Category Archives: Endpoint security

Should you trust that Chrome extension? Use CRXcavator to decide

Duo Security has released CRXcavator, a tool that can help end users and enterprises make an informed decision about installing a specific Chrome extension. About CRXcavator CRXcavator was created as an internal tool by Duo’s Corporate Security Engineering team and, because it’s extremely helpful, they made it publicly available. “CRXcavator automatically scans the entire Chrome Web Store every 3 hours and produces a quantified risk score for each Chrome Extension based on several factors,” the … More

The post Should you trust that Chrome extension? Use CRXcavator to decide appeared first on Help Net Security.

Intel SGX Can Be Abused to Hide Advanced Malware: Researchers

A team of researchers has demonstrated that Intel’s SGX technology can be abused to hide an advanced and stealthy piece of malware that could allow attackers to steal data and conduct activities on the victim’s behalf. Intel says its technology works as intended and it’s not designed to block these types of attacks.

read more

Zero trust browsing: Protect your organization from its own users

To the casual observer, the cyberattack landscape is constantly shifting. In recent years, the threats and scams have evolved from Nigerian princes to stranded travelers, pop-ups warning of outdated software to ransomware, cryptojacking, phishing and spear phishing. Predictions for 2019 are full of dire warnings about the very-real explosion of phishing, backed by geometric increases in phishing sites as the number of malware sites drops. Just as 2018 predictions focused on cryptojacking and ransomware were … More

The post Zero trust browsing: Protect your organization from its own users appeared first on Help Net Security.

Your Mobile Phone: Friend or Foe?

Where would we be without our mobile phones?  Our kids, boss, friends – so many people reach out to us via our mobile phone.  And unfortunately, hackers have also started reaching out – in major ways. The severity of attacks on mobile devices is often underestimated. It is now common to have employees use their phones for work-related tasks when they are not within the perimeter of their corporate firewall, giving cybercriminals the opportunity to access sensitive information if and when they hack into an employee’s phone. Let’s take a closer look at some of the common mobile threats that put your business at risk and how to prevent them.

App-Based Threats

Although new mobile malware declined by 24% in Q3 2018, per our latest Quarterly Threats Report, app-based threats still dominate the threat landscape. Malicious actors use social engineering techniques by asking users to update their applications by uninstalling the real app and re-installing a malicious one. With one click, malware can be installed on your mobile device.

Many app-based threats can evolve into more insidious attacks and can go beyond exploiting your personal information. An attacker’s initial goal is to get access and all they need is one vulnerable employee to fall victim to an app-based threat. Once the attacker gains access to an employee’s personally identifiable information (PII) or credentials, they can hijack accounts, impersonate the employee, and trick other employees into divulging even more sensitive corporate data.

Late last year, the McAfee Mobile Research team discovered an active phishing campaign that uses text messages (SMS) to trick users into downloading and installing a fake voice-message app. The app allowed cybercriminals to use infected devices as network proxies without the users’ knowledge.

This year, we expect to see an increase in underground discussions on mobile malware—mostly focused on Android—regarding botnets, banking fraud, ransomware, and bypassing two-factor authentication security.

Risky Wi-Fi Networks

Using public Wi-Fi is one of the most common attack vectors for cybercriminals today. With free public Wi-Fi widely available in larger cities, it has become a convenient way to access online accounts, check emails, and catch up on work while on the go. The industry has seen network spoofing increase dramatically in the past year. To put this into perspective, picture a hacker setting up a rogue access point in a public place like your local bank. A hacker will wait for you to connect to Wi-Fi that you think is a trusted network. Once the hacker gains access, they’re connected to your mobile device. They’ll watch remotely as you access sensitive information, revealing log-in credentials, confidential documents, and more.

Whether you are at home or working remotely, network security needs to be a high priority.

Device Attacks

Cybercriminals have various ways of enticing users to install malware on their mobile devices. Ad and click fraud is a growing concern for device attacks, where criminals can gain access to a company’s internal network by sending an SMS phish. These types of phishing attempts may start as adware, but can easily spread to spyware to the entire botnet.

Another growing concern with mobile device threats is when malware is hidden in other IoT devices and the information obtained by the hacker can be used as an entry point to your mobile device or your company network. With IoT malware families rapidly being customized and developed, it’s important for users to be aware and know how to protect themselves.

