Category Archives: Cloud Security

Umbrella with SecureX built-in: Coordinated Protection

This blog was written by David Gormley, Cloud Security Product Marketing Manager at Cisco.

Cybercriminals have been refining their strategies and tactics for over twenty years and attacks have been getting more sophisticated. A successful cyberattack often involves a multi-step, coordinated effort. Research on successful breaches shows that hackers are very thorough with the information they collect and the comprehensive plans they execute to understand the environment, gain access, infect, move laterally, escalate privileges and steal data.

An attack typically includes at least some of the following steps:

  • reconnaissance activities to find attractive targets
  • scanning for weaknesses that present a good entry point
  • stealing credentials
  • gaining access and privileges within the environment
  • accessing and exfiltrating data
  • hiding past actions and ongoing presence

This whole process is sometime called the “attack lifecycle” or “kill chain” and a successful attack requires a coordinated effort throughout the process. The steps above involve many different elements across the IT infrastructure including email, networks, authentication, endpoints, SaaS instances, multiple databases and applications. The attacker has the ability to plan in advance and use multiple tactics along the way to get to the next step.

Security teams have been busy over the past couple of decades as well.  They have been building a robust security practice consisting of tools and processes to track activities, provide alerts and help with the investigation of incidents.  This environment was built over time and new tools were added as different attack methods were developed. However, at the same time, the number of users, applications, infrastructure types, and devices has increased in quantity and diversity.  Networks have become decentralized as more applications and data have moved to the cloud. In most instances, the security environment now includes over 25 separate tools spanning on-prem and cloud deployments. Under these conditions, it’s difficult to coordinate all of the activities necessary to block threats and quickly identify and stop active attacks.

As a consequence, organizations are struggling to get the visibility they need across their IT environment and to maintain their expected level of effectiveness. They are spending too much time integrating separate products and trying to share data and not enough time quickly responding to business, infrastructure, and attacker changes.  The time has come for a more coordinated security approach that reduces the number of separate security tools and simplifies the process of protecting a modern IT environment.

Cisco Umbrella with SecureX can make your security processes more efficient by blocking more threats early in the attack process and simplifying the investigation and remediation steps. Umbrella handles over 200 billion internet requests per day and uses fine-tuned models to detect and block millions of threats. This “first-layer” of defense is critical because it minimizes the volume of malicious activity that makes its way deeper into your environment.  By doing this, Umbrella reduces the stress on your downstream security tools and your scarce security talent.  Umbrella includes DNS Security, a secure web gateway, cloud-delivered firewall, and cloud access security broker (CASB) functionality. But no one solution is going to stop all threats or provide the quickly adapting environment described above. You need to aggregate data from multiple security resources to get a coordinated view of what’s going on in your environment but can’t sink all your operating expenses into simply establishing and maintaining the integrations themselves.

That’s where Cisco SecureX comes in. Cisco SecureX connects the breadth of Cisco’s integrated security portfolio – including Umbrella– and your other security tools for a consistent experience that unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications. Let’s explore some of the capabilities of SecureX, the Cisco security platform and discuss what they mean in the context of strengthening breach defense.

  • Visibility: Our SecureX platform provides visibility with one consolidated view of your entire security environment. The SecureX dashboard can be customized to view operational metrics alongside your threat activity feed and the latest threat intelligence. This allows you to save time that was otherwise spent switching consoles. With the Secure threat response feature, you can accelerate threat investigation and take corrective action in under two clicks.
  • Automation: You can increase the efficiency and precision of your existing security workflows via automation to advance your security maturity and stay ahead of an ever-changing threat landscape. SecureX pre-built, customizable playbooks enable you to automate workflows for phishing and threat hunting use cases. SecureX automation allows you to build your own workflows including collaboration and approval workflow elements to more effectively operate as a team.   It enables your teams to share context between SecOps, ITOps, and NetOps to harmonize security policies and drive stronger outcomes.
  • Integration: With SecureX, you can advance your security maturity by connecting your existing security infrastructure via out-of-the-box interoperability with third party solutions. In addition to the solution-level integrations we’ve already made available; new, broad, platform-level integrations have also been and continue to be developed. In short, you’re getting more functionality out of the box so that you can multiply your use cases and realize stronger outcomes.

Pre-built playbooks focus on common security use cases, and you can easily build your own using an intuitive, drag-and-drop interface. One example of the coordination between Umbrella and SecureX is in the area of phishing protection and investigation. Umbrella provides protection against a wide range of phishing attacks by blocking connections to known bad domains and URLs. SecureX extends this protection with a phishing investigation workflow that allows your users to forward suspicious email messages from their inbox. In addition, a dedicated inspection mailbox starts an automated investigation and enrichment process. This includes data from multiple solutions including Umbrella, email security, endpoint protection, threat response and malware analysis tools. Suspicious email messages are scraped for various artifacts and inspected in the Threat Grid sandbox. If malicious artifacts are identified, a coordinated response action, including approvals, is carried out automatically, in alignment with your regular operations process.

The SecureX platform is included with Cisco security solutions to advance the value of your investment. It connects Cisco’s integrated security portfolio, your other security tools and existing security infrastructure with out-of-the-box interoperability for a consistent experience that unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications.

Sign up to the SecureX waitlist so you can be first to receive sign-on instructions when it becomes generally available later in June at 

The post Umbrella with SecureX built-in: Coordinated Protection appeared first on Cisco Blogs.

41% of organizations have not taken any steps to expand secure access for the remote workforce

Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access managed applications. Remote work and secure access concerns When asked what their organizations are primarily concerned with securing while employees … More

The post 41% of organizations have not taken any steps to expand secure access for the remote workforce appeared first on Help Net Security.

The Power of Convergence

This blog was written by Rodman Ramezanian, Pre-Sales Security Engineer at McAfee

In cybersecurity, integration has become a near-obligatory requirement for organisations considering new products. They want to know new products will complement existing investments to collectively produce more effective and efficient solutions.

But as of late, the term convergence has emerged as another key capability and expectation of technology platforms.

I’d like to explore how these terms differ and how those differences will shape security outcomes in the future.


Let’s start with a stone-cold definition. According to the Merriam-Webster Dictionary:

  • Integrate means “to end the segregation of and bring into equal membership in society or an organisation”
  • Converge means “to come together and unite in a common interest or focus”

Are we splitting hairs here? Are they much of a muchness?

These days, integration typically refers to the establishment of a common communication channel or route between disparate solutions to solve a particular challenge – usually to enable data sharing of some sort. Standard examples we hear sound like, “we’ve integrated this tool with that platform via API/Syslog/PowerShell” or various other methods.

Convergence approaches things differently by consolidating features and capabilities onto a common scalable architecture and platform. To take a common example from daily life (nowadays, anyway), converged networks such as Cisco WebEx, Zoom, and Microsoft Teams to name just a few, amalgamate voice, video, and data services within a unified infrastructure.

Convergence aims to deliver the following benefits:

  • Lower costs and complexity

* Consolidating vendors and technology stacks should reduce licensing and operational costs, as well as management overhead

  • Enabling new digital business scenarios

* Apps, services, APIs, and data shareable to partners and contractors with lower risk exposure.

  • Ease of use/transparency

* Avoiding app bloat, fewer agents per device, consistency of experience regardless of user location or device

  • Centralisation

* Cloud-based centralised management with distributed policy enforcement and decision making

While these benefits may not come as a surprise to some, many could argue that integration could very well yield the same outcomes and thus, the differences are negligible. Let’s take a moment to walk through a real-world example to show the contrast between the two.

Challenges and Benefits

It may be helpful to elaborate with examples to highlight just some challenges typically faced with integrations.

Let’s consider an organisation that wants to improve its security attentiveness and overall posture by blocking access to websites and Cloud services based on business risk, not just standard reputational checks. In this given scenario, let’s assume the organisation has mandated that its lines of business must ensure Cloud services being used must store their data encrypted when at rest.

In order to achieve this from a workflow perspective, they would need to integrate the business risk attributes for a given website (such as whether or not data at rest is encrypted) from a Cloud Access Security Broker (CASB) solution, along with the content filtering and blocking capabilities from a Secure Web Gateway (SWG) solution. Usually, this would be done via custom API integration; assuming that no further re-architecture work or implementation of data sharing platforms is needed.

No alt text provided for this image

Considering this, ask yourself what happens if/when:

  • The API is changed during an upgrade?
  • The SWG appliance requires a patch or version upgrade?
  • The personnel who wrote or implemented the integration leave the organisation?
  • Credentials and/or certificates used to authenticate between the solutions need to be refreshed?
  • The connection between the solutions breaks down, is the customer ultimately responsible for restitching the products together? Or are the respective vendors then called into action?

Now, let’s reflect on the benefits we mentioned earlier. Complexity goes out the window the moment we begin to mention bespoke integration via coding and credential/certificate management. Version control for the code, along with the dependence on version specific APIs, draw out more complexity as change management for each iteration of the configuration needs to be tested. In addition, we need to consider the additional complexity brought by the need to open up firewall ports between the various components involved to make this integration work.

Centralised management and enforcement don’t exist as the two solutions and their ontologies don’t align. That is, a risk attribute for a Cloud service in the CASB product cannot be natively stored in the SWG as its ontology lacks this concept. This means that they must resort to a common lower value ontology which is common across the two – in this case, the URL. The resultant integration means a dumbed-down list of URLs must be used. This list would be routinely and regularly pushed from the CASB to a list within the SWG. At that point, its accuracy and timeliness become highly dependent on the synchronisation and polling period between the two products.

With this, ease of use diminishes as attrition in personnel brings about lost institutional knowledge and know-how unless knowledge is transferred or sufficiently documented. Also, in the event of an incorrect block on a website, troubleshooting would become troublesome.

No alt text provided for this image

We could simplify this integration and remove some of the barriers mentioned above were we to use a Cloud-delivered SWG – however challenges such as different ontology, API management, credential management and integration testing remain unchanged.

So then, how does one go from integration to convergence? The answer is simple – acceptance of the need to change the approach and a willingness to get it done.

In order to adequately address the use case at hand, the technologies involved need to come together to ultimately become one. While this seems like something that could be blurred in a Cloud-delivered offering through converging parts of the UI with microservices from both products, doing so would technically fall into the integration bucket as ontologies and UI/UX remain different and would lack simplification. So, what would it take to converge CASB and SWG solutions?

  • Merging ontology – Bringing both CASB and SWG elements together. An example of this may be, using the same Cloud “Service Group” object in both solutions
  • Leveraging common capabilities – It doesn’t just stop with ontology. The solutions need to merge other components such as incident management, logging, dashboards, policy definitions, user authentication, etc. This convergence would not only improve the end user experience, but also reduce future technical debt in maintaining overlapping capabilities and components
  • Refactoring UI/UX – Rethinking and re-working the user experience to bring about the simplest flow to achieve the converged use cases
No alt text provided for this image

In the figure below, we have a policy example that creates a grouping of all high-risk Cloud services, current and future, that can be used as a restriction for web access. The result is that any high-risk Cloud service will be blocked by the Cloud-native SWG, preventing users from accessing these services to keep them safe from accidental data loss and/or malware. All this with no bespoke integration, no polling or pulling, no scripts, no firewall rules, no credential or certificate management and most importantly, no complexity!

No alt text provided for this image

Now, this is just but one example of convergence as part of McAfee’s Unified Cloud Edge (UCE) solution. Further convergence is necessary to refactor many of the data protection workflows traditionally kept separate from other enterprise security platforms.

According to an industry survey conducted by McAfee, only 31% of companies said their Cloud security tools could enforce the same DLP policies at their Devices, Network, and Cloud Services.

As part of McAfee’s Unified Cloud Edge solution, the convergence of Data Loss Prevention (DLP) policies and attributes with SWG and CASB technologies will ultimately lead to the unification of data classifications, rules, incidents, workflows, and so much more across Devices, Networks, and Cloud environments.

Final thoughts

Blended threats require a blended security response. Converging security practices and capabilities creates a whole that’s greater than the sum of its parts. Even something as simple as unifying an organisation’s security visibility – spanning from Device to Cloud – through a converged and centralised portal yields powerful gains in specific incidents and over the long run.

Converging security processes should align your security operations with your business goals and amplify your organisation’s performance of its most important functions. A converged security program protects your organisation’s key assets and helps get them back up and running faster when something does go wrong. Ultimately, converged security practices can be part of your organisation’s competitive advantage.

If you’d like to discuss any of the points covered here, or more specifically McAfee’s converged security solutions in further detail, please feel free to reach out to me.

* Special thanks to my manager Sahba Idelkhani for his guidance and input into this blog *

The post The Power of Convergence appeared first on McAfee Blogs.

Principles of a Cloud Migration – Security W5H – The HOW


“How about… ya!”

Security needs to be treated much like DevOps in evolving organizations; everyone in the company has a responsibility to make sure it is implemented. It is not just a part of operations, but a cultural shift in doing things right the first time – Security by default. Here are a few pointers to get you started:

1. Security should be a focus from the top on down

Executives should be thinking about security as a part of the cloud migration project, and not just as a step of the implementation. Security should be top of mind in planning, building, developing, and deploying applications as part of your cloud migration. This is why the Well Architected Framework has an entire pillar dedicated to security. Use it as a framework to plan and integrate security at each and every phase of your migration.

2. A cloud security policy should be created and/or integrated into existing policy

Start with what you know: least privilege permission models, cloud native network security designs, etc. This will help you start creating a framework for these new cloud resources that will be in use in the future. Your cloud provider and security vendors, like Trend Micro, can help you with these discussions in terms of planning a thorough policy based on the initial migration services that will be used. Remember from my other articles, a migration does not just stop when the workload has been moved. You need to continue to invest in your operation teams and processes as you move to the next phase of cloud native application delivery.

3. Trend Micro’s Cloud One can check off a lot of boxes!

Using a collection of security services, like Trend Micro’s Cloud One, can be a huge relief when it comes to implementing runtime security controls to your new cloud migration project. Workload Security is already protecting thousands of customers and billions of workload hours within AWS with security controls like host-based Intrusion Prevention and Anti-Malware, along with compliance controls like Integrity Monitoring and Application Control. Meanwhile, Network Security can handle all your traffic inspection needs by integrating directly with your cloud network infrastructure, a huge advantage in performance and design over Layer 4 virtual appliances requiring constant changes to route tables and money wasted on infrastructure. As you migrate your workloads, continuously check your posture against the Well Architected Framework using Conformity. You now have your new infrastructure secure and agile, allowing your teams to take full advantage of the newly migrated workloads and begin building the next iteration of your cloud native application design.

This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here: To have a more personalized conversation, please add me to LinkedIn!

The post Principles of a Cloud Migration – Security W5H – The HOW appeared first on .

Working from Home in 2020: How Cloud Use Changed

2020 has been a tumultuous year, with health and economic stability shattered for most of the world in just months. For those in a fortunate position to do so, working from home has become the new norm, and will likely be for the foreseeable future. Major companies in the tech sector have cemented the practice, with Google for example announcing that its global workforce can remain home until the end of the year. Twitter was the first to announce that employees can work from home forever, if that is their preference.

It is a sign of our times and technological development that this is possible. The pace of development for cloud services met this moment near-perfectly. Over the past few years, we’ve reached a critical mass of businesses and employees who are ramped up and comfortable using collaboration services like Zoom, Webex, Slack, and Microsoft Teams. Storage apps like Box and collaboration suites like Microsoft (Office) 365 have largely replaced the software, thumb drives, and network storage we used to manage files.

All of these services made our shift to working from home possible, and seamless for many. Companies that hadn’t ramped up yet on cloud-based collaboration and productivity apps are now on their way.

As a global provider of cloud security technology, we have a unique view into the use of cloud services and threats companies face in the cloud.  Using anonymized and aggregated metadata, we can derive trends across our vase base of 30 million enterprise cloud users.  The shift to working from home was a catalyst for us to dive into this data and uncover trends in how the world changed.

All of these findings are in our new report, the Cloud Adoption and Risk Report: Work from Home Edition. Grab the full copy below if you want to skip the preview here and go straight to the full set of findings.


First, use of all cloud services from every industry grew 50% overall from the start of 2020. However, some industries had to undergo more changes than others to enable working from home:

Manufacturing and education increased their cloud use by 144% and 114% respectively. Every parent of school-aged children has felt the shift in education practices over the past few months, with much of the burden falling to them to set up virtual classrooms or even teach their kids themselves. Manufacturing may be playing catch up – with less in-person meetings requiring immediate replacement by cloud-based tools.

Of all categories, collaboration services saw the largest increase in usage, up several hundred percent across the board. We all watched as the world restructured their social lives around Zoom, while enterprises increased their use of Webex even further, and ramped up on Slack and Teams to keep collaboration alive from a distance.

This increase in cloud use, particularly collaboration directly correlates to more data being stored in the cloud. We monitored not only these increases in service use, but also a new wave of threats targeting the wave of data entering the cloud.

We’ll dive into our threat research in part 2 of this series. To see our threat analysis before that blog is released, download the full report now.


The post Working from Home in 2020: How Cloud Use Changed appeared first on McAfee Blogs.

Is Cloud Computing Any Safer From Malicious Hackers?

