Login
Government and Private Sector organizations are transforming their businesses by embracing DevOps principles, microservice design patterns, and container technologies across on-premises, cloud, and hybrid environments. Container adoption is becoming mainstream to drive digital transformation and business growth and to accelerate product and feature velocity. Companies have moved quickly to embrace cloud native applications and infrastructure to take advantage of cloud provider systems and to align their design decisions with cloud properties of scalability, resilience, and security first architectures. The declarative nature of these systems enables numerous advantages in application development and deployment, like faster development and deployment cycles, quicker bug fixes and patches, and consistent build and monitoring workflows. These streamlined and well controlled design principles in automation pipelines lead to faster feature delivery and drive competitive differentiation.
As more enterprises adapt to cloud-native architectures and embark on multi-cloud strategies, demands are changing usage patterns, processes, and organizational structures. However, the unique methods by which application containers are created, deployed, networked, and operated present unique challenges when designing, implementing, and operating security systems for these environments. They are ephemeral, often too numerous to count, talk to each other across nodes and clusters more than they communicate with the outside endpoints, and they are typically part of fast-moving continuous integration/continuous deployment (CI/CD) pipelines. Additionally, development toolchains and operations ecosystems continue to present new ways to develop and package code, secrets, and environment variables. Unfortunately, this also compounds supply chain risks and presents an ever-increasing attack surface.
Lack of a comprehensive container security strategy or often not knowing where to start can be a challenge to effectively address risks presented in these unique ecosystems. While teams have recognized the need to evolve their security toolchains and processes to embrace automation, it is imperative for them to integrate specific security and compliance checks early into their respective DevOps processes. There are legitimate concerns that persist about misconfigurations and runtime risks in cloud native applications, and still too few organizations have a robust security plan in place.
These complex problem definitions have led to the development of a special publication from National Institute of Standards and Technology (NIST) – NIST SP 800-190 Application Security Container Guide. It provides guidelines for securing container applications and infrastructure components, including sectional review of the fundamentals of containers, key risks presented by core components of application container technologies, countermeasures, threat scenario examples, and actionable information for planning, implementing, operating, and maintaining container technologies.
MVISION Cloud Native Application Protection Platform (CNAPP) is a comprehensive device-to-cloud security platform for visibility and control across SaaS, PaaS, & IaaS platforms. It provides deep coverage on cloud native security controls that can be implemented throughout the entire application lifecycle. By mapping all the applicable risk elements and countermeasures from Sections 3 and 4 of NIST SP 800-190 to capabilities within the platform, we want to provide an architectural point of reference to help customers and industry partners automate compliance and implement security best practices for containerized application workloads. This mapping and a detailed review of platform capabilities aligned with key countermeasures can be referenced here.
As outlined in one of the supporting charts in the whitepaper, CNAPP has capabilities that effectively address all the risk elements described in the NIST special publication guidance.
While the breadth of coverage is critical, it is worth noting that the most effective way to secure containerized applications requires embedding security controls into each phase of the container lifecycle. If we leverage Department of Defense’s Enterprise DevSecOps Reference Design guidance as a point of reference, it describes the DevSecOps lifecycle in terms of nine transition stages comprising of plan, develop, build, test, release, deliver, deploy, operate, and monitor.
The foundational principle of DevSecOps implementations is that the software development lifecycle is not a monolithic linear process. The “big bang” style delivery of the Waterfall SDLC process is replaced with small but more frequent deliveries, so that it is easier to change course as necessary. Each small delivery is accomplished through a fully automated process or semi-automated process with minimal human intervention to accelerate continuous integration and delivery. The DevSecOps lifecycle is adaptable and has many feedback loops for continuous improvement.
Specific to containerized applications and workloads, a more abstract view of a container’s lifecycle spans across three high-level phases of Build, Deploy, and Run.
The “Build” phase centers on what ends up inside the container images in terms of the components and layers that make up an application. Usually created by the developers, security efforts are typically focused on reducing business risk later in the container lifecycle by applying best practices and identifying and eliminating known vulnerabilities early. These assessments can be conducted in an “inner” loop iteratively as developers perform incremental builds and add security linting and automated tests or can be driven via an “outer” feedback loop that’s driven by operational security reviews and penetration testing efforts.
In the “Deploy” phase, developers configure containerized applications for deployment into production. Context grows beyond information about images to include details about configuration options available for orchestrated services. Security efforts in this phase often center around complying with operational best practices, applying least-privilege principles, and identifying misconfigurations to reduce the likelihood and impact of potential compromises.
“Runtime” is broadly classified as a separate phase wherein containers go into production with live data, live users, and exposure to networks that could be internal or external in nature. The primary purpose of implementing security during the runtime phase is to protect running applications as well as the underlying container infrastructure by finding and stopping malicious actors in real time.
By applying this understanding of container lifecycle stages to respective countermeasures that can be implemented and audited upon within MVISION Cloud, CNAPP customers can establish an optimal security posture and achieve synergies of shift left and runtime security models. Security assessments are critically important early in planning and design, where important decisions are made about architecture approach, development tooling and technology platforms and where mistakes or misunderstandings can be dangerous and expensive. As DevOps teams move their workloads into the cloud, security teams will need to implement best practices that apply operations, monitoring and runtime security controls across public, private, and hybrid cloud consumption models.
