Endpoint Security

Cyber-security-concept-circuit-board-with-Closed-Padlock-300x200.jpg

Threat Hunting or Efficiency: Pick Your EDR Path?

Threat Hunting or Efficiency: Pick Your EDR Path?

“Do You Want It Done Fast, Or Do You Want It Done Right?” “Yes.”

“Help out more with our business objectives.” “Cover an increasing number of endpoints.” “Cut budgets.” “Make it all work without adding staff.”

Cybersecurity teams face a lot of conflicting objectives—both within their teams and from upper management. But a May 2019 commissioned study conducted by Forrester Consulting on behalf of McAfee really puts a fine point on it: When decision makers were asked which endpoint security goals and initiatives they’re prioritizing for the coming year, the top two responses were “improve security detection capabilities” (87%) and “increase efficiency in the SOC” (76%).

Unfortunately, traditional EDR solutions have made accomplishing both of these goals (and in some cases, even one or the other!) difficult, if not impossible. According to the study, gaps in EDR capabilities have created pain points for 83% of enterprises. For instance, while 40% of enterprises consider threat hunting a critical requirement, only 29% feel their current EDR solutions fully meet that need. On an even more basic level, 36% worry their EDR solution doesn’t surface every threat that breaks through—while an equal number of respondents say the alerts that are surfaced by their EDR are frequently not relevant or worth investigating.

These numbers clearly show there’s a lot of room for improvement, but at the same time, these two goals seem to be less than complementary. How would you choose to try and meet them?

Scenario 1: The Status Quo

Your team continues utilizing their traditional EDR solution on its own.

You lose points in efficiency out of the gate—according to Forrester, 31% of companies say that the systems are so complex, their junior staff lack the skillset to triage and investigate alerts without senior staff.

The number of alerts output by traditional EDR solutions will cost you efficiency in another way: another 31% of respondents say their teams struggle to keep up with the volume of alerts generated by their EDRs.

On the threat detection side, you’re not starting out with a perfect score, either: Again, keep in mind that more than a third of respondents believe that, even with this large volume of alerts, not everything is being caught.

As a baseline, let’s assume you’re starting out with a 7 in Threat Detection, and a 3.5 in Efficiency.
You’re still a long way from meeting your goals. Let’s look at our options.

Do you want to:

  • Add more staff members
  • Bolt on more software
  • Hire an MDR

Scenario 2: Add more staff members

With efficiency seeming such a far-off goal, your team decides to focus its efforts on threat detection. To help manage the number of alerts, you hire two new employees. You still have every bit as much noise coming from your EDR, and it still isn’t catching everything, but your team has marginally more ability to triage and respond to threats. You gain a point for threat detection, but a look at your department budget sheet shows your efficiency score is basically shot.

Final Score: 8 in Threat Detection, and a 2 in Efficiency.

Scenario 3: Bolting On More Software

Other businesses are taking a different tack. They’re keeping their traditional EDR solution, but they’re also bolting on more point solutions to help catch things that fall through the cracks. If you choose to go this route, your threat detection capabilities go up …. but between all the duplicate alerts, separate interfaces, and near complete lack of integration, your team is critically bogged down.  With junior staff able to triage just 31 percent of alerts on traditional EDR systems, senior analysts are having to manage all the alerts on all the interfaces on their own.

All this software isn’t cheap, and you’re losing time in both training in all of it, and in switching back and forth. Meanwhile, the solutions that were supposed to improve your threat detection capabilities are doing so … somewhat … but with things falling through the cracks amidst the chaos and analyst fatigue setting in, you wouldn’t know it.

Final Score: 7.5 in Threat Detection, 1.5 in Efficiency.

Scenario 4: Partnering with an MDR

You don’t want to hire any more staff—and even if you did, there aren’t many to hire. So instead you hire a Managed Detection and Response (MDR) provider to do what your EDR should be doing, but isn’t. You partner with the most reputable MDR you can find, and you’re confident that between what you’re doing and what they’re doing, there isn’t much getting past you. But you’re also paying twice to get a single set of capabilities.

Final Score: 9 in Threat Detection, 1 in Efficiency

Clearly, it’s time to try something new

  • I want to improve my efficiency with my current EDR!
  • I want to try something better.

Scenario 5: Improving efficiency with current EDR

How do you make a first-gen EDR more efficient? You don’t. In other words, if you want to get more out of an EDR that doesn’t utilize the latest technologies, the only adjustments you can make here have to come from your team. If you could get more threat detection mileage out of the same number of team members, your efficiency level would naturally rise.

Initial Score: 8 in Threat Detection, 4 in Efficiency

But as you soon find out, the mandatory late nights and your “you’d better step it up or else!” attitude aren’t exactly doing wonders for morale. With cybersecurity professionals in high demand everywhere, it isn’t long before you’re down at least one team member. Now you have 4 team members doing the number of 5. Which sounds decent ….