Cloud computing has revolutionized the IT world, making it easier for companies to deploy infrastructure and applications and deliver their services to the public. The idea of not spending millions of dollars on equipment and facilities to host an on-premises data center is a very attractive prospect to many. And certainly, moving resources to the cloud just has to be safer, right? The cloud provider is going to keep our data and applications safe for sure. Hackers won’t stand a chance. Wrong. More commonly than anyone should, I often hear this delusion from many customers. The truth of the matter is, without proper configuration and the right skillsets administering the cloud presence, as well as practicing common-sense security practices, cloud services are just (if not more) vulnerable.

The Shared Responsibility Model

Before going any further, we need to discuss the shared responsibility model of the cloud service provider and user.

When planning your migration to the cloud, one needs to be aware of which responsibilities belong to which entity. As the chart above shows, the cloud service provider is responsible for the cloud infrastructure security and physical security of such. By contrast, the customer is responsible for their own data, the security of their workloads (all the way to the OS layer), as well as the internal network within the companies VPC’s.

One more pretty important aspect that remains in the hands of the customer is access control. Who has access to what resources? This is really no different than it’s been in the past, exception being the physical security of the data center is handled by the CSP as opposed to the on-prem security, but the company (specifically IT and IT security) are responsible for locking down those resources efficiently.

Many times, this shared responsibility model is overlooked, and poor assumptions are made the security of a company’s resources. Chaos ensues, and probably a firing or two.

So now that we have established the shared responsibility model and that the customer is responsible for their own resource and data security, let’s take a look at some of the more common security issues that can affect the cloud.

Amazon S3 

Amazon S3 is a truly great service from Amazon Web Services. Being able to store data, host static sites or create storage for applications are widely used use cases for this service. S3 buckets are also a prime target for malicious actors, since many times they end up misconfigured.

One such instance occurred in 2017 when Booz Allen Hamilton, a defense contractor for the United States, was pillaged of battlefield imagery as well as administrator credentials to sensitive systems.

Yet another instance occurred in 2017, when due to an insecure Amazon S3 bucket, the records of 198 million American voters were exposed. Chances are if you’re reading this, there’s a good chance this breach got you.

A more recent breach of an Amazon S3 bucket (and I use the word “breach,” however most of these instances were a result of poor configuration and public exposure, not a hacker breaking in using sophisticated techniques) had to do with the cloud storage provider “Data Deposit Box.” Utilizing Amazon S3 buckets for storage, a configuration issue caused the leak of more than 270,000 personal files as well as personal identifiable information (PII) of its users.

One last thing to touch on the subject of cloud file storage has to do with how many organizations are using Amazon S3 to store uploaded data from customers as a place to send for processing by other parts of the application. The problem here is how do we know if what’s being uploaded is malicious or not? This question comes up more and more as I speak to more customers and peers in the IT world.


APIs are great. They allow you to interact with programs and services in a programmatic and automated way. When it comes to the cloud, APIs allow administrators to interact with services, an in fact, they are really a cornerstone of all cloud services, as it allows the different services to communicate. As with anything in this world, this also opens a world of danger.

Let’s start with the API gateway, a common construct in the cloud to allow communication to backend applications. The API gateway itself is a target, because it can allow a hacker to manipulate the gateway, and allow unwanted traffic through. API gateways were designed to be integrated into applications. They were not designed for security. This means untrusted connections can come into said gateway and perhaps retrieve data that individual shouldn’t see. Likewise, the API requests to the gateway can come with malicious payloads.

Another attack that can affect your API gateway and likewise the application behind it, is a DDOS attack. The common answer to defend against this is Web Application Firewall (WAF). The problem is WAFs struggle to deal with low, slow DDOS attacks, because the steady stream of requests looks like normal traffic. A really great way to deter DDOS attacks at the API gateway however is to limit the number of requests for each method.

A great way to prevent API attacks lies in the configuration. Denying anonymous access is huge. Likewise, changing tokens, passwords and keys limit the chance effective credentials can be used. Lastly, disabling any type of clear-text authentication. Furthermore, enforcing SSL/TLS encryption and implementing multifactor authentication are great deterrents.


No cloud service would be complete without compute resources. This is when an organization builds out virtual machines to host applications and services. This also introduces yet another attack surface, and once again, this is not protected by the cloud service provider. This is purely the customers responsibility.

Many times, in discussing my customers’ migration from an on-premises datacenter to the cloud, one of the common methods is the “lift-and-shift” approach. This means customers take the virtual machines they have running in their datacenter and simply migrating those machines to the cloud. Now, the question is, what kind of security assessment was done on those virtual machines prior to migrating? Were those machines patched? Were discovered security flaws fixed? In my personal experience the answer is no. Therefore, these organizations are simply taking their problems from one location to the next. The security holes still exist and could potentially be exploited, especially if the server is public facing or network policies are improperly applied. For this type of process, I think a better way to look at this is “correct-and-lift-and-shift”.

Now once organizations have already established their cloud presence, they will eventually need to deploy new resources, and this can mean developing or building upon a machine image. The most important thing to remember here is that these are computers. They are still vulnerable to malware, so regardless of being in the cloud or not, the same security controls are required including things like anti-malware, host IPS, integrity monitoring and application control just to name a few.


Cloud services make it incredibly easy to deploy networks and divide them into subnets and even allow cross network communication. They also give you the ability to lock down the types of traffic that are allowed to traverse those networks to reach resources. This is where security groups come in. These security groups are configured by people, so there’s always that chance that a port is open that shouldn’t be, opening a potential vulnerability. It’s incredibly important from this perspective to really have a grasp on what a compute resource is talking to and why, so the proper security measures can be applied.

So is the cloud really safe from hackers? No safer than anything else unless organizations make sure they’re taking security in their hands and understand where their responsibility begins, and the cloud service provider’s ends. The arms war between hackers and security professionals is still the same as it ever was, the battleground just changed.

The post Is Cloud Computing Any Safer From Malicious Hackers? appeared first on .

Your Network Has Left the Building – How do you secure it?

Your network has left the building. It’s no longer sitting in the server room down the hall where you can keep an eye on it. And it’s no longer safely tucked behind your corporate firewall. Instead, it’s in the cloud. It’s inside your users’ smartphones. And especially now, your corporate network is in people’s homes.

Today’s security teams have to mind various areas of their network and cloud infrastructure, remote users and endpoints, and applications running everywhere in order to remain secure. And as soon as new technology is developed or widely used, attackers find ways to take advantage of it – making security vigilance even more critical.

In our recent 2020 CISO Benchmark Study, we asked security professionals which areas of their environment they find most challenging to defend. According to the study:

  • 52% find mobile devices and data stored in the public cloud very or extremely challenging to defend
  • 50% find private cloud infrastructure very or extremely difficult to defend
  • 41% find data centers and network infrastructure very or extremely difficult to defend
  • 39% say they are really struggling to secure applications

While the moves to mobile and cloud seem to pose the biggest challenges, the data shows that the rest of your security concerns haven’t gone away either.

So how do you do it all?

How do you protect some of the newer technologies that have become part of your environment while still paying attention to things like your traditional data center and network infrastructure to make sure they are not breached? And how do you do this amidst unprecedented remote worker hurdles and a dramatic shortage of skilled cybersecurity professionals? Here are some examples of how Cisco can help you protect the challenge areas outlined above.


In order for security to work, it has to work across all the devices your employees are using. Cisco’s endpoint security combines a variety of security technologies to make sure your users’ mobile devices are protected, and in turn, do not compromise the corporate network. For example, Cisco AnyConnect and Cisco Duo enable users to securely access your network or applications using managed or unmanaged, mobile or traditional devices. And Cisco Umbrella and Cisco AMP for Endpoints defend these devices against threats from the first line to the last line of defense.

In response to current challenges, we have also launched the Cisco Secure Remote Worker solution to help organizations address the recent rise in remote and mobile workers. The intent is to better enable IT and security teams to quickly provision remote workers without sacrificing cybersecurity. The offering includes extended free trials and expanded usage counts to help alleviate today’s tremendous IT and security demands. Learn more about how this offering can enable secure access for a distributed workforce and help you defend against malware across the network, endpoints, cloud, and applications.


Cisco’s cloud security protects your assets and data in the cloud from multiple angles. It helps secure private, public, and hybrid clouds to facilitate your transition to a multicloud environment. With Cisco’s cloud edge security, you can: 1) secure cloud access, 2) protect cloud users, data, and applications, and 3) extend in-depth visibility and threat detection into the cloud.

Data Center

Today’s application workloads are more dynamic, moving across on-prem and multicloud environments. This requires a new strategy for data center security that can protect workloads wherever they go. The Cisco Secure Data Center solution provides several layers of security through in-depth visibility, segmentation, and threat protection. The solution brings together key technologies that let you see, segment, and secure your data as it travels across your environment and into the cloud.


Related to data center security is application security. Cisco’s application security brings continuous, adaptive protection closer to your applications to give you greater insight and control over what is running in your environment. The security follows your applications to ensure protection without hindering productivity and innovation. This allows you to understand application behaviors, automate micro-segmentation, and use security analytics to speed detection.


Perhaps the trickiest area to summarize is network security due to the ever-expanding components that make up today’s “network.” You need a next-generation firewall that can keep up with your expanding infrastructure and sophisticated attackers. You need a way for authorized users to securely connect to the network. And once they’re logged in, you need multiple layers of protection to prevent them from abusing their privileges or being compromised by malware.

Bringing it all together

While we secure many areas of the corporate environment, we don’t do so in silos. Our security products all work together – and with the customer’s infrastructure, including third-party technologies – to provide more cohesive, automated defenses. By taking a platform approach to security, Cisco SecureX results in greater visibility, collaboration, and protection across all threat vectors, access points, and areas of your infrastructure. This reduces complexity while enabling a zero-trust security strategy.

For more information

Explore our entire security portfolio and review the 2020 CISO Benchmark Report for more information on how to protect various areas of your environment.

This post is part of a series covering topics and data from our 2020 CISO Benchmark Report. Read previous posts here, and be sure to check back soon for more!

The post Your Network Has Left the Building – How do you secure it? appeared first on Cisco Blogs.

Technologies in all layers of the cloud stack are at risk

As breaches and hacks continue, and new vulnerabilities are uncovered, secure coding is being recognized as an increasingly important security concept — and not just for back-room techies anymore, Accurics reveals. Cloud stack risk “Our report clearly describes how current security practices are grossly inadequate for protecting transient cloud infrastructures, and why more than 30 billion records have been exposed through cloud breaches in just the past two years,” said Sachin Aggarwal, CEO at Accurics. … More

The post Technologies in all layers of the cloud stack are at risk appeared first on Help Net Security.

How a good user experience brings the pieces of the enterprise IT jigsaw together

Have you ever done a jigsaw puzzle with pieces missing? Or tried to do a complicated one with only part of the picture showing on the box lid? If so, you will know how it feels to be the folks working to create secure, robust, and seamless enterprise IT systems. Enterprise IT has morphed into something that can feel complex and messy at best and out of control at worst. Each deployment can be convoluted, … More

The post How a good user experience brings the pieces of the enterprise IT jigsaw together appeared first on Help Net Security.

Mirror Mirror On The Wall, Is My Cloud The Most Secure?

What is the value of your cloud security investment?

How does your cloud security measure up with industry peers?

Amongst all the cloud security measures available, where should you get started?

Do you think nothing short of a magic will help answer these questions? If you answered YES! to any of the above questions, read on.

Cloud Adoption is Mainstream!

Cloud computing has evolved from being a market disruptor to the expected approach for IT. Today, businesses are evolving from being “cloud-first” to “cloud-only” According to the McAfee Cloud Adoption and Risk Report 2019, 87% enterprises said they experienced benefits from the cloud that helped drive business acceleration.

Need for Cloud Security Solutions is Paramount!

With businesses moving more sensitive data into the cloud, the need for cloud security solutions is paramount. Consider this – the average cost of a data breach for the US is $8.19 million1! The cost of loss of reputation, non-compliance or credibility is immense. Businesses recognize this truth and the need for cloud security as part of their cloud adoption journey.  As organizations adopt new infrastructure and software, cloud security spending is continuing to increase. By 2023, spending on global cloud security solutions is expected to reach $12.7 billion, according to the Forrester Analytics: Cloud Security Solutions Forecast, 2018 To 2023 (Global) report.2

So, does IT really need a magical mirror to help answer foundational questions like measuring the value of their cloud security spending?

McAfee MVISION Cloud has the Answer!

McAfee MVISION Cloud, a leading Cloud Access Security Broker that provides comprehensive visibility and control across enterprise SaaS, PaaS, and Infrastructure as a Service environments, and the MVISION Cloud Security Advisor (CSA) might just have the answer!

Join us for a live webinar with Kima Hayuk, Senior IP Protection Manager for Electronic Arts and Thyaga Vasudevan, Head of Product, MVISION Cloud, McAfee.

When: May 14th, 10AM PST | 10 AM SGT | 1:00PM BST

Where: Register here Mirror Mirror On The Wall, Is My Cloud The Most Secure?


  1. Learn about Electronic Arts’ cloud journey and how McAfee MVISION Cloud helps address their complex cloud security requirements
  2. Introducing MVISION CSA and how it works:
    • CSA as a tool to measure your cloud security maturity and risk posture
    • CSA as a tool to measure the value generated by your cloud investment
    • CSA as a tool to measure your cloud security posture vs. industry peers
    • CSA as a tool to get a list of unique and actionable recommendations to guide on your cloud journey.

Join Us to learn more about what customers and analysts are calling a game changer!



2Forrester Analytics: Cloud Security Solutions Forecast, 2018 To 2023(Global) report, 1 April 2019, Jennifer Adams, Andras Cser and Sanjeev Kumar


The post Mirror Mirror On The Wall, Is My Cloud The Most Secure? appeared first on McAfee Blogs.

Principles of a Cloud Migration – Security W5H – The WHERE


“Wherever I go, there I am” -Security

I recently had a discussion with a large organization that had a few workloads in multiple clouds while assembling a cloud security focused team to build out their security policy moving forward.  It’s one of my favorite conversations to have since I’m not just talking about Trend Micro solutions and how they can help organizations be successful, but more so on how a business approaches the creation of their security policy to achieve a successful center of operational excellence.  While I will talk more about the COE (center of operational excellence) in a future blog series, I want to dive into the core of the discussion – where do we add security in the cloud?

We started discussing how to secure these new cloud native services like hosted services, serverless, container infrastructures, etc., and how to add these security strategies into their ever-evolving security policy.

Quick note: If your cloud security policy is not ever-evolving, it’s out of date. More on that later.

A colleague and friend of mine, Bryan Webster, presented a concept that traditional security models have been always been about three things: Best Practice Configuration for Access and Provisioning, Walls that Block Things, and Agents that Inspect Things.  We have relied heavily on these principles since the first computer was connected to another. I present to you this handy graphic he presented to illustrate the last two points.

But as we move to secure cloud native services, some of these are outside our walls, and some don’t allow the ability to install an agent.  So WHERE does security go now?

Actually, it’s not all that different – just how it’s deployed and implemented. Start by removing the thinking that security controls are tied to specific implementations. You don’t need an intrusion prevention wall that’s a hardware appliance much like you don’t need an agent installed to do anti-malware. There will also be a big focus on your configuration, permissions, and other best practices.  Use security benchmarks like the AWS Well-Architected, CIS, and SANS to help build an adaptable security policy that can meet the needs of the business moving forward.  You might also want to consider consolidating technologies into a cloud-centric service platform like Trend Micro Cloud One, which enables builders to protect their assets regardless of what’s being built.  Need IPS for your serverless functions or containers?  Try Cloud One Application Security!  Do you want to push security further left into your development pipeline? Take a look at Trend Micro Container Security for Pre-Runtime Container Scanning or Cloud One Conformity for helping developers scan your Infrastructure as Code.

Keep in mind – wherever you implement security, there it is. Make sure that it’s in a place to achieve the goals of your security policy using a combination of people, process, and products, all working together to make your business successful!

This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here:

Also, feel free to give me a follow on LinkedIn for additional security content to use throughout your cloud journey!

The post Principles of a Cloud Migration – Security W5H – The WHERE appeared first on .

Cyber Security Roundup for May 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2020.

As well reported, UK foreign exchange firm Travelex business operations were brought to a standstill after its IT systems were severely hit by the Sodinokibi ransomware at the start of the year. It was reported that
 REvil group were behind the attack and had stolen 5Gbs of customer personal data, and then demanded $6 million (£4.6m) in ransom. The Wall Street Journal reported in April 2020 that Travelex had reached a deal, paying $2.3 million (£1.84m) in Bitcoin to the cybercriminals. This sort of response incentivises future ransomware activity against all other businesses and could lead to an inflation of future cyber-extortion demands in my opinion.

Cognizant, a US large digital solutions provider and IT consultancy, was reportedly hit by the Maze ransomware.  Maze, previously known as the 'ChaCha' ransomware, like the Travelex attack, not only encrypts victim's files but steals sensitive data from the IT systems as well. Enabling the bad guys to threaten the publishing of the stolen data if the organisation cough up to their cyber-extortion demands, so the bad guys are very much rinsing and repeating lucrative attacks.

