cloud resources. McAfee MVISION Cloud for Microsoft Teams is now in use with a substantial number of large enterprise customers to enable their security, governance and compliance capabilities. The solution fits all industry verticals due to the flexibility of policies and its ease of use.

    For More Information:

    *Microsoft defines daily active usage as the maximum daily users performing an intentional action in a 24-hour period across the desktop client, mobile client, and web client. Intentional actions include sending or replying to a chat, joining a meeting, or opening a file in Teams. Passive actions like auto boot, minimizing a screen, or closing the app are not included.

     

     

    The post Safe Collaboration with McAfee and Microsoft Teams appeared first on McAfee Blogs.

    Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone

    virtual play date

    Every day we discover (or stumble over) new ways of coping and connecting during this unique chapter in family life. Still, as every age group under your roof finds their favorite virtual play date and hangout apps, parents may need to add a few safety rails to make sure the fun stays fun.

    IRL community resurfaces

    virtual play date

    While this health crisis is devastating in so many ways, it’s also put a spotlight on the many heartwarming ways to connect in real life (IRL). We’re placing teddy bears in our windows for solidarity, creating scavenger hunts for neighborhood kids, serenading shut-ins, publically supporting first responders, celebrating birthdays and graduations with drive-by parades, and so, so much more.

    The ongoing infusion of true, human connection has softened the uncertainty. Still, kids of every age need to maintain an emotional connection with peers. Here are a few things to think about as kids of every age connect with friends online.

    Pre-K and Elementary Virtual Play Dates

    Since health experts have put restrictions on familiar fun for little ones such as playgrounds, sports leagues, sleepovers, playdates, and even visits with grandparents, parents are relaxing screen time rules and looking for ways to have virtual playdates. Free video tools such as FaceTime and Zoom are proving lifesavers for group art, play, and learning, as are safe websites for young ones and phone apps. (If you run out things to do, here’s a great list of fun to tap and great learning sites for every age group).

    Keep Them Safe

    • Share online experiences with young children at all times. Sit with them to teach, monitor, and explain the context of new digital environments. Also, keep computers and phones in a common area.
    • Try to keep screen time brief. Even young kids can become too screen-reliant.
    • Maximize privacy settings on all devices and turn on and safe mode or search on websites and apps.
    • Introduce concepts such as cyberbullying and strangers in age-appropriate language.
    • Start family security efforts early. Consider the benefits of filtering software, safe browsing, and encrypting your family’s digital activity with a Virtual Private Network (VPN).

    Middle and High Schooler Virtual Hang Outs

    While screen time has spiked, digital connection while homebound is also essential for tweens and teens for both learning and peer relationships. Kids finding their new virtual hangouts on social networks, group chats, and video games. They are also playing virtual board games using sites such as Pogo, Let’s Play Uno, and Zoom. Netflix Party has become a fun way to watch Netflix with groups of friends.

    Keep Them Safe

    • At this age many kids (own or will soon own) a smartphone. With increased time online, you may want to review the basics, such as privacy and location settings. This includes gaming devices.
    • With increased internet use and most schools closed for the year, using parental control software and gaming security software can help parents reduce online risks for children of all ages.
    • Be aware of and talk about trending, risky digital behaviors, and challenges that can surface on apps such as TikTok, and WhatsApp.
    • Review and approve games and apps before they are downloaded and consider monitoring your children’s devices as well as social profiles and posts.
    • This age group is quick to jump on public wifi, which puts your family’s data at risk. Exploring using a family VPN is critical for this age group.
    • Discuss the danger of connecting with strangers online. Also, discuss the risks of oversharing personal information and photos, even in seemingly private chats and texts. Don’t let boredom lead to bad choices.
    • Discuss cyberbullying and how to block and report accounts that express hateful, racist, or threatening behavior.
    • Coach your kids on using strong passwords and how to verify legitimate websites and identity online scams.

    There’s nothing normal for families about this time, but there is something special. Grab it. Keep talking and laughing, especially on the hard days. Have a daily “heart check-in” with your teen if he or she seems to be isolating. Give one another space for topsy turvy moods. And, don’t forget parents, before this is all over, be sure to nail that TikTok dance with your kids and share it with the world!

