Ransomware: The Digital Plague that Still Persists

Ransomware: The Digital Plague that Still Persists 1

Ransomware began its reign of cyber terror in 1989 and remains a serious and dangerous threat today. In layman’s terms, ransomware is malware that employs encryption to lock users out of their devices or block access to critical data or files. A sum of money, or ransom, is then demanded in return for access to the information. Some effects of ransomware include downtime, data loss, possible intellectual property theft, major financial consequences and more.

The Rise of Ransomware

 Ransomware and their variants are rapidly evolving. McAfee Labs found that ransomware grew by 118% in the first quarter of 2019, and discovered new ransomware families using innovative techniques to target and infect enterprises. Based on volume, the top three ransomware families that were most active in Q1 were Dharma, GandCrab and Ryuk.

Many variations of ransomware exist. Often we’ve seen ransomware and other malware being distributed using email spam campaigns or through targeted attacks. But in Q1, our researchers found an increasing number of attacks are gaining access to companies that have open and exposed remote access points, such as RDP and virtual network computing (VNC). RDP credentials can be brute-forced, obtained from password leaks, or simply bought in underground markets. To note, the ransomware Dharma used the RDP attack method, while GandCrab and Ryuk used mostly spear-phishing as a distribution mechanism.

The Impact of Ransomware

Earlier this year, cybercriminals targeted the city of Riviera Beach, Fla., a waterfront suburb north of Palm Beach. After major disruptions in municipal services resulting from the ransomware, city leaders complied with the hacker gang’s demand of 65 bitcoin (roughly $600,000) in exchange for the decryption key. Although not suggested, we’ve seen a number of victims give in to the extortion demands of attackers, often paying the ransom demand of hundreds or thousands of dollars in order to restore their systems. In the end, you may reduce downtime by paying the ransom, but it’s never a guarantee that you will receive a decryption key, plus you will be funding criminal activity.

The impact of ransomware is more than merely a nuisance. Companies tend to experience temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.

How to Defend Against Ransomware

We must not forget that with every cyberattack, there is always a human cost, whether it’s a business dealing with an outage or a consumer dealing with a major fraud. It’s important to develop a proactive disaster recovery plan to increase your chances of withstanding ransomware. To help steer clear of ransomware, below are a few tips to follow:

  • Defend – Sufficiently robust security solutions can protect you from known threats as well as those that have not yet been formally detected. Always downloading the newest version of your operating system or apps helps you stay ahead of threats
  • Back up your data – Frequently back up essential data, ideally storing it both locally and on the cloud.
  • Stay informed – Resources such as—an initiative created by the National High Tech Crime Unit of Netherlands, Europol’s European Cybercrime Centre, and McAfee—aim to provide prevention education and help ransomware victims retrieve their encrypted data without having to pay criminals.

The post Ransomware: The Digital Plague that Still Persists appeared first on McAfee Blogs.


It’s About Time: Cybersecurity Insights, Visibility, and Prioritization

It’s About Time: Cybersecurity Insights, Visibility, and Prioritization 2

As McAfee Chief Executive Officer Chris Young said in his 2019 MPOWER Cybersecurity Summit keynote address, time is the most valuable resource that we all share. But time isn’t always on our side – especially when it comes to cybersecurity.

“Time is the one constant that we cannot change. It’s the one constraint that we cannot ignore. Every second counts,” Young said. “… Our adversaries are using time to their advantage. It’s the single greatest weapon they have. It’s taken over the language of our industry. Persistence. Dwell time. Used to describe the time the work that our adversaries do as they run up the clock until they try to exfiltrate our most sensitive information. Versus ransomware, which applies time pressure to run down the clock. If you don’t pay the ransom you’ll lose your data forever. Zero-day attacks. Mean time to detect. Mean time to respond. These are just a few of the many, many examples of the way time is woven into the fabric of our industry.”

Time is a major challenge for organizations attempting to keep pace with cyber threats that are rapidly increasing in volume and complexity. Elevated efficiency is cybersecurity’s counterpunch against agile and elusive adversaries weaponizing time. Organizations that constantly find themselves in reactive mode struggle to maintain staff efficiency—but time and resources can be saved by using improved visibility and prioritization to get ahead of the threat curve.

The findings of an ESG paper commissioned by McAfee concurred: “Organizations want more visibility into cyber-risks so they can tailor and prioritize their threat response and risk remediation actions in alignment with threats that may hit them,” said Jon Oltsik, ESG fellow. “Many firms want to be more proactive but do not have the resources and talent to execute.”

Better cybersecurity intelligence and insights can enable organizations to assume a more proactive cybersecurity program without dramatically upgrading resources and talent.