Microsoft wrote an excellent blog covering the 'motley crew' of ransomware payloads  The blog covers ransomware payloads said to be straining security operations especially in health care, Microsoft warned, urging security teams to look for signs of credential theft and lateral movement activities that herald attacks.

Researchers continue to be busy in exposing large sensitive datasets within misconfigured cloud services.  In April researchers reported 14 million Ring user details exposed in misconfigured AWS open database, fitness software Kinomap had 42 million user details exposed in another misconfigured database, and Maropost had 95 million users exposed, also in a misconfigured database.

Nintendo confirmed 160,000 of its users' accounts had been accessed, exposing PII and Nintendo store accounts. The gaming giant Nintendo said from April, its user's accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming. The company is unaware exactly how the intrusion had occurred, saying it “seems to have been made by impersonating login to “Nintendo Network ID. “If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account,” Nintendo said. In response to these issues the company has abolished user’s ability to log into their Nintendo account via NNID and passwords for both NNID and Nintendo accounts are being reset and the company is recommending multi-factor authentication be set up for each account.  The account breaches weren't the only cyber issue affecting Nintendo in April, it reported that a bot, dubbed 'Bird Bot' was used by a reseller to buy up Nintendo Switches before customers could make their Switch purchase from Nintendo. The bot using reseller benefits at the expense of consumers, in buying up all available Switches directly from Nintendo, they are able to sell them on for higher prices, so making a quick and easy tidy profit, due to the current high demand of Switches and lack of supply.

April was a busy month for security updates, Microsoft released security patches fixing 113 vulnerabilities on Patch Tuesday and an out-of-band patch for Teams found by researchers at CyberArk. Patch Tuesday for a quiet one for Adobe, though they released fixes for 21 critical vulnerabilities in illustrator and Bridge at the end of the month.  Oracle released a huge 397 fixes for 450 CVEs in over 100 products, which I think is a new record for a patch release!  

Sophos said it and its customers were attacked when a previously unknown SQL injection vulnerability in their physical and virtual XG Firewall units was exploited. “The attack affected systems configured with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone. In addition, firewalls manually configured to expose a firewall service (e.g. SSL VPN) to the WAN zone that shares the same port as the admin or User Portal were also affected,Sophos said.

There were security critical patch releases for Mozilla Firefox, Chrome (twice), and for 8 Cisco products. A bunch of VMware patches for including a CVSS scored 10 (highest possible) in vCenter, a critical in vRealize Log Insight and a critical cross-site scripting vulnerability in ESXi 6.5 and 6.7. And finally, on the patch front, Intel decided to discontinue multiple products, as it was unable to keep ahead of patch their vulnerabilities.

Stay safe, safe home and watch for the scams.



    Principles of a Cloud Migration – Security W5H – The When


    If you have to ask yourself when to implement security, you probably need a time machine!

    Security is as important to your migration as the actual workload you are moving to the cloud. Read that again.

    It is essential to be planning and integrating security at every single layer of both architecture and implementation. What I mean by that, is if you’re doing a disaster recovery migration, you need to make sure that security is ready for the infrastructure, your shiny new cloud space, as well as the operations supporting it. Will your current security tools be effective in the cloud? Will they still be able to do their task in the cloud? Do your teams have a method of gathering the same security data from the cloud? More importantly, if you’re doing an application migration to the cloud, when you actually implement security means a lot for your cost optimization as well.

    NIST Planning Report 02-3

    In this graph, it’s easy to see that the earlier you can find and resolve security threats, not only do you lessen the workload of infosec, but you also significantly reduce your costs of resolution. This can be achieved through a combination of tools and processes to really help empower development to take on security tasks sooner. I’ve also witnessed time and time again that there’s friction between security and application teams often resulting in Shadow IT projects and an overall lack of visibility and trust.

    Start there. Start with bringing these teams together, uniting them under a common goal: Providing value to your customer base through agile secure development. Empower both teams to learn about each other’s processes while keeping the customer as your focus. This will ultimately bring more value to everyone involved.

    At Trend Micro, we’ve curated a number of security resources designed for DevOps audiences through our Art of Cybersecurity campaign.  You can find it at

    Also highlighted on this page is Mark Nunnikhoven’s #LetsTalkCloud series, which is a live stream series on LinkedIn and YouTube. Seasons 1 and 2 have some amazing content around security with a DevOps focus – stay tuned for Season 3 to start soon!

    This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here:

    Also, feel free to give me a follow on LinkedIn for additional security content to use throughout your cloud journey!

    The post Principles of a Cloud Migration – Security W5H – The When appeared first on .

    Principles of a Cloud Migration – Security, The W5H – Episode WHAT?


    Teaching you to be a Natural Born Pillar!

    Last week, we took you through the “WHO” of securing a cloud migration here, detailing each of the roles involved with implementing a successful security practice during a cloud migration. Read: everyone. This week, I will be touching on the “WHAT” of security; the key principles required before your first workload moves.  The Well-Architected Framework Security Pillar will be the baseline for this article since it thoroughly explains security concepts in a best practice cloud design.

    If you are not familiar with the AWS Well-Architected Framework, go google it right now. I can wait. I’m sure telling readers to leave the article they’re currently reading is a cardinal sin in marketing, but it really is important to understand just how powerful this framework is. Wait, this blog is html ready – here’s the link: It consists of five pillars that include best practice information written by architects with vast experience in each area.

    Since the topic here is Security, I’ll start by giving a look into this pillar. However, I plan on writing about each and as I do, each one of the graphics above will become a link. Internet Magic!

    There are seven principles as a part of the security framework, as follows:

    • Implement a strong identity foundation
    • Enable traceability
    • Apply security at all layers
    • Automate security best practices
    • Protect data in transit and at rest
    • Keep people away from data
    • Prepare for security events

    Now, a lot of these principles can be solved by using native cloud services and usually these are the easiest to implement. One thing the framework does not give you is suggestions on how to set up or configure these services. While it might reference turning on multi-factor authentication as a necessary step for your identity and access management policy, it is not on by default. Same thing with file object encryption. It is there for you to use but not necessarily enabled on the ones you create.

    Here is where I make a super cool (and free) recommendation on technology to accelerate your learning about these topics. We have a knowledge base with hundreds of cloud rules mapped to the Well-Architected Framework (and others!) to help accelerate your knowledge during and after your cloud migration. Let us take the use case above on multi-factor authentication. Our knowledge base article here details the four R’s: Risk, Reason, Rationale, and References on why MFA is a security best practice.

    Starting with a Risk Level and detailing out why this is presents a threat to your configurations is a great way to begin prioritizing findings.  It also includes the different compliance mandates and Well-Architected pillar (obviously Security in this case) as well as descriptive links to the different frameworks to get even more details.

    The reason this knowledge base rule is in place is also included. This gives you and your teams context to the rule and helps further drive your posture during your cloud migration. Sample reason is as follows for our MFA Use Case:

    “As a security best practice, it is always recommended to supplement your IAM user names and passwords by requiring a one-time passcode during authentication. This method is known as AWS Multi-Factor Authentication and allows you to enable extra security for your privileged IAM users. Multi-Factor Authentication (MFA) is a simple and efficient method of verifying your IAM user identity by requiring an authentication code generated by a virtual or hardware device on top of your usual access credentials (i.e. user name and password). The MFA device signature adds an additional layer of protection on top of your existing user credentials making your AWS account virtually impossible to breach without the unique code generated by the device.”

    If Reason is the “what” of the rule, Rationale is the “why” supplying you with the need for adoption.  Again, perfect for confirming your cloud migration path and strategy along the way.

    “Monitoring IAM access in real-time for vulnerability assessment is essential for keeping your AWS account safe. When an IAM user has administrator-level permissions (i.e. can modify or remove any resource, access any data in your AWS environment and can use any service or component – except the Billing and Cost Management service), just as with the AWS root account user, it is mandatory to secure the IAM user login with Multi-Factor Authentication.

    Implementing MFA-based authentication for your IAM users represents the best way to protect your AWS resources and services against unauthorized users or attackers, as MFA adds extra security to the authentication process by forcing IAM users to enter a unique code generated by an approved authentication device.”

    Finally, all the references for each of the risk, reason, and rationale, are included at the bottom which helps provide additional clarity. You’ll also notice remediation steps, the 5th ‘R’ when applicable, which shows you how to actually the correct the problem.

    All of this data is included to the community as Trend Micro continues to be a valued security research firm helping the world be safe for exchanging digital information. Explore all the rules we have available in our public knowledge base:

    This blog is part of a multi-part series dealing with the principles of a successful cloud migration.  For more information, start at the first post here:

    The post Principles of a Cloud Migration – Security, The W5H – Episode WHAT? appeared first on .

    Safe Collaboration with McAfee and Microsoft Teams

    McAfee MVISION Cloud for Microsoft Teams, the first and only CASB certified for Microsoft Teams, now offers a frictionless approach to data protection collaboration within Teams with new support for Microsoft encrypted webhooks. McAfee enforces compliance in Microsoft Teams via Data Loss Prevention (DLP) policies by using Microsoft Graph change notifications that provide a secure way to monitor chat messages in Teams via encrypted resource data in the payload. This enables McAfee customers to improve productivity of their employees by letting them use Microsoft Teams as a collaboration platform and participate in conversations and calls, and upload and share documents without compromising security.

    Working from home has become a new reality for many, as more and more companies are requesting that their staff work remotely. Already, we are seeing how solutions that enable remote work and learning across chat, video, and file collaboration have become central to the way we work. Microsoft has seen an unprecedented spike in Teams usage and they now have more than 44 million daily users,* a figure that has grown by 12 million in just the last few  weeks. Those users have generated over 900 million meeting and calling minutes on Teams each day during the week of March 16.1 They recently shared the data below on their third anniversary.

    McAfee MVISION Cloud for Microsoft Teams offers a cloud-native solution for organizations to consistently protect their data and defend against threats in the cloud. Here are a few of the use cases:

    • Modern data security. IT can extend existing DLP policies to messages and files in all types of Teams channels, enforcing policies based on keywords, fingerprints, data identifiers, regular expressions and match highlighting for content and metadata.
    • Collaboration control. Messages or files posted in channels can be restricted to specific users, including blocking the sharing of data to any external location.
    • Comprehensive remediation. Enables auditing of regulated data uploaded to Microsoft Teams and remediates policy violations by coaching users, notifying administrators, quarantining, tombstoning, restoring and deleting user actions. End users can autonomously correct their actions, removing incidents from IT’s queue.
    • Threat prevention. Empowers organizations to detect and prevent anomalous behavior indicative of insider threats and compromised accounts. McAfee captures a complete record of all user activity in Teams and leverages machine learning to analyze activity across multiple heuristics to accurately detect threats.
    • Forensic investigations: With an auto-generated, detailed audit trail of all user activity, MVISION Cloud provides rich capabilities for forensics and investigations.
    • On-the-go security, for on-the-go policies. Helps secure multiple access modes, including browsers and native apps, and applies controls based on contextual factors, including user, device, data and location. Personal devices lacking adequate control over data can be blocked from access.

    Here’s a video introduction to MVISION Cloud for Microsoft Teams

    Available now, MVISION Cloud for Teams helps meet customer demand in securing their most important cloud resources. McAfee MVISION Cloud for Microsoft Teams is now in use with a substantial number of large enterprise customers to enable their security, governance and compliance capabilities. The solution fits all industry verticals due to the flexibility of policies and its ease of use.

    For More Information:

    *Microsoft defines daily active usage as the maximum daily users performing an intentional action in a 24-hour period across the desktop client, mobile client, and web client. Intentional actions include sending or replying to a chat, joining a meeting, or opening a file in Teams. Passive actions like auto boot, minimizing a screen, or closing the app are not included.



    The post Safe Collaboration with McAfee and Microsoft Teams appeared first on McAfee Blogs.

    Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone

    virtual play date

    Every day we discover (or stumble over) new ways of coping and connecting during this unique chapter in family life. Still, as every age group under your roof finds their favorite virtual play date and hangout apps, parents may need to add a few safety rails to make sure the fun stays fun.

    IRL community resurfaces

    virtual play date

    While this health crisis is devastating in so many ways, it’s also put a spotlight on the many heartwarming ways to connect in real life (IRL). We’re placing teddy bears in our windows for solidarity, creating scavenger hunts for neighborhood kids, serenading shut-ins, publically supporting first responders, celebrating birthdays and graduations with drive-by parades, and so, so much more.

    The ongoing infusion of true, human connection has softened the uncertainty. Still, kids of every age need to maintain an emotional connection with peers. Here are a few things to think about as kids of every age connect with friends online.

    Pre-K and Elementary Virtual Play Dates

    Since health experts have put restrictions on familiar fun for little ones such as playgrounds, sports leagues, sleepovers, playdates, and even visits with grandparents, parents are relaxing screen time rules and looking for ways to have virtual playdates. Free video tools such as FaceTime and Zoom are proving lifesavers for group art, play, and learning, as are safe websites for young ones and phone apps. (If you run out things to do, here’s a great list of fun to tap and great learning sites for every age group).

    Keep Them Safe

    • Share online experiences with young children at all times. Sit with them to teach, monitor, and explain the context of new digital environments. Also, keep computers and phones in a common area.
    • Try to keep screen time brief. Even young kids can become too screen-reliant.
    • Maximize privacy settings on all devices and turn on and safe mode or search on websites and apps.
    • Introduce concepts such as cyberbullying and strangers in age-appropriate language.
    • Start family security efforts early. Consider the benefits of filtering software, safe browsing, and encrypting your family’s digital activity with a Virtual Private Network (VPN).

    Middle and High Schooler Virtual Hang Outs

    While screen time has spiked, digital connection while homebound is also essential for tweens and teens for both learning and peer relationships. Kids finding their new virtual hangouts on social networks, group chats, and video games. They are also playing virtual board games using sites such as Pogo, Let’s Play Uno, and Zoom. Netflix Party has become a fun way to watch Netflix with groups of friends.

    Keep Them Safe

    • At this age many kids (own or will soon own) a smartphone. With increased time online, you may want to review the basics, such as privacy and location settings. This includes gaming devices.
    • With increased internet use and most schools closed for the year, using parental control software and gaming security software can help parents reduce online risks for children of all ages.
    • Be aware of and talk about trending, risky digital behaviors, and challenges that can surface on apps such as TikTok, and WhatsApp.
    • Review and approve games and apps before they are downloaded and consider monitoring your children’s devices as well as social profiles and posts.
    • This age group is quick to jump on public wifi, which puts your family’s data at risk. Exploring using a family VPN is critical for this age group.
    • Discuss the danger of connecting with strangers online. Also, discuss the risks of oversharing personal information and photos, even in seemingly private chats and texts. Don’t let boredom lead to bad choices.
    • Discuss cyberbullying and how to block and report accounts that express hateful, racist, or threatening behavior.
    • Coach your kids on using strong passwords and how to verify legitimate websites and identity online scams.

    There’s nothing normal for families about this time, but there is something special. Grab it. Keep talking and laughing, especially on the hard days. Have a daily “heart check-in” with your teen if he or she seems to be isolating. Give one another space for topsy turvy moods. And, don’t forget parents, before this is all over, be sure to nail that TikTok dance with your kids and share it with the world!

    The post Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone appeared first on McAfee Blogs.

    Custom Applications with CASB

    More and more organizations are making the decision to move their legacy, in-house applications to the cloud mainly due to the cost savings. One of the major concerns about moving applications to the cloud is how to secure an application that was originally designed to be on-premise.

    When these applications were behind on-premise network security there was not a concern about who would be able to access them and what they were doing in the application. Moving to the cloud now introduces this dynamic and with it concerns around how to control who accesses the applications once they are in the cloud.

    This move to the cloud now also opens the door to accessing applications from anywhere in the world and potentially any device. Being able to have visibility into where a user is logging in from geographically as well as what activities a user takes beyond an initial login and the context upon which that access occurs will help keep the data secure.

    These same applications may have relied on a local directory to store attachments or documents. Moving to the cloud would likely mean storing those same attachments or documents in a cloud-based directory like Amazon Web Services (AWS) Simple Storage Service (S3) or Microsoft Azure Blob Storage.

    When on-premise access to the application or information within the application would typically be limited to a corporate-wide incident. If access settings in the cloud are misconfigured, then the exposure is much larger.

    Having the ability to easily and quickly add these capabilities to applications being moved to the cloud can be addressed by leveraging an API framework into the model. Incorporating an API framework would provide the following capabilities:

    1. Prevent unauthorized sensitive data from being stored in cloud collaboration, file-sharing, or storage devices
    2. Capture a complete audit trail of all user activity for forensic investigations
    3. Detect malware, compromised accounts, privileged access misuse and insider threats
    4. Successful/failed login attempts
    5. Who is accessing the application, device type, IP address, role of the user and geographic location
    6. How much data is being accessed, created, updated, deleted, downloaded, shared, or uploaded

    MVC for Custom Applications will enable organizations to enforce CASB policies without the need for developers to spend a lot of valuable time writing code. This will allow legacy applications to have the MVC CASB enforce security policies enforced on it, whether the application is in a private data center or in the cloud.

    To learn more about McAfee’s cloud solutions, check out McAfee MVISION Cloud Portfolio.