How to Better Protect Your Mobile Device


Mobile devices have all the organizational information that traditional endpoints have. McAfee® MVISION Mobile lets you protect against threats to your employees and your data on iOS and Android devices like you do on your PCs. With MVISION Mobile, you can manage the defense of your mobile devices alongside your PCs, IoT devices, servers, and cloud workloads inside McAfee ePolicy Orchestrator (McAfee ePO) with unified visibility into threats, integrated compliance reporting, and threat response orchestration.

The most comprehensive mobile device security is on the device itself, and MVISION Mobile delivers unparalleled on-device protection. Visit our web site for more information, and a product tour.

The post Your Mobile Phone: Friend or Foe? appeared first on McAfee Blogs.

To Improve Critical Infrastructure Security, Bring IT and OT Together

As connectivity in the industrial internet of things (IIoT) continues to accelerate, efforts to secure industrial control systems (ICSs) struggle to keep pace. While many ICS security conversations have involved endpoint security, improving the state of ICS security demands attention to more than just endpoints.

Attacks on critical infrastructure systems are proliferating. Nearly half (41.2 percent) of ICS computers suffered a malicious software attack in H1 2018, according to Kaspersky Lab. Despite growing security concerns, traditionally air-gapped operational technology (OT) is increasingly being tasked with using internet-connected devices to improve operational processes, reduce costs and minimize downtime.

Until security becomes a priority, industrial organizations will remain soft targets for threat actors.

Are ICS Environments Too Trusting?

Data from CyberX’s recent “2019 Global ICS & IIoT Risk Report,” which analyzed network traffic data from 850-plus production OT networks worldwide, confirmed that ICSs continue to be easy targets for adversaries, with security gaps in key areas. These areas included the use of plain-text passwords (69 percent of sites), direct connections to the internet (40 percent), weak antivirus protections (57 percent) and legacy Windows systems such as XP that no longer receive patches from Microsoft (53 percent).

According to Andy Jones, a research specialist with the Information Security Forum, one of the most concerning risks to critical infrastructure stemming from emerging internet-connected technologies is that many ICS environments were designed with safety, rather than security, in mind. As a result, they are inherently trusting environments. They trust that instructions received are bona fide and will execute them without verification or validation.

“ICS environments were designed in an unconnected world, so where else would an instruction have come from if not a trusted peer environment?” Jones said. “However, these systems are now often internet-connected, exposing their operations to new threats. In addition, they move, which poses physical dangers.”

Beyond Identity and Patch Management

While identity and patch management may be the biggest obstacles to securing ICS environments in some cases, there is often a broader inadequacy, according to Sandy Carielli, director of security technologies at Entrust Datacard.

Because IT security leaders are still learning about the differences in their practices and priorities from those of OT and operational leaders, there are gaps in understanding and communication that make even something like patch management problematic. For example, it’s one thing to say a server must be taken offline once a week to apply patches, but in reality, many ICSs may not allow for that kind of downtime.

“Without all stakeholders understanding and accepting the realities of ICS requirements, security owners will develop policies and security road maps that are not adequate. That will trickle down to individual security practices like patching,” Carielli said.

Aspects of Current ICS Security That Need to Change

Before the IIoT started complicating the security of ICSs, systems ran safely and securely for many decades. As the world of technology has changed around these legacy systems, however, innovations that promise enhancements and efficiency have introduced risks, such as the dangers from remote hacking, malware and other attacks that simply were not part of original design briefs.

Now that connected ICSs face many of the same threats as IT systems, security needs to be a priority item for ICS designers and suppliers.

“The complicating factor is that many of these complex systems are part built and part assembled from common components, which may be sourced from multiple suppliers on the basis of lowest price,” said Jones. “If these core components are not secured, then anything built from them may remain vulnerable.”

Also problematic is the device manufacturing process. Rishi Bhargava, co-founder at Demisto, said the problem is tantamount to trying to fit a square peg in a round hole. Because manufacturers typically have outdated operating system (OS) and patching features on their products (if at all), are lax with password protection and changes, and have no regular software update mechanisms to communicate with their customers, things don’t always fit together in these complex environments.