CNAPP first discovers all the cloud-native components mapped to an application, including hosts, IaaS/PaaS services, containers, and the orchestration context that a container operates within. With the use of native tagging and network flow log analysis, customers can visualize cloud infrastructure interactions including across compute, network, and storage components. Additionally, the platform scans cloud native object and file stores to assess presence of any sensitive data or malware. Depending on the configuration compliance of the underlying resources and data sensitivity, an aggregate risk score is computed per application which provides detailed context for an application owner to understand risks and prioritize mitigation efforts.
As a cloud security posture management platform, CNAPP provides a set of capabilities that ensure that assets comply with industry regulations, best practices, and security policies. This includes proactive scanning for vulnerabilities in container images and VMs and ensuring secure container runtime configurations to prevent non-compliant builds from being pushed to production. The same principles apply to orchestrator configurations to help secure how containers get deployed using CI/CD tools. These baseline checks can be augmented with other policy types to ensure file integrity monitoring and configuration hardening of hosts (e.g., no insecure ports or unnecessary services), which help apply defense-in-depth by minimizing the overall attack surface.
Finally, the platform enforces policy-based immutability on running container instances (and hosts) to help identify process-, service-, and application-level whitelists. By leveraging the declarative nature of containerized workloads, threats can be detected during the runtime phase, including any exposure created as a result of misconfigurations, application package vulnerabilities, and runtime anomalies such as execution of reverse shell or other remote access tools. While segmentation of workloads can be achieved in the build and deploy phases of a workload using posture checks for constructs like namespaces, network policies, and container runtime configurations to limit system calls, the same should also be enforced in the runtime phase to detect and respond to malicious activity in an automated and scalable way. The platform defines baselines and behavioral models that can specially be effective to investigate attempts at network reconnaissance, remote code execution due to zero-day application library and package vulnerabilities, and malware callbacks. Additionally, by mapping these threats and incidents to the MITRE ATT&CK tactics and techniques, it provides a common taxonomy to cloud security teams regardless of the underlying cloud application or an individual component. This helps them extend their processes and security incident runbooks to the cloud, including their ability to remediate security misconfigurations and preemptively address all the container risk categories outlined in NIST 800-190.
The post Securing Containers with NIST 800-190 and MVISION CNAPP appeared first on McAfee Blogs.
Over the past 9 months, the world has grappled with the COVID-19 pandemic. We have all felt vulnerable. With borders closed and curfews and lockdowns instituted, things that we can count on, like reliable energy and technology, have become more essential than ever… Especially now that most of us have to conduct work from home, we are grateful for reliable energy as it powers our lights, air, heating, and internet. It is imperative during these critical times that homes—and businesses—run smoothly, without any interruptions from cyberthreats.
Like many businesses during this vulnerable time, a leading North American oil and gas company was already bombarded daily by cyberthreats before Covid-19, but the onset of the pandemic and the transition to thousands of employees working from home only made it a bigger target. Since the start of the pandemic-induced shift to remote work, the company has experienced a much higher volume of campaigns by sophisticated threat actors.
To guard against these bad actors and reduce vulnerability, the company’s security team purchased McAfee’s MVISION EDR after a proof-of-concept bakeoff against two competing products. The McAfee solution’s integration capabilities, attractive pricing, and lack of dependency upon a complex and costly infrastructure placed it far ahead of its endpoint threat detection and response (EDR) competitors. The need to accelerate threat response increased the company’s sense of urgency to implement MVISION EDR.
With help from McAfee technical support experts, the company’s security team completed its roll out of MVISION EDR across 16,000 endpoints within just two weeks. Now that MVISION EDR is deployed, the IT security manager and his team have much greater visibility into threats across all endpoints, including those belonging to employees working from home. This increase in visibility and understanding has helped them quickly identify patient zero and follow the trajectory of an attack to understand its potential impact. With MVISION EDR, they are able to determine every lateral movement that took place and analyze endpoints to determine if they were affected.
With McAfee MVISION EDR, the company’s security team can easily prioritize alerts, quickly grasping which ones need immediate attention and which can wait. In the future they hope to leverage the solution’s artificial intelligence-guided investigations and automate tasks to keep improving threat analysis and threat hunting, all of which will shrink the time-to-response gap even more.
Another benefit for the security team is the ability to use MVISION EDR for inventory tracking; they also can easily check registry settings to monitor system licensing and ensure proper configurations. When they roll out new tools in the environment, for example, they use MVISION EDR to make sure that the systems are working properly and communicating the way they should.
As you find yourself spending all your time at home, remember the critical role your energy company and technology play to provide you comfort in a not so comfortable time. Cybersecurity is complex but to find out how we simplify handling potential threats to our customers, please read the case study. And get your questions answered by tweeting @McAfee_Business.
The post Energy Company Fights Back with MVISION EDR as Covid-19 Increases Threat Campaigns appeared first on McAfee Blogs.
2020 has been a tumultuous and unpredictable year, where we restructured our lives and redefined how we work and interact with each other. In the past nine months, we saw IT security and the digital world challenged and taken to new heights. Although 2020 has undoubtedly been a year of trials and tribulations, I wanted to share some of McAfee’s top highlights.
The list that follows is drawn from some of this year’s greatest accomplishments.