    The post Custom Applications with CASB appeared first on McAfee Blogs.

    McAfee and Atlassian Collaborate to Deliver Cloud Security Capabilities

    Today cloud adoption is considered mainstream, with 83% of enterprise workloads expected to in the cloud by 2020 . As more organizations move their workloads to the cloud and to remote work from home environments, security must also evolve to meet the challenges of this new normal. According to a recent McAfee report, the average enterprise organizations utilizes 1,400 different cloud services fueling the need for solutions that are designed to secure the cloud. Further, industry analyst firm Gartner warns that “through 2025, 99% percent of cloud security failures will be the customer’s fault.”1 This has caused enterprises to look for ways to enforce additional security controls on their cloud solutions beyond what a cloud service provider (SaaS or IaaS) offers natively.

    Atlassian is a SaaS software powerhouse that builds products for content management, software development & project management, widely adopted by organizations globally. McAfee MVISION Cloud is a leading Cloud Access Security Broker (CASB) that provides comprehensive visibility and control for SaaS, PaaS, and IaaS, across Content and DevOps environments. The collaboration between Atlassian and McAfee combine their joint strengths to deliver an optimized cloud security solution for customers.

    Key Customer Challenges

    As enterprises adopt cloud applications, they may see the following challenges related to cloud security:

    • Users may unintentionally upload sensitive data on to a cloud service for e.g. health insurance claim numbers, credit card numbers, AWS keys, etc. in. Jira Software, Confluence or other cloud applications
    • In the modern enterprise, traditional network parameters are dissolving. Most users now use devices that sit outside the enterprise firewall to access enterprise cloud applications such as Jira Software, Confluence, Bitbucket and Bamboo.
    • Exiting employee may go rogue or leave their credentials easily accessible. Risk of insider threats, compromised user accounts or privileged access on SaaS applications need to be addressed
    • Drifts in configurations of SaaS applications like Jira Software Cloud can cause unintentional exposure of sensitive data
    • Infrastructure code misconfiguration or “drift,” from standard benchmarks that occur over time in a cloud environment can expose sensitive information and increase risk.

    McAfee MVISION Cloud for Atlassian Solution

    McAfee MVISION Cloud for Atlassian products help organizations securely accelerate their business in the following ways:

    • MVISION Cloud (MVC) prevents sensitive or regulated data from being uploaded or shared with unauthorized parties in real-time, while using Atlassian’s Jira Software or Confluence Cloud products. For example: detecting PII (Social Security Numbers), PCI (credit card numbers), HIPAA classified data (health insurance claim number) or other Confidential Data (Mergers & Acquisitions related documents)
    • MVISION Cloud limits download/sync to unmanaged devices and gain total control over user access to Atlassian applications by enforcing context-specific policies limiting specific end-user actions.
    • MVISION Cloud captures the complete audit trail of all user activity enriched with threat intelligence to facilitate post incident forensic investigations. MVC detects threats from compromised accounts, insider threats, privileged access misuse and malware infection.
    • Customers use a source code repository & CI/CD tools for building Cloud Native applications. McAfee MVISION Cloud integration with Atlassian’s Bitbucket Cloud and Bamboo products helps detect drifts in configuration from standard CIS benchmarks. It also ensures that data is protected on misconfigured resources or just simply within these applications

    Atlassian-McAfee Collaboration Benefits

    To summarize, a chain is only as strong as its weakest link. The collaboration between Atlassian and McAfee combines their joint strengths to deliver an optimized cloud security solution that is a win-win for the customer as well as the cloud provider.

    Shared Right: Security is a shared responsibility between Customers and Cloud Providers

    Atlassian’s cloud tools are mission critical to customer businesses and places where they may be storing sensitive information in Jira Software, Confluence and Bitbucket. One of the reasons that 99% of issues are expected to be attributed to the customer, is that while cloud providers (including Atlassian) have invested very heavily in security and have directly addressed core challenges that an on-prem solutions may cause (with updates, vulnerability monitoring, incident response, etc.), their customers may be much earlier on in their security journey. Here’s where McAfee MVISION Cloud steps in to secure the delta, by helping customers deliver on their share of the security responsibility.

    For example, a large healthcare customer is using McAfee MVISION Cloud to detect any sensitive data violating compliance and regulatory policies within Jira Software or Confluence Cloud.

    Shift Left: Securing DevOps by Enabling DevSecOps

    As a maker of tools for development teams, Atlassian wants to make it easier for developers to build and operate secure products, while responding to security incidents more quickly and effectively. McAfee MVISION Cloud “Shift Left” can help Atlassian customers ensure that the infrastructure and the myriad of configurations options available, are deployed according the security and regulatory compliance best practices. “Shift Left” inline integration seamlessly incorporates these security checks without any extra steps required by the developers or DevOps teams.

    To learn more about how McAfee-Atlassian products work together, please attend our joint webinar on May 20th, 2020

    Additional Resources:

    Blog: McAfee MVISION Cloud for Atlassian Access

    Blog: Shift Left Inline – Integration with Atlassian Bitbucket CI/CD Pipes



    1 Source: “Smarter With Gartner” Blog, Is the Cloud Secure?, October 10, 2019,  Contributor Kasey Panetta,

    The post McAfee and Atlassian Collaborate to Deliver Cloud Security Capabilities appeared first on McAfee Blogs.

    McAfee MVISION Cloud for Atlassian Access

    Atlassian cloud products help small, medium, and big enterprises around the world to build and run their businesses effortlessly by enabling collaboration among team members both co-located and working remotely. Be it Jira for project planning and issue tracking, Confluence for document collaboration, Bitbucket for source code repository management, Opsgenie for incident management, or Jira Service Desk for customer support, all the products from Atlassian suite allow cross functional teams to achieve higher productivity in various stages of the business workflow.

    However, the flexibility of being able to access cloud products from any device or location also means higher risk of potential security threats. Any enterprise using Software-as-a-Service tools is vulnerable to the following threats.

    • Compromised credentials: Stolen or compromised credentials of users or administrators through various means such as phishing can result in data breaches by letting the adversaries get access to sensitive data of the organization stored in the cloud
    • Privilege user threats: Abuse of privilege user roles or permissions can result in insider threats that pose a greater risk to organization’s data

    McAfee MVISON Cloud’s integration with Atlassian Access provides the additional security layer for the organizations using Atlassian tools and allows these organizations to take advantage of the productivity gains from using the cloud native products of Atlassian without compromising on security.

    By integrating with Atlassian Access’s organization audit log, McAfee MVISION Cloud creates a comprehensive audit trail of user and administrator activity to allow the security admins perform forensic investigations based on various attributes such as user, location, activity type etc., and automatically identifies threatful or anomalous user and administrator behavior by applying machine learning on the activity feed. As a comprehensive cloud security platform, McAfee can detect cross-cloud threats that involve usage across Atlassian products and other cloud services. As threats are resolved, McAfee automatically incorporates this data into its behavioural models to improve detection accuracy.

    Enterprises can benefit from the following security controls provided out-of-the-box by McAfee MVISON Cloud: 

    • McAfee detects compromised account activity in Atlassian based on brute force login attempts, access from new and untrusted locations for a specific user, and user activity from multiple locations in a time period that implies impossible travel, even if the user activity occurs across multiple cloud services.
    • McAfee automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and team to identify activity indicative of insider threat, whether the threat is accidental or malicious. Privileged User Analytics identifies risk from dormant administrator accounts, excessive permissions, and unnecessary escalation of privileges and user provisioning.

    The post McAfee MVISION Cloud for Atlassian Access appeared first on McAfee Blogs.

    Shift Left Inline – Integration with Atlassian Bitbucket CI/CD Pipes

    Infrastructure-as-a-Service (IaaS) is used by organizations of all sizes as the new default IT environment to build and host internal and customer-facing applications. To leverage numerous capabilities offered by IaaS providers for faster adoption, many organizations overlook the cloud shared-responsibility model and assume that security is taken care of completely by the cloud provider. At the end of the day, the security of what cloud customers put in the cloud, most importantly sensitive data, is their responsibility. According to leading analyst Gartner,Through 2025, 99% of cloud security failures will be the customer’s fault 

    Per McAfee CARR reportabout 99% of misconfigurations go unnoticed by companies using IaaS. On an average, companies were aware of about 37 misconfiguration incidents per month, but real-world data shows that companies actually experience closer to 3,500 such incidents – about ~100 times more! 

    It is possible that the speed of IaaS adoption is putting a lot of security practitioners behind, and in the never ending catch-up game. And, as expected, the flexibility offered by IaaS providers helps to change the infrastructure rapidly based on ever-changing demands, leaving the door open through misconfigurations happens all the time. More so, as the changes are done through Infrastructure as Code (IaCin Continuous Integration/ Continuous Delivery (CI/CD) fashion. While MVISION Cloud’s IaaS config audit reports and helps to ensure that deployed infrastructure is compliant and pristine, as new resources are deployed through DevOps templates, similar compliance issues keep getting reported over and over. 

    Integration with Atlassian Bitbucket pipes performs ‘inline’ evaluation of the DevOps templates such that any DevOps template push to the Bitbucket code repo which is configured to trigger a build, in turn automatically evaluates them to check for vulnerabilities present. And, any misconfiguration errors are reported right in the developer’s console highlighting all specific policies in question. 

    This helps the DevOps personnel analyze and remediate misconfiguration issues at source such that any further deployment using those templates don’t create further and similar issues in the IaaS environments. Hence, the Security team enforces the process and sets the guidelines avoiding the issue of dealing with an impossible task of keeping up with the ever growing non-compliant issues. The ability to enforce these checks earlier in the DevOps cycle immensely helps so that they can delegate enforcement for any new resources that are deployed, and stop the deployment of any non-complaint DevOps templates. By adding security earlier into the DevOps process, security professionals can catch risky configurations before they become a threat in production.  

    The integration setup is simple where the YAML file is configured to use the McAfee MVISION Cloud Docker image along with few environment variables. Setup completes once pipelines is enabled. The scans support AWS CloudFormation, Azure ARM and Terraform templates. All the issues are also reported as incidents in MVISION Cloud’s dashboard. 

    It is imperative for enterprises to better align developers and security. The end goal is a state where developers aren’t seeing security as just a check box or something to throw over the fence to the security team during production, but as an essential part of their daily development process. As a maker of tools for development teams, Atlassian wants to make it easier for developers to build and operate secure products, while responding to security incidents more quickly and effectively. The partnership between Atlassian and McAfee combines the joint strengths to deliver an optimized security solution for customers.  Join us to learn more at the Atlassian 2020 Summit.

    1 Source is: “Smarter With Gartner” Blog, Is the Cloud SecureOctober 10, 2019 Kasey Panetta 

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose 


    The post Shift Left Inline – Integration with Atlassian Bitbucket CI/CD Pipes appeared first on McAfee Blogs.

    Near Real-Time DLP and Malware support for IaaS

    Cloud and IaaS (Infrastructure as a Service) represents the future of IT, as organizations across industries, consolidate their data centers. According to a press release from Gartner, “The worldwide public cloud services market is forecast to grow 17% in 2020 to total $266.4 billion, up from $227.8 billion in 2019, according to Gartner, Inc.1” “At this point, cloud adoption is mainstream1” said, Sid Nag, research vice president at Gartner.

    Infrastructure as a service (IaaS) is forecast to grow 24% CAGR year over year to $50Bn in 2020, which is the highest growth rate across all cloud segments1. Computing workloads are moving to cloud solutions like Amazon Web Services, Microsoft Azure, and Google Cloud Platform as companies pursue benefits in scalability, cost, and even security.

    Tied with this move is the fact that sensitive data being stored in cloud-native or lift-n-shift applications is being stored in the public cloud. According to IDC, “In 2025, IDC predicts that 49 percent of the world’s stored data will reside in public cloud environments”2.  Per the latest MVISION Cloud IaaS CARR report, companies actively assessing their data exfiltration attempts in IaaS currently see an average of 5,314 events each month. This increased 248% over last year, when companies experienced an average of 1,527. Hence, it is critical for organizations to implement policy controls for data stored in the cloud. Also, the report further shows that the documents uploaded contain sensitive information such as personally identifiable information (PII), protected health information (PHI), payment card data, or intellectual property, creating cloud compliance concerns. Hence security teams should be increasingly looking to extend their data loss prevention policies to data in the cloud to minimize their risk exposure.

    McAfee’s MVISION Cloud, the market leading Cloud Access Security Broker (CASB) solution offers the leading cloud data loss prevention (DLP) solution – this enables organizations to extend their DLP policies to where their information lives today – the cloud, be it SaaS Applications or IaaS Storage locations. The DLP policies can be applied uniformly to both SaaS and IaaS services. McAfee now supports for IaaS CSPs as well such as AWS and Azure. With this, both real-time and On-Demand Scan (ODS) DLP policy capability is available for both IaaS and SaaS services. And, you can leverage the existing DLP policies for IaaS services without making any changes – as the same rule-set applies as is. Even – the Quarantine response action as configured in the policies are honored automatically.

    This provides organizations the tremendous flexibility to enforce policies to protect information from theft or loss and ensure compliance with regulations such as PCI DSS, HIPAA-HITECH, GLBA, SOX, CIPA, FISMA, and FERPA. These policies help to apply comprehensive checks based on keywords, regular expressions, file characteristics, data identifiers, etc. Customers can leverage pre-built or vertical-specific templates to get quickly started.

    Apart from the capability for DLP, the MVISION Cloud platform also provides real-time and On-Demand scanning capabilities  for Malware detection using McAfee’s Global Threat Intelligence (GTI) database. Or, in other words, whenever a file is created, modified or restored, it can scanned in real-time for both DLP and Malware detection, and quarantined automatically.

    If you are an existing MVISION Cloud customer with access to IaaS DLP functionality, this should be automatically enabled for you. If you need any further help in configuring or using this capability, please reach out to your MVISION Cloud support representative.

    1 Gartner Press Release: Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17% in 2020, 13 November 2019

    2 IDC White Paper, sponsored by Seagate, Data Age 2025: The Digitization of the World from Edge to Core, November 2018

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose




    The post Near Real-Time DLP and Malware support for IaaS appeared first on McAfee Blogs.

    CVE Vulnerability Scanning for Containers

    At McAfee, our job is to help secure the workloads and data that our customers rely on to power their business.  This release of MVISION Cloud for Containers is about taking all the best practices around how these systems should be designed and giving customers a strong security foundation even in workloads as dynamic as containers. Read more about our Container Security solution here and here.

    One question that I have heard time and again during my conversations with customers who have been using our Container Security solution is – Do I need to scan my containers like I scan my servers?  – The answer is …kinda.

    There’s a word we use to describe most architectures based on containerized workloads; immutable.  Immutable is a fancy word for static, unchanging.  If containers are supposed to be immutable, and if they don’t change, how can malicious or exploitable code end up in containers?  It’s not as if a container is going to open an attachment from a suspicious email.

    Just because containers are supposed to be static doesn’t mean we should assume that they are safe.  We may not need to be focused initially on traditional malware scans like we do for operating system-based workloads, but we still need to keep weak or exploitable code out of our cloud.  This is where CVE scanning comes in.  CVE stands for Common Vulnerabilities and Exposures.  As exploits are detected, CVEs are filed against the affected code.  This lets us know what they exposure risk is, and if there’s any way to remediate or mitigate the issue.

    Containers are often built on many different components.  A large majority are open source, but the key fact is that developers are able to reuse existing code quite often, and don’t need to literally code every line of a containerized application.  Many of these apps are made up of a majority of open source, or commercial off the shelf code that is not compiled by the final application developer.  The primary way for us to be notified of any weakness in this pre-packaged code is the CVE database.

    In a risk reduction strategy, we want to promote defense in depth strategies that prevent exploitable code from being deployed and warn us when new weaknesses are detected.  This is where the new CVE scanning capability of MVISION Cloud helps out.  We will enable the ability to scan code in the DevOps pipeline as it’s being built to prevent code with known weaknesses from unknowingly being deployed in production.  We also recognize that new exploits are constantly being discovered so we can also provide the ability to periodically re-scan popular container registries to inspect the already produced containers to see if there are any new vulnerabilities detected for any critical pieces of our containerized workloads.  While this might not be the traditional hijacking via viruses, worms, or trojans, it is becoming a more popular attack point as cloud native architecture become more common.  Given the API nature of the cloud, and the fact that this doesn’t require tricking a human into making a bad decision, we need to be vigilant on scanning for weaknesses of this nature to prevent cloud native attacks (for more info on cloud native breaches click here… Hyperlink to cloud native breaches materials).

    McAfee is a leader in protecting workloads in the cloud, but also on-prem.  What happens if I’m using containers in my traditional on-prem or hybrid datacenter?  McAfee will also be adding updates to our ENS for Linux servers to add this additional protection for containers detected on self-managed Linux systems.  ENS customers will soon be able to detect containers running on their servers and have the ENS agent automatically integrate with MVISION Cloud to provide the CVE scanning capability for any containers detected on managed Linux systems.  ENS will be able to also report on weak or exploitable code sitting or running on your self-managed Linux systems.