Intermediate Score: 6 in Threat Detection, 6 in Efficiency

… until an enterprising hacker takes note of your shorthandedness and targets you, hoping to use your situation to their advantage. Unfortunately, not only do you have a highly imperfect traditional EDR system and four employees trying to do the work of five … you have four disgruntled employees trying to do the work of five. According to IDC, in organizations that have experienced a breach in the last 12 months, those staff who are extremely satisfied are, on average, more likely to report fewer hours to identify the breach (11 hours) than those who are dissatisfied (23 hours). Guess which camp your team falls into?

Before long, your company is brought to its knees by a major attack. The press is all over it, and confidence in your company plummets. Your company’s reputation might recover … eventually … but things aren’t looking so good for you.

Final Score: Game Over.

Scenario 6: I want to try something better.

You’ve heard from your friends and colleagues about what doesn’t work. And, of course, you’ve read the horror stories. But you’re still left with two disparate goals. What if there was a way to increase threat detection capabilities without hiring more personnel, outsourcing what your EDR should be able to handle but isn’t, or creating a system with more bolts than Frankenstein’s monster?

According to Forrester, there is a way to bridge the goals of greater efficiency and better threat detection. With AI guided investigation, your junior analysts will be able to triage threats like your more seasoned analysts, freeing your senior analysts to focus on mission-critical tasks. And with less noise, your team will be free to focus on more of the right alerts.

Survey respondents backed this up: 35 percent believe AI-guided investigations will lead to fewer breaches, and 52 percent think they’ll lead to improved efficiency. Mission accomplished.

Final Score: You=1, Hackers=0.

To read more about how AI-guided investigation can help revolutionize your SOC, click here.

The post Threat Hunting or Efficiency: Pick Your EDR Path? appeared first on McAfee Blogs.

mcafee-12058-b2b-retouched-20180516-1-300x200-2.jpg

Defining Cloud Security – Is It the Endpoint, Your Data, or the Environment?

Defining Cloud Security – Is It the Endpoint, Your Data, or the Environment?

You’ve heard it once; you’ve heard it a hundred times – “secure the cloud.” But what does that phrase mean? On the surface, it’s easy to assume this phrase means using cloud-enabled security products. However, it’s much more than that. Cloud security is about securing the cloud itself through a combination of procedures, policies, and technologies that work together to protect the cloud—from the endpoint to the data to the environment itself. A cloud security strategy must be all-encompassing, based on how data is monitored and managed across the environment. So, let’s examine how IT security teams can address common cloud challenges head-on, while at the same time establishing the right internal processes and adopting the necessary solutions in order to properly secure the cloud.

Cloud Security’s Top Challenges

As we enter a post-shadow IT world, security teams are now tasked with understanding and addressing a new set of challenges—those that can stem from a complex, modern-day cloud architecture. As the use of cloud services grows, it is critical to understand how much data now lives in the cloud. In fact, the amount of sensitive data stored in cloud-based files is only growing, currently standing at 21% after having increased 17% over the past two years. So it’s no wonder that threats targeting the cloud are growing, too: The average organization experiences 31.3 cloud-related security incidents each month, a 27.7% increase over the same period last year.

Frequently impacted by data breaches and DDoS attacks, cloud technology is no stranger to cyberthreats. However, the technology is also impacted by challenges unique to its makeup—such as system vulnerabilities and insecure user interfaces (UIs) and application programming interfaces (APIs), which can all lead to data loss. Insecure UIs and APIs are top challenges for the cloud, as the security and availability of general cloud services depends on the security of these UIs and APIs. If they’re insecure, functionalities such as provisioning, management, and monitoring can be impacted as a result. There are also bugs within cloud programs that can be used to infiltrate and take control of the system, disrupt service operations, and steal data, mind you. The challenge we see with data and workloads moving to the cloud is insufficient knowledge of developers on the evolution of cloud capabilities. We are finding misconfigurations to be one of the major contributors of data leaks and data breaches as well, meaning cloud configuration assessment is another best practice that IT should own. Another major source of cloud data loss? Improper identity, credential, and access management, which can enable unauthorized access to information via unprotected default installations.

The good news? To combat these threats, there are a few standard best practices IT teams can focus on to secure the modern-day cloud. First and foremost, IT should focus on controls and data management.

Security Starts with Process: Controls and Data Management

To start a cloud security strategy off on the right foot, the right controls for cloud architecture need to be in place. Cloud security controls provide protection against vulnerabilities and alleviate the impact of a malicious attack. By implementing the right set of controls, IT teams can establish a necessary baseline of measures, practices, and guidelines for an environment. These controls can range from deterrent and corrective to preventative and protective.

In tandem with controls, IT teams need to establish a process or system for continually monitoring the flow of data, since insight into data and how it is managed is vital to the success of any cloud security strategy. A solution such as McAfee Data Loss Prevention (DLP) can help organizations monitor data through the use of a management console or dashboard. This tool can help secure data by extending on-premises data loss prevention policies to the cloud for consistent DLP, protecting sensitive data wherever it lives, tracking user behavior, and more.