Better Visibility Through Next Generation Open Architecture

Modern adversaries are using next-generation tools, tactics and techniques to evade traditional reactive security systems. The next generation of open cyberthreat identification, investigation, and response capabilities paired with human and artificial intelligence can enable organizations to answer key questions about how to respond to threats. Open architecture can enable security teams to add their own expertise and analytics, empowering insight into the high-impact threats that matter. Security analysts will need the right technology to do the analysis, a combination of human expertise and the most advanced artificial intelligence and machine-learning capabilities that provide insight as to which actions to take.

The diversity of the raw materials an organization uses matters. If you only have one type of sensor, such as endpoint, you’re limited in what you can see. Gaining insight requires the ability to look at a wide range of capabilities from traditional on-premise environments to the cloud. Sensors should cover on-premise, perimeter, network, endpoint, and cloud environments. From the data gathered by these sensors, security teams can then extract context, detecting the characteristics, structure, and behavior of suspicious activity. Efficiencies are empowered through diverse telemetry at scale.

Prioritization: Decoding the DNA of Cyber Threats

“We and the rest of the cybersecurity industry have to move beyond the hash,“ said Steve Grobman, senior vice president and chief technology officer. “Features are a lot like markers in DNA and biology. By understanding the markers and characteristics, we can understand the structure, the behavior. We can understand what a threat is even if we’ve never seen it before. We can basically see the characteristics of a threat we’ve never seen before and have a very good understanding of what it actually is.”

Most security teams are constrained by the available data and traditional indicators of compromise such as hashtags and IP addresses. An open architecture consisting of a variety of sensors provides the capability to gather more and richer information on a threat’s DNA.

The goal goes beyond a simple patch or remedy. It’s about being better able to understand the unknown through improved data and intelligence. To enhance efficiency in dealing with the things that matter. The threats that are inherently difficult to detect. The threats that are engineered to target you.

By gaining this understanding, you’ll be more able to answer strategic questions such as:

  • Am I protected from this threat?
  • What do I need on my platform in to defend against this threat?
  • What is the technology?
  • What is the content?
  • What is the configuration I need to defend myself?
  • Was I protected when this threat impacted my environment on that very first day or the day that threat emerged?
  • What did I need to have zero-day protection?
  • Did I have the right real-protect model?

Intelligence that helps answer these questions can provide insight into not only how a threat fared against one organization’s security but how a security plan can proactively prepare for next-generation threats.

Anticipating Next-Generation Threats

Understanding threats is not just about protection but also anticipation, both of threats in your environment and on a global scale. Improved insights can leave organizations with a complete view of how a threat is impacting their environment.

Decoding the DNA of threats through an expanded variety of sensors can help organizations recognize and anticipate the next generation of threats:

  • Using machine-learning algorithm that recognizes potentially malicious activity, extracts characteristics and recognizes its similarities to threats we’ve seen before.
  • Finding outliers that allow us to find things that have uncommon characteristics.
  • Finding things that appear to be engineered for things in your environment. The fact that this only in your environment and it has characteristics that really look different from anything we’ve ever seen before. That tells us you really need to pop this to the top of your stack of investigation priorities because this could be targeting you.
  • Identifying targeted attacks by mapping threats tied to specific industrial sectors and being able to cluster the highest level of intensity by sector.
  • Separating the noise from the signal.
  • Triaging the priority and raising the urgency on threats critical to your organization.

Gaining cybersecurity efficiency via visibility and prioritization isn’t only about gathering richer data. It’s also about having the right technology to do the analysis. It’s not just about being able to identify the things that matter, it’s about being able to take action with your current security staff. It’s about saving time against an adversary using time as a weapon.

Read more on how the McAfee MVISION Insights platform’s integration into the McAfee architecture provides better intelligence capable of empowering better insights

The post It’s About Time: Cybersecurity Insights, Visibility, and Prioritization appeared first on McAfee Blogs.


TLS 1.3 and McAfee Web Gateway

TLS 1.3 and McAfee Web Gateway 3

With the introduction of TLS 1.3 in 2018, IETF’s goal was (and is) to make the Internet a safer and more secure place.

Legacy technologies such as the RSA key exchange have been phased out now. Replacing it is a much safer Diffie-Hellman key exchange. There are two main benefits to this method: not only is perfect forward secrecy reached, but also a decryption after the fact is no longer possible, since the relevant key cannot be recalculated. The usage of elliptic curve ciphers introduces greater efficiency—as the same strengths can be reached with a smaller key, essentially the encryption will use fewer resources.

To support a safer Internet, adoption of TLS 1.3 is key. TLS 1.3 offers better security posture than its previous versions.

It is important that a web gateway supports TLS 1.3 to ensure secure connection. McAfee Web Gateway version 8.2.0 supports TLS 1.3 in a bi-directional fashion. This helps organizations to ensure that the connection from the internal client side has the same level of security as the connection on the outbound side (towards the server).

In the reverse proxy scenario, McAfee Web Gateway with TLS 1.3 helps secure Internet traffic for cloud infrastructures such as Azure and AWS, even when they don’t support TLS 1.3 themselves.