    The post Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone appeared first on McAfee Blogs.

    Custom Applications with CASB

    More and more organizations are making the decision to move their legacy, in-house applications to the cloud mainly due to the cost savings. One of the major concerns about moving applications to the cloud is how to secure an application that was originally designed to be on-premise.

    When these applications were behind on-premise network security there was not a concern about who would be able to access them and what they were doing in the application. Moving to the cloud now introduces this dynamic and with it concerns around how to control who accesses the applications once they are in the cloud.

    This move to the cloud now also opens the door to accessing applications from anywhere in the world and potentially any device. Being able to have visibility into where a user is logging in from geographically as well as what activities a user takes beyond an initial login and the context upon which that access occurs will help keep the data secure.

    These same applications may have relied on a local directory to store attachments or documents. Moving to the cloud would likely mean storing those same attachments or documents in a cloud-based directory like Amazon Web Services (AWS) Simple Storage Service (S3) or Microsoft Azure Blob Storage.

    When on-premise access to the application or information within the application would typically be limited to a corporate-wide incident. If access settings in the cloud are misconfigured, then the exposure is much larger.

    Having the ability to easily and quickly add these capabilities to applications being moved to the cloud can be addressed by leveraging an API framework into the model. Incorporating an API framework would provide the following capabilities:

    1. Prevent unauthorized sensitive data from being stored in cloud collaboration, file-sharing, or storage devices
    2. Capture a complete audit trail of all user activity for forensic investigations
    3. Detect malware, compromised accounts, privileged access misuse and insider threats
    4. Successful/failed login attempts
    5. Who is accessing the application, device type, IP address, role of the user and geographic location
    6. How much data is being accessed, created, updated, deleted, downloaded, shared, or uploaded

    MVC for Custom Applications will enable organizations to enforce CASB policies without the need for developers to spend a lot of valuable time writing code. This will allow legacy applications to have the MVC CASB enforce security policies enforced on it, whether the application is in a private data center or in the cloud.

    To learn more about McAfee’s cloud solutions, check out McAfee MVISION Cloud Portfolio.

    The post Custom Applications with CASB appeared first on McAfee Blogs.

    McAfee and Atlassian Collaborate to Deliver Cloud Security Capabilities

    Today cloud adoption is considered mainstream, with 83% of enterprise workloads expected to in the cloud by 2020 . As more organizations move their workloads to the cloud and to remote work from home environments, security must also evolve to meet the challenges of this new normal. According to a recent McAfee report, the average enterprise organizations utilizes 1,400 different cloud services fueling the need for solutions that are designed to secure the cloud. Further, industry analyst firm Gartner warns that “through 2025, 99% percent of cloud security failures will be the customer’s fault.”1 This has caused enterprises to look for ways to enforce additional security controls on their cloud solutions beyond what a cloud service provider (SaaS or IaaS) offers natively.

    Atlassian is a SaaS software powerhouse that builds products for content management, software development & project management, widely adopted by organizations globally. McAfee MVISION Cloud is a leading Cloud Access Security Broker (CASB) that provides comprehensive visibility and control for SaaS, PaaS, and IaaS, across Content and DevOps environments. The collaboration between Atlassian and McAfee combine their joint strengths to deliver an optimized cloud security solution for customers.

    Key Customer Challenges

    As enterprises adopt cloud applications, they may see the following challenges related to cloud security:

    • Users may unintentionally upload sensitive data on to a cloud service for e.g. health insurance claim numbers, credit card numbers, AWS keys, etc. in. Jira Software, Confluence or other cloud applications
    • In the modern enterprise, traditional network parameters are dissolving. Most users now use devices that sit outside the enterprise firewall to access enterprise cloud applications such as Jira Software, Confluence, Bitbucket and Bamboo.
    • Exiting employee may go rogue or leave their credentials easily accessible. Risk of insider threats, compromised user accounts or privileged access on SaaS applications need to be addressed
    • Drifts in configurations of SaaS applications like Jira Software Cloud can cause unintentional exposure of sensitive data
    • Infrastructure code misconfiguration or “drift,” from standard benchmarks that occur over time in a cloud environment can expose sensitive information and increase risk.