    More and more workloads are moving to cloud native architectures, and more companies are moving to cloud or hybrid workload strategies.  McAfee will continue to provide defense in depth and help ensure all our customers have the freedom of choice to deploy their workloads the way they want.  We will help to ensure that workloads are secure now and moving forward.

    To see our container security features in action, as well as the rest of the coverage we provide for data and workloads in the public cloud, request a demo here!


    The post CVE Vulnerability Scanning for Containers appeared first on McAfee Blogs.

    How an Attacker Could Use Instance Metadata to Breach Your App in AWS 

    Moving to a cloud-native architecture for your enterprise applications can deliver tremendous business value, adding scale and agility while off-loading onerous tasks like patching and upgrading server infrastructure.  

    However, in every cloud environment, whether AWS, Azure, GCP or others, there is a new category of risk. Cloud-native threats stem from the new context and configuration requirements you have in a cloud environment. Historically, default settings like public access to storage objects have left sensitive data out in the open, easy to steal by anyone crawling for these weaknesses. 

    It’s easy to make mistakes in a new environment, with new settings introduced continuously as new capabilities are added by cloud providers. The configuration of your cloud environment is always your responsibility. AWS and others have no control over how you use their services. They are a template for you to build from.  

    Not understanding the outcome of your configurations and how you build cloud-native applications can have catastrophic consequences.  

    At RSA conference this year, my colleague and CTO of McAfee Steve Grobman demonstrated how one particular feature of AWS, Instance Metadata, could be leveraged to steal sensitive data. Let’s walk through this scenario to highlight some key learnings, then discuss how to prevent your own exposure to an attack like this.  

    Instance Metadata Attacks 

    All cloud providers have capabilities to manage credentials for resources in your cloud-native applications. When used correctly, these capabilities allow you to avoid storing credentials in the clear, or in a source code repository. In AWS, the Instance Metadata Service (IMDS) makes information about a compute instance, its network, and storage available to software running on the instance. IMDS also makes temporary, frequently rotated credentials available for any IAM role attached to the instance. IAM roles attached to an instance may for example, define that the instance and software running on it can access data in S3 storage buckets.  

    Let’s look at a common scenario.  

    A team of epidemiologists built a cloud-native application in AWS with a public dashboard to visually represent data showing their progress analyzing a virus genome.  


    During the development phase of this application, the team ran into a challenge. Most of the resources in their Virtual Private Cloud (VPC) were supposed to be hidden from the internet. The only resource in their VPC intended for public view was the dashboard.  

    The S3 bucket hosting their data needed to stay private. To pull data from S3 to the public dashboard, they added a reverse proxy, acting as a middleman. All it took was a quick Google search, and a few lines of code to add this to their application.  

    For the team of epidemiologists, the reverse proxy was a basic, elegant solution that functioned perfectly for their use case. What they didn’t realize is that it set them up for a massive breach.  

    The compute instance running the reverse proxy had been assigned an IAM role with permission to access their private S3 bucket. Credentials for the reverse proxy to access S3 were obtained from Instance Metadata.  

    An attacker visiting the site and interested in their data noticed the team had referenced the reverse proxy’s IP address in the dashboard. The attacker then checked to see if they could connect to it. After confirming their connectivity, the attacker then checked to see if they could access Instance Metadata through the reverse proxy. Success. 

    Through the reverse proxy and from the Instance Metadata, the attacker uncovered credentials to the team’s private S3 storage bucket.  

    Now, with access to the S3 bucket, the attacker could steal highly sensitive data the team had stored for their application. The attacker simply synced the target S3 bucket to their own S3 bucket in another AWS account, and the data was theirs.  


    This type of attack is just one of 43 techniques described by MITRE in their  ATT&CK framework for cloud environments: 

    How AWS Mitigates Instance Metadata Attacks 

    The Instance Metadata Service (IMDS) from AWS simplifies access between resources in a cloud-native application. To improve the security of this service, AWS released IMDSv2, which adds several new layers of protection.  

    In IMDSv2, external users are blocked from receiving credentials, allowing only application resources to receive them. Read more about this layer of protection and IMDSv2 here: 

    In the attack we just described, the reverse proxy was misconfigured to allow external requests to reach internal resources. If the team had configured their compute instance to use IMDSv2, unauthorized access by the external threat actor would have been blocked.  

    How MVISION Cloud Can Help 

    At McAfee we have several approaches which can help you detect and prevent attacks like this. MVISION Cloud is our cloud-native security platform that allows you to monitor and update configurations in AWS, Azure, GCP along with a wide range of additional security measures you can read about here.  

    Using a direct API-integration with AWS, MVISION Cloud continuously monitors CloudWatch Metrics which tell you the version of IMDS you’re using in every EC2 instance.  

    When AWS CloudWatch logs an instance actively using IMDSv1, MVISION Cloud generates a security incident, notifying you to update your configuration to IMDSv2, which will prevent unauthorized access to your credentials by external users.  


    MVISION Cloud policy incidents for IMDS version configuration  

    It is a best practice to enforce IMDSv2 on your AWS instances for all local code and users. Once you specify that IMDSv2 must be used, IMDSv1 will no longer function. AWS has step by step instructions on how to configure your instances to use IMDSv2 here.  

    Beyond this attack example, MVISION Cloud allows you to implement a series of best practices to protect your cloud-native applications: 

    • Continuously audit your configurations. With MVISION Cloud you can scan CloudFormation templates before they enter production, and then detect any “drift” in your configurations over time. This allows you to detect misconfigurations and enforce a least-privilege model for resource permission.  
    • Enforce Zero-Trust. Use zero-trust as a methodology, where only specific resources are allowed to run and communicate with each other. Everything else is blocked. 
    • Scan for code vulnerabilities. Particularly with open software distribution models like Docker, it is important to monitor your application resources for vulnerabilities on a continuous basis.  
    • Detect anomalies and threats. With User and Entity Behavior Analytics (UEBA), you can assess millions of cloud events to uncover anomalous activity and real threats like credential theft. 
    • Run DLP on storage objects. Just like any other cloud service you sanction, your network, or endpoints, within AWS you can and should classify your data within S3 and run data loss prevention to stop exfiltration attempts.  

    Get in touch with us to talk about implementing these measures at your own organization.  

    Also check out Steve’s keynote at RSA for this attack scenario in his own words:  

    The post How an Attacker Could Use Instance Metadata to Breach Your App in AWS  appeared first on McAfee Blogs.

    Choosing the Right Video Conferencing Service for you and your Enterprise

    I have been asked, “Which is the best collaboration and videoconferencing service?” many times in the last few days as we need to communicate with our colleagues, business partners and customers when working remotely.

    Just like there’s no “best” car, there’s also no best collaboration service, but here’s a few suggestions around security and privacy to consider when deciding which services to support and use in your organisation.  Remember, your employees are also receiving requests from your business partners to join their services, so it’s a good idea to not only define your approved services, but also to make recommendations to your users about others they may come across.

    I have just reviewed the MVISION Cloud Registry, where we list and rate over 250 different Online Meeting services. Although there are some that may offer online meeting as one part of a wider set of applications, there’s no shortage of possible options

    I won’t discuss functionality in this blog – there are many places to find those comparisons, instead I will focus on the information you should review from a security and privacy point of view. Don’t forget also to educate your employees that they will never know whether someone else is watching over the shoulder of an attendee and treat each online conversation as if it is taking place in a bar and could potentially be overheard.

    Let’s review some of the possible security and privacy problems. Only you can decide whether they are concerns based on your business context and data you are sharing.

    Recording. Many of the apps allow recordings to be made in the app – though some alert all the attendees if recording is occurring. Whatever security the service offers, do remind your users that anyone they are connected to can record the screens and audio outside the app, so all conversations should be conducted on the assumption that you do not have complete security.  Additionally, please note that local laws vary as to whether or not the consent of all users must be obtained prior to hitting record.  Advise your teams to check with legal, but as a best practice  ask attendees for consent prior to hitting record.

    Logging. You may want logging for future forensics work, on the other hand you may want no logging performed to ensure that the cloud service doesn’t lose that data if it gets hacked.

    Sharing Methods. You may prefer to use a service that only allows voice and data sharing but not video or supports video only in one direction, especially if in a teaching environment.

    Intellectual Property Ownership. Surprisingly, some services lay claim to the intellectual property in any communications – though with the recent uptick in scrutiny, some license agreements have been changed to remove that clause. Make sure to read the fine print!

    Encryption. To ensure data is not intercepted, you may prioritise those services that encrypt all data in transit – though it is worth checking the encryption methods used (SSL, TLS versions etc.)

    Privacy. Does the service itself track each individual user and does it share some of this information with 3rd parties (some share with Facebook, Google and other services)?

    You may decide to support just one service, though you may decide that one size doesn’t fit all requirements – perhaps more sensitive discussions use a different service than general team updates and collaboration.

    To dig into the details, I recommend you consider each of the attributes below and decide the importance of each based on your priorities and then review each of the services against that list.  This is possible within MVISION Cloud where we track each of these attributes (and many others) and admins can change attribute weightings and therefore compare different services. Without MVISION Cloud or a similar service it is probably a manual process.

    Does the service…

    • Encrypt data in transit (yes/no and methodology SSL, TLS & versions)
    • Encrypt data kept at rest at the service (such as recordings) & key strength
    • Allow encryption using your own keys
    • Does the service allow anonymous use?
    • Offer support for multi-factor authentication
    • Offer Identity federation (SAML & OAUTH for example) to integrate with your authentication systems
    • Provide admin, user and data access logging
    • Hosting locations (in case you are concerned about which country hosts the data)
    • Have cyber vulnerabilities such as Freak, Poodle or Heartbleed.

    Do they…

    • Publish penetration test results
    • Deploy application security vulnerability protection (WAFirewalls)
    • Comply to global compliance certifications (ISO27018, SOC2, FedRAMP etc.)
    • Publish infrastructure reporting and uptimes.

    Has there been…

    • Any known malicious use of service
    • Any previous breaches identified
    • Published Common Vulnerability & Exposures (CVE) vulnerability
    • Leaks of data to the Darknet

    What is their…

    • Privacy policy (sharing with 3rd parties)
    • IP ownership policy
    • Jurisdictional location
    • Company HQ country
    • Risk rating for GDPR, CCPA or other regulations

    Once a decision has been made on the appropriate services(s) for your organization, communicate with your employees and business partners and consider blocking those services you do not trust.  This can be achieved by using a CASB for cloud evaluation and closed-loop remediation by integrating it with your proxies, firewalls or endpoint proxy capabilities. Consider splash pages to users to help direct them to the best services and ensure best practises.

    This is a fast-moving space as many of these services are now under scrutiny as never before. Keep track of news stories – there have been a lot in the last few days either when lawyers are reviewing the service privacy policies and end user license agreements, or vulnerabilities in the apps or service. The app developers regularly bring out new versions, so employees should be recommended to ensure that they keep the apps up to date to minimise these concerns.

    Finally, the obvious best security practice is not to share images of the discussions on social media – attackers can find out usernames or meeting IDs and if those are static IDs, potentially try to break into the meeting in the future.

    For more information on MVISION Cloud, McAfee Web Gateway and our DLP solutions, please follow the link below or contact any McAfee partner or local office.

    The post Choosing the Right Video Conferencing Service for you and your Enterprise appeared first on McAfee Blogs.

    Top 3 Data Visualization Capabilities in a CASB Solution

    In the most recent Cloud Adoption and Risk Report generated by McAfee, 52% of the companies said they experience ‘better’ security in the cloud.  As enterprises move their most sensitive data assets to the cloud, they are making increased investments in CASB solutions to secure these data assets. Most security solutions generate significant amounts of data and security teams have to parse this data to derive insights and remediation measures quickly. The visualization capabilities of a CASB solution play a key role in better understanding the company’s cloud security posture.

    MVISION Cloud customers have given feedback that data visualization within a CASB is critical to support their operations. The challenge presented by customers was that they didn’t have the time to export data to third party tools like excel and manipulate this data to get the required visualization. If these capabilities are provided within the CASB tool, it saves the security teams time and allows them to get deeper insights on their cloud security posture.

    With the most recent release of MVISION Cloud, we have provided new and improved visualization capabilities so customers can get the insights they need to make security decisions. These capabilities not only enable them to regularly monitor key metrics, but also share this information and visualizations with other security stakeholders and executives.

    1. Granular Charting Capabilities That Provide Deep Insights

    A CASB solution provides several metrics around cloud usage, including number of users, upload data volume, request count, inbound/outbound data, and allowed/denied requests, number of DLP incidents, threats, anomalies etc. By providing the right visualization, customers can more efficiently parse the data, execute any required analyses and take any action to remediate. For example, a security admin may want to understand the top 10 cloud service categories by upload volume.

    Visualization of services and risk using multiple dimensions

    Once this chart is available, they may want to drill down into how many services in these categories were high, medium, or low risk, helping to narrow down the categories where users are uploading the most data to risky services. Another example could be understanding the number of Office 365 DLP incidents produced by company departments. An admin can drill down further to visualize incident severity for each of these departments. Providing multiple dimensions of visualization is key to analyzing enterprise cloud usage to produce quick insights.

    1. Monitor Metrics using Dashboard Cards

    Once a CASB administrator has plotted the desired charts, they will want to monitor these charts on a regular basis. MVISION Cloud enables customers to display their charts on a customizable dashboard so they can check on variations in key metrics. An example of this is a large financial services customer wanting to monitor metrics on IaaS resources on a regular basis. This could include a list of resources across AWS, Azure, and GCP within their company, or a list of top non-compliant resources, or the number of unresolved security configuration incidents.

    Dashboard to monitor IaaS Security Metrics
    1. Share Visual Insights with Stakeholders using Reports

    Security admins using CASB solutions collaborate with a number of stakeholders including Executive Management, Support, IT and they want to keep them updated on key cloud security metrics. While most solutions allow a periodic export of data in spreadsheets, the capability to export a rich dashboard as a scheduled report makes the information much more consumable. An example is a dashboard representing key Microsoft Office O365 security metrics, such as unresolved incidents by severity.

    Report on Office 365 DLP Incidents by Severity

    As an increasing number of business functions move to the cloud, customers are now using cloud security solutions to secure all their cloud assets from web traffic, cloud services, IaaS and Container resources. Having the ability to clearly visualize the security metrics and arrive at the required insights and remediation is key to ensuring continued security of enterprise assets in the cloud. While this includes many components and approaches, rich visualization capabilities like those provided by MVISION Cloud are instrumental in getting the most value out of your CASB solution and securing your enterprise cloud assets.

    The post Top 3 Data Visualization Capabilities in a CASB Solution appeared first on McAfee Blogs.

    Cloud Security: Why You Need Device Control

    With remote working, BYOD, employees using their own devices and shared access to collaborative cloud apps from business partners – we need to include device control when allowing access to our cloud services.

    Many cloud services have admin options to restrict access and functionality, sadly many of these features are unused, either because they seem complex or not important compared to other aspects of the service.  One that is often ignored is setting policies by device.

    Cloud services often allow collaboration between different users and their strength is the wide device support they offer; the assumption is that most can be accessed either via specific apps or most browsers on most operating systems. The users may be employees or business partners and may be using managed, unmanaged, trusted or untrusted devices with the latest security updates or old systems with no device security – so now is the time to review and set policies based on device information.

    Here’s some of the potential different risky scenarios we should be controlling.

    • An employee using BYOD or unmanaged devices and downloading confidential information onto an insecure device that is subsequently lost or infected to exfiltrate data.
    • An employee logging in from a friend of family member’s device and again downloading information or editing a document on that device and uploading it, potentially uploading malware.
    • A business partner using their own device, uploading malware inadvertently as their device wasn’t secured.

    Policies to address these and other risky scenarios could include:

    • Allow users to view but not download content to unmanaged devices.
    • Disallow uploads from unknown devices.
    • Implement DLP policies to all devices downloading data when outside the organisation.

    Cloud admins need to consider each of these scenarios and decide the appropriate policies and define them in the cloud service. There are many possible conditions, though obviously not all cloud services support each condition. By using Boolean logic, many different sets of criteria can be compared to consider each of the conditions

    • Managed / unmanaged device
    • Operating system in use
    • Activity (upload, post, download)
    • Agent (McAfee MCP, Zscaler, others)
    • Managed by EMM systems such as MobileIron and AirWatch
    • IP address for geo-location
    • User/group as defined in authentication system (LDAP etc.)
    • Request classifier (allowing deeper drill down into cloud services)
    • User domain

    The actions based on the conditions that could be supported include:

    • Allow access / Deny access
    • Check certificate on the device
    • Step-up Authentication to re-authenticate the user
    • Proxy all subsequent traffic from this device to enable other controls
    • Redirect traffic
    • Implement specific DLP policy

    Not all cloud services offer policies based on each condition, what is supported is worth checking before buying a particular cloud service, or use this list to lobby for stronger policy capabilities in your favorite service.  Each service has admin capabilities to define these services, though it is often much easier to set it once and push out to all cloud services by using a CASB solutions such as MVISION Cloud.

    To dig deeper into “request classifier”, this can refer to parts of a cloud service allowing admins to define more granular policies, such as allowing unmanaged devices to access OneDrive but not SharePoint or blocking a device not on the corporate network from accessing the O365 Admin portal.