Solving for Visibility, Compliance, and Data Protection

When it comes to securing data in the cloud, visibility and compliance must be top of mind for IT teams as well. Teams need to gain visibility into the entirety of applications and services in use, as well as have proper insight into user activity to have a holistic view of an organization’s existing security posture. They also need to be able to identify sensitive data in the cloud in order to ensure data residency and compliance requirements are met.

That’s precisely why IT teams need to adopt an effective cloud access security broker (CASB) solution that can help address visibility and compliance issues head-on. What’s more, this type of solution will also help with data security and threat protection by enforcing encryption, tokenization, and access control, as well as detecting and responding to all types of cyberthreats impacting the cloud.

Bringing It All Together

By combining the right controls and data management processes with a CASB solution, security teams can protect the cloud on all levels. A CASB solution like McAfee MVISION Cloud protects data where it lives today, in the cloud. This CASB solution is a cloud-hosted software that sits between cloud service customers and cloud service providers to enforce security, compliance, and policies uniformly across all cloud assets, from SaaS to IaaS/PaaS. Plus, McAfee MVISION Cloud can help organizations extend security controls of their on-premises infrastructure to the cloud and beyond. To extend these controls, this solution detects, protects, and corrects. During detection, IT security teams gain complete visibility into data, context, and user behavior across all cloud services, users, and devices. When data leaves the cloud, McAfee MVISION Cloud applies persistent protection wherever it goes: in or outside the cloud. And when an error does occur, the solution takes real-time action deep within cloud services to correct policy violations due to human error and stops security threats. While McAfee MVISION Cloud protects the cloud itself, it’s also important to protect access to the cloud at the start, or the endpoint. An endpoint security solution, such as McAfee Endpoint Security, is also integral for safeguarding the cloud, since endpoints are a target for credential theft that leads to greater risk in the cloud environment.

In an ever-changing threat landscape, implementation of the proper controls and data management, with the addition of effective cloud security solutions, are the keys to a strong cloud security strategy. By taking into account and working to proactively protect the multitude of endpoints connected to the cloud, the amount of data stored in the cloud, and the cloud environment itself, IT security teams can help ensure the cloud is secure.

To learn more about cloud security and other enterprise cybersecurity topics, be sure to follow us @McAfee and @McAfee_Business.

 

The post Defining Cloud Security – Is It the Endpoint, Your Data, or the Environment? appeared first on McAfee Blogs.

Cyber-security-protection-data-business-conceptual-computer-hacker-digital-network-privacy-lock-300x200.jpg

MITRE ATT&CK™ APT3 Assessment

MITRE ATT&CK™ APT3 Assessment

Making a case for the importance for real-time reporting is a simple exercise when considering almost every major campaign.  Take the case of Shamoon, where analysis into the Disttrack wiper revealed a date in the future when destruction would happen.  Similarly, cases where actors use different techniques in their attacks reveal that once mapped out, a story becomes visible. The question is, do you have visibility and early warnings into these threats and how timely are they presented to you so there’s time to respond? 

MITRE’s ATT&CK for Enterpriseproduced by the Cyber Security division of MITRE, is an adversarial behavior model for possible attacker actionsThe ATT&CK matrix used is a visualization tool in the form of a large table, intended to help provide a framework to talk about attacks in a unified way. This is coupled to detailed descriptions of different tactics and techniques and how they differ from attacker to attacker.  

When you participate in the assessment, MITRE is the red team simulating the techniques, used by APT3 in this case, and we as McAfee are the blue team using our products to detect their actions and report them. When the red team attacks us with a variant of a technique, as a blue team, we need to prove we detected it. 

McAfee went through a MITRE ATT&CK assessment early this summer and we are excited to announce that MITRE has published the results of the APT3 assessment today on their website. In today’s cyber-threat landscape, it’s all about ‘time’, time to detect, time to respond, time to remediate, etc. When it comes to advanced attacks represented in APT3 – real time detections offer a significant advantage to incident responders to rapidly contain threats. 

As the results show, McAfee provided the most real-time alerts while detecting the attacksWhen real-time alerts and simple efficacy score, as calculated using criteria published by Josh Zelonis of Forrester, are considered together, McAfee occupies a leadership position in the upper right quadrant of the chart: 

MITRE ATT&CK™ APT3 Assessment 

 

During MITRE’s APT3 evaluation, McAfee was the only vendor to display real-time alerts for certain attacks, including T1088: Bypass User Account Control, one of the techniques used by Shamoon. 

While MITRE’s evaluation focused on MVISION EDR’s detection capabilities, there are several aspects that defenders need to consider in order to properly triage, scope, contain and close an incidentDuring the APT3 attack we generated 200+ alerts and telemetry datapoints which were the core of MITRE’s evaluationYet we don’t expect analysts to review them individually. In MVISION EDR those 200+ data points got clustered into 14 threats which added context to paint a more complete picture of what happened in order to speed triage. 