The timely adoption of TLS 1.3, as previously seen with HTTP/2, will enable customers to act at the speed of cloud and make cloud usage as safe and secure as possible. To find out more, please view this whitepaper.

The post TLS 1.3 and McAfee Web Gateway appeared first on McAfee Blogs.


Increasing Value with Security Integration

Increasing Value with Security Integration 4

What would your security team do with an extra 62 days?

According to a recent study by IDC, that’s the amount of time the average-sized security team can expect to regain by addressing a lack of security management integration. With just 12 percent of respondents currently using an end-to-end management suite—and with 14 percent completely reliant on ad hoc “solutions”—there’s plenty of room for improvement.

The study, “Security Integration and Automation: The Keys to Unlocking Security Value,” found that businesses who addressed lack of integration saw three main business benefits: Efficiency, Cost Reduction and Improved Staff Retention. If your business chose to do the same, which goal would your team spend its 62 days working toward?

Increasing Efficiency

When asked what concerns limited their ability to improve IT security capabilities, 44% reported security was too busy with routine operations, and 37 percent cited high levels of demand for new business services.

If these teams had an extra 62 days, it could afford them the free time needed to improve their security posture—and one place that a lot of companies currently fall short is in the cloud, where a majority of new business services live.

According to IDC, enterprises are expected to spend $1.7 trillion on digital transformation by the end of this year. And our 2019 Cloud Adoption and Risk Report found that 83% of respondents worldwide stored sensitive data in the cloud. The number of files on the cloud that are eventually shared has risen to nearly half, but unfortunately, there isn’t always a lot visibility or control over where that data winds up. 14% of those files go to personal email addresses, removing them from the oversight of corporate cybersecurity. Even worse, another 12% of the files shared are accessible to “anyone with a link.”

These numbers are only rising—over the past two years, they’ve gone up 12% and 23% respectively. A recent report by Gartner puts a fine point on it: “Through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data”—a figure which could risk your company’s compliance status, reputation, or even overall well-being. Clearly, any portion of that 62 days dedicated to preventing such data loss would be time well spent.

Decreasing Costs

According to a Cybersecurity Ventures report, there will be an estimated 3.5 million unfilled cybersecurity jobs by 2021. Odds are, your own cybersecurity team is feeling this crunch. In our “Hacking the Skills Shortage” report, we found that businesses are having to respond to in-house talent shortages by expanding their outsourcing of cybersecurity.

More than 60% of survey respondents work at organizations that outsource at least some cybersecurity work. With an extra 62 days a year, some of these capabilities could be brought back in-house, which would help meet cost-cutting goals or free up resources that could be reallocated elsewhere. For a team struggling to meet demands that outpace their current bandwidth, having this 62 days would be like receiving an extra 9.5 manhours of work a week. This “free” higher production reduces your company’s labor cost—and could make a substantial difference during cybersecurity labor shortages, when extra manpower can be basically unavailable at any price.

Employee Retention

What else could your team do with 62 extra days a year? Nothing at all.

More specifically, this time could be allocated across your team as a way to ease burnout, incentivize hard work, and help increase retention.

According to our “Winning the Game” report, only 35% of survey respondents say they’re “extremely satisfied” in their current cybersecurity job, and a full 89% would consider leaving their roles if offered the right type of incentive.

What are the “right types of incentives?” 32% said that shorter/flexible hours would make them consider leaving. Another 28% said lower workload would lure them away, and an additional 18 percent said an easier, more predictable workload could make them switch.

Assuming an average security staff of between 5 and 6 team members, 62 days would allow you to give each employee several extra days off a year. Alternately, by distributing existing workload through this allotted time, your team could work at a pace other than “breakneck.”

While the extra time you’d gain could certainly allow for less work, it could also allow for more interesting work. In the same survey, 30% of employees mentioned that an opportunity to work with exciting technologies like AI/automation could lead them to consider working elsewhere. If your team falls into this camp, an extra 62 days could allow the time necessary to explore these options (which in turn, could have business benefits of their own.)

Once these benefits are realized, what are the ultimate outcomes expected to be? According to IDC, 36% said faster response times, 35% said more effective response, and 29% said better threat intel sharing. Given these findings, it’s no wonder that the share of end-to-end suite users who feel their security is ahead of their peers outnumber their ad-hoc equivalents 4:1. Where does your business stand?

To read the full “Security Integration and Automation: The Keys to Unlocking Security Value” study, click here.

The post Increasing Value with Security Integration appeared first on McAfee Blogs.


Top 5 Highlights from MPOWER 2019

Top 5 Highlights from MPOWER 2019 5

Fellow security experts gathered at MPOWER 2019 to strategize, network, and learn about the newest and most innovative ways to ward off advanced cyberattacks. This year’s attendees had a special opportunity to hear from cybersecurity thought leaders as they shared their insights on our ever-changing industry. The latest applications, workload and infrastructure designed to protect your data from the device to the cloud were also spotlighted, giving attendees a first look at McAfee’s newest innovations.