“We need a better alternative to network segmentation and air-gapping IT and OT environments,” Bhargava said. “The potential upside to connected devices is massive and the better alternative going forward is to find a way to ‘stay connected and stay secure’ rather than isolating different infrastructures.”

Improving the Security of Critical Infrastructure Systems

It’s hard to say how to improve something if you don’t know who is responsible for making those improvements. That’s why defining who is responsible for OT security is a necessary first step toward improving the security of critical infrastructure systems.

“The sophistication of recent cyberattacks has demonstrated the need to leverage the skills of existing security operations center (SOC) personnel to combat threats that often cross IT and OT boundaries,” said Phil Neray, vice president of industrial cybersecurity at CyberX. “From a governance point of view, it also makes more sense to have a single C-level executive — typically the chief information security officer (CISO) — be responsible and accountable for all of the digital risk in your organization, regardless of whether it affects IT or OT networks.”

One of the greatest challenges with ICS environments is limited visibility, which is why the next step in ICS security is conducting a thorough risk assessment. It’s critical to know and document what ICS environments exist and identify their criticality to the organization. Jones noted that this is a nontrivial undertaking for complex and global organizations.

“Once this is complete, the focus should be on identifying which of these environments are connected and which of them would be vulnerable to attack,” he advised. “This can very quickly give a focal point for remediation activity.”

It’s also smart to leverage security frameworks that address both IT and OT, such as the white paper on a new security maturity model published last year by the Industrial Internet Consortium. According to Carielli, “Such frameworks will help [organizations] focus on their goals, understand the impact of industry regulations and practices, clarify the resulting security requirements, and prioritize their investment accordingly.”

Bring IT and OT Together

Strong collaboration between IT and OT is a critical step toward improving the security of critical infrastructure systems. When organizations encourage communication between and among their IT, OT and security stakeholders, these different groups can better understand each other’s constraints and work together to meet common goals.

The post To Improve Critical Infrastructure Security, Bring IT and OT Together appeared first on Security Intelligence.

Phishing has become the root of most cyber-evil

Phishing has become the top cause of data breaches. But with employee education and the right tools, such breaches can be prevented.Companies spend a huge amount of time and billions

The post Phishing has become the root of most cyber-evil appeared first on The Cyber Security Place.

83% of global respondents experienced phishing attacks in 2018

Proofpoint analyzed data from tens of millions of simulated phishing attacks sent over a one-year period, along with nearly 15,000 cybersecurity professional survey responses, to provide an in-depth look at state of global phishing attacks. Overall, 83 percent of global infosecurity respondents experienced phishing attacks in 2018, up from 76 percent in 2017, and nearly 60 percent saw an increase in employee detection following security awareness training. In addition, more organizations were affected by all … More

The post 83% of global respondents experienced phishing attacks in 2018 appeared first on Help Net Security.

Cyberattacks fueled by geopolitical tension are increasing

Billions of personal records were stolen in 2018, unearthed in breaches that successfully targeted household names in government, technology, healthcare, travel and hospitality. Compounding the problem has been increased geopolitical tension between western democracies and countries like Russia, China and North Korea. Modern cyberattacks appear to increasingly be fueled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected — using techniques such as lateral movement, island hopping and counter … More

The post Cyberattacks fueled by geopolitical tension are increasing appeared first on Help Net Security.

What Can Consumers and IT Decision-Makers Do About the Threat of Malvertising?

If you haven’t already heard of malvertising, it’s one of the latest portmanteaus you’ll hear more about in 2019. Malvertising, or malicious advertising, is a type of online attack in which threat actors hide malicious code within an advertisement as a means to infect systems with malware. It works like any other type of malware, but can be found in ads across the internet — even legitimate websites such as The New York Times and BBC.

While these attacks have been around for several years, the rate at which they’re increasing is escalating, and the threat to the enterprise is getting more challenging to diagnose.

Frank Downs, director of cybersecurity practices at the Information Systems Audit and Control Association (ISACA), recognizes malvertising as the natural evolution of malware in today’s world of higher security.

“Leveraging traditional advertising capabilities, it makes it much easier for a malicious actor to seem legitimate,” he said.

Whether you’re at home, on a mobile device or sitting at your desktop at work, discerning which ads contain malware is difficult — especially compared to attacks such as phishing, where malicious messaging may be easier to detect.