Furthermore, analysts could trigger an automated investigation from a threat and therefore involve our AI driven investigation guides to bring more context from other products (e.g. ePO, SIEM)endpoint forensics, analytics and threat intelligence.  

MITRE ATT&CK™ APT3 Assessment 

Investigation case collecting 4000+ pieces of evidence, linking it, showing expert findings and uncovering potential lateral movement between two devices 

 Thanks to our automated investigation guides, in the case of APT3MVISION EDR was able to gather passive DNS information and link the evidence to further expose potential lateral movement and C2. 

Although it was not exercised by MITRE, the next step for the analyst would have been to use MVISION EDR’s real time search to further scope the affected devices and take containment actions (e.g. quarantine, kill processes, etc). 

McAfee has been engaged with MITRE in expanding the ATT&CK Matrix and helping to evolve future ATT&CK Evaluations. We are a proud sponsor of ATT&CKcon and will be exhibiting at ATT&CKcon 2.0 later this month. Come learn more about how automated AI-driven investigations can reduce the time to detect and respond to threats using McAfee MVISION EDR. 

 

 

The post MITRE ATT&CK™ APT3 Assessment appeared first on McAfee Blogs.

img_1615070482182349-240x300.jpg

Maintaining Effective Endpoint Security 201

Maintaining Effective Endpoint Security 201

Today’s enterprises are faced with unique, modern-day issues. Many are focused on adopting more cloud-based services and reducing infrastructure footprint, all while the number of devices accessing the environment grows. This, in turn, requires security teams to create different levels of access, policies, and controls for users. Plus, as these businesses expand some unexpected security issues may arise, such as alert volume, lack of visibility, complicated management, and longer threat dwell times. To strike a balance between business objectives and a healthy security posture, IT teams can implement some of the tactics we recommended in our Effective Endpoint Security Strategy 101 blog, such as virtual private networks (VPNs), proper employee security training, and machine learning (ML) and artificial intelligence (AI) technology for predictive analysis. But with the threat landscape evolving every day, is there more these organizations can do to sustain an effective endpoint strategy while supporting enterprise expansion? Let’s take a look at how teams can bolster endpoint security strategy.

Managing the Many Vulnerabilities

As enterprises try to keep pace with the number of endpoints, as well as the threats and vulnerabilities that come with these devices, multiple levels of security need to be implemented to maintain and expand a sustainable security posture. One way for enterprise security teams to keep track of these vulnerabilities and threats is through the use of vulnerability management. This process involves the identification, classification, and prioritization of vulnerabilities when flaws arise within a system.

For vulnerability management to be successful, security teams must have full visibility into an endpoint environment. This awareness will help teams proactively mitigate and prevent the future exploitation of vulnerabilities. Plus, with endpoints always evolving and being added, a vulnerability management system is a necessity for expanding effective endpoint security.

Beware of Privilege Escalation

Due to the sheer number of endpoints being introduced to the enterprise environment, the possibility of a vulnerable endpoint increases. And with vulnerable endpoints creating gateways to important enterprise data, cybercriminals often attempt to exploit a bug or flaw in an endpoint system to gain elevated access to sensitive resources. This tactic is known as privilege escalation.

To thwart cybercriminals in their tracks and subvert privilege escalation attacks, security teams can employ the practice of least privilege. In other words, users are granted the least amount of privilege required to complete their job. That way, if hackers manage to get their hands on an exposed endpoint, they won’t be able to gain access to troves of corporate data. The threat of privilege escalation can also be solved through patches and added layers of security solutions at different stages of the endpoint.

Administering Enterprise Access

Who can access specific assets and resources within an enterprise is an important discussion to be had for any endpoint security strategy. Not all users should have access to all resources across the network and if some users are given too much access it can lead to increased exposure. This is where access management comes into play.

Maintaining a secure endpoint environment requires security teams to identify, track, and manage specific, authorized users’ access to a network or application. By creating differentiated levels of access across the board, teams can ensure they are prioritizing key stakeholders while still controlling the number of potential exposure points. Beyond monitoring accessibility, its critical security teams know where data is headed and are able to control the flow of information. The good news? Teams can rely on a solution such as McAfee Data Loss Prevention (DLP) to assist with this, as it can help security staff protect sensitive data on-premises, in the cloud, or at the endpoints.

Coaching Users on Passwords and Identity Management

Passwords are the first defense against cybercriminals. If a cybercriminal guesses a password, they have access to everything on that device – so the more complex and personalized a password is the better. Beyond encouraging complex password creation, it’s crucial security teams make single sign-on (SSO) or multifactor authentication a standard aspect of the user login process. These are easy-to-use tools that users can take advantage of, which help add more protective layers to a device.