    McAfee MVISION Cloud for Atlassian Solution

    McAfee MVISION Cloud for Atlassian products help organizations securely accelerate their business in the following ways:

    • MVISION Cloud (MVC) prevents sensitive or regulated data from being uploaded or shared with unauthorized parties in real-time, while using Atlassian’s Jira Software or Confluence Cloud products. For example: detecting PII (Social Security Numbers), PCI (credit card numbers), HIPAA classified data (health insurance claim number) or other Confidential Data (Mergers & Acquisitions related documents)
    • MVISION Cloud limits download/sync to unmanaged devices and gain total control over user access to Atlassian applications by enforcing context-specific policies limiting specific end-user actions.
    • MVISION Cloud captures the complete audit trail of all user activity enriched with threat intelligence to facilitate post incident forensic investigations. MVC detects threats from compromised accounts, insider threats, privileged access misuse and malware infection.
    • Customers use a source code repository & CI/CD tools for building Cloud Native applications. McAfee MVISION Cloud integration with Atlassian’s Bitbucket Cloud and Bamboo products helps detect drifts in configuration from standard CIS benchmarks. It also ensures that data is protected on misconfigured resources or just simply within these applications

    Atlassian-McAfee Collaboration Benefits

    To summarize, a chain is only as strong as its weakest link. The collaboration between Atlassian and McAfee combines their joint strengths to deliver an optimized cloud security solution that is a win-win for the customer as well as the cloud provider.

    Shared Right: Security is a shared responsibility between Customers and Cloud Providers

    Atlassian’s cloud tools are mission critical to customer businesses and places where they may be storing sensitive information in Jira Software, Confluence and Bitbucket. One of the reasons that 99% of issues are expected to be attributed to the customer, is that while cloud providers (including Atlassian) have invested very heavily in security and have directly addressed core challenges that an on-prem solutions may cause (with updates, vulnerability monitoring, incident response, etc.), their customers may be much earlier on in their security journey. Here’s where McAfee MVISION Cloud steps in to secure the delta, by helping customers deliver on their share of the security responsibility.

    For example, a large healthcare customer is using McAfee MVISION Cloud to detect any sensitive data violating compliance and regulatory policies within Jira Software or Confluence Cloud.

    Shift Left: Securing DevOps by Enabling DevSecOps

    As a maker of tools for development teams, Atlassian wants to make it easier for developers to build and operate secure products, while responding to security incidents more quickly and effectively. McAfee MVISION Cloud “Shift Left” can help Atlassian customers ensure that the infrastructure and the myriad of configurations options available, are deployed according the security and regulatory compliance best practices. “Shift Left” inline integration seamlessly incorporates these security checks without any extra steps required by the developers or DevOps teams.

    To learn more about how McAfee-Atlassian products work together, please attend our joint webinar on May 20th, 2020

    Additional Resources:

    Join us for a webinar on May 20th

    Blog: McAfee MVISION Cloud for Atlassian Access

    Blog: Shift Left Inline – Integration with Atlassian Bitbucket CI/CD Pipes

    Blog: https://www.atlassian.com/blog/access/atlassian-partners-with-mcafee

    Website: https://www.atlassian.com/software/access/mcafee

    1 Source: “Smarter With Gartner” Blog, Is the Cloud Secure?, October 10, 2019,  Contributor Kasey Panetta, https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/

    The post McAfee and Atlassian Collaborate to Deliver Cloud Security Capabilities appeared first on McAfee Blogs.

    McAfee MVISION Cloud for Atlassian Access

    Atlassian cloud products help small, medium, and big enterprises around the world to build and run their businesses effortlessly by enabling collaboration among team members both co-located and working remotely. Be it Jira for project planning and issue tracking, Confluence for document collaboration, Bitbucket for source code repository management, Opsgenie for incident management, or Jira Service Desk for customer support, all the products from Atlassian suite allow cross functional teams to achieve higher productivity in various stages of the business workflow.