Top 5 Highlights from MPOWER 2019 6

Here are the top five highlights gleaned from three jam-packed days of MPOWER at the Aria in Las Vegas.

1. The most valuable resource we all share—Time

Top 5 Highlights from MPOWER 2019 7

This year’s MPOWER had an overarching theme of time. According to our recent research, threats are multiplying at unprecedented rates—as fast as five per second, resulting in customers feeling the mounting pressure of time in the never-ending race to do more, secure more, defend more and save more.

In the opening keynote for MPOWER 2019, CEO Chris Young pledged to make every second count at MPOWER and emphasized that, at McAfee, “… time is the underpinning factor in our investment strategy—in protecting the digital experience, from the device to the cloud.” Young went on to say that time is the one constant we can’t change and the one constraint we can’t ignore. Time, he reiterated, “remains our one resource that can burden or empower.” In closing, he stated, “I, for one, choose empowerment. I choose to seize our collective destiny today—a safe, secure future. Our pace is fueled by a passion and a commitment I share with nearly 7,000 McAfee employees each day—we are pledged to create the future that you and we deserve. It’s about time.”

2.  Announcing Unified Cloud Edge, MVISION Insights and Advancements MVISION Portfolio

Top 5 Highlights from MPOWER 2019 8

During MPOWER, Young and Senior Vice President of the Cloud Security Business Unit Rajiv Gupta introduced Unified Cloud Edge, an industry-first initiative, to address the security concerns of the cloud. By converging the capabilities of its award-winning McAfee MVISION Cloud, McAfee® Web Gateway, and McAfee® Data Loss Prevention offerings—all to be available through the MVISION ePolicy Orchestrator (ePO) platform—Unified Cloud Edge will offer a borderless IT environment. This frictionless environment will enable security professionals to reduce risk and increase productivity for organizations as they move to secure cloud adoption.

Top 5 Highlights from MPOWER 2019 9

During Day Three of MPOWER, Young and CTO Steve Grobman offered a sneak preview into the MVISION Insights platform. Geared to help organizations move to an action-oriented, proactive security posture, the MVISION Insights platform will pinpoint threats that matter, offer insights into the effectiveness of their defenses and provide the ability to respond quickly and accurately to these threats. Security teams will soon be able to coordinate the data gathered by McAfee’s one-billion-plus sensors worldwide with their own threat data to provide the information needed to battle threats targeting their systems and data, while also preparing defenses against threats that have yet to be seen in their environments.

Top 5 Highlights from MPOWER 2019 10

Lastly, Young announced the latest enhancements to the MVISION portfolio— a first-of-its-kind, cloud-based product family that allows organizations to deploy security on their terms as they move to the cloud. The new features and functionality lie within McAfee MVISION CloudMcAfee MVISION EndpointMcAfee MVISION EDR and McAfee MVISION ePO, and have been purpose-built to help organizations protect data and stop threats across devices, networks and the cloud. Also announced at MPOWER, the latest version of McAfee Endpoint Security—10.7—now features a visualization tool to help security pros trace the root cause of attacks and rollback remediation to enable customers to easily and quickly reverse the effects of malware and return a device to its former healthy state.

3. New Ransomware

Top 5 Highlights from MPOWER 2019 11

McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. During MPOWER, the ATR team posted the first and second episodes detailing the Sodinokibi ransomware. In the first installment, they share their extensive malware and post-infection analysis and visualize exactly how big the Sodinokibi campaign is. The second installment shares an analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) campaign of 2018 and mid-2019. (Check back on Securing Tomorrow to see Episode 3: Follow the Money and Episode 4: Crescendo.)


Top 5 Highlights from MPOWER 2019 12

Tuesday afternoon, our ATR and SecOps Engineering team hosted our first ever interactive game, “Defend The Flag,” in which 65 customers competed to win a brand-new challenge coin. The game consisted of defending an organization against a real-world adversary like APT29. Through simulated attacks and scenarios based on the MITRE ATT&CK framework, the participants leveraged a combination of McAfee solutions and best-of-breed open source tools to prevent, detect, triage, investigate and hunt for the presence of the adversary. Players practiced their security skills through a series of questions and challenges ranging from basic to advanced, and earned prize points, unique swagger and bragging rights.





5. Building a Culture of Security

Top 5 Highlights from MPOWER 2019 13

Throughout the morning keynotes, guest speakers and McAfee leadership enthusiastically supported the notion of creating a culture of security. Throughout the presentations, several essential elements emerged: getting young people excited about the work McAfee and other companies are doing; opening up immigration policies to welcome new talent; increasing government investment in technology initiatives and infrastructure; and reaching out to allies across the globe rather than taking an isolationist stance. When CMO Allison Cerra addressed MPOWER attendees, she discussed her contribution to building a culture of security. Her goal is to use her communications expertise to start a conversation on how organizations can build a stronger cybersecurity culture in the face of relentless attackers. This led to her writing a playbook for every employee, every functional manager and every leader in organizations big and small, private and public. The book, titled The Cybersecurity Playbook: How Every Leader Can Contribute to a Culture of Security, was published in September, and every MPOWER attendee received a copy.


