Endpoint Security

shutterstock_299940266_20181026-300x200.jpg

FaceApp: The App That Ages Your Employees and Your CIO

FaceApp: The App That Ages Your Employees and Your CIO 1

Bring Your Own Device (BYOD) is one of the defining characteristics of the modern mobile workforce but it’s also a weakness many businesses aren’t paying enough attention to. It’s likely many corporate BYOD users  have downloaded a hot new app named FaceApp. An AI face editor, this app is rising in popularity all thanks to the FaceApp Challenge — where people leverage the app’s old age filter to appear elderly in photos and post the results on social media. However, the application has also drummed up some discussions around its current privacy permissions,

Sharing More Than Just a Laugh

Though the company has stated no malicious intent, it’s still questionable if access to other data has been given without permission from these users. In any event, the scenario is one that keeps security practitioners up at night. Unsecured mobile devices are an easy entry point to spread malware, obtain credentials and gain access to corporate systems that contain even more sensitive data.

From FaceApp to Fending Off Threats

With apps creating gateways to corporate data, employees need to ensure all their devices have an extra layer of security added. To safeguard an organization’s network, lock down any corporate data, and ensure your CIO can get a decent night’s rest, teams should adopt an agile and intelligent security solution which treats mobile devices like any other endpoint. McAfee MVISION Mobile provides an always-on defense for iOS and Android devices and analyzes deviations surrounding device behavior to make determinations about indicators of compromise to accurately identify advanced threats. For those who are transitioning to a more tactical threat hunting role and exploring Endpoint Detection and Response tools (EDR) ignoring mobile security or using an approach that doesn’t integrate with endpoint platforms and EDR tools will pose another problem – a window of opportunity for threat actors. Mobile security is more than just a checkbox for an elevated approach to security. Like a good soldier on the frontlines that notifies his commander of the enemy’s approach, mobile security needs to elevate alerts to the SecurityOperations team. EDR that relies on manual correlation of mobile defense alerts or observations will extend the opportunity for an attacker to move from the mobile device to more critical systems.

Before the next FaceApp challenge emerges, I encourage you to evaluate your mobile device coverage. Is it automating actions and moving quickly when malicious apps or connections attempt to reach your corporate network through a mobile device? Does your current approach to mobile security elevate critical events to your security team? If not, it might be time to consider a more integrated approach that elevates your security posture with the insights to identify the next potential threat before it becomes a headline.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

The post FaceApp: The App That Ages Your Employees and Your CIO appeared first on McAfee Blogs.

cq5dam_web_1000_1000Z9FH8KYL-300x200.jpg

Endpoint’s Role in Enterprise Data Protection

Endpoint’s Role in Enterprise Data Protection 2

Data is a big deal. As the foundation of a modern-day business, data drives organizations’ everyday operations. It provides insights, indicates trends, and informs business decisions. This means securing an organization’s data is of the utmost importance, especially when it comes to defending against attacks emerging out of today’s threat landscape. And though there are standards that have been published to protect customer data and data context, these rules are still incomplete and imperfect, given any published best practice that works for organizations may also create immediate targets for an attacker to bypass. Let’s examine some key threats that compromise enterprise data, and the role endpoint security plays in safeguarding that information.

Means to an End

For many cybercriminals, data is the end goal and endpoint devices are the avenue for getting there. Whether it’s through a compromised app, credential theft, malware, ransomware, or a phishing attack – cyberattacks are consistently testing enterprises in an attempt to find a weakness. That’s because the endpoint acts as the ultimate gateway to critical enterprise data. If compromised, it could cause ripple effects on an organization’s day-to-day functions, causing downtime or a longer attack dwell time, permitting cybercriminals to harvest more sensitive data.

The good news? Doors work both ways. Just as endpoints can create gateways to important data, they can also stop cybercrime in its tracks, if properly secured.

Keeping the Door Locked

The best option for safeguarding your data is securing it at the start – the endpoint. By implementing agile and adaptive endpoint security on every device in your organization, enterprises can ensure data stays locked down. The key is leveraging endpoint solutions that go beyond the more traditional deterministic security feature like anti-malware and include predictive technology like artificial intelligence (AI) and machine learning (ML). This type of technology can quickly sift through security incidents in order to identify the real threats posed to endpoint devices, which helps security teams automatically reduce the time required to address threats. Security teams should also ensure they leverage endpoint security solutions that provide increased, centralized visibility into all of their organization’s devices. This kind of visibility is crucial for not only rapid detection, but also to ensure user behavior is being tracked and policies are being enforced.