1. |
New Global Managed Detection and Response Platform |
At the RSA Conference in February, we launched our MDR platform and our first strategic partner to leverage our MVISION EDR solution to proactively detect cyber threats faced by customers and resolve security incidents faster. Our MDR service with DXC Technology provides 24/7 critical alert monitoring, managed threat hunting, advanced investigations, and threat disruption 365 days a year.
2. |
Cloud Risk & Adoption Report: Work-from-Home Edition |
With the new work from home environment, we released a report uncovering a correlation between the increased use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, along with an increase in cyber-attacks targeting the cloud.
3. |
MVISION Cloud Becomes First CASB to Receive U.S. Government’s FedRAMP High JAB P-ATO Designation |
To support today’s U.S. governments race to modernize its IT infrastructure in the constantly evolving threat landscape, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level. Learn more here.
4. |
Election Website Security Shortcomings |
Ahead of the 2020 U.S. Presidential election, we released a survey revealing a severe lack of U.S. government .GOV validation and HTTPS encryption among county election websites in 13 states. The January 2020 survey found that as many as 83.3% of these county websites lacked .GOV validation across these states, and 88.9% and 90.0% of websites lacked such certification. Subsequently, reports emerged from the U.S. Federal Bureau of Investigations and the FBI and Department of Homeland Security, which compelled us to conduct a follow-up survey of county election websites in all 50 U.S. states.
5. |
Industry’s First Proactive Security Solution to Help Organizations Stay Ahead of Emerging Threats |
MVISION Insights provides actionable and preemptive threat intelligence by leveraging our cutting-edge threat research, augmented with sophisticated AI applied to real-time threat telemetry streamed from over 1 billion sensors. The integration of MVISION Insights significantly enhances the capabilities of our award winning endpoint security platform by managing the attack surface, preventing ransomware and aiding security teams to easily investigate and respond to advanced attacks.
6. |
Threat Actor Evolution During the Pandemic |
Our McAfee Labs team released a report examining cybercriminal activity related to COVID-19 and the evolution of cyber threats in Q1 2020. The team saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. Read the full report Q1 2020 here, and feel free to enjoy the bumper edition of the McAfee Labs Threats Report: November 2020, here.
7. |
Introducing MVISION CNAPP |
McAfee announced CNAPP, a new security service that combines solutions from Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Data Loss Prevention (DLP), and Application Protection into a single solution. Now in beta with a target launch date of Q1, 2021, we built CNAPP to provide InfoSec teams broad visibility into their cloud native applications.
8. |
Taking Threat Detection and Response to a New Level |
At MPOWER 2020, we announced McAfee XDR, a complete platform that provides SOCs visibility into how threats are impacting your key business processes, prioritizes response and delivers a full-integrated platform of security technologies. Our AI and Big Data analytics capabilities supplies SOCs with threat and campaign insights before an attack changes course, to avoid wasting time chasing false positives. Defenders get fewer and more meaningful alerts, making it easier to prioritize their response based on the severity and potential impact of a threat.
9. |
Expansions to McAfee’s MVISION Platform |
Continuing on MPOWER’s momentum, we launched MVISION Marketplace, MVISION API and MVISION Developer Portal, allowing customers to quickly and easily integrate McAfee and trusted SIA partner applications as well as privately developed applications within their current security environment. The launch enables security teams to swiftly address security gaps in their architecture and easily improve security posture.
10. |
McAfee Goes Public |
On October 22, 2020, McAfee rang the bell on NASDAQ and officially became a publicly traded company again. It was a momentous occasion for the company and all our dedicated employees and partners. A huge thank you goes out to our employees for their support and invaluable contributions in helping McAfee reach this milestone We’re excited for the future!
Thank you to our wonderful employees, partners and customers for helping us achieve our goals and we look forward to working with everyone in the new year!
The post 2020 Hindsight – Top 10 Highlights from McAfee appeared first on McAfee Blogs.
And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own.
Let’s unwrap the top four phishing scams that users should beware of while making online purchases this week and through the rest of the year. Remember, there’s still time to shop for cybersecurity protection this holiday season.
It might surprise you to see that a tactic as old as email phishing is still so widely used today. Well, that’s because many people still fall for email phishing scams, as the criminals behind these attacks up the ante every year to make these threats more sophisticated.
Scammers also tend to take advantage of current events to trick unsuspecting consumers into falling for their tricks. Take earlier this year, for example, when many users received phishing emails claiming to be from a government entity regarding financial support due to the global health emergency. Cybercriminals will likely use similar, timely tactics leading up to the holidays, posing as famous retailers and promising fake discounts in the hope that a consumer will divulge their credit card details or click on a malicious link.
Like email phishing, spear phishing has been around for quite some time. With spear phishing attacks, hackers pretend to be an organization or individual that you’re familiar with and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with. For example, cybercriminals might claim to be charitable organizations asking for donations, knowing that many families like to donate during the holidays. The email might even include the recipient’s personal details to make it seem more convincing. But instead of making a generous contribution, users find that they infected their own system with malware by clicking on the fraudulent link.
No, that’s not the sound of Santa coming down the chimney – it’s the sound of voice phishing! “Vishing” attacks can be highly deceiving, as hackers will call a user and trick them into giving up their credentials or sharing other personal information. For example, a scammer could call an individual telling them that they won a large amount of cash as part of a holiday contest. Overjoyed with the thought of winning this so-called contest, the user may hand over their bank information to the criminal on the other end of the phone. But instead of receiving a direct deposit, all they find is that their banking credentials were used to make a fraudulent purchase.