Assessing the Risks

 As a security team, assessing the overall risk present in your organization’s current environment is a top priority. From checking for potential cyberthreats to monitoring and evaluating endpoints to ensure there are no exposures – its important teams do their due diligence and conduct a comprehensive risk assessment. Teams need to make risk assessments a routine aspect of their overall security strategy, as new risks are always popping up. To do so in a proper and timely manner, better visibility is required, and teams should get into a habit of red teaming and leveraging automation for response and remediation. McAfee MVISION Endpoint Detection and Response (EDR) can also help teams get ahead of modern threats with AI-guided investigations that surface relevant risks, as well as automate and remove the manual labor of gathering and analyzing evidence.

Once a risk assessment has been done, security teams must take immediate action on the results. After potential threats are identified and analyzed with the help of McAfee MVISION EDR, teams must work to correct any potential negative impact these risks may have on an enterprise, resources, individuals, or the endpoint environment. By leveraging a centralized management tool, enterprise teams can do just that — reducing alert noise, elevating critical events, and speeding up the ability to respond and harden endpoints when risks or areas of exposure are identified.

Utilizing Advanced Security Solutions

To cover all the bases, it is vital teams leverage multiple endpoint security solutions that have proactive technology built-in and are collaborative and integrative. Take McAfee MVISION Endpoint and MVISION Mobile for example, which both have machine learning algorithms and analysis built into their architecture to help monitor and identify malicious behavior. Additionally, McAfee Endpoint Security delivers centrally managed defenses, like machine learning analysis and endpoint detection, to protect systems with multiple, collaborative defense and automated responses.

Advanced security solutions bring an endpoint security strategy full circle. Take the time to research and then invest in technology that is suitable for your enterprise’s needs. Growth does not have to be hindered by security, in fact having the two work in tandem will ensure longevity and stability.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

The post Maintaining Effective Endpoint Security 201 appeared first on McAfee Blogs.

mcafee-213780-b2b-retouched-20180516-750x500-300x200.jpg

Easier Management with Integrated Endpoint Security

Easier Management with Integrated Endpoint Security

Integration matters. We at McAfee have been advocating the administrative benefits of integrated, centrally managed endpoint security for decades, but you don’t just have to take our word for it. A recent independently written article in BizTech Magazine concurs.

BizTech explores technology and business issues that IT leaders and business managers face when they’re evaluating and implementing solutions. In “Businesses Find Endpoint Security Easier to Manage with Integrated Solutions,” journalist Kym Gilhooly references a number of independent security surveys as well as interviews a CISO, an IT manager, and a network administrator at three different companies. Each of these cybersecurity professionals and their respective small and medium-sized companies came to the conclusion that, to defend against today’s breadth of threats—from signature-based to zero-day, known and unknown— an integrated security approach combining endpoint detection and response (EDR), next-generation antivirus, and application control makes more sense than deploying discrete solutions.

Uniting these technologies in one integrated solution has allowed them to take action across the threat defense lifecycle—from detecting and blocking threats and whitelisting critical applications to tracking down malicious exploits during or before execution and helping incident response teams respond and remediate faster. As CISO Tony Taylor of dairy company Land O’Lakes points out in the article, “There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”

EDR Becoming an Integral Component of Endpoint Security

All the companies interviewed by Gilhooly affirm the importance of EDR in their security defense. As an IT manager at a 500-employee retail company states in the article, “The days when IT took a set-it-and-forget-it approach to endpoint security are over.” The ability to quickly investigate threats—whether reactively seeking to understand where a threat originated, how it spread and what damage it caused, or proactively hunting for anomalous behavior and dormant threats—is becoming a must-have tool to shrink the response and remediation gap.

What’s more, the article recognizes that an integrated EDR-EPP (endpoint protection software) solution makes much more sense than bolting on an EDR point solution. That’s because EDR and EPP can enhance each other’s effectiveness. For instance, if a company uses McAfee Endpoint Security or SaaS-based McAfee MVISION Endpoint alongside McAfee MVISION EDR, when the EPP part of the integrated solution detects anomalous behavior on an endpoint—but not enough to convict it—an analyst can use EDR to enrich the data, subsequently raising or lowering the incident’s severity ranking. On the flip side, when the EDR part detects an unknown threat in the environment, the analyst can query the threat reputation database and share new threat information instantly across endpoints via the EPP.

The more cyberdefense tools can collaborate and be managed as a unified solution, the more actions can be automated, IT staff burdens reduced, and time freed up for more proactive forensics and other activities.

In short, the BizTech article reiterates what we’ve been saying: Integration is more than just a buzzword. It’s time to stop thinking about EDR as an add-on, or EPP and EDR as separate entities. It’s also time to start moving endpoint security to the cloud. The article touches on that, too.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

 

“There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”

— Land O’Lakes CISO Tony Taylor (as quoted in BizTech)

 

 

The post Easier Management with Integrated Endpoint Security appeared first on McAfee Blogs.

shutterstock_397853056-300x200.jpg

7 Questions to Ask Your Child’s School About Cybersecurity Protocols

7 Questions to Ask Your Child’s School About Cybersecurity Protocols

7 Questions to Ask Your Child’s School About Cybersecurity ProtocolsJust a few weeks into the new school year and, already, reports of malicious cyberattacks in schools have hit the headlines. While you’ve made digital security strides in your home, what concerns if any should you have about your child’s data being compromised at school?