    Device control is only one row of the Cloud Security 3600 Shared Responsibility Model – There are nine rows in total, the whole paper is available from here.

    The post Cloud Security: Why You Need Device Control appeared first on McAfee Blogs.

    Working from Home Cybersecurity Guidance

    Working from home comes with a range of security risks, but employees need to be educated too – human behaviour is invariably the weakest link in a company’s cybersecurity posture. In the current environment, with many more employees working at home, cybercriminals are actively looking for opportunities to launch phishing attacks and compromise the IT infrastructure of businesses, large and small. 

    Guidance on Working from Home All companies should start by reviewing the home working guidance available at the UK Government’s National Cyber Security Centre (NCSC). This resource helps companies prepare their employees and think about the best way to protect their systems. Crossword has been advising a number of its FTSE clients in a range of sectors, and below is a summary of the guidance given, in addition to that from the NCSC.

    Run Audio and Video calls Securely

    What is visible in the background of your screen during video calls and is someone monitoring who is on the call? The same is true for audio only calls. A team member should be responsible for ensuring only invited guests are present, and calls should be locked once started, so other participants cannot join.

    Educate Employees on Phishing attacks
    The NCSC mentions COVID-19 related Phishing attacks which use the current crisis to trick employees into clicking on fake links, downloading malware, and revealing passwords – so educate them. These could be fake HR notifications or corporate communications; fake tax credits; fake emails from mortgage providers; free meals and mechanisms for registering for them. The list is endless and cyber criminals are very news savvy and quick to adapt. Employees are likely to be more vulnerable to phishing attacks due to people rushing, fear, panic, and urgency; all the behavioural traits that result in successful phishing attacks.

    Automate Virtual Personal Network configurations (VPNs) 
    IT and Security teams may have a backlog of users to set up on VPNs, to provide secure connections to corporate networks. Do not allow employees to send data insecurely, use automation to make accelerated deployments and guarantee correct configuration. Even IT staff are fallible, and the combination of pressure of work volume and working fast, may leave a gaping hole in your infrastructure.

    Control the use of Personal Devices for Corporate Work
    Due to the rapid increase in home workers, many employees may be using their own devices to access emails and data, which may not be covered by Bring Your Own Device (BYOD) policies. What this means in practicality, is that employee’s personal devices may not be securely configured, nor managed properly and be more vulnerable. IT and Security teams again, may need to retrospectively ensure that employees are complying with BYOD policies, have appropriate endpoint security software installed etc.

    Stop Personal Email and Unauthorised Cloud Storage Use
    When companies are experiencing IT difficulties in setting up employees working from home, people may be tempted to use personal emails or their personal cloud to send and store data, as a work around. These are a risk and can be easy for cyber criminals to target to gain company information or distribute malware, as they are not protected by the corporate security infrastructure.

    Keep Collaboration Tools Up-to-date
    Tools such as Microsoft Teams, Zoom and Google Hangouts are great, but it is important to ensure all call participants are using the latest versions of the software, and that includes partners and customers that may be on calls. Employees should also only use the corporate approved tools and versions as they will have been tested by security teams for vulnerabilities, that could be exploited by cybercriminals. 

    Stuart Jubb, Consulting Director at Crossword commented: “Throughout the UK, companies are doing everything they can to ensure business continues as normally as possible as the COVID-19 situation develops. The guidance we are issuing today is a summary of the key points we have been discussing with our clients across a wide range of vertical markets. Good IT security measures are arguably more important than ever as companies become a largely distributed workforce, almost overnight. As ever though, it is not just about the technology, but good behaviour and education amongst employees as cybercriminals work to exploit any vulnerability they can find, whether that be a person, mis-configured tech, or unpatched software.”

    Why do I need a CASB for Shadow IT when I already have a SIEM?

    Why does my organization need to have a Shadow IT solution when we already own a Next-Gen Firewall / Web Proxy and have all the logs in a Security Information and Event Management (SIEM) solution?

    This is a question we are often asked by our customers. The answer is that MVISION Cloud CASB allows organizations to uncover Shadow IT usage that is not visible via a query in a SIEM or with Next-Generation Firewall (NGFW) / Secure Web Gateway (SWG) tools. NGFW and Web Proxies typically catalog web services using a category and a reputation score. So, a Russian email service, like, would simply be categorized as “Web-based Email” with “Trustworthy” reputation. A typical output of a web reputation score from NGFW / SWG is shown below.

    Source: WebRoot BrightCloud Threat Intelligence

    What it doesn’t tell you is that is hosted in Russia, that it does not encrypt user data at rest, and that it is a source of leaks to the Darknet. It’s definitely not the kind of site a security-conscious organization would want its employees using at work.

    The reason for this discrepancy in cloud service assessment is that NGFW/SWG products primarily look at a cloud services from a traditional cyber security perspective: Is the site a source for spam, web attacks, malware, etc.? MVISION Cloud CASB starts there, and also looks at the cloud service business risk. MVISION Cloud provides each cloud service a risk score based on an assessment of 46 control points, covering over 240 risk attributes. Furthermore, McAfee MVISION Cloud maintains a detailed registry of over 26,000 cloud services, with approximately 100 new services added to the registry each month. For comparison, the registry of a leading NGFW vendor currently has a little over 3,000 services. The good news is that Shadow IT data discovered by MVISION Cloud can be consumed by an organization’s existing security stack to block user access or limit the scope of user activity within a service. Here’s how this service ranks in MVISION Cloud:

    McAfee often gets asked the following question: If Shadow IT findings are based on web traffic log data stored in a SIEM, why can’t I find information about an organization’s Shadow usage directly from a SIEM console? The main reason is that a SOC analyst doesn’t know what he doesn’t know. If asked “Show me all PDF converters hosted outside of US that are used on organization’s network,” where does a SOC analyst even start, what does he search for?

    The easier route is to utilize McAfee MVISION Cloud CASB and search the MVISION Cloud Registry for “Document Conversion” services and see which unsanctioned PDF converters are “in use.” The SOC analyst can then send the MVISION Cloud Registry data about the suspect services directly to a SIEM via API. This data can now be used to seed searches within the SIEM tool for further analysis by SOC analyst.

    Another scenario where MVISION Cloud makes a traditional SIEM more “cloud aware” is logging URL space for complex services. For example, if a SOC analyst wants to block Netflix and creates a rule to block all * URLs, he will be surprised to find that Netflix is not actually blocked, and users can still access the content. The reason for this is that most NGFW/SWG products know of only a handful of ways to get to a cloud service. MVISION Cloud, through its crowd sourcing approach, knows of 100s of ways to get to a cloud service and updates these as URLs change. Going back to the Netflix example, below is a screenshot from the MVISION Cloud console showing some of the other URLs associated with the video streaming service.

    If a SOC analyst searches for * in a SIEM console, he will only get a partial view of all Netflix activity. The SOC analyst would need MVISION Cloud to figure out the * domains and other ephemeral URL strings to get a complete view of the Netflix service on the organization’s network. Ultimately, MVISION Cloud for Shadow IT should be used as a complimentary tool to an organization’s SIEM capability. It’s a symbiotic relationship. An organization’s SIEM is the source of Shadow IT data for MVISION Cloud, but it is MVISION Cloud that makes the SIEM tool cloud aware.

    Keep reading about MVISION Cloud here.

    The post Why do I need a CASB for Shadow IT when I already have a SIEM? appeared first on McAfee Blogs.

    WhatsApp Security Hacks: Are Your ‘Private’ Messages Really Ever Private?

    WhatsApp hacks

    WhatsApp one of the largest instant messengers and considered by many a social network of its own. So, in continuing our app safety discussion, we’re diving into some of the top security hacks and questions many WhatsApp app users and parents may have.

    But first, what’s a security hack? In short, it’s an attempt to exploit the weaknesses in an app, network, or digital service to gain unauthorized access, usually for some illicit purpose. Here are just some of the concerns WhatsApp users may have and some suggestions on boosting security.

    WhatsApp Hack FAQ

    Are WhatsApp conversations private?

    Yes — but there are exceptions. More than any other app, WhatsApp offers greater privacy thanks to end-to-end encryption that scrambles messages to ensure only you and the person you’re communicating with can read your messages or listen to your calls. Here’s the catch: WhatsApp messages (which include videos and photos) are vulnerable before they are encrypted and after they are decrypted if a hacker has managed to drop spyware on the phone. Spyware attacks on WhatsApp have already occurred. Safe Family Tip: No conversation shared between devices is ever 100% private. To increase your WhatsApp security, keep sensitive conversations and content offline, and keep your app updated. 

    Can anyone read my deleted WhatsApp messages?

    A WhatsApp user can access his or her own deleted messages via the chat backup function that automatically backs up all of your messages at 2 a.m. every day. WhatsApp users can delete a message by using the Delete for Everyone button within an hour after sending though it’s not foolproof. Here’s the catch: Anyone who receives the message before it’s deleted can take a screenshot of it. So, there’s no way to ensure regrettable content isn’t captured, archived, or shared. There are also third-party apps that will recall deleted messages shared by others. Another possibility is that a hacker can access old chats stored in an app user’s cloud. Safe Family Tip: Think carefully about sharing messages or content you may regret later.

    Can WhatsApp messages be deleted permanently?

    Even if a WhatsApp user decides to delete a message, it’s no guarantee of privacy since conversations are two-way, and the person on the receiving end may screenshot or save a copy of a chat, video, or photo. On the security side, you may delete a message and see it disappear, but WhatsApp still retains a “forensic trace of the chat” that can be used by hackers for mining data, according to reports. Safe Family Tip: For extra security, turn off backups in WhatsApp’s Settings.

    WhatsApp hacksHow can I secure my WhatsApp?

    It’s crucial when using WhatsApp (or any other app) to be aware of common scams, including malware, catfishing, job and money scams, spyware, and file jacking. To amplify security, turn on Security Notifications in Settings, which will send an alert if, for some reason, your security code changes. Other ways to boost security: Use two-step verification, never share your 6-digit SMS verification code, disable cloud back up, and set your profile to private. Safe Family Tip: Install comprehensive family security software and secure physical access to your phone or laptop with a facial, fingerprint, or a passcode ID. Don’t open (block, report) messages from strangers or spammers. Never share personal information with people you don’t know. 

    How do I delete my WhatsApp account from another phone?

    To delete a WhatsApp account go to > Settings > Account > Delete My Account. Deleting your account erases message history, removes you from groups, and deletes your backup data. According to WhatsApp, for users moving from one type of phone to another, such as from an iPhone to an Android, and keeping the same phone number, your account information stays intact, but you won’t be able to migrate messages across platforms. If you’re not keeping your number, you should delete WhatsApp from your old phone, download WhatsApp to your new phone, and verify your new phone number. Upgrading the same phone type will likely include options to migrate messages. Safe Family Tip: Before you give away or exchange an old phone, wipe it clean of all your data.

    How do you know your WhatsApp is scanned?

    WhatsApp users can easily sync devices by downloading the WhatsApp web app and activating it (Settings > WhatsApp Web/Desktop). Devices sync by scanning a QR code that appears on your laptop screen. You know your device is scanned when you see the green chat screen appear on your desktop. Safe Family Tip: It’s possible for a person with physical access to your desktop to scan your QR code and to gain account access. If you think someone has access to your account log out of all your active web sessions in WhatsApp on your mobile phone.

    How long are WhatsApp messages stored?

    According to WhatsApp, once a user’s messages are delivered, they are deleted from WhatsApp servers. This includes chats, photos, videos, voice messages, and files. Messages can still be stored on each individual’s device. Safe Family Tip: The moment you send any content online, it’s out of your control. The person or group on the receiving end can still store it on their device or to their cloud service. Never send risky content. 

    How secure is WhatsApp?

    There’s no doubt, end-to-end encryption makes it much more difficult for hackers to read WhatsApp messages. While WhatsApp is more secure than other messaging apps — but not 100% secure.

    Is it true that WhatsApp has been hacked?

    Yes. Several times and in various ways. No app, service, or network has proven to be unhackable. Safe Family Tip: Assume that any digital platform is vulnerable. Maximize privacy settings, never share risky content, financial information, or personal data.

    Is WhatsApp safe to send pictures?

    Encryption ensures that a transmission is secure, but that doesn’t mean WhatsApp content is safe or that human behavior is predictable. People (even trusted friends) can share private content. People can also illegally attempt to gain access to any content you’ve shared. This makes WhatsApp (along with other digital sharing channels) unsafe for exchanging sensitive information or photos. Safe Family Tip: Nothing on the internet is private. Never send or receive pictures that may jeopardize your privacy, reputation, or digital footprint.

    WhatsApp isn’t the only popular app with security loopholes hackers exploit. Every app or network connected to the internet is at risk for some type of cyberattack. We hope this post sparks family discussions that help your kids use this and other apps wisely and helps keep your family’s privacy and safety online top of mind.

    The post WhatsApp Security Hacks: Are Your ‘Private’ Messages Really Ever Private? appeared first on McAfee Blogs.

    McAfee Named a 2020 Gartner Peer Insights Customers’ Choice for CASB

    Gartner Peer Insights Customer Choice 2020

    The McAfee team is proud to announce today that, for the third year in a row, McAfee was named a 2020 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers (CASB) for its MVISION Cloud solution. As the only CASB vendor to achieve this distinction three years in a row, we are so honored as customer feedback is essential in shaping our products and services.

    In its announcement, Gartner explains, “The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings.” To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

    Gartner Peer Insights Customer Choice 2020

    For this distinction, a vendor must have a minimum of 50+ published reviews with an average overall rating of 4.5 stars or higher. McAfee received 90 reviews and an overall 4.6 rating for McAfee MVISION Cloud as of February 20, 2020.

    Here are some excerpts from customers that contributed to this distinction:

    “Best Option For Securing Data On Cloud”

    “It provides high security of data and prevents the data leak. It’s not messy at all, UI is very simple with great dashboard where you can see anything like which system is browsing what kind of websites. “
    Data and Analytics, Services Industry: Read full review here

    “Cloud Visibility And Control Using MVision”

    “The McAfee MVision product suite is a market leading solution, does what it says. Our ability to control shadow IT, provide visibility around sensitive data and control cloud applications has greatly improved as a result of the tool. The McAfee professional services team are also very knowledgeable and have been on hand to assist through the entire project lifecycle into operation.”
    VP, Information Security Officer, Healthcare Industry: Read full review here

    You can read all reviews for McAfee here

    Everyone at McAfee is deeply proud to be named by customers as a 2020 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers. In October 2019, McAfee was named a Leader by analysts in Gartner’s “Magic Quadrant for Cloud Access Security Brokers.” Read the 2019 Magic Quadrant for Cloud Access Security Brokers here

    To learn more about this distinction, or to read the reviews written about our products by the IT professionals who use them, please visit Gartner Peer Insights’ Customers’ Choice announcement for CASB. To all of our customers who submitted reviews, thank you! These reviews mold our products and our customer journey, and we look forward to building on the experience that earned us this distinction!

    The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.
    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    The post McAfee Named a 2020 Gartner Peer Insights Customers’ Choice for CASB appeared first on McAfee Blogs.

    Introducing McAfee Unified Cloud Edge: Cloud-Native Security for SASE

    McAfee is thrilled to announce the availability of Unified Cloud Edge, the most complete security solution for Secure Access Service Edge (SASE) architectures. Enterprises today have lost visibility and control over their data as it travels from any device, in any location, directly to cloud services. Unified Cloud Edge addresses this challenge with a unified security architecture that protects data from device-to-cloud while protecting against cloud-native breach attempts that are invisible to the corporate network.  

    McAfee Unified Cloud Edge is part of MVISION, the cloud-native security platform from McAfee. It begins with three core technologies converged into a single solution:  

    1. Cloud Access Security Broker (CASB): Direct API and reverse proxy-based visibility and control for cloud services 
    2. Secure Web Gateway (SWG): Proxy-based advanced protection against web-based attacks; visibility and control over web traffic and unsanctioned cloud services 
    3. Data Loss Prevention (DLP): Agent- and network-based visibility and control over sensitive data 

    Simplified architecture for McAfee Unified Cloud Edge

    These technologies create a secure environment for the adoption of cloud services and enablement of access to the cloud from any device for ultimate workforce productivity. Companies can accelerate their business through faster adoption of transformative cloud services by protecting their data and assets with Unified Cloud Edge.  

    There are two prominent areas of convergence engineered to create this solution: 

    1. CASB and Cloud-based SWG are now managed together. We converged our cloud-based Web Gateway technology into our industry-leading CASB, giving customers one location to protect data and defend against threats in the cloud, along with traffic to and from the cloud. The cloud-based web gateway has been re-architected to enterprise scale, with an industry-high 99.999% availability. New capabilities are enabled by cross-referencing web and cloud intelligence in a single policy.   

    Policy example: Our cloud-native secure web gateway using CASB risk ratings to block all high-risk cloud services.

    1. All data loss prevention (DLP) enforcement points share the same classifications, reporting, and workflows. DLP at the device, in motion through the network, and in the cloud now share one source for data classifications and a single location for reporting and remediation workflows. McAfee ePO is the starting point, where classifications built for on-premises DLP are pushed to the cloud in one click for use in any cloud service. All incidents then flow back to ePO for a single location to conduct reporting and remediation workflows. This eliminates the need to query multiple sources for incident data and to manually join search results for incident response. 