SMS phishing, or “SMiShing,” is another threat users should watch out for this holiday season. This tactic uses misleading text messages claiming to come from a trusted person or organization to trick recipients into taking a certain action that gives the attacker exploitable information or access to their mobile device.
Due to the current global health emergency and the desire to do more digitally, consumers will likely rely on online shopping this holiday season. To take advantage of this trend, scammers will probably send fraudulent text messages disguised as online retailers. These messages will likely contain fake tracking links, shipping notices, and order confirmations. But if an unsuspecting user clicks on one of these links, they will be directed to a fake website prompting them to enter their credentials for the attackers to further exploit.
To prevent cybercriminals from messing with the festive spirit via phishing schemes, follow these tips so you can continue to make merry during the holiday shopping season:
If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a holiday shopping offer or track a package’s shipment.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
The post Top Phishing Lures to Look Out for This Holiday Season appeared first on McAfee Blog.
This year has thrown a lot of challenges at us, and our digital lives were not immune. As millions of people around the world suddenly switched to working and learning online from home during the pandemic, digital threats spiked, making security and performance essential.
At McAfee, we are hyperaware of what our users are going through this year, with changes to their work, school, and lifestyles. At the same time, we are keeping our eyes on the threats aimed at taking advantage of the situation.
For example, we know that publicly disclosed security breaches increased by 41% in the first quarter of 2020 compared to the previous quarter. And, COVID-related threats are also on the rise. But with everything going on, it’s easy to see how technology users can become overwhelmed. That means that security not only has to protect against a wide range of threats, but also be seamless.
While you’ve been busy keeping up with all the changes this year has brought, we have been working on providing comprehensive security that protects you from existing and emerging threats so you can have peace of mind. In fact, Austria-based AV-Comparatives recently gave McAfee® Total Protection their highest three-star, “Advanced +” rating for malware protection measured against 16 competitors, and the German anti-malware test lab AV-Test awarded McAfee Total Protection with the TOP Product rating because of its 100% protection scores.
AV-Test also gave McAfee Mobile Security for Android its highest rating in terms of protection, performance, and usability against 14 competitors.
These labs also test for “false positives.” False positives happen when antivirus software identifies legitimate files or processes as malware by mistake. In recent tests, our products have also scored well when it comes to avoiding false positives. AV-Test showed that McAfee Total Protection and McAfee Mobile Security flagged zero false positives during testing.
Both of these independent antivirus testing organizations specifically look for how well security products protect their users against various threats, which is critically important given today’s threat landscape.
One of the key ways we keep on top of threats is through continuous product development. We don’t stop working on our software tools just because they are released to the public. Our products are continuously updated with new features and enhancements when they become available because security isn’t static. Regardless of if you bought your product in 2019 or early 2020, we make sure that you have the latest protection installed through automatic product updates.
Underscoring our dedication to continual product improvement, U.K.-based SE Labs recently named McAfee the 2020 winner for “Best Product Development.”
SE Labs’s slogan is “testing like hackers” because it evaluates a product’s effectiveness at various stages of attacks, from malicious emails and keystroke loggers, to full-on network attacks and system harm. All of these assessments are important to ensure that we can protect our users in real-world settings.
I’ve written before about how security software has to be convenient, and not get in the way of our productivity. Given the climate, it’s more important than ever that we offer comprehensive security tools that are lightweight and easy to manage.
For instance, I know how important these days are for my kids to meet with their teachers in online classes. If our security software was taking up so much of our computer’s resources that it kept them from being able to stream video while taking notes, it wouldn’t just be frustrating, but detrimental.
McAfee has consistently received some of the best scores in performance tests, while having a minimal impact on users’ systems. Just this month, AV-Comparatives awarded McAfee Total Protection the highest possible ADVANCED+ rating yet again, for the ninth time in a row!
This is great news for us, but even more important for our users since it shows that they do not have to sacrifice protection or performance, whether on their computers or mobile devices.
Of course, we know the threat landscape is continuously evolving, and we need to evolve with it.
By offering you tools that can guard against the latest risks while allowing you to be productive and connect with family and friends, we hope to be a strong ally in your digital life. It’s great to see that these three independent testing organizations recognize our accomplishments so far in protection efficacy and performance. We promise to keep it up so you can live a carefree digital life.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Putting Protection to The Test appeared first on McAfee Blogs.
The move to a distributed workforce came suddenly and swiftly. In February 2020, less than 40% of companies allowed most of their employees to work from home one day a week. By April, 77% of companies had most of their employees working exclusively from home.
Organizations have been in the midst of digital transformation projects for years, but this development represented a massive test. Most organizations were pleasantly surprised to see that their employees could remain productive while working from home thanks to successful cloud migration projects and the adoption of various mobility and remote access technologies, but companies have become more worried that they have far less visibility into data on employees’ systems when they are working remotely. Traditional Network DLP can protect data while it is traversing through the network up to the corporate edge, but it has little visibility to data once it is out of the corporate network and its effectiveness is further limited when the workforce is distributed.