    However, the flexibility of being able to access cloud products from any device or location also means higher risk of potential security threats. Any enterprise using Software-as-a-Service tools is vulnerable to the following threats.

    • Compromised credentials: Stolen or compromised credentials of users or administrators through various means such as phishing can result in data breaches by letting the adversaries get access to sensitive data of the organization stored in the cloud
    • Privilege user threats: Abuse of privilege user roles or permissions can result in insider threats that pose a greater risk to organization’s data

    McAfee MVISON Cloud’s integration with Atlassian Access provides the additional security layer for the organizations using Atlassian tools and allows these organizations to take advantage of the productivity gains from using the cloud native products of Atlassian without compromising on security.

    By integrating with Atlassian Access’s organization audit log, McAfee MVISION Cloud creates a comprehensive audit trail of user and administrator activity to allow the security admins perform forensic investigations based on various attributes such as user, location, activity type etc., and automatically identifies threatful or anomalous user and administrator behavior by applying machine learning on the activity feed. As a comprehensive cloud security platform, McAfee can detect cross-cloud threats that involve usage across Atlassian products and other cloud services. As threats are resolved, McAfee automatically incorporates this data into its behavioural models to improve detection accuracy.

    Enterprises can benefit from the following security controls provided out-of-the-box by McAfee MVISON Cloud: 

    • McAfee detects compromised account activity in Atlassian based on brute force login attempts, access from new and untrusted locations for a specific user, and user activity from multiple locations in a time period that implies impossible travel, even if the user activity occurs across multiple cloud services.
    • McAfee automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and team to identify activity indicative of insider threat, whether the threat is accidental or malicious. Privileged User Analytics identifies risk from dormant administrator accounts, excessive permissions, and unnecessary escalation of privileges and user provisioning.

    For more information please join us for a webinar on May 20th.

    The post McAfee MVISION Cloud for Atlassian Access appeared first on McAfee Blogs.

    Shift Left Inline – Integration with Atlassian Bitbucket CI/CD Pipes

    Infrastructure-as-a-Service (IaaS) is used by organizations of all sizes as the new default IT environment to build and host internal and customer-facing applications. To leverage numerous capabilities offered by IaaS providers for faster adoption, many organizations overlook the cloud shared-responsibility model and assume that security is taken care of completely by the cloud provider. At the end of the day, the security of what cloud customers put in the cloud, most importantly sensitive data, is their responsibility. According to leading analyst Gartner,Through 2025, 99% of cloud security failures will be the customer’s fault 

    Per McAfee CARR reportabout 99% of misconfigurations go unnoticed by companies using IaaS. On an average, companies were aware of about 37 misconfiguration incidents per month, but real-world data shows that companies actually experience closer to 3,500 such incidents – about ~100 times more! 

    It is possible that the speed of IaaS adoption is putting a lot of security practitioners behind, and in the never ending catch-up game. And, as expected, the flexibility offered by IaaS providers helps to change the infrastructure rapidly based on ever-changing demands, leaving the door open through misconfigurations happens all the time. More so, as the changes are done through Infrastructure as Code (IaCin Continuous Integration/ Continuous Delivery (CI/CD) fashion. While MVISION Cloud’s IaaS config audit reports and helps to ensure that deployed infrastructure is compliant and pristine, as new resources are deployed through DevOps templates, similar compliance issues keep getting reported over and over. 

    Integration with Atlassian Bitbucket pipes performs ‘inline’ evaluation of the DevOps templates such that any DevOps template push to the Bitbucket code repo which is configured to trigger a build, in turn automatically evaluates them to check for vulnerabilities present. And, any misconfiguration errors are reported right in the developer’s console highlighting all specific policies in question. 

    This helps the DevOps personnel analyze and remediate misconfiguration issues at source such that any further deployment using those templates don’t create further and similar issues in the IaaS environments. Hence, the Security team enforces the process and sets the guidelines avoiding the issue of dealing with an impossible task of keeping up with the ever growing non-compliant issues. The ability to enforce these checks earlier in the DevOps cycle immensely helps so that they can delegate enforcement for any new resources that are deployed, and stop the deployment of any non-complaint DevOps templates. By adding security earlier into the DevOps process, security professionals can catch risky configurations before they become a threat in production.  