    Policy example: One-click push for all DLP content rules to go to CASB.

    McAfee Unified Cloud Edge Solution Brief

    Protect data from device to cloud, and prevent cloud-native threats invisible to the corporate networks.

    Download Now

    Expanding the Threat Prevention Capabilities of Unified Cloud Edge with Light Point Security 

    To deliver a complete security architecture for a Secure Access Service Edge (SASE), we have not only dedicated internal teams to innovation, but also looked to the market for pioneers to join our team and contribute their technology and expertise. McAfee has agreed to acquire Light Point Security, a pioneer in browser isolation founded by former employees of the National Security Agency (NSA) to expand the threat prevention capabilities of Unified Cloud Edge.  

    Here’s why we decided to bring Light Point Security into the McAfee family. The web remains a primary source of malware infiltration for every enterprise. Today, our secure web gateway technology has a uniqueindustryleading approach to malware prevention – real-time emulation. This is highly effective, high-performance approachEmulation removes the vast majority of malware in milliseconds as traffic is processed. The next evolution is removing the ability for malicious code to reach an end-user altogether. 

    Light Point Security’s browser isolation technology takes the end user’s web browsing session and isolates the page remotely in a secure location, then replicates an interactive image of the session in the user’s browser with a technique called pixel mapping.  This provides the end user with protection against web-based threats because malicious code can’t leave the isolated browser, which is remote from their endpointWe plan to integrate this technology into our cloud-native secure web gateway for use in any web security policy.  

    How Does Unified Cloud Edge Reduce the Cost and Complexity of Security in Secure Access Service Edge (SASE) Architecture?  

    Secure Access Service Edge (SASE) is an architectural framework that dissolves the data center perimeter and creates a new edge formed dynamically by any cloud service and devices in any location. Security policy shifts to the user session and data, away from a defined perimeter of control. This is a critical evolution that addresses the unpredictable nature of cloud service adoption and mobile users.  

    In a SASE architecture there are two distinct elements. How data is routed to the cloud, and how it is secured. At McAfee, we are focused on securing data and preventing threats from device-to-cloud. With Unified Cloud Edge, we are releasing the most complete, cloud-native, solution for security in a SASE architecture.  

    At the device, Unified Cloud Edge applies industry-leading data protection technologies, including encryption, to monitor sensitive data in use, at rest, and in motion.  

    Through the web, we route traffic from managed devices in any location and from physical networks through our cloud-native proxy to apply access control, data protection, and threat prevention policies. 

    In the cloud, Unified Cloud Edge integrates directly with cloud services to again apply industry-leading data protection to monitor sensitive data entering the cloud, created in the cloud, and attempting to leave cloud services. With User and Entity Behavior Analytics (UEBA), cloud-native threats can be detected within and across multiple cloud service providers.  

    Enterprises have a clear choice. They can either stitch together CASB, DLP and SWG solutions from different vendors, which increases operational overhead from added cost and complexity. Or, they can choose a solution which converges these enforcement points into unified experiences with singular context from device-to-cloud. With Unified Cloud Edge, enterprises have a converged approach to security in a SASE architecture which dramatically reduces their cost and complexity, delivering maximum business agility from the cloud.  

    Register for our LIVE Webcast with IDC

    Learn more about Unified Cloud Edge here:

    The post Introducing McAfee Unified Cloud Edge: Cloud-Native Security for SASE appeared first on McAfee Blogs.

    Cloud Security Guide to RSA 2020 – Where the World Talks Cloud Security

    The RSA conference is an expanse of innovation, networking, and insight through countless conversations we’re able to have with customers seeking to solve cloud security challenges. The common theme when it comes to cloud contrasts from what you may think about cybersecurity.

    CASB has been a pivotal technology in this journey and we’ve heard it consistently. Our customers are seen as strategic enablers in their organizations by securing data in the cloud apps their users want to adopt, without friction to their experience. During the week of RSA, there will be multiple exclusive events hosted by McAfee. See the full schedule of events and presentations below:

    Cloud Security Alliance Dedicated Event

    Each year, the Cloud Security Alliance hosts a one day event before the RSA Conference. In the 11th Cloud Security Alliance Summit at the RSA Conference, thought leaders from multi-national enterprises, government, cloud providers and the information security industry will share best practices in cloud privacy and security. We will also explore new frontiers that are accelerating change in information security, such as artificial intelligence, quantum supremacy, blockchain, and fog computing.

    Check out our CSA Summit Keynote—all you need is your RSA Expo Pass!

    Monday, February 24 | 1:00PM – 1:20PM | Moscone West, Room #3014

    McAfee Theater Sessions

    The conference welcomes industry experts and professionals to the McAfee stage. Check out one of our 15-minute mini-theater sessions, where you will hear from our customers about how they made the Cloud their most secure environment for business. Schedule is available via the QR Code and listed below.

    Oh, and did I mention the T-shirt?


    Stop by our RSA Booth #N5745 and meet with a Cloud Security Specialist for a demo on how we can work together to make the cloud your most secure environment for business.



    The post Cloud Security Guide to RSA 2020 – Where the World Talks Cloud Security appeared first on McAfee Blogs.

    Cloud Security is like Renting a Car!

    Cloud security has many aspects and it is easy to miss the scale of the issue by taking a simple view.  For example, people may trust a particular cloud service provider and think that all security responsibility belongs to them, some people just look at the technical aspects (is data encrypted) or certifications (do they conform to ISO 27xxx) or forget the human aspect – sadly, any of these viewpoints can mean insecure cloud use and data loss for the company.

    To explain the breadth of securing cloud, we have created a new white paper “The Cloud Security 3600 Shared Responsibility Model” that splits cloud security requirements into nine areas and discusses how to ensure each different area is being addressed.

    In other areas of life, we also have a shared responsibility, even if it is usually seamless and so we don’t think about it much, for example when renting a car.

    Firstly, when the car is new the manufacturer has the responsibility that it is roadworthy; has good brakes and tires, the airbags work and it’s not going to fall apart at the first corner. During the lifetime, the rental company and the renter are hopefully not going to test the airbags, they just assume that they will work as originally installed.

    Once the car gets older, the owner (the rental company) is responsible for checking the tires, the brakes, servicing the car and keeping it roadworthy, the renter simply assumes that this is the case. The renter needs to have the appropriate driving license for the vehicle, this is checked by the rental company before the car is handed over.

    The car includes seat belts, installed by the manufacturer, but it is the driver’s responsibility to wear their own, and ensure that all the family members wear them too. For young children, it is the driver’s responsibility to ensure that they have appropriate child seats and for the older kids, the parent has to ensure that they do not take off their seat belt.

    General insurance is shared between the rental company and the renter (who, perhaps isn’t the only driver). Ultimately, the driver is responsible for driving the car appropriately for the conditions, driving more slowly in rain and snow and not speeding around corners.

    Renting a car safely is a responsibility where five groups of people all have their part to play: car manufacturer, rental company, renter, passengers and the driver.  If one area is ignored, there could be an accident with tragic consequences, and it is no good saying “but I checked the other areas” – all need to be considered together.

    Cloud computing is similar – you are not safe just because the cloud service provider has invested a lot in security. You are not safe just because you have anti-malware systems installed.  The service provider, enterprise, IT security team and user all have a part to play and if any one of the areas are not addressed, then security is compromised.

    Cloud computing needs to be considered across each row of the diagram. The cloud service provider is responsible for the lowest levels of security (power, connectivity, server infrastructure etc.), and provides some security functions, but the enterprise is responsible for turning these on (for example think of the number of data loss incidents caused by misconfigured S3 buckets), only the enterprise can truly decide which data is confidential, while it is users who typically decide to share and collaborate via the cloud with external parties.

    The paper discusses all of this in detail and suggests ideas and technologies to address each roe – just like renting a car, you need to address every row to be secure.



    The post Cloud Security is like Renting a Car! appeared first on McAfee Blogs.

    Leading with Cloud Security, Empowering Enterprise Innovation

    Call it ancient history—2012. When sanctioned apps ruled the day. Shadow IT lurked, well, in the shadows. And protecting the enterprise meant locking down the cloud. Then, true to the principles of Darwinian evolution, enterprises began to adapt to the new natural order.

    Let the record show, 97% of enterprises in 2020 rely on the cloud for some combination of SaaS, IaaS, or PaaS solutions to power their enterprise. Which is why McAfee’s cloud-led strategy to serve the enterprise is centered on an organization’s ability to protect data and workloads, whether in use, in motion, or at rest. President and CEO of McAfee, Peter Leav, puts it this way, “We are in a new world. There is simply more. More networks, more endpoints, more users, more applications, more data, more cloud.”

    SaaS solutions make the enterprise agile, whether via collaboration tools like Slack or Box, relationship management and marketing automation technologies like Salesforce, or technical management from companies like ServiceNow. Agility is the name of the game, and the enterprise that moves fastest wins the day. And with IaaS and PaaS enabled by the likes of AWS, Microsoft Azure, and Google Cloud Platform, the evolution of the enterprise only accelerates.

    McAfee is proud to lead at the front of the cloud revolution. Our award-winning MVISION Cloud created the Cloud Access Security Broker (CASB) category nearly a decade ago. And we’ve only built on our successes in the cloud from there, including 14 seminal patents (3X more than our nearest competitor). The Analyst community agrees—It’s gratifying to be named a Leader in reports by three influential analyst firms.

    We built on our leadership in 2019 when McAfee acquired NanoSec, an innovator in zero-trust application visibility and security for multi-cloud environments. NanoSec enables organizations to secure applications once and run them on any cloud infrastructure at scale. But there’s more. NanoSec also provides McAfee cloud users the latest in container security. When you add NanoSec’s capabilities to McAfee’s existing cloud security portfolio, you can see that we now bring consistent data security, threat protection, governance, and compliance to virtually every element and every environment of the cloud.

    Further proof of our cloud-led momentum unfolded in 2019 as MVISION Cloud was certified as a natively-integrated cloud solution for consumers, businesses, and governments by global leaders in the IaaS and PaaS arena. Specifically, McAfee was recognized by AWS as a Well-Architected Partner for our CASB and IPS solutions, as well as a Security Competency Partner for CASB, all to offer the same security controls available in a private data center. What’s more, AWS called out McAfee as an ISV Accelerator Partner for CASB, and an Amazon RDS Partner for McAfee Database Security. Microsoft likewise recognized our CASB leadership with its integration of MVISION Cloud with MS Teams. Microsoft and McAfee also partner through Office 365 Collaboration Controls to ensure security and compliance, and our virtual Advanced Threat Defense is on the Azure Marketplace. In November, Google Cloud Platform (GCP) announced MVISION Cloud’s integration into GCP for visibility and control of cloud resources. And McAfee is trusted by the U.S. government as a FedRAMP Moderate Authorized and FedRAMP Ready for FedRAMP High partner via our MVISION Cloud, Extended Threat Protection, Cloud Value Maturity, and End User Remediation solutions. We also enjoy FedRAMP Moderate In-Process status for MVISION Endpoint on the FedRAMP Marketplace.

    Still, as rewarding as it is to be recognized by partners like AWS, MS, GCP, and FedRAMP, our customers’ successes are the real story. WEG is a perfect example. The multi-national manufacturing company headquartered in Brazil currently deploys McAfee® Client Proxy, McAfee® MVISION Cloud for Office 365, McAfee® Web Gateway, and McAfee® Web Gateway Cloud Service. This unified approach to cloud helps address WEG’s three biggest cybersecurity concerns, namely secure internet access, secure cloud access, and secure intellectual property. Pierre Pereira Rodrigues, CISO for WEG, puts it this way, “Our business users have been pushing for greater cloud adoption. Rather than wearing the ‘No, you can’t’ cybersecurity hat, we strive to say, ‘Let’s figure out how you can.’” The result is proof that a business can be innovative and not sacrifice security.

    Maka Guerrero, Senior IT Security Analyst at Pacific Dental Services says, “MVISION Cloud allows us to have more flexibility on the fly than any other CASB on the market. The approach that McAfee is taking to secure the cloud aligns really well with our other partners like AWS and what they are trying to achieve, and it makes sense for our business goals.” A provider of administrative support to dental offices across the U.S., PDS deploys MVISION Cloud for AWS, MVISION Cloud for Box, MVISION Cloud for Custom Apps, MVISION Cloud for Office 365, MVISION Cloud for Salesforce, and MVISION Cloud for Shadow IT.

    It’s customers like these—frontline defenders of this new digital age—who are writing tomorrow’s history, today. McAfee is proud to stand at their side even as our adversary pushes the limits of an equally Darwinian transformation of the threatscape.

    With the scale, speed, and agility of the cloud on our side, let the new world continue to evolve.

    The post Leading with Cloud Security, Empowering Enterprise Innovation appeared first on McAfee Blogs.

    Top 10 Cloud Privacy Recommendations for Businesses

    In the corporate world, privacy refers to employee/business data as well as customer/supplier data—you must safeguard both of them. Laws such as CCPA and GDPR, not to mention vertical market regulations, make it clear how important this issue is to regulators, who take into account the security tools in use and their settings during investigations. (Fines can be significantly lower if tools are well deployed.)

    As businesses continue to accelerate to the cloud, there’s no better time to review all aspects of cloud data collection, use, storage, transfer and processing.

    1. Investigate shadow IT, unsanctioned cloud providers and THEIR security

    The organization’s data can easily leak via shadow cloud services; for example, users converting a PDF of the employee phone list, translating a project plan, or using a cloud-based presentation tool or unmanaged collaboration services. The corporation is responsible for data loss from its employees, no matter how it occurs. So IT needs visibility into all cloud services, even those set up by individual users or small groups. Once you have a comprehensive picture of unsanctioned cloud usage, this information should be shared with the purchasing team to help them decide which services to approve.

    1. Integrate with global SSO

    Global single sign-on services can ensure that users’ access is removed from all services when they leave the organization, as well as reduce the risk of data loss from password reuse. In a non-SSO service, users often call the helpdesk team when they’ve forgotten their passwords , so SSO has the added benefit of reducing call volume.

    1. Work with GRC and workshop how users use cloud

    GRC (governance, risk and compliance) should be brought in to help define cloud use policies. Often, they are unsure how clouds are being used and what data is being uploaded, and therefore policies are general. Create a team including users, GRC and IT security to define policies for the real world by reviewing the possible actions that can be taken in each particular cloud service and ensure policies are defined for all eventualities.

    1. Review IaaS – Don’t assume DevOps did everything right

    The fastest-growing area of cloud is IaaS—AWS, Azure and Google Cloud Platform. Here, it is very easy for developers to misconfigure the settings and leave data open to attackers.  Technology is needed to check for all IaaS services (we always find more than people believe they have) and their settings—ideally, this would be a system that can automatically change settings to secure options.

    1. Keep up to date with technology—serverless, containers, cloud email services, etc.

    The cloud includes many technologies that are constantly evolving; therefore, security needs to change too. Developers are often at the forefront of technological advances—bringing in code from GitHub, running container systems that only live for a few minutes (even this isn’t too short a time to require safeguarding) and more. IT security needs to be in partnership with the development teams and deploy technologies to defend against the latest threats.

    1. Integrate with web gateway and DLP—don’t lose security as you move to cloud

    After investing time and money over the last decade on security, you don’t want to lose that investment when moving to the cloud. As systems and data are moved skyward, you should deploy technologies that can integrate with your existing services and technology. For example, you shouldn’t have two different DLP models depending on the computing services used by your employees. Deploy systems that can integrate with each other, preferably with a single-pane-of-glass management system.

    1. Don’t assume CSPs will keep your logs forever

    If the worst happens, you need to investigate the history of a data loss incident. CSPs will rarely save data logs forever—refer to your contract to find out how long they keep logs, and consider having your own logs so that forensic investigations can be executed even if the original data loss incident was some time ago.

    1. Consider differential policies based on location, device, etc.

    Once data is in the cloud, the whole idea is to facilitate global working. Is that always appropriate? For example, what if an employee wants to download a sensitive corporate document via a cloud service to an unmanaged device? Consider the situations your employees will encounter, and form policy that provides the maximum amount of security required while causing the least amount of disruption possible.

    1. Promote the clouds you DO like to your users

    Carrots work better than sticks to train users. Don’t just block the services you don’t like, promote widely the cloud services you approve of, those that conform to your security needs, your performance indicators and capabilities. Promote them via the intranet, blogs and internal marketing, and redirect requests to unsupported services back to those you like.

    1. Privacy and security is everyone’s responsibility: Bring in other departments and users

    Perhaps the last recommendation should be the first: Use every method available to train users, but before you do, work with those users and their representatives to define appropriate policies. The aim is to encourage users to use cloud services that are not only safe, but will allow them to be as productive as possible. The users themselves typically have great ideas of the services they’d like to use, why and how, so bring them in to help define the policies and work together with GRC.

    Here’s to successful and secure cloud deployment, and to keeping your users and customer personal data as secure as you can in 2020 and beyond.

    For more information, take a look at our additional resource on safeguarding your personal data in the cloud . 