More than three-quarters of CIOs are concerned with the impact that this increased data sprawl is having on security. Despite the fact that roughly half of all corporate data was stored in the cloud last year, only 36% of companies could enforce data protection policies there. Many organizations therefore forced home-based users to hairpin all traffic back to the corporate data center via VPN so that they could be protected by the network data loss prevention (DLP) system. This maintained security, but it came at the cost of poor performance and reduced worker productivity.
Organizations that employed cloud-based security technologies like a Cloud Access Security Broker (CASB), DLP, or Secure Web Gateway (SWG) could enable their users to perform their jobs with fast and secure direct-to-cloud access. However, this still leads to headaches: IT organizations have to manage multiple disparate solutions, while users face latency while their traffic needs to bounce between multiple siloed technologies before they can access their data.
The Secure Access Service Edge (SASE) presents a solution to this dilemma by providing a framework for organizations to bring all of these technologies together into a single integrated cloud service. End users enjoy low-latency access to the cloud, while IT management and costs are simplified. So everyone wins, right? Not entirely.
Many SASE proponents posit that the best way to architect a distributed Work From Home environment would be to have all security functionality in the cloud at the “service edge”, while end user devices have only a small agent to redirect traffic to that service edge. However, this model poses a data protection dilemma. While a cloud-delivered service can extend data protection to data centers, cloud applications, and web traffic, there are a number of blind spots:
These blind spots can only be addressed by endpoint-based data loss prevention (DLP) that enforces data protection policy on the user’s device. This is not dissimilar to how SASE frameworks rely on SD-WAN customer premises equipment (CPE) that perform essential network flow functionality at branch office locations. Therefore, it’s imperative to look for SASE solutions that include endpoint DLP coverage.
It’s great to say that to address the challenges of cloud transformation and the remote workforce, existing network DLP solutions – with their dedicated management interface, data classifications, and policy workflows – need to be accompanied by similar capabilities in the cloud, and then again on the endpoint. Of course, that’s completely impractical where IT organizations are already struggling to deal with the status quo due to finite budgets and skilled personnel. Not only is it impractical, but it undermines the consolidation, simplification, and cost reduction promised both by digital transformation and the SASE framework.
The answer to this dilemma is a comprehensive data protection solution that encompasses networks, devices, and the cloud, something that is uniquely delivered by McAfee MVISION Unified Cloud Edge (UCE). MVISION UCE is a cloud-native solution that seamlessly converges core security technologies such as Data Loss Prevention (DLP), cloud access security broker (CASB) and next-gen secure web gateway (SWG) to help accelerate SASE adoption. MVISION UCE features multi-vector data protection that features unified data classification and incident management across the network, sanctioned and unsanctioned Shadow IT cloud applications, web traffic, and equally important, endpoint DLP. This provides corporate information-security teams the necessary visibility, control and management capability to secure home-based and mobile workers as they access data anywhere.
To manage data security of a distributed workforce, linking device security to corporate policy becomes extremely important. With a managed DLP agent on the device, IT security can know where sensitive data exists, block untrusted services and removable media, protect against cloud services and desktop apps, and educate employees to potential dangers.
Historically, data protection has focused on a central point like the network or the cloud because implementing it on the device has been difficult. However, with McAfee’s Unified Computing Edge (UCE), DLP becomes an easy-to-deliver feature.
Centrally managed by McAfee MVISION ePO, McAfee DLP can be easily deployed to endpoints. With its unique device-to-cloud DLP features, on-prem DLP policies can be easily extended to the Cloud with a single click and as fast as under one minute. Shared data classification tags ensure consistent multi-environment protection for your most sensitive data across endpoints, network and cloud. —
Incorporating security into the cloud and the edge, and delivering data protection at the endpoint, are the only way to really deliver on what SASE promises and unlock your remote workforce. Looking to the future, a widely distributed workforce is here to stay. Companies need to take steps to secure devices and data wherever they are.
To find out more, please visit www.mcafee.com/unifiedcloud.
The post Think Beyond the Edge: Why SASE is Incomplete Without Endpoint DLP appeared first on McAfee Blogs.
You wake up, log in to your Outlook, and find an email waiting in your inbox from support@irs.gov. Much to your confusion, the email claims that you have an outstanding account balance that you must pay immediately, or you will face legal charges.
As it turns out, you’re not the only one to receive this message. According to Bleeping Computer, a phishing campaign was recently discovered impersonating the IRS, with 70,000 spoofed emails reaching users’ inboxes. Let’s unpack how this scheme works.
This scam targets Microsoft 365 users and threatens to press legal charges unless the recipient settles an outstanding account balance. And while some of the telltale signs of a phishing scam are grammar errors and misspellings throughout the body and address of the email, this threat is a little more sophisticated. To make this threat appear more credible, scammers use the email support@irs.gov, causing recipients to believe that the email actually did originate from the IRS. The email also appears to have no spelling errors at first glance, further increasing its legitimacy to an unsuspecting user.
This scam is not foolproof, however. Upon further investigation, a recipient would see that the email’s header reveals the real sending domain: shoesbagsall.com. What’s more, the reply-to field redirects the replies to legal.cc@outlook.com instead of the IRS support mailing address.
To further entice users into falling for this scheme, scammers threaten arrest or other legal charges and tell recipients that they will forward the emails to their employer to withhold the fake outstanding amounts from their wages. Additionally, the emails also instruct the targets to immediately reply with payment details to avoid having their credit affected.