    The integration setup is simple where the YAML file is configured to use the McAfee MVISION Cloud Docker image along with few environment variables. Setup completes once pipelines is enabled. The scans support AWS CloudFormation, Azure ARM and Terraform templates.  

    MVISION Cloud also integrates with Atlassian Code Insights as below 

    Code Insights provides APIs to send detailed information to provide context for developers. The reports display important information directly on pull requests inside Bitbucket. McAfee’s MVISION Cloud integration with Code Insights as part of Bitbucket pipelines helps to provide security scan results for analysis to DevOps team indicating why the build failed and lists specific policies that were violated per template. This helps the developer to rectify the issue at source and therefore not percolate it to IaaS infrastructure.  

     All the issues are also reported as incidents in MVISION Cloud’s dashboard as below  

    It is imperative for enterprises to better align developers and security. The end goal is a state where developers aren’t seeing security as just a check box or something to throw over the fence to the security team during production, but as an essential part of their daily development process. As a maker of tools for development teams, Atlassian wants to make it easier for developers to build and operate secure products, while responding to security incidents more quickly and effectively. The partnership between Atlassian and McAfee combines the joint strengths to deliver an optimized security solution for customers.  Join us to learn more at the Atlassian 2020 Summit. 

    1 Source is: “Smarter With Gartner” Blog, Is the Cloud SecureOctober 10, 2019 Kasey Panetta 

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose 

     

    The post Shift Left Inline – Integration with Atlassian Bitbucket CI/CD Pipes appeared first on McAfee Blogs.

    Near Real-Time DLP and Malware support for IaaS

    Cloud and IaaS (Infrastructure as a Service) represents the future of IT, as organizations across industries, consolidate their data centers. According to a press release from Gartner, “The worldwide public cloud services market is forecast to grow 17% in 2020 to total $266.4 billion, up from $227.8 billion in 2019, according to Gartner, Inc.1” “At this point, cloud adoption is mainstream1” said, Sid Nag, research vice president at Gartner.

    Infrastructure as a service (IaaS) is forecast to grow 24% CAGR year over year to $50Bn in 2020, which is the highest growth rate across all cloud segments1. Computing workloads are moving to cloud solutions like Amazon Web Services, Microsoft Azure, and Google Cloud Platform as companies pursue benefits in scalability, cost, and even security.

    Tied with this move is the fact that sensitive data being stored in cloud-native or lift-n-shift applications is being stored in the public cloud. According to IDC, “In 2025, IDC predicts that 49 percent of the world’s stored data will reside in public cloud environments”2.  Per the latest MVISION Cloud IaaS CARR report, companies actively assessing their data exfiltration attempts in IaaS currently see an average of 5,314 events each month. This increased 248% over last year, when companies experienced an average of 1,527. Hence, it is critical for organizations to implement policy controls for data stored in the cloud. Also, the report further shows that the documents uploaded contain sensitive information such as personally identifiable information (PII), protected health information (PHI), payment card data, or intellectual property, creating cloud compliance concerns. Hence security teams should be increasingly looking to extend their data loss prevention policies to data in the cloud to minimize their risk exposure.

    McAfee’s MVISION Cloud, the market leading Cloud Access Security Broker (CASB) solution offers the leading cloud data loss prevention (DLP) solution – this enables organizations to extend their DLP policies to where their information lives today – the cloud, be it SaaS Applications or IaaS Storage locations. The DLP policies can be applied uniformly to both SaaS and IaaS services. McAfee now supports for IaaS CSPs as well such as AWS and Azure. With this, both real-time and On-Demand Scan (ODS) DLP policy capability is available for both IaaS and SaaS services. And, you can leverage the existing DLP policies for IaaS services without making any changes – as the same rule-set applies as is. Even – the Quarantine response action as configured in the policies are honored automatically.