    The post Top 10 Cloud Privacy Recommendations for Businesses appeared first on McAfee Blogs.

    Top 10 Cloud Privacy Recommendations for Consumers

    It’s Data Privacy Day and when it comes down to it, most of us don’t know exactly how many organizations have our data—let alone how it’s being collected or what it is being used for. Unfortunately, the stakes are higher than ever for those who are unwilling to take appropriate safeguards to defend their personal data, including identity theft, financial loss, and more.

    While the cloud presents a wealth of opportunity for increased productivity, connectivity and convenience, it also requires a new set of considerations for ensuring safe use. There are many, but here are the top ten:

    1. Don’t reuse passwords.

    Password reuse is a common problem, especially in consumer cloud services. If you reuse passwords, you only need one of your cloud services to be breached—once criminals have stolen your credentials through one service, they potentially have access to every account that shares those same credentials, including banking platforms, email and other services where sensitive data is stored. When using a cloud service for the first time, it’s easy to think that if the data you are using in that particular service isn’t confidential, then it doesn’t matter if you use your favorite password. But a good way to think of it is this:  Many passwords, one breach. One password…. (potentially) many breaches. If you’re concerned about being able to remember them, look into obtaining a password manager.

    2. Don’t share folders, share files

    Many cloud services allow collaboration or file sharing. If you only want to share a few files, share those and not a complete folder. It’s all too easy to over-share without realizing what else is in the folder—or to forget who you shared it with (or that you shared it at all!) and later add private files that were never meant to be disseminated.

    3. Be careful with auto-sync (it could bring in malware)

    If you share a folder with someone else, many cloud services provide auto-sync, so that when another user adds new files, they get synced to everyone in the share. The danger here is that if someone you are sharing with gets infected by malware, this malware could be uploaded to the cloud and downloaded to your devices automatically.

    4. Be careful of services that ask for your data

    When logging into a new service, you may be asked for some personal data; for example, your date of birth. Why should they ask, and what will they do with this information?  If they can tie that to your email address, and another service obtains your zip-code and a third service asks for your mobile number, you can see that anyone collating that information could have enough to try to steal your identity. If there’s no reason why a service should have that data, use a different service (or, at least, give them incorrect information).

    5. Read EULA & privacy policies – who owns the data?

    I know this sounds hard, but it is worth it: Does the cloud provider claim that they own the data you upload? This may give them the right, or at least enough rights in their own mind, to sell your data to data brokers. This is more common than you think—you should never use a service that claims it owns your data.

    6. Think twice about mobile apps and their data collection

    Many cloud services have a mobile app as a way to access their service. Before using a mobile app, look at the data it says it will collect. Often the app collects more data than would be collected if you were to access the service via browser.

    7. If unsure, ask your IT department if they have reviewed the service.

    Some organizations’ IT departments will have already reviewed a cloud service and decided if it is acceptable for corporate use. It’s in their interest to keep their users secure, especially as so many devices now contain both personal and business data. Ask them if they have reviewed a service before you access it.

    8. Don’t use public Wi-Fi hotspots without using a VPN for encryption.

    Public Wi-Fi can be a place for data interception. Always use a VPN or encryption technology to ensure data is encrypted between your device and cloud services when on a public Wi-Fi.

    9. Enable multi-factor authentication.

    Cloud services that are well designed will offer additional security services, such as multi-factor authentication. Use those, and any other security features that you can.

    10. Don’t share accounts with friends and family.

    It’s often second nature to share with our friends and family. But are they as concerned about privacy as you are? Don’t share accounts, otherwise if they let their guard drop, your data could be compromised.

    Check out more ways to take action and protect your data. 

    Take a look at our additional resource for safeguarding your personal data in the cloud . 

    The post Top 10 Cloud Privacy Recommendations for Consumers appeared first on McAfee Blogs.

    Data Goes Supernova: Exploring Security at the Cloud Edge

    Modern enterprises are fueled by data. The force of the cloud has been like gravity in a supernova, causing data to explode outward and disperse forever. No longer constrained by the network, the free flow of data to cloud service providers and a wide range of devices fragments visibility and control for enterprise security.

    In our latest study on cloud adoption and risk, we traverse the paths of enterprise data as it disperses beyond the network perimeter. Through this research, which combines survey results from 1,000 enterprises in 11 countries and anonymized event data from 30 million enterprise cloud users, we are able to uncover the new areas of risk every enterprise must address in our cloud-first world.

    To jump in now, download the full report here: Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report.

    In the report we evaluate three areas of context that together address the dispersion of data to the cloud:

    1. Cloud context: Data protection must understand the creation and flow of data within the cloud, through collaboration and inter-cloud sharing.

    Twelve percent of files shared in the cloud contain sensitive data, an increase of 57% year over year.

    1. Device context: IT needs the ability to understand whether it is a personal device or one which they control accessing sensitive data. Data loss to personal, unmanaged devices cannot be remediated.

    Only 41% of companies can control personal device access to their data in the cloud.

    1. Web context: The continuous expanse of cloud services is impossible to predict, requiring rules that manage access through web before reaching an unknown cloud destination.

    C-Level IT leaders see the risk of “Shadow IT,” while manager-level decision makers are less likely to report risk to their data from unsanctioned applications.

    This is just a preview of the findings in this study. For the full story, download the entire report here: Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report.

    The post Data Goes Supernova: Exploring Security at the Cloud Edge appeared first on McAfee Blogs.

    Cyber Security Roundup for January 2020

    A roundup of UK focused cyber and information security news stories, blog posts, reports and threat intelligence from the previous calendar month, December 2019.

    Happy New Year!  The final month of the decade was a pretty quiet one as major security news and data breaches go, given cybers attack have become the norm in the past decade. The biggest UK media security story was saved for the very end of 2019, with the freshly elected UK government apologising after it had accidentally published online the addresses of the 1,097 New Year Honour recipients.  Among the addresses posted were those of Sir Elton John, cricketer and BBC 'Sports Personality of the Year' Ben Stokes, former Conservative Party leader Iain Duncan Smith, 'Great British Bakeoff Winner' Nadiya Hussain, and former Ofcom boss Sharon White. The Cabinet Office said it was "looking into how this happened", probably come down to a 'user error' in my view.

    An investigation by The Times found Hedge funds had been eavesdropping on the Bank of England’s press conferences before their official broadcast after its internal systems were compromised. Hedge funds were said to have gained a significant advantage over rivals by purchasing access to an audio feed of Bank of England news conferences. The Bank said it was "wholly unacceptable" and it was investigating further. The Times claimed those paying for the audio feed, via the third party, would receive details of the Bank's news conferences up to eight seconds before those using the television feed - potentially making them money. It is alleged the supplier charged each client a subscription fee and up to £5,000 per use. The system, which had been misused by the supplier since earlier this year, was installed in case the Bloomberg-managed television feed failed.

    A video showing a hacker talking to a young girl in her bedroom via her family's Ring camera was shared on social media. The hacker tells the young girl: "It's Santa. It's your best friend." The Motherboard website reported hackers were offering software making it easier to break into such devices. Ring owner Amazon said the incident was not related to a security breach, but compromised was due to password stuffing, stating "Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services."

    Ransomware continues to plague multiple industries and it has throughout 2019, even security companies aren't immune, with Spanish security company Prosegur reported to have been taken down by the Ryuk ransomware.

    Finally, a Microsoft Security Intelligence Report concluded what all security professionals know well, is that implementing Multi-Factor Authenication (MFA) would have thwarted the vast majority of identity attacks. The Microsoft study found reusing passwords across multiple account-based services is still common, of nearly 30 million users and their passwords, password reuse and modifications were common for 52% of users. The same study also found that 30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses. This behaviour puts users at risk of being victims of a breach replay attack. Once a threat actor gets hold of spilled credentials or credentials in the wild, they can try to execute a breach replay attack. In this attack, the actor tries out the same credentials on different service accounts to see if there is a match.


    12 days of Christmas Security Predictions: What lies ahead in 2020

    Marked by a shortage of cyber security talent and attackers willing to exploit any vulnerability to achieve their aims, this year emphasised the need for organisations to invest in security and understand their risk posture. With the number of vendors in the cyber security market rapidly growing, rising standard for managing identities and access, and organisations investing more in security tools, 2020 will be a transformational year for the sector.

    According to Rob Norris, VP Head of Enterprise & Cyber Security EMEIA at Fujitsu: “We anticipate that 2020 will be a positive year for security, and encourage public and private sector to work together to bring more talent to the sector and raise the industry standards. As the threat landscape continues to expand with phishing and ransomware still popular, so will the security tools, leaving organisations with a variety of solutions. Next year will also be marked by a rush to create an Artificial Intelligence silver-bullet for cyber security and a move from old-fashioned password management practices to password-less technologies.”

    “As cyber criminals continue to find new ways to strike, we’ll be working hard to help our customers across the world to prepare their people, processes and technology to deal with these threats. One thing to always keep in mind is that technology alone cannot stop a breach - this requires a cultural shift to educate employees across organisations about data and security governance. After all, people are always at the front line of a cyber-attack.”

    What will 2020 bring with Cybersecurity?

    In light of this, Rob Norris shares his “12 Days of Christmas” security predictions for the coming year.

    1. A United front for Cyber Security Talent Development
    The shortage of cyber security talent will only get worse in 2020 - if we allow it to.

    The scarce talent pool of cyber security specialists has become a real problem with various reports estimating a global shortage of 3.5 million unfulfilled positions by 2021. New approaches to talent creation need to be considered.

    The government, academia, law enforcement and businesses all have a part to play in talent identification and development and will need to work collaboratively to provide different pathways for students who may not ordinarily be suited to the traditional education route. Institutions offering new cyber security courses for technically gifted individuals are a great starting point, but more will need to be done in 2020 if the shortage is to be reduced.

    2. Cloud Adoption Expands the Unknown Threat Landscape 
    It will take time for organisations to understand their risk posture as the adoption of cloud services grows.

    While the transition to cloud-based services will provide many operational, business and commercial benefits to organisations, there will be many CISO’s working to understand the risks to their business with new data flows, data storage and new services. Traditional networks, in particular, boundaries and control of services are typically very well understood while the velocity and momentum of cloud adoption services leaves CISO’s with unanswered questions. Valid concerns remain around container security, cloud storage, cloud sharing applications, identity theft and vulnerabilities yet to be understood, or exposed.

    3. The Brexit Effect 
    Brexit will have far-reaching cyber security implications for many organisations, in many countries.

    The UK and European markets are suffering from uncertainty around the UK’s departure from the European Union, which will affect the adoption of cyber security services, as organisations will be reticent to spend until the impact of Brexit is fully understood.

    The implications of data residency legislation, hosting, corporation tax, EU-UK security collaboration and information sharing are all questions that will need to be answered in 2020 post-Brexit. There is a long-standing collaborative relationship between the UK and its EU counterparts including European Certs and Europol and whilst the dynamics of those working relationships should continue, CISO’s and senior security personnel will be watching closely to observe the real impact.

    4. SOAR Revolution 
    Security Orchestration, Automation and Response (SOAR) is a real game-changer for cyber security and early adopters will see the benefits in 2020 as the threat landscape continues to expand.

    Threat intelligence is a domain that has taken a while for organisations to understand in terms of terminology and real business benefits. SOAR is another domain that will take time to be understood and adopted, but the business benefits are also tangible. At a granular level, the correct adoption of SOAR will help organisations map, understand and improve their business processes. By making correct use of their technology stack and associated API’s early adopters will get faster and enhanced reporting and will improve their security posture through the reduction of the Mean Time To Respond (MTTR) to threats that could impact their reputation, operations and bottom-line.

    5. Further Market Fragmentation will Frustrate CISOs 
    The number of vendors in the cyber security market has been rapidly growing and that will continue in 2020, but this is leading to confusion for organisations.

    The cyber security market is an increasingly saturated one, often at the frustration of CISO’s who are frequently asked to evaluate new products. Providers that can offer a combined set of cyber security services that deliver clear business outcomes will gain traction as they can offer benefits over the use of disparate security technologies such as a reduction in contract management, discount provisioned across services, single point of contacts and reduction in services and technologies to manage.

    Providers that continue to acquire security technologies to enhance their stack such as Endpoint Detection and Response (EDR) or technology analytics, will be best positioned to provide the full Managed Detection and Response (MDR) services that organisations need.

    6. Artificial Intelligence (AI) will need Real Security 
    2020 will see a rise in the use of adversarial attacks to exploit vulnerabilities in AI systems.

    There is a rush to create an AI silver-bullet for cyber security however, there is currently a lack of focus on security for AI. It is likely we will see a shift towards this research area as “adversarial” approaches to neural networks could potentially divulge partial or complete data points that the model was trained on. It is also possible to extract parts of a model leading to intellectual property theft as well as the ability to craft “adversarial” AI which can manipulate the intended model. Currently, it is hard to detect and remediate these attacks.

    There will need to be more focus on explainable AI, which would allow for response and remediation on what are currently black-box models.

    7. Organisations will need to Understand how to make better use of Security Tools and Controls at their Disposal 
    Customers will need to take better advantage of the security measures that they already have available. 

    The well-established cloud platforms already contain many integrated security features but organisations are failing to take advantage of these features, partly because they do not know about them. A greater understanding of these features will allow organisations to make smarter investment decisions and we expect to see a growing demand for advice and services that allow organisations to optimally configure and monitor those technologies to ensure they have minimal risk and exposure to threats.

    Fujitsu predicted last year that securing multi-cloud environments will be key going forward and organisations continue to need to find a balance of native and third-party tools to drive the right solution for their objectives.

    8. Do you WannaCry again? 
    The end of support for Windows Server 2008 and Windows 7 will open the door for well-prepared attackers.

    January 2020 sees the official end of support life for all variants of Windows Server 2008 and Windows 7, which share elements of the same code base. This means that both end-user devices and data center servers will be equally vulnerable to the same exploits and opens the possibility that organisations could be susceptible to attacks that cause large outages.

    In 2017, Wannacry surfaced and caused some well-publicised outages including well-known organisations from across the healthcare, manufacturing, logistics and aerospace industries. Microsoft had released patches two months before and recommended using a later version of the impacted components. We also learned in 2017, via Edward Snowden, that nation-states have built up an armoury of previously undisclosed exploits. These exploits are documented to target the majority of publicly available Operating Systems and so it stands to reason that cyber criminals could have also built a war chest of tools which will surface once the end of vendor support has passed for these Operating systems.

    9. Rising the Standard for Managing Identities and Access
    Federated Authentication, Single Sign-On and Adaptive Multi-Factor will become standard, if not required, practices in 2020.

    2020 will see organisations continuing their adoption of hybrid and multi-cloud infrastructures and a ‘cloud-first’ attitude for applications. This creates the challenge of managing the expanding bundle of associated identities and credentials across the organisation.

    Identities and associated credentials are the key attack vector in a data breach - they are ‘keys to the kingdom’. Without sufficient controls, especially for those with privileged rights, it is becoming increasingly difficult for organisations to securely manage identities and mitigate the risk of a data breach. Capabilities such as Federation Authentication, Single Sign-On and Adaptive Multi-Factor address the challenge of balance between security and usability, and we see this becoming standard, if not required, practice in 2020.

    10. Extortion Phishing on the Rise 
    Taboo lures enhanced phishing and social engineering techniques will prey on user privacy.

    We are seeing an increase in a form of phishing that would have a recipient believe their potentially embarrassing web browsing and private activity has been observed with spyware and will be made public unless a large ransom is paid.

    Since their widespread emergence last year, the techniques used by these extortionists to evade filters continue to develop. Simple text-only emails from single addresses now come from ‘burnable’ single-use domains. Glyphs from the Cyrillic, Greek, Armenian and extended Latin alphabets are being used to substitute letters in the email to bypass keyword filters and Bitcoin wallets are rotated often and used to associate a recipient with a payment.

    The psychological tricks used in the wording of these emails will develop and likely aid their continued success.

    11. Passwords become a Thing of the Past 
    We will see increasing adoption of end-to-end password-less access, especially in scenarios where Privileged Access Management (PAM) is required.

    Next year we will see a move from old-fashioned password management practices to password-less technologies. The increasing number of cases where privileged credentials and passwords are required, but are painful to manage in secure and cost effective, way will drive this shift. Passwords are easy to forget and the increasing complexity requirements placed upon users increases the chances of passwords having to be written down – which is self-defeating. Biometric technologies and ephemeral certificates will provide a more secure and user-friendly way to manage credentials and ensure assets and data are kept secure.

    12. Ransomware not so Random
    As more organisations employ negotiators to work with threat actors, ransomware is likely to decrease next year.

    In 2019, we observed a shift in the way certain ransomware ransom notes were constructed. Traditionally, ransomware notes are generic template text informing the victim that their files are encrypted and that they must pay a set amount of Bitcoin in order to have their files unencrypted.

    When threat actors successfully deploy ransomware network-wide and achieve other deployment objectives, they inform their victims their files are encrypted. Crucially, however, they do not reveal the price they demand for their decryption. Instead, threat actors seek to open a dialogue with the victim to discuss a price. This change has seen organisations employ negotiators to work with threat actors on managing and, hopefully, reducing the demand and we expect this to continue in 2020.