The best way to stay protected from phishing scams? Knowing how to spot them! Follow these security tips and best practices to prevent falling for fraudsters’ tricks:
Be skeptical of emails or text messages claiming to be from organizations with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service.
If you receive an email or text asking you to download software or pay a certain amount of money, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
If you accidentally respond to a phishing email with your personal data, change the passwords to any accounts you suspect may have been impacted. Make sure your new credentials are strong and unique from your other logins. For tips on how to create a more secure password, read our blog on common password habits and how to safeguard your accounts.
A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 70,000 Phishing Emails Sent Impersonating the IRS: How to Stay Protected appeared first on McAfee Blogs.
Free VPNs May Still Come with a Price
If we’re being honest, many of us are consuming a lot of online content these days, whether it be for work, education, or sheer entertainment. I know my family is trying to balance what we need to do online, like meetings and classes, with fun activities like streaming movies, given that we are all spending more time safely at home.
But as a security professional what I’m really concerned about is how we are connecting to all this digital content. There has been a surge in VPN (virtual private network) downloads so far this year, showing that users are concerned about their online privacy, which is a good thing.
As you may know, a personal VPN is simply a piece of software that can establish a secure tunnel over the internet, offering you both privacy and freedom from IP-based tracking. It protects your identity and financial information by encrypting, or scrambling, the data that flows through the tunnel, and can mask your true location, making it appear as though you are connecting from somewhere else.
However, the myriad of VPN options—from free, to paid, to “freemium” (limited products offered on a trial basis for free, hoping customers will invest in more comprehensive, paid versions)—can be confusing and cause some customers to walk away unprotected. This is unfortunate, because here at McAfee we’ve recorded a growing number of network attacks, including targeted attacks against a variety of business and educational enterprises.
These threats mean that we need to do our best to ensure that our sensitive information stays safe, which is why I’d like to take a look at the difference between free VPNs and premium VPNs.
Sometimes a VPN is included in more robust security software, as it is in McAfee® Total Protection, but often it is a standalone tool, that is offered either at a monthly subscription rate, or for free. While it may be tempting to go for a free option, there are some serious considerations that you should take to heart.
Since free VPNs are not making money directly from their users, many make revenue indirectly, through advertising. This means that not only are users bombarded with ads, they are also exposed to tracking, and potentially malware. In fact, one study of 283 free VPN providers found that 72% included trackers. This is not that surprising, given that advertisers depend on gathering your personal data to better target their ads.
But beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive information at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware, such as keyloggers, and some even stole the data off of users’ devices.
Also concerning is how these free providers handle your data. In one worrying incident, a VPN provider exposed thousands of user logs and API access records openly on the web, including passwords and identity information.
VPNs are critical tools for enhancing our privacy and shouldn’t be an avenue for potentially opening the door to new risks. That’s why I always advise users to look for a paid VPN with the following features:
Unlimited Bandwidth —You want your network connection to stay secured no matter how much time you spend online.
Speedy Performance—We all know how frustrating a sluggish internet connection can be when you are trying to get things done. Whether connecting for productivity, education, or entertainment, we are all dependent on bandwidth. That’s why it’s important to choose a high-speed VPN that enhances your privacy, without sacrificing the quality of your connection.
Multiple Device Protection—These days many of us toggle between mobile devices, laptops, and computers, so they should all be able to connect securely.
Less Battery Drain—Some free mobile VPNs zap your battery life, making users less likely to stay protected. You shouldn’t have to choose between your battery life and safeguarding your privacy.
Ease of Use— As I’ve written recently, for technology to really work it has to be convenient. After all, these technologies should power your connected life, not serve as a hindrance.
Fortunately, we don’t have to sacrifice convenience, or pay high prices, for a VPN that can offer a high level of privacy and protection. A comprehensive security suite like McAfee Total Protection includes our McAfee® Safe Connect standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you and your family, and enjoy quality time together.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Free VPNs May Still Come with a Price appeared first on McAfee Blogs.
Truebill, Chargebee, Fusebill and other financial apps have been inundating my social feeds and until recently I didn’t understand why I would need one of these apps. I’m the type that knows her bank account balance to the penny and I was shocked to discover that many of my co-workers and, of course, my college kid had no idea their balance was low until they tried to use their debit card and got declined. What also surprises me is how many people don’t know what is coming out of their bank account. I may not realize precisely how much my Starbucks addiction costs but I’m in security and I need my caffeine! Keeping up with the latest ways cyber criminals can infiltrate an organization or sneak past endpoint solution takes a lot of energy.
Then I got to thinking about these new apps that I can’t imagine why anyone would need to use – UNTIL I decided to try one….and then I discovered I too had been compromised by subscriptions and fees I had no idea I was being charged for. This led me to think about my false sense of security and how I felt I was protected because I checked my account and tracked what came in and out. I use my debit card a lot, I use it constantly for purchases and have it attached to Apple Pay, Pay Pal and you name it, it is linked.
So why am I bringing this up? Well, in your job you might have responsibility for corporate security…and you might be feeling pretty comfortable that you have everything under control, a bit like I did with my finances – but you don’t know what you don’t know. It’s all well and good (and indeed highly advisable) having an endpoint protection product in place but is it possible that this is giving you a feeling of security beyond the true situation? Could there be sneaky activity happening at a really low level that is getting past those solutions? I didn’t think so, until I installed the app and I discovered exactly what I didn’t know.