For security teams aiming to stop modern-day cyberthreats at the start, adopt security solutions such as McAfee MVISION Mobile and McAfee MVISION Endpoint, which have machine learning algorithms and analysis built into their architecture to help identify malicious behavior and attack patterns affecting endpoint devices. To add to that, teams should also leverage solutions such as McAfee DLP Endpoint, which empowers IT staff with increased visibility, giving them knowledge of what all their users are doing at all times.  With this kind of technology in play, enterprise data won’t be anyone else’s business other than the organization it belongs to.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

The post Endpoint’s Role in Enterprise Data Protection appeared first on McAfee Blogs.

McAfee_business_2male1female_post-it_notes-300x200.jpg

Endpoint’s Relevance in the World of Cloud

Endpoint’s Relevance in the World of Cloud 3

Businesses everywhere are looking to cloud solutions to help expedite processes and improve their data storage strategy. All anyone is talking about these days is the cloud, seemingly dwindling the conversation around individual devices and their security. However, many don’t realize these endpoint devices act as gateways to the cloud, which makes their security more pressing than ever. In fact, there is a unique relationship between endpoint security and cloud security, making it crucial for businesses to understand how this dynamic affects information security overall. Let’s explore exactly how these two are intertwined and how exactly endpoint security can move the needle when it comes to securing the cloud.

Cloudier Skies

Between public cloud, private cloud, hybrid cloud, and now multi-cloud, the cloud technology industry is massive and showing zero signs of slowing down. Adoption is rampant, with the cloud market expected to achieve a five-year compound annual growth rate (CAGR) of 22.5%, with public cloud services spending reaching $370 billion in 2022. With cloud adoption drawing so much attention from businesses, it’s as important as ever that enterprises keep security top of mind.

This need for security is only magnified by the latest trend in cloud tech – the multi-cloud strategy. With modern-day businesses having such a diverse set of needs, many have adopted either a hybrid or multi-cloud strategy in order to effectively organize and store a plethora of data – 74 percent of enterprises, as a matter of fact. This has many security vendors and personnel scrambling to adjust security architecture to meet the needs of the modern cloud strategy. And though all businesses must have an effective security plan in place that compliments their cloud architecture, these security plans should always still consider how these clouds can become compromised through individual gateways, or, endpoint devices.

The Relationship Between Endpoint and Cloud

The cloud may be a virtual warehouse for your data, but every warehouse has a door or two. Endpoint devices act as doors to the cloud, as these mobile phones, computers, and more all connect to whichever cloud architecture an organization has implemented. That means that one endpoint device, if misused or mishandled, could create a vulnerable gateway to the cloud and therefore cause it to become compromised. Mind you – endpoint devices are not only gateways to the cloud, but also the last line of defense protecting an organization’s network in general.

Endpoint is not only relevant in the world of cloud – it has a direct impact on an organization’s cloud – and overall – security. A compromised endpoint can lead to an exposed cloud, which could make for major data loss. Businesses need to therefore put processes into place that outline what assets users put where and state any need-to-knows they should have top of mind when using the cloud. Additionally, it’s equally important every business ensures they make the correct investment in cloud and endpoint security solutions that perfectly complement these processes.

Ensuring Security Strategy Is Holistic

As the device-to-cloud cybersecurity company, we at McAfee understand how important the connection is between endpoint and cloud and how vital it is businesses ensure both are secured. That’s why we’ve built out a holistic security strategy, offering both cloud security solutions and advanced endpoint products that help an organization cover all its bases.

If your business follows a holistic approach to security – covering every endpoint through to every cloud – you’ll be able to prevent data exposures from happening. From there, you can have peace of mind about endpoint threats and focus on reaping the benefits of a smart cloud strategy.

To learn more about our approach to endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business, and read more in our latest paper:

 

The post Endpoint’s Relevance in the World of Cloud appeared first on McAfee Blogs.

mcafee-213780-b2b-retouched-20180516-300x200-2.jpg

How to Get the Best Layered and Integrated Endpoint Protection

How to Get the Best Layered and Integrated Endpoint Protection 4

Security teams have historically been challenged by the choice of separate next-gen endpoint security technologies or a more integrated solution with a unified management console that can automate key capabilities. At this point it’s not really a choice at all – the threat landscape requires you to have both. The best layered and integrated defenses now include a broad portfolio of advanced prevention technologies, endpoint security controls, and advanced detection/response tools – all within an integrated system that goes beyond alerts and into insights that even a junior analyst can act on.