So what can be done to educate both end users and IT decision-makers? Do workable strategies to defend against malvertising exist?

Ad-Blocking Software: The Ups and Downs of the Tried and True

While it’s easy to become discouraged given the perniciously stealthy nature of malvertising, it’s important to remember that ad-blocking software can handle a great deal of these threats by ensuring that most ads are never even presented to the user.

“Solutions exist which range from simple browser plugins, such as AdBlock Plus, to advanced traffic filtering tools,” said Downs.

He went on to single out an open-source, community-led initiative that’s gained some traction among cyber enthusiasts: Pi-hole.

“These devices are cheap, easily configured, community-developed systems which run on small Raspberry Pi devices. They block over 100,000 advertising domains and have gained an avid following online, making them more effective every day,” Downs explained.

However, Pi-hole isn’t for everyone. Most enterprises only need to deploy ad-blocking software and stop users from disabling it. If a valid use case requires a user to access a specific website, the security team should be alerted so they can determine the next course of action. The downside with this option is that it’s cumbersome and not user-friendly, resulting in users calling support teams to complain about how their workflow is negatively impacted.

“The reality is, no amount of user training is going to stop the problem. Enterprise CXOs have enough to concern themselves with,” said Sherban Naum, senior vice president of corporate strategy and technology for Bromium. “Malvertising is a pain that can be easily remedied by isolating the entire session, allowing a user the freedom to surf the web without the risk of compromise.”

Naum said he is seeing more customers taking the isolation route to remove the user from the decision tree when it comes to real-time runtime security.

Where Does the Buck Stop?

This is all practical for the well-informed enterprise, but end-user awareness is critical as malvertising proliferates. As it stands, users generally lack understanding of how ads and malware work together.

While it’s easy to place the onus on ad-blocking software providers, the issue is surrounded by complexity and extends beyond ad blockers. Because legitimate webpages benefit financially from ads, they’re asking users to disable ad blockers to access their site.

“The practice of asking users to disable a security product for their own benefit is troubling,” said Naum. “Ad blocker companies are doing the right thing to block ads, but users are left with making a decision to either maintain the ad blocker or disable it, as most see legitimate, well-known categorized websites as safe.”

What users may not be aware of is that these large sites are fed by hundreds of random servers that aren’t under the control of the top-level domain provider. This leaves users, employees and consumers as the final security decision-makers, which is anything but optimal.

“What would help is if large sites didn’t prompt users to disable security tools but rather let the visitor access the site and focus more on delivering their service than earning revenue on ads,” Naum said.

Return to Security Best Practices to Deal With Malvertising

That’s obviously easier said than done. If the threat of malvertising shows no signs of slowing down, sites that run ads may face the unfortunate dilemma of having to choose between revenue or keeping visitors safe. Until that happens, it’s our responsibility to be informed and do what we can.

To accomplish this, we must come to terms with the fact that we can’t stop the unknown or trust systems that are entirely out of our control. Further, enterprises must stop relying on legacy architectures and systems to identify attacks.

“Once you have accepted that you need to isolate the untrusted, then happy clicking on malware isn’t an issue and cybercrime is less effective,” said Naum. “However, perhaps the best way of looking at this holistically is that there will always be cybercrime and the enterprise needs to focus on what they are doing to ensure their users are not a victim.”

Malvertising is one more threat that will keep your IT decision-makers up at night, but any company with a protection-first mindset should be able to remain ahead of the curve. Security awareness training for the user may yield limited results in stopping this threat, but in cases like this, a security-minded C-suite will always be ahead of the game.

The post What Can Consumers and IT Decision-Makers Do About the Threat of Malvertising? appeared first on Security Intelligence.

Giving Your Endpoint the Gift of Security This Holiday Season

Suddenly, it’s December, and the beginning of the holiday season. Your coworkers are now distracted with getting in their PTO, flying home to be with family, and completing their shopping lists. But the holiday season isn’t always filled with cheer, it’s got some scrooges too – cybercriminals, who hope to take advantage of the festive fun to find vulnerabilities and infect unsecured devices. And with many employees out of office, these hackers could potentially pose a serious threat to an organization’s endpoints, and thereby its network. As a matter of fact, there are a few key reasons as to why your organization’s endpoints may be in danger during the holidays. Let’s take a look.