And that’s where EDR comes in – because EDR is designed to monitor what is happening on your endpoint devices, to track and trace activity, consolidate it and identify potential risks – the really good EDR solutions will also group related items into threads to speed up investigations, prioritize which groups should be examined first and even automate some of the investigation processes.
And don’t overlook the importance of that automation – when I was looking at my finances if the app I tried had simply overwhelmed me with massive amounts of information (some of which I knew, some of which was a surprise, all of which was mixed up together), I’d have likely looked once, and decided that I was right all along…everything was probably under control, and the effort involved in digging deeper was likely to be greater than any return I might have got back. But, it was automated, it consolidated the information, it simplified things…and ultimately it showed me exactly what I needed to know with minimal effort on my part. The net effect of that was a positive result. EDR is the same – I’ve spoken with customers who have tried it and simply given up because it’s proven to be too complicated. It can feel easier not to find out what you don’t know – but it won’t be as secure!
That’s what security analysts are loving about MVISION EDR. MVISION EDR helps find what is hidden and lifts it to the surface where it can be examined and then either allowed or blocked. But unlike my bank account, we’re not talking about 5 or 10 things you may not have been aware of, we’re talking about potentially tens of thousands each and every day. And that’s the other thing they love about MVISION EDR – not only does it make identifying these potential risks easier to identify, but it groups them together into a much smaller number of potential incidents, prioritizes those incidents so they know which ones to investigate first and even uses AI to guide those investigations and make suggestions as to how they can reach a resolution quickly and accurately. What’s not to love?
If you want to see what you have been missing check out MVISION EDR.
The post What Truebill and Other Financial Apps Have in Common With EDR appeared first on McAfee Blogs.
Today’s U.S. government is in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams—and do so facing a constantly evolving threat landscape. To support these efforts, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level.
This FedRAMP Moderate designation is equivalent to DoD Impact Level 2 (IL2) and certifies that the McAfee solution has passed rigorous security requirements for the increasingly complex and expanding cloud environments of the U.S. government. The FedRAMP Moderate authorization validates the McAfee solution’s implementation of the baseline 325 NIST 800-53 controls, allowing users from federal agencies, state and local government, and other industries in regulated environments to manage Controlled Unclassified Information (CUI) such as personally identifiable information (PII) and routine covered defense information (CDI).
By achieving FedRAMP Moderate Authorization for MVISION for Endpoint, McAfee can provide the command and control cyber defense capabilities government environments need to enable on-premise and remote security teams, allowing them to maximize time and resources, enhance security efficiency and boost resiliency.
McAfee MVISION for Endpoint consists of three primary components: McAfee MVISION Endpoint Detection and Response (EDR), McAfee MVISION ePolicy Orchestrator (ePO) and McAfee Endpoint Security Adaptive Threat Protection with Real Protect (ENS ATP):
Together, these solutions provide today’s U.S. government agencies the AI-guided endpoint threat detection, investigation and response capabilities they need to confront today’s ever evolving threats across a wide variety of devices. This important FedRAMP milestone is the latest affirmation of McAfee’s long-standing commitment to providing U.S. government agencies advanced, cloud-based cyber defenses to help them meet whatever mission they may confront today and in the future.
Other recent McAfee public sector achievements include:
Please see the following for more information on McAfee’s efforts in the FedRAMP mission:
The post McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements appeared first on McAfee Blogs.
I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – even car parts! And my story is not unique. Living with a pandemic has certainly meant we’ve had to adapt – but when it came to ramping up my online shopping so we could stay home and stay safe – I was super happy to adapt!
And research from McAfee shows that I am not alone. In fact, over 40% of Aussies are buying more online since the onset of COVID-19 according to the 2020 Holiday Season: State of Today’s Digital e-Shopper survey. But this where it gets really interesting as the survey also shows that nearly 1/3 of us (29%) are shopping online 3-5 days a week, and over one in ten consumers (11%) are even shopping online daily!! But with many online retailers offering such snappy delivery, it has just made perfect sense to stay safe and stay home!
With just over a month till Santa visits, it will come as no surprise that many of us are starting to prepare for the Holiday season by purchasing gifts already. Online shopping events such as Click Frenzy or the Black Friday/Cyber Monday events are often very compelling times to buy. But some Aussies have decided they want to get in early to secure gifts for their loved ones in response to warnings from some retailers warning that some items may sell out before Christmas due to COVID-19 related supply chain issues. In fact, McAfee’s research shows that 48% of Aussies will be hitting the digital links to give gifts and cheer this year, despite 49% feeling cyber scams become more prevalent during the holiday season.
McAfee’s research shows very clearly that the bulk of us Aussies are absolutely aware of the risks and scams associated with online shopping but that we still plan to do more shopping online anyway. And with many of us still concerned about our health and staying well, it makes complete sense. However, if there was ever a time to take proactive steps to ensure you are minimizing risks online – it is now!
McAfee’s specialist online threat team (the Advanced Threat Research team) recently found evidence that online cybercrime is on increase this year, with McAfee Labs observing 419 threats per minute between April to June 2020 – an increase of almost 12% over the previous quarter.