    This provides organizations the tremendous flexibility to enforce policies to protect information from theft or loss and ensure compliance with regulations such as PCI DSS, HIPAA-HITECH, GLBA, SOX, CIPA, FISMA, and FERPA. These policies help to apply comprehensive checks based on keywords, regular expressions, file characteristics, data identifiers, etc. Customers can leverage pre-built or vertical-specific templates to get quickly started.

    Apart from the capability for DLP, the MVISION Cloud platform also provides real-time and On-Demand scanning capabilities  for Malware detection using McAfee’s Global Threat Intelligence (GTI) database. Or, in other words, whenever a file is created, modified or restored, it can scanned in real-time for both DLP and Malware detection, and quarantined automatically.

    If you are an existing MVISION Cloud customer with access to IaaS DLP functionality, this should be automatically enabled for you. If you need any further help in configuring or using this capability, please reach out to your MVISION Cloud support representative.

    1 Gartner Press Release: Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17% in 2020, 13 November 2019

    2 IDC White Paper, sponsored by Seagate, Data Age 2025: The Digitization of the World from Edge to Core, November 2018

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

     

     

     

    The post Near Real-Time DLP and Malware support for IaaS appeared first on McAfee Blogs.

    CVE Vulnerability Scanning for Containers

    At McAfee, our job is to help secure the workloads and data that our customers rely on to power their business.  This release of MVISION Cloud for Containers is about taking all the best practices around how these systems should be designed and giving customers a strong security foundation even in workloads as dynamic as containers. Read more about our Container Security solution here and here.

    One question that I have heard time and again during my conversations with customers who have been using our Container Security solution is – Do I need to scan my containers like I scan my servers?  – The answer is …kinda.

    There’s a word we use to describe most architectures based on containerized workloads; immutable.  Immutable is a fancy word for static, unchanging.  If containers are supposed to be immutable, and if they don’t change, how can malicious or exploitable code end up in containers?  It’s not as if a container is going to open an attachment from a suspicious email.

    Just because containers are supposed to be static doesn’t mean we should assume that they are safe.  We may not need to be focused initially on traditional malware scans like we do for operating system-based workloads, but we still need to keep weak or exploitable code out of our cloud.  This is where CVE scanning comes in.  CVE stands for Common Vulnerabilities and Exposures.  As exploits are detected, CVEs are filed against the affected code.  This lets us know what they exposure risk is, and if there’s any way to remediate or mitigate the issue.

    Containers are often built on many different components.  A large majority are open source, but the key fact is that developers are able to reuse existing code quite often, and don’t need to literally code every line of a containerized application.  Many of these apps are made up of a majority of open source, or commercial off the shelf code that is not compiled by the final application developer.  The primary way for us to be notified of any weakness in this pre-packaged code is the CVE database.

    In a risk reduction strategy, we want to promote defense in depth strategies that prevent exploitable code from being deployed and warn us when new weaknesses are detected.  This is where the new CVE scanning capability of MVISION Cloud helps out.  We will enable the ability to scan code in the DevOps pipeline as it’s being built to prevent code with known weaknesses from unknowingly being deployed in production.  We also recognize that new exploits are constantly being discovered so we can also provide the ability to periodically re-scan popular container registries to inspect the already produced containers to see if there are any new vulnerabilities detected for any critical pieces of our containerized workloads.  While this might not be the traditional hijacking via viruses, worms, or trojans, it is becoming a more popular attack point as cloud native architecture become more common.  Given the API nature of the cloud, and the fact that this doesn’t require tricking a human into making a bad decision, we need to be vigilant on scanning for weaknesses of this nature to prevent cloud native attacks (for more info on cloud native breaches click here… Hyperlink to cloud native breaches materials).

    McAfee is a leader in protecting workloads in the cloud, but also on-prem.  What happens if I’m using containers in my traditional on-prem or hybrid datacenter?  McAfee will also be adding updates to our ENS for Linux servers to add this additional protection for containers detected on self-managed Linux systems.  ENS customers will soon be able to detect containers running on their servers and have the ENS agent automatically integrate with MVISION Cloud to provide the CVE scanning capability for any containers detected on managed Linux systems.  ENS will be able to also report on weak or exploitable code sitting or running on your self-managed Linux systems.