There’s a long and short answer to that question. The short answer is don’t lose sleep (it’s out of your control) but get clarity and peace of mind by asking your school officials the right questions. 

The long answer is that cybercriminals have schools in their digital crosshairs. According to a recent report in The Hill, school districts are becoming top targets of malicious attacks, and government entities are scrambling to fight back. These attacks are costing school districts (taxpayers) serious dollars and costing kids (and parents) their privacy.


Prime Targets

According to one report, a U.S. school district becomes the victim of cyberattack as often as every three days. The reason for this is that cybercriminals want clean data to exploit for dozens of nefarious purposes. The best place to harvest pure data is schools where social security numbers are usually unblemished and go unchecked for years. At the same time, student data can be collected and sold on the dark web. Data at risk include vaccination records, birthdates, addresses, phone numbers, and contacts used for identity theft. 

Top three cyberthreats

7 Questions to Ask Your Child’s School About Cybersecurity Protocols

The top three threats against schools are data breaches, phishing scams, and ransomware. Data breaches can happen through phishing scams and malware attacks that could include malicious email links or fake accounts posing as acquaintances. In a ransomware attack, a hacker locks down a school’s digital network and holds data for a ransom. 

Over the past month, hackers have hit K-12 schools in New Jersey, New York, Wisconsin, Virginia, Oklahoma, Connecticut, and Louisiana. Universities are also targeted.

In the schools impacted, criminals were able to find loopholes in their security protocols. A loophole can be an unprotected device, a printer, or a malicious email link opened by a new employee. It can even be a calculated scam like the Virginia school duped into paying a fraudulent vendor $600,000 for a football field. The cybercrime scenarios are endless. 

7 key questions to ask

  1. Does the school have a data security and privacy policy in place as well as cyberattack response plan?
  2. Does the school have a system to educate staff, parents, and students about potential risks and safety protocols? 
  3. Does the school have a data protection officer on staff responsible for implementing security and privacy policies?
  4. Does the school have reputable third-party vendors to ensure the proper technology is in place to secure staff and student data?
  5. Are data security and student privacy a fundamental part of onboarding new school employees?
  6. Does the school create backups of valuable information and store them separately from the central server to protect against ransomware attacks?
  7. Does the school have any new technology initiatives planned? If so, how will it address student data protection?

The majority of schools are far from negligent. Leaders know the risks, and many have put recognized cybersecurity frameworks in place. Also, schools have the pressing challenge of 1) providing a technology-driven education to students while at the same time, 2) protecting student/staff privacy and 3) finding funds to address the escalating risk.

Families can add a layer of protection to a child’s data while at school by making sure devices are protected in a Bring Your Own Device (BYOD) setting. Cybersecurity is a shared responsibility. While schools work hard to implement safeguards, be sure you are taking responsibility in your digital life and equipping your kids to do the same. 

 

The post 7 Questions to Ask Your Child’s School About Cybersecurity Protocols appeared first on McAfee Blogs.

mcafee-12058-b2b-retouched-20180516-1-300x200.jpg

Analyst Fatigue: The Best Never Rest

Analyst Fatigue: The Best Never Rest

They may not be saying so, but your senior analysts are exhausted.

Each day, more and more devices connect to their enterprise networks, creating an ever-growing avenue for OS exploits and phishing attacks. Meanwhile, the number of threats—some of which are powerful enough to hobble entire cities—is rising even faster.

While most companies have a capable cadre of junior analysts, most of today’s EDR (Endpoint Detection and Response) systems leave them hamstrung. The startlingly complex nature of typical EDR software necessitates years of experience to successfully operate—meaning that no matter how willing the more “green” analysts are to help, they just don’t yet have the necessary skillset to effectively triage threats.

What’s worse, while these “solutions” require your top performers, they don’t always offer top performance in return. While your most experienced analysts should be addressing major threats, a lot of times they’re stuck wading through a panoply of false positives—issues that either aren’t threats, or aren’t worth investigating. And while they’re tied up with that, they must also confront the instances of false negatives: threats that slip through the cracks, potentially avoiding detection while those best suited to address them are busy attempting to work through the noise. This problem has gotten so bad that some IT departments are deploying MDR systems on top of their EDR packages—increasing the complexity of your company’s endpoint protection and further increasing employee stress levels.

Hoping to both measure the true impact of “analyst fatigue” on SOCs and to identify possible solutions, a commissioned study was conducted by Forrester Consulting on behalf of McAfee in March 2019 to see what effects current EDRs were having on businesses, and try to recognize the potential for solutions. Forrester surveyed security technology decision-makers, from the managers facing threats head-on to those in the C-suite viewing security solutions at the macro level in relation to his or her firm’s financial needs and level of risk tolerance. Respondents were from the US, UK, Germany or France, and worked in a variety of industries at companies ranging in size from 1,000 to over 50,000 employees.