The post Top 5 Highlights from MPOWER 2019 appeared first on McAfee Blogs.


Are Cybersecurity Robots Coming For Your Job?

Are Cybersecurity Robots Coming For Your Job? 14

“14 Jobs That Will Soon Be Obsolete.” “Can A Robot Do Your Job?” “These Seven Careers Will Fall Victim to Automation.” For each incremental advance in automation technology, it seems there’s an accompanying piece of alarmist clickbait, warning of a future in which robots will be able to do everything we can, only better, cheaper, and for longer. Proponents of AI and automation view this as the harbinger of a golden age, ushering in a future free from all the paper-pushing, the drudgery, the mundane and repetitive things we have to do in our lives. We will work shorter hours, focus on more meaningful work, and actually spend our leisure time on, well, leisure.

But while it’s one thing to enjoy having a robot zipping across the floor picking up your 3-year-old’s wayward Cheerios, it’s quite another to imagine automation coming to our workplace. For those of us in cybersecurity, however, it has become a foregone conclusion: Now that criminals have begun adopting automation and AI as part of their attack strategies, it’s become something of an arms race, with businesses and individuals racing to stay one step ahead of increasingly sophisticated bad actors that human analysts will no longer be able to fend off on their own.

Spurred by growth in both the number of companies deploying automation and the sophistication of threats, automated processes are closing in on and even surpassing human analysts in some tasks—which is making some cybersecurity professionals uneasy. “When robots are better threat hunters, will there still be a place for me? What if someday, they can do everything I can do, and more?”

According to the “2019 SANS Automation and Integration Survey,” however, human-powered SecOps aren’t going away anytime soon. “Automation doesn’t appear to negatively affect staffing,” the authors concluded, after surveying more than 200 cybersecurity professionals from companies of all sizes over a wide cross-section of industries. What they found, in fact, suggested the opposite: Companies with medium or greater levels of automation actually have higher staffing levels than companies with little automation. When asked directly about whether they anticipated job elimination due to automation, most of those surveyed said they felt there would be no change in staffing levels. “Respondents do not appear concerned about automation taking away jobs,” the paper concludes.

There are many reasons for this, but perhaps the most basic is that, in order to see any sort of loss in the number of cybersecurity jobs, we’d first need to get to parity—and we’re currently about 3 million short of that.

Phrased another way, automation could theoretically eliminate three million jobs before a single analyst had to contemplate a career change. That’s an oversimplification, to be sure, but it’s also one that presupposes AI and automation will live up to all of its promises—and as we’ve seen with a number of “revolutionary” cybersecurity technologies, many fall short of the hype, at least in the early days.

Automation currently faces some fundamental shortcomings. First, it cannot deploy itself: Experts are needed to tailor the solution to the business’ needs and ensure it is set up and functioning correctly. And once they’re in place, the systems cannot reliably cover all the security needs of an enterprise—due to a lack of human judgment, automated systems surface a great many false positives, and failing to put an analyst in charge of filtering and investigating these these would create a huge burden on the IT staff responsible for remediation.

There’s also the issue of false negatives. AI is great at spotting what it’s programmed to spot; it is vastly more unreliable at catching threats it hasn’t been specifically instructed to look for. Machine learning is beginning to overcome this hurdle, but the operative word here is still “machine”—when significant threats are surfaced, the AI has no way of knowing what this means for the business it’s working for, as it lacks both the context to fully realize what a threat means to its parent company, and the ability to take into consideration everything a person would. Humans will still be needed at the helm to analyze risks and potential breaches, and make intuition-driven, business-critical decisions.

As effective as these automated systems are, once they’ve been programmed, their education begins to become obsolete almost immediately as new types of attack are created and deployed. Automated systems cannot continue to learn and evolve effectively without the guiding hand of humans. Humans are also needed as a check on this learning, to test and attempt to penetrate the defenses the system has developed.

Then there are the things that can never be automated: hiring and training people; selecting vendors; any task that requires creativity or “thinking outside the box”; making presentations and eliciting buy-in from the board of directors and upper management—and, of course, compliance. No automated system, no matter how sophisticated, is going to know when new laws, company regulations, and rules are passed, and no system will be able to adjust to such changes without human intervention. Even if the work of compliance could be completely automated, the responsibility for compliance cannot be outsourced, and rare would be the individual who could sleep easy letting a machine handle such tasks singlehandedly.