    More and more workloads are moving to cloud native architectures, and more companies are moving to cloud or hybrid workload strategies.  McAfee will continue to provide defense in depth and help ensure all our customers have the freedom of choice to deploy their workloads the way they want.  We will help to ensure that workloads are secure now and moving forward.

    To see our container security features in action, as well as the rest of the coverage we provide for data and workloads in the public cloud, request a demo here!

     

    The post CVE Vulnerability Scanning for Containers appeared first on McAfee Blogs.

    Working from Home Cybersecurity Guidance


    Working from home comes with a range of security risks, but employees need to be educated too – human behaviour is invariably the weakest link in a company’s cybersecurity posture. In the current environment, with many more employees working at home, cybercriminals are actively looking for opportunities to launch phishing attacks and compromise the IT infrastructure of businesses, large and small. 

    Guidance on Working from Home All companies should start by reviewing the home working guidance available at the UK Government’s National Cyber Security Centre (NCSC). This resource helps companies prepare their employees and think about the best way to protect their systems. Crossword has been advising a number of its FTSE clients in a range of sectors, and below is a summary of the guidance given, in addition to that from the NCSC.

    Run Audio and Video calls Securely

    What is visible in the background of your screen during video calls and is someone monitoring who is on the call? The same is true for audio only calls. A team member should be responsible for ensuring only invited guests are present, and calls should be locked once started, so other participants cannot join.

    Educate Employees on Phishing attacks
    The NCSC mentions COVID-19 related Phishing attacks which use the current crisis to trick employees into clicking on fake links, downloading malware, and revealing passwords – so educate them. These could be fake HR notifications or corporate communications; fake tax credits; fake emails from mortgage providers; free meals and mechanisms for registering for them. The list is endless and cyber criminals are very news savvy and quick to adapt. Employees are likely to be more vulnerable to phishing attacks due to people rushing, fear, panic, and urgency; all the behavioural traits that result in successful phishing attacks.

    Automate Virtual Personal Network configurations (VPNs) 
    IT and Security teams may have a backlog of users to set up on VPNs, to provide secure connections to corporate networks. Do not allow employees to send data insecurely, use automation to make accelerated deployments and guarantee correct configuration. Even IT staff are fallible, and the combination of pressure of work volume and working fast, may leave a gaping hole in your infrastructure.

    Control the use of Personal Devices for Corporate Work
    Due to the rapid increase in home workers, many employees may be using their own devices to access emails and data, which may not be covered by Bring Your Own Device (BYOD) policies. What this means in practicality, is that employee’s personal devices may not be securely configured, nor managed properly and be more vulnerable. IT and Security teams again, may need to retrospectively ensure that employees are complying with BYOD policies, have appropriate endpoint security software installed etc.

    Stop Personal Email and Unauthorised Cloud Storage Use
    When companies are experiencing IT difficulties in setting up employees working from home, people may be tempted to use personal emails or their personal cloud to send and store data, as a work around. These are a risk and can be easy for cyber criminals to target to gain company information or distribute malware, as they are not protected by the corporate security infrastructure.

    Keep Collaboration Tools Up-to-date
    Tools such as Microsoft Teams, Zoom and Google Hangouts are great, but it is important to ensure all call participants are using the latest versions of the software, and that includes partners and customers that may be on calls. Employees should also only use the corporate approved tools and versions as they will have been tested by security teams for vulnerabilities, that could be exploited by cybercriminals. 

    Stuart Jubb, Consulting Director at Crossword commented: “Throughout the UK, companies are doing everything they can to ensure business continues as normally as possible as the COVID-19 situation develops. The guidance we are issuing today is a summary of the key points we have been discussing with our clients across a wide range of vertical markets. Good IT security measures are arguably more important than ever as companies become a largely distributed workforce, almost overnight. As ever though, it is not just about the technology, but good behaviour and education amongst employees as cybercriminals work to exploit any vulnerability they can find, whether that be a person, mis-configured tech, or unpatched software.”