When asked about their endpoint security goals, respondents’ top three answers—to improve security detection capabilities (87%), increase efficiency in the SOC (76%) and close the skills gap in the SecOps team (72%)—all pointed to limitations in many current EDRs.  Further inquiry revealed that while 43% of security decision makers consider automated detection a critical requirement, only 30% feel their current solution(s) completely meet their needs in this area.

While the issues uncovered were myriad, the results also suggested that a single solution could ameliorate a variety of these problems.  The introduction of EDR programs incorporating Guided Investigation could increase efficiency by allowing junior analysts to assist in threat identification, thereby freeing up more seasoned analysts to address detected threats and focus on only the most complex issues, leading to an increase in detection capabilities. Meanwhile, the hands-on experience that junior analysts would get addressing real-life EDR threats would increase both their personal efficiency and their skill level, helping to eliminate the skills gaps present in some departments.

To learn more about the problems and possibilities in the current EDR landscape, you can read the full “Empower Security Analysts Through Guided EDR Investigation” study by clicking here.

The post Analyst Fatigue: The Best Never Rest appeared first on McAfee Blogs.

business_caucasian_3males_collaboration-300x202.jpg

Don’t Silo Your Endpoint Security Roadmap

Don’t Silo Your Endpoint Security Roadmap

If there’s a gap you bridge it, if there’s a hole you plug it. These are simple musts that businesses have to follow – they need to right wrongs and adjust processes to create better outcomes. The same thing goes for the security teams tasked with safeguarding these organizations, who know they must always bridge the gap between exposed and secure. These security teams know that in order to plug any holes they must at minimum apply standard endpoint security to their infrastructure. While most teams know one solution can’t be the be-all and end-all for their strategy, many are still slow to adopt new technologies to their defense strategy. Here’s why.

Outdated Adoption Mindsets

I meet a lot of security professionals that are aware a better mousetrap exists, but feel as though the pains of making a change outweigh the advantages of better detection or threat detail. I get it, I’m up against my own list of critical projects and nice-to-have things that are difficult to move to the top of the list. Maybe that’s why so many businesses are stating they intend to adopt next-gen technologies but are struggling with the expertise to move ahead with a product or deploy it.

When it comes to getting more tactical against the latest generation of threats that are designed to evade detection, the natural next step for these teams is to add a product like McAfee MVISION EDR. This type of product is top of mind for many right now, as 82% of IT leaders say they don’t have the visibility they need. As a threat hunting tool, EDR tells security teams how exactly threats entered an environment, what these threats did while inside, and how teams can pivot to action against them now and prevent similar attacks from happening again. The value of the EDR might be understood, but adopting it is usually hindered by pre-existing mindsets.

Many security professionals out there think of products, such as McAfee ENS and McAfee MVISION EDR as two separate entities. The same thing goes for solutions such as DLP and CASB. These teams often adopt one solution at a time, with the hope of eventually being able to collect them all one day. Compounding this issue, many fear they’re going to overwhelm existing staff with all the new training and education required for proper adoption. But therein lies the problem – these solutions shouldn’t be viewed as a burden or mutually exclusive, given accurate threat protection in today’s modern threat landscape is reliant on multiple success factors working together at the same time. Adoption should be holistic and simultaneous.

The Importance of Integration

Just like one size typically doesn’t fit all, one solution cannot address all threats. That means your defense strategy shouldn’t rely on just one defense or detection method to protect every user from every kind of threat. Therefore, security teams need to clear out old notions and start looking at solution adoption with the idea of integration and a platform that is sustainable for the long term, not just a product. Meaning, by achieving the right convergence of solutions, teams will establish a holistic security posture for their organization, ultimately positioning it for success.
So, what does this blend of solutions look like? To cover all the bases, organizations should look toward adopting solutions designed with collaboration and integration in mind. Take McAfee’s EPP for example, which is built with the future in mind. Our cloud-first MVISION products are designed to help you transform your IT environment. Specifically, our EDR solution is designed to meet you where you are with AI-guided investigations, detecting and remediating both the opportunistic and targeted attacks.

The more defense solutions can work together, the more actions can be automated and burdens can be reduced for the IT staff. So, instead of making your buying decision in order to fill a gap in today’s environment, make sure you buy with tomorrow’s gaps in mind. Focus on how the product you buy today will work or not work with the purchases you make in the future. From there, security will move beyond a simple must, becoming second nature.