But for the sake of argument, let’s assume for a moment we could fully automate the SOC. While the loss of jobs is certainly a serious matter, we’d soon find the stakes to be much higher than even that. Hackers have already demonstrated an ability to hack into automated systems. If they were able to retrain your AI to ignore critical threats, and there was no human present to realize what was happening and respond swiftly and appropriately, sensitive data could be compromised enterprise-wide—or worse.

In short, automation won’t eliminate the demand for human cybersecurity expertise, at least in the short- to medium-term. But it will certainly redefine roles. According to SANS, implementation of effective automation often requires an initial surge in staff to get the kinks worked out—but it is almost invariably accompanied by a redirection, not reduction, of the existing workforce. Once in place, the automated systems will have two functions. By allowing analysts to shift their focus to more critical cybersecurity functions, improving efficiency, reducing incident response time, and reducing fatigue, they function as a tool for cybersecurity professionals to increase their effectiveness.

But their most valuable role may be as a partner. Automation may be powerful, but automation closely directed and honed by humans is more powerful. Rather than taking the place of humans, robots will take their place alongside humans. Automation, then, should be thought of as a way not to replace SecOps teams, but rather to complement and complete them in a way that will allow them to handle both the monotonous and mundane (yet necessary) tasks in the SOC, and also attend to the true mission-critical tasks rapidly and without distraction.

For more on misconceptions surrounding automation, read the 2019 SANS Automation Survey

The post Are Cybersecurity Robots Coming For Your Job? appeared first on McAfee Blogs.


Cybersecurity Platforms: 8 Must-Have Attributes

Cybersecurity Platforms: 8 Must-Have Attributes 15

Defending enterprises against the growing frequency and complexity of cyberattacks is becoming an ever-increasing burden to cybersecurity budgets and manpower. An ESG enterprise-class cybersecurity technology platform white paper commissioned by McAfee shows CISOs have “reached a tipping point where the current cybersecurity point tools are no longer acceptable.” Current high-cost, complex strategies using disconnected point tools aren’t working and CISOs are abandoning their collection of cybersecurity point tools in favor of a consolidated, integrated approach.

ESG reports that consolidation is wide spread and growing – 22% of organizations are actively consolidating the number of cybersecurity vendors they do business with on a large scale while 44% of respondents are consolidating the number of cybersecurity vendors they do business with on a limited basis. ESG expects this trend to gain momentum over the next 12 to 24 months.

In response to this consolidation trend, more service providers are attempting to market their disparate tools as a platform. According to the ESG white paper, “Industry hyperbole has led to user confusion about what qualifies as a cybersecurity technology platform.”

Based on ESG’s survey findings, the following eight key attributes should be included in all RFIs/RFPs and become part of every cybersecurity technology platform:

  1. Prevention, detection, and response capabilities. CISOs expect cybersecurity platforms to provide strong defensive capabilities (i.e., rules, heuristics, machine learning models, behavioral algorithms, threat intelligence integration, etc.) capable of blocking and detecting threats with close to 100% efficacy. When threats are detected, cybersecurity platforms should average low false positive rates and provide concise forensic evidence that enables analysts to track events that led to an alert. Cybersecurity platforms should also include simple mitigation techniques such as quarantining a system, halting a process, or terminating a network connection. Users should have the ability to automate these remediation measures when desired.
  2. Coverage that spans endpoints, networks, servers, and cloud-based workloads and API-driven services. Cybersecurity platforms should be able to prevent, detect, and respond to threats across an enterprise IT infrastructure composed of endpoints, networks, servers, or cloud-based workloads and API-driven services. Prevention, detection, and response capabilities should be united so that security and IT operations teams can monitor activities and take actions across any security technology controls and any location.
  3. Central management and reporting across all products and services. All security controls should report to a central management plane delivering configuration management, policy management, monitoring, and remediation capabilities. Central management must be built for scale, support role-based access control, and offer the ability to customize multiple UIs and functions for different security and IT operations profiles.
  4. An “open” design. Security platforms must be built for integration by supporting common messaging buses and open APIs. Best-in-class cybersecurity platforms will also feature an open design capable of supporting third-party developers and security vendors with developer support resources, partner ecosystems, technical support services, and go-to market programs.
  5. Tightly coupled plug-and-play products and managed services. The transition from point tools to cybersecurity platforms may be an arduous process journey requiring a phased implementation. As a result, cybersecurity platforms must play the role of force multiplier, providing incremental value through the integration of additional products and services. Supplementing any security product or managed service should increase the security efficacy and operational efficiency of the entire platform.
  6. Security coverage that includes major threat vectors including email security and web security. Most malware attacks emanate through compromised systems using techniques such as phishing, malicious attachments/links, and drive-by downloads. Cybersecurity platforms must include strong prevention/detection filters that work inline and service the entire IT infrastructure. Filters can be provided by the platform vendor or through third-party integrations.
  7. Cloud-based services. Cybersecurity platforms should be capable of utilizing cloud-based resources for processes such as file analysis, threat intelligence integration, behavioral analytics, and reputation list maintenance. Cloud-based services should be applied to all cybersecurity platform users in real time. When a malicious file is detected at one site, all other platform customers should be updated with prevention and detection rules to safeguard them from that threat.
  8. Multiple deployment options and form factors. The components of cybersecurity platforms should be accessible as on-premises software/devices, cloud-based server implementation, SaaS, or some combination. ESG provides the example of a large global enterprise may deploy on-premises software/devices at corporate headquarters, cloud-based server implementation for large regional offices, and SaaS for remote workers. All form factor options should be anchored by central configuration management, policy management, and global monitoring.