More Endpoints = More Vulnerabilities

Endpoints are long beyond on-premises servers, PCs, and traditional operating systems. Internet of things devices such as printers, scanners, point-of-sale handhelds, and even wearables are vulnerable and can provide entry points for organized attacks seeking access to corporate networks. Mobile devices—both BYOD and corporate issued—are among the easiest targets for app-based attacks. Per the 2019 McAfee Mobile Threat Report, the number one threat category was hidden apps, which accounted for almost one-third of all mobile attacks.

Many enterprises are unaware of their target-rich endpoint environments, resulting in security teams struggling to maintain complete vigilance. A 2018 SANS Survey on Endpoint Protection and Response revealed some sobering statistics:

  • 42% of respondents report having had their endpoints exploited
  • 84% of endpoint breaches include more than one endpoint
  • 20% didn’t know whether they’d been breached

Endpoint attacks are designed to exploit the hapless user, including web drive-by, social engineering/phishing, and ransomware. Because these attacks rely on human actions, there’s a need for increased monitoring and containment, along with user education.

The latest attacks have the ability to move laterally across your entire environment, challenging every endpoint until a vulnerability is found. Once inside your walls, all endpoints become vulnerable. Modern endpoint security must extend protection across the entire digital terrain with visibility to spot all potential risks.

Less Consoles = Better Efficiency

A 2018 MSA Research report on security management commissioned by McAfee revealed that 55% of organizations struggle to rationalize data when three or more consoles are present. Too many security products, devices, and separate consoles call for a large budget and additional employees who might struggle to maintain a secure environment.

In contrast, single management consoles can efficiently coordinate the defenses built into modern devices while extending their overall posture with advanced capabilities—leaving nothing exposed. With everchanging industry requirements, an integrated endpoint security approach ensures that basic standards and processes are included and up to date.

Why McAfee Endpoint Security

McAfee offers a broad portfolio of security solutions that combine established capabilities (firewall, reputation, and heuristics) with cutting-edge machine learning and containment, along with endpoint detection and response (EDR) into a single-agent all-inclusive management console.

Is it time you took a fresh look at your strategy? Learn more in this white paper: Five ways to rethink your endpoint protection strategy.

The post How to Get the Best Layered and Integrated Endpoint Protection appeared first on McAfee Blogs.

mcafee-9198-b2b-retouched-20150515_72dpi-300x200.jpg

How MVISION Mobile can combat the WhatsApp Buffer Overflow Vulnerability

How MVISION Mobile can combat the WhatsApp Buffer Overflow Vulnerability 5

A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. We wanted to provide some information and a quick summary.

This post will cover vulnerability analysis and how McAfee MVISION Mobile can help.

Background

On May 13th, Facebook announced a vulnerability associated with all of its WhatsApp products. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568.

WhatsApp told the BBC its security team was the first to identify the flaw. It shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

The CVE-2019-3568 Vulnerability Explained

WhatsApp suffers from a buffer overflow weakness, meaning an attacker can leverage it to run malicious code on the device. Data packets can be manipulated during the start of a voice call, leading to the overflow being triggered and the attacker commandeering the application. Attackers can then deploy surveillance tools to the device to use against the target.

A buffer overflow vulnerability in WhatsApp VOIP (voice over internet protocol) stack allows remote code execution via a specially-crafted series of SRTP (secure real-time transport protocol) packets sent to a target phone number.

Affected Versions:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15.

The Alleged Exploit

An exploit of the vulnerability was used in an attempted attack on the phone of a UK-based attorney on 12 May, the  Financial Times reported. The reported attack involved using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software could be installed.

How MVISION Mobile can combat CVE-2019-3568 Attacks

To date, the detection technology inside MVISION Mobile has detected 100 percent of zero-day device exploits without requiring an update.

MVISION Mobile helps protect customers by identifying at-risk iOS and Android devices and active threats trying to leverage the vulnerability. It leverages Advanced App Analysis capabilities to help administrators find all devices that are exposed to the WhatsApp vulnerability by identifying all devices that have the vulnerable versions of WhatsApp on them and establish custom policies to address the risk. If the exploit attempts to elevate privileges and compromise the device, MVISION Mobile would detect the attack on the device.

For more information about MVISION Mobile, download our datasheet or visit our web site.

The post How MVISION Mobile can combat the WhatsApp Buffer Overflow Vulnerability appeared first on McAfee Blogs.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)