Business Shutdowns

Most companies close down for a handful of days during the holidays, if not a full week or two. That means less people manning the IT station, executing updates, and defending the network if cybercriminals manage to find a way inside. A lack of personnel could be just the opportunity cybercriminals need to take advantage of an open entry point and swoop data from an organization essentially undetected.

Holiday Spirit, Relaxed Attitude

For the employees that do stay online during the holidays, attitudes can range from relaxed to inattentive. Unless their product or service directly relates to the holidays and shopping, businesses tend to be quiet during this time. And with many coworkers out, employees tend to have less reason to be glued to their computer all the time. This could mean cyberattacks or necessary security actions go unattended – irregular activity may not seem as obvious or a necessary software update could go unresolved a little too long. What’s more – the lax attitude could potentially lead to a successful phishing attack. In fact, phishing scams are said to ramp up starting in October, as these cybercriminals are eager to time their tricks with the holiday season. In order to accurately identify a phishing scheme, users have to be aware and have their eyes on their inbox at all times. One false move could potentially expose the entire organization, creating a huge problem for the reduced staff on hand.

Holiday Travel = Public Wi-Fi

Workplace mobility is a great new aspect of the modern age – it permits employees more flexibility and allows them to work from essentially anywhere in the world. But if employees are working out of a public space – such as a coffee shop or an airport – they are likely using public Wi-Fi, which is one of the most common attack vectors for cybercriminals today. That’s because there are flaws in the encryption standards that secure Wi-Fi networks and cybercriminals can leverage these to hack into a network and intercept or infect users’ traffic. If an employee is traveling home for the holidays and using public Wi-Fi to get work done while they do, they could potentially expose any private company information that lies within their device.

BYOD in Full Force

Speaking of modern workplace policies, Bring Your Own Device (or BYOD) – a program that allows employees to bring their own personal devices into work – is a common phenomenon these days. With this program, employees’ personal devices connect to the business’ network to work and likely access company data.

That means there is crucial data living on these personal devices, which could be jeopardized when the devices travel outside of the organization. With the holidays, these devices are likely accompanying the employees on their way to visit family, which means they could be left at an airport or hotel. Beyond that, these employees are more likely to access emails and company data through these mobile devices while they are out of the office. And with more connected devices doing company business, there are simply more chances for device and/or data theft.

Staying Secure While Staying Festive

Now, no one wants their employees to be online all the time during the holidays. Fortunately, there are actions organizations can take to ensure their employees and their network are merry and bright, as well as secure. First and foremost, conduct some necessary security training. Put every employee through security training courses so they’re aware of the risks of public Wi-Fi and are reminded to be extra vigilant of phishing emails during this time. Then, make sure all holes are patched and every update has been made before everyone turns their attention to yuletide festivities. Lastly, if an employee is working remotely – remind them to always use a VPN.

No matter who’s in the office and who’s not, it’s important to have always-on security that is armed for the latest zero-day exploits – like McAfee Endpoint Security. You can’t prevent every user from connecting to a public network or one that is set up for phishing, but you can ensure they have an active defense that takes automatic corrective actions. That way, employees can enjoy the time off and return to a safe and secure enterprise come the new year.

To learn more about endpoint security and McAfee’s strategies for it, be sure to follow us at @McAfee and @McAfee_Business.


The post Giving Your Endpoint the Gift of Security This Holiday Season appeared first on McAfee Blogs.

A Quick Introduction to the MITRE ATT&CK Framework

If you’re an avid reader of threat trends or a fan of red team exercises, you’ve probably come across a reference to the MITRE ATT&CK framework in the last few months. If you have ever wondered what it was all about or if you’ve never heard of it but are interested in how you can improve your security posture, this blog is for you.

To start with, let’s explain what MITRE is. MITRE is a nonprofit organization founded in 1958 (and funded with federal tax dollars) that works on projects for a variety of U.S. government agencies, including the IRS, Department of Defense (DOD), Federal Aviation Administration (FAA), and National Institute of Standards and Technology (NIST). It is not a professional third-party cybersecurity testing agency, which is a common misconception. Its focus is to provide U.S. government agencies with essential deliverables—such as models, technologies and intellectual property—related to U.S. national security, including cybersecurity, healthcare, tax policy, etc. In the cybersecurity landscape, MITRE is mostly known for managing Common Vulnerabilities and Exposures (CVEs) for software vulnerabilities. Note that CVEs are pre-exploitation/defense, whereas the MITRE ATT&CK model is focused on post-exploitation only.