ESG’s white paper advises CISOs to approach cybersecurity platforms with a long-term strategy and project plan that spans a 24-to-36-month timeframe.

ESG also identifies McAfee as “one of a few vendors” whose product fits the description of a cybersecurity technology platform. Because McAfee’s ePO-based cybersecurity technology platform aligns well with ESG’s eight key cybersecurity technology platform attributes and high priority enterprise customer requirements, ESG states “CISOs would be well served to explore McAfee’s ePO-based cybersecurity technology platform as it aligns well with current and future cybersecurity requirements for improving security efficacy, increasing operations efficiency, and enabling the business.

Read more on how McAfee’s ePO can consolidate and improve your enterprise’s cybersecurity defenses.

The post Cybersecurity Platforms: 8 Must-Have Attributes appeared first on McAfee Blogs.


Countdown to MPOWER 2019: Survival Guide

Countdown to MPOWER 2019: Survival Guide 16

This year, we’re excited to host the 12th annual MPOWER Cybersecurity Summit at the ARIA in Las Vegas, where fellow security experts will strategize, network, and learn about the newest and most innovative ways to ward off advanced cyberattacks. With the show nearly upon us, I’m sharing a “survival guide” for first-time attendees and anyone who might want a refresher of what’s to come. Here are a few tips and tricks to help make your MPOWER experience even more successful and enjoyable.

Travel, Transportation and Accommodations

MPOWER is the best place to leverage your existing McAfee investment, engage with our ecosystem of security experts, connect with other McAfee customers and much more.

If you haven’t yet booked your travel arrangements, be sure you do so as soon as possible to take advantage of the special rates offered by the ARIA Resort & Casino. When you arrive at the Las Vegas McCarran International Airport, it will be a quick 20 minute Uber or Lyft ride to the ARIA. For more information on ground transportation from the airport to the hotel, click here.

TIP: Need some help convincing your company or manager? Click here for our email template (and modify as appropriate) to help justify your attendance at MPOWER 2019.

Innovative Keynote Speakers

We have a great lineup of keynote speakers this year. You’ll hear from Secretary of State Madeleine K. Albright, General Colin L. Powell, and tech venture capitalist Roger McNamee. We’ll also have McAfee leadership on the keynote stage, including CEO Chris Young, EVP & Chief Product Officer Ashutosh Kulkarni, SVP of Cloud Rajiv Gupta, SVP & Chief Technology Officer Steve Grobman, and CMO Allison Cerra.

Countdown to MPOWER 2019: Survival Guide 17Countdown to MPOWER 2019: Survival Guide 18Countdown to MPOWER 2019: Survival Guide 19Countdown to MPOWER 2019: Survival Guide 20Countdown to MPOWER 2019: Survival Guide 21

TIP: Be sure to get to the keynote stage early, as spots fill up fast.

Breakout Sessions

The sessions offered at MPOWER 19 will give you a better understanding of how to maintain the highest standards of security while reducing company costs, streamline processes, and drive efficiencies in the daily administration of your systems. You’ll also have an exclusive opportunity to hear actual McAfee customers discuss how they solved real-world business challenges.

TIP: Once you’ve registered, enter your registration information at the MPOWER 19 My Event site to create a personalized agenda of the sessions and events you most want to attend. Then use your convenient schedule to make sure you don’t miss a thing!

MVISION Training Classes

New at MPOWER this year, MVISION training classes will be available free to customers and can be added to your schedule during registration. Classes will run October 1-3, and each attendee will receive a Certificate of Completion that can be submitted as a Continuing Education Unit (CEU/CPE) to ISC2, CompTIA, and other certification vendors. Seating is limited and available on a first-come, first-served basis—so add a course to your registration today!

TIP: Be sure to get your badge scanned at the door for each session to get credit.

Customer Spotlight

Stop by the Customer Spotlight, located on Level 1 to have fun. This is a place where you can kick back and relax, challenge your peers to a game (Jenga, Connect 4, Cornhole, and many more) or just take a few minutes to catch up on email or recharge your phone. The Customer Spotlight will be open Tuesday through Thursday, 8:00 AM – 5:00 PM.

TIP: The list of the activities is lengthy—there’s something for everyone! For your participation, we offer an incentive program that will earn you points—redeem anytime for McAfee gear and much more.