 

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

The post Don’t Silo Your Endpoint Security Roadmap appeared first on McAfee Blogs.

shutterstock_299940266_20181026-300x200.jpg

FaceApp: The App That Ages Your Employees and Your CIO

FaceApp: The App That Ages Your Employees and Your CIO

Bring Your Own Device (BYOD) is one of the defining characteristics of the modern mobile workforce but it’s also a weakness many businesses aren’t paying enough attention to. It’s likely many corporate BYOD users  have downloaded a hot new app named FaceApp. An AI face editor, this app is rising in popularity all thanks to the FaceApp Challenge — where people leverage the app’s old age filter to appear elderly in photos and post the results on social media. However, the application has also drummed up some discussions around its current privacy permissions,

Sharing More Than Just a Laugh

Though the company has stated no malicious intent, it’s still questionable if access to other data has been given without permission from these users. In any event, the scenario is one that keeps security practitioners up at night. Unsecured mobile devices are an easy entry point to spread malware, obtain credentials and gain access to corporate systems that contain even more sensitive data.

From FaceApp to Fending Off Threats

With apps creating gateways to corporate data, employees need to ensure all their devices have an extra layer of security added. To safeguard an organization’s network, lock down any corporate data, and ensure your CIO can get a decent night’s rest, teams should adopt an agile and intelligent security solution which treats mobile devices like any other endpoint. McAfee MVISION Mobile provides an always-on defense for iOS and Android devices and analyzes deviations surrounding device behavior to make determinations about indicators of compromise to accurately identify advanced threats. For those who are transitioning to a more tactical threat hunting role and exploring Endpoint Detection and Response tools (EDR) ignoring mobile security or using an approach that doesn’t integrate with endpoint platforms and EDR tools will pose another problem – a window of opportunity for threat actors. Mobile security is more than just a checkbox for an elevated approach to security. Like a good soldier on the frontlines that notifies his commander of the enemy’s approach, mobile security needs to elevate alerts to the SecurityOperations team. EDR that relies on manual correlation of mobile defense alerts or observations will extend the opportunity for an attacker to move from the mobile device to more critical systems.

Before the next FaceApp challenge emerges, I encourage you to evaluate your mobile device coverage. Is it automating actions and moving quickly when malicious apps or connections attempt to reach your corporate network through a mobile device? Does your current approach to mobile security elevate critical events to your security team? If not, it might be time to consider a more integrated approach that elevates your security posture with the insights to identify the next potential threat before it becomes a headline.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

The post FaceApp: The App That Ages Your Employees and Your CIO appeared first on McAfee Blogs.

cq5dam_web_1000_1000Z9FH8KYL-300x200.jpg

Endpoint’s Role in Enterprise Data Protection

Endpoint’s Role in Enterprise Data Protection

Data is a big deal. As the foundation of a modern-day business, data drives organizations’ everyday operations. It provides insights, indicates trends, and informs business decisions. This means securing an organization’s data is of the utmost importance, especially when it comes to defending against attacks emerging out of today’s threat landscape. And though there are standards that have been published to protect customer data and data context, these rules are still incomplete and imperfect, given any published best practice that works for organizations may also create immediate targets for an attacker to bypass. Let’s examine some key threats that compromise enterprise data, and the role endpoint security plays in safeguarding that information.

Means to an End

For many cybercriminals, data is the end goal and endpoint devices are the avenue for getting there. Whether it’s through a compromised app, credential theft, malware, ransomware, or a phishing attack – cyberattacks are consistently testing enterprises in an attempt to find a weakness. That’s because the endpoint acts as the ultimate gateway to critical enterprise data. If compromised, it could cause ripple effects on an organization’s day-to-day functions, causing downtime or a longer attack dwell time, permitting cybercriminals to harvest more sensitive data.

The good news? Doors work both ways. Just as endpoints can create gateways to important data, they can also stop cybercrime in its tracks, if properly secured.

Keeping the Door Locked

The best option for safeguarding your data is securing it at the start – the endpoint. By implementing agile and adaptive endpoint security on every device in your organization, enterprises can ensure data stays locked down. The key is leveraging endpoint solutions that go beyond the more traditional deterministic security feature like anti-malware and include predictive technology like artificial intelligence (AI) and machine learning (ML). This type of technology can quickly sift through security incidents in order to identify the real threats posed to endpoint devices, which helps security teams automatically reduce the time required to address threats. Security teams should also ensure they leverage endpoint security solutions that provide increased, centralized visibility into all of their organization’s devices. This kind of visibility is crucial for not only rapid detection, but also to ensure user behavior is being tracked and policies are being enforced.

For security teams aiming to stop modern-day cyberthreats at the start, adopt security solutions such as McAfee MVISION Mobile and McAfee MVISION Endpoint, which have machine learning algorithms and analysis built into their architecture to help identify malicious behavior and attack patterns affecting endpoint devices. To add to that, teams should also leverage solutions such as McAfee DLP Endpoint, which empowers IT staff with increased visibility, giving them knowledge of what all their users are doing at all times.  With this kind of technology in play, enterprise data won’t be anyone else’s business other than the organization it belongs to.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

The post Endpoint’s Role in Enterprise Data Protection appeared first on McAfee Blogs.

vox-messenger-secure-corpLogo-60x60

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is a secure alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Coming Soon.

All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)