Your next question is probably around what MITRE ATT&CK is and what makes it a model or a framework. The name stands for: Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). It is a curated knowledgebase and model for cyberadversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target. The tactics and techniques looked at in the model are used to classify adversary actions by offense and defense, relating them to specific ways of defending against them. What began as an idea in 2010 during an experiment has since grown into a set of evolving resources for cybersecurity experts to contribute to and apply for red teaming, threat hunting, and other tasks. Security practitioners can harden their endpoint defenses and accurately assess themselves by using the model and the tools to help determine how well they are doing at detecting documented adversary behavior.

If you’ve been in the security realm for a while, this may remind you somewhat of Lockheed Martin’s Cyber Kill Chain. It stated that attacks occur in stages and can be disrupted through controls established at each stage. It was also used to reveal the stages of a cyberattack. To understand the overlap of the two models, take a look at this figure:

In the figure above we see that the MITRE ATT&CK matrix model is essentially a subset of the Cyber Kill Chain, but it goes in depth when describing the techniques used between the Deliver and Maintain stages. The Cyber Kill Chain, including the MITRE ATT&CK model, might look like a linear process, but it actually isn’t. It’s rather a branching and looping chain, but we have shown it in a linear fashion to make it easier to understand.

At McAfee, we embrace the MITRE model as a fabulous and detailed way to think about adversarial activity, especially APTs post-compromise, and are applying it to different levels and purposes in our organization. Specifically, we are engineering our endpoint products using the insights gained from MITRE ATT&CK to significantly enhance our fileless threat defense capabilities. Additionally, we are using it to inform our roadmaps and are actively contributing to the model by sharing newly discovered techniques used by adversaries. We are partnering with MITRE and were recently a core sponsor of the inaugural MITRE ATT&CKcon in the Washington, D.C. area.

Over the next few weeks, I’ll continue to go deeper into how MITRE ATT&CK matrix testing works, how you can use it, how it’s different from other testing methods, and how McAfee is investing in it.

The post A Quick Introduction to the MITRE ATT&CK Framework appeared first on McAfee Blogs.

McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms

We are excited to announce that McAfee has been recognized as a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms.  McAfee takes great pride in this distinction, as we feel that real-world feedback from our customers is the driving force behind the recognition and that they have spoken loudly about the value they are receiving from our products.

In its announcement, Gartner explains, “Since October 2015, more than 100,000 reviews across more than 300 markets have been posted to Gartner Peer Insights. In markets where there is enough data, Gartner Peer Insights recognizes the vendors who are the most highly rated by their customers through the Customers’ Choice distinction. This peer-rated distinction can be a useful complement to expert opinion, as it focuses on direct peer experiences of implementing and operating a solution.” To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors.




For this distinction, a vendor must have a minimum of 50 approved ratings with an average overall rating of 4.2 stars or higher. McAfee received 651 reviews and an average 4.4 rating out of 5 total for the Endpoint Protection Platforms market as of November 19th, 2018.

Here are some excerpts from customers that contributed to the distinction:

“This is what an Endpoint Security Solution should look like”

 Cyber Security Analyst in the Government Industry

“McAfee ENS has been a complete game changer in the world [of] endpoint security.”

Infrastructure and Operations in the Retail Industry

“Seamless upgrade from legacy products to ENS, ePO is probably the best management console I’ve used for any product I’ve used”

Sr. Desktop Engineer in the Services Industry

And those are just a few. You can read more reviews for McAfee Endpoint Security on our web site and on the Gartner site.

On behalf of McAfee, I would like to thank all of our customers who took the time to share their experiences. We are delighted to be a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms and we believe that it is your valuable feedback which made it possible. To learn more about this distinction, or to read the reviews written about our products by the IT professionals who use them, please visit Gartner Peer Insights Customers’ Choice announcement page.


  • Gartner Peer Insights’ Customers’ Choice for Endpoint Security and Protection Software announcement November 19, 2018


The Gartner Peer Insights Customers’ Choice logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

The post McAfee Named a 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms appeared first on McAfee Blogs.