Expo Hall & Innovation Fair

The Sponsor Expo will feature an impressive lineup of McAfee partners, including some of the world’s most successful businesses. This is your chance to meet with the key players of the security industry—all in one location. Also, stop by the Innovation Fair booth and see what product innovations McAfee has planned in the areas of threat defense, data protection, intelligent security operations, and cloud defense. During the Innovation Fair hours, you will be able to join in on short innovation talks with technical leaders from McAfee.

TIP: Navigating the conference and expo hall will involve a lot of walking. Bring comfortable shoes—your feet will thank you later.

Stay Connected with Twitter

Twitter is one of the best ways to “stay connected” whether you are at the event or attending virtually. You can learn a lot about what’s going on at MPOWER by following the #MPOWER19 hashtag—McAfee will be live tweeting keynotes, favorite session updates, valuable insights, freebies, party details and more. Be sure to tweet your own findings, happenings, etc. using the hashtag.  

TIP: Follow @McAfee, @McAfee_Business for conference updates, company announcements and more!

The MPOWER Mobile App

 The MPOWER 19 Mobile App puts a full guide to the conference in the palm of your hand. Just download and enter your MPOWER registration info to access the daily schedule of events, session details, speaker info, and more! Available for iPhone/iPad and Android, the MPOWER 19 Mobile App will help you maximize the value of the conference and keep you updated on everything that’s happening.

TIP: When onsite at MPOWER 19, visit the Mobile App Help Desk near registration to get all your questions answered. 

MPOWER Special Evening Event

On October 3rd, we’ll be hosting Fall Out Boy for a special performance. Get ready to dance the night away starting at 8 p.m. PT.

See You Soon!

We are committed to bringing together the best of the security industry to unite for a cause that’s bigger than all of us—the digital safety of our customers, organizations, and future generations. We invite you to join us in Las Vegas.

The post Countdown to MPOWER 2019: Survival Guide appeared first on McAfee Blogs.


Analyst Fatigue: The Best Never Rest

Analyst Fatigue: The Best Never Rest 22

They may not be saying so, but your senior analysts are exhausted.

Each day, more and more devices connect to their enterprise networks, creating an ever-growing avenue for OS exploits and phishing attacks. Meanwhile, the number of threats—some of which are powerful enough to hobble entire cities—is rising even faster.

While most companies have a capable cadre of junior analysts, most of today’s EDR (Endpoint Detection and Response) systems leave them hamstrung. The startlingly complex nature of typical EDR software necessitates years of experience to successfully operate—meaning that no matter how willing the more “green” analysts are to help, they just don’t yet have the necessary skillset to effectively triage threats.

What’s worse, while these “solutions” require your top performers, they don’t always offer top performance in return. While your most experienced analysts should be addressing major threats, a lot of times they’re stuck wading through a panoply of false positives—issues that either aren’t threats, or aren’t worth investigating. And while they’re tied up with that, they must also confront the instances of false negatives: threats that slip through the cracks, potentially avoiding detection while those best suited to address them are busy attempting to work through the noise. This problem has gotten so bad that some IT departments are deploying MDR systems on top of their EDR packages—increasing the complexity of your company’s endpoint protection and further increasing employee stress levels.

Hoping to both measure the true impact of “analyst fatigue” on SOCs and to identify possible solutions, a commissioned study was conducted by Forrester Consulting on behalf of McAfee in March 2019 to see what effects current EDRs were having on businesses, and try to recognize the potential for solutions. Forrester surveyed security technology decision-makers, from the managers facing threats head-on to those in the C-suite viewing security solutions at the macro level in relation to his or her firm’s financial needs and level of risk tolerance. Respondents were from the US, UK, Germany or France, and worked in a variety of industries at companies ranging in size from 1,000 to over 50,000 employees.

When asked about their endpoint security goals, respondents’ top three answers—to improve security detection capabilities (87%), increase efficiency in the SOC (76%) and close the skills gap in the SecOps team (72%)—all pointed to limitations in many current EDRs.  Further inquiry revealed that while 43% of security decision makers consider automated detection a critical requirement, only 30% feel their current solution(s) completely meet their needs in this area.

While the issues uncovered were myriad, the results also suggested that a single solution could ameliorate a variety of these problems.  The introduction of EDR programs incorporating Guided Investigation could increase efficiency by allowing junior analysts to assist in threat identification, thereby freeing up more seasoned analysts to address detected threats and focus on only the most complex issues, leading to an increase in detection capabilities. Meanwhile, the hands-on experience that junior analysts would get addressing real-life EDR threats would increase both their personal efficiency and their skill level, helping to eliminate the skills gaps present in some departments.

To learn more about the problems and possibilities in the current EDR landscape, you can read the full “Empower Security Analysts Through Guided EDR Investigation” study by clicking here.

The post Analyst Fatigue: The Best Never Rest appeared first on McAfee Blogs.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)