And with many consumers gearing up to spend up big online in preparation for the Holiday season, many experts are worried that consumers are NOT taking these threats as seriously as they should. McAfee’s research showed that between April to June 2020, 41% of 18-24 year olds have fallen victim to an online scam and over 50% of the same age group are aware of the risks but have made no change to their online habits.
At the risk of sounding dramatic, I want you to channel your James Bond when you shop online this holiday period. Do your homework, think with your head and NOT your heart and always have your wits about you. Here are my top tips that I urge you to follow to ensure you don’t have any unnecessary drama this Christmas:
Click on random, unsafe links is the best way of falling victim to a phishing scam. Who wants their credit card details stolen? – no one! And Christmas is THE worst time for this to happen! If something looks too good to be true – it probably is. If you aren’t sure – check directly at the source – manually enter the online store address yourself to avoid those potentially nasty links!
This is a no-brainer – where possible, turn this on as it adds another lay of protection to your personal data and accounts. Yes, it will add another 10 seconds to the log-in process but it’s absolutely worth it.
If you have a VPN (or Virtual Private Network) on your laptop, you can use Wi-Fi without any concern – perfect for online purchases on the go! A VPN creates an encrypted tunnel between your device and the router which means anything you share is protected and safe! Check out McAfee’s Safe Connect which includes bank-grade encryption and private browsing services.
Ensuring all your devices are kitted out with comprehensive security software which will protect against viruses, phishing attacks and malicious website is key. Think of it as having a guardian cyber angel on your shoulder. McAfee’s Total Protection software does all that plus it has a password manager, a shredder and encrypted storage – and the Family Pack includes the amazing Safe Family app – which is lifechanging if you have tweens and teens!
So, yes – please make your list and check it twice BUT before you dive in and start spending please take a moment to ask yourself whether you are doing all you can to minimise the risks when online shopping this year. And don’t forget to remind your kids too – they may very well have their eye on a large gift for you too!
Happy Christmas Everyone
Alex xx
The post Christmas Shopping 2020 appeared first on McAfee Blogs.
And just like that, the holiday shopping season is among us! Like consumers everywhere, you may be trying to plan ahead when it comes to picking out gifts for your friends and family, scouring far and wide to cross items off your list. This year, however, will likely be different than past holiday shopping seasons.
While more than 124 million consumers shopped in-store during the 2019 holiday shopping weekend, findings from McAfee’s 2020 Holiday Season: State of Today’s Digital e-Shopper survey revealed that consumers plan to do more shopping online – and earlier – this holiday season. But how will this increase in online activity impact users’ digital lives?
Let’s explore what this online shopping trend means for consumer security this holiday shopping season.
The onset of the global health emergency caused users everywhere to live, work, play, and buy through their devices – maybe more than ever before. McAfee’s survey shows that general shopping activity has increased, with 49% of respondents stating they are buying online more since the onset of COVID-19. As one could predict, researchers expect these online shopping habits to bleed into the holiday shopping season. In fact, 36% of Americans note that they plan on using digital links to give gifts and spread cheer this year. However, this increase in online activity doesn’t exactly mean an increase in online safety.
Hackers love to take advantage of online trends, so it’s no surprise that they see an increase in online activity as more opportunities to spread threats. In fact, McAfee Labs observed an almost 12% increase in online threats per minute in Q2 2020 compared to the previous quarter.
Increased online activity serves as the perfect opportunity for hackers to interrupt consumers’ merriment and spread malicious misdeeds. And 36% of consumers noted that their online buying habits will increase this holiday season, even though they are aware of cyber risks. This lack of concern is troublesome, especially as hackers get stealthier in how they scam consumers. Take Black Friday and Cyber Monday discounts, for example. Forty-three percent of survey respondents admitted to not checking the authenticity of these so-called deals when going through their emails and text messages. By not taking proper security precautions, users potentially open themselves up to a blizzard of cyberthreats.
While these survey results confirm that cyber-grinches are using their tricks to interrupt the merriment, that doesn’t mean consumers can’t still have a holly, jolly shopping experience. By taking the necessary steps to protect themselves – and their loved ones – this holiday season, consumers can continue to live their digital lives with confidence. To help ensure hackers don’t put a damper on your festive celebrations, follow these security tips:
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. This reduces the risk of successful impersonation by hackers.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a Black Friday or Cyber Monday offer or track a package’s shipment.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Hackers often use consumers’ personally identifiable information to make fraudulent purchases – a trick that would certainly interrupt a holiday shopping spree. A solution like McAfee Identity Theft Protection takes a proactive approach to help protect identities with personal and financial monitoring and recovery tools to help keep identities personal and secure.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post ‘Sleigh’ Holiday Shopping by Protecting Your Online Security appeared first on McAfee Blogs.
Core to any organization is managing cyber risk with a security operations function whether it be in-house or outsourced. McAfee has been and continues their commitment to protecting cyber assets. We are dedicated to empowering security operations and with this dedication comes expertise and passion. Introducing SOCwise a monthly series of blogs, podcasts and talks driven by two highly experienced and devoted security operations professionals. This is an ongoing resource of helpful advice on SOC issues, distinct SOC functional lessons, best practices learned from a range of projects and customers and perspectives on the future of security operations. In addition, we will invite guests to contribute to this series.
From the perspective of a ‘legacy SIEM’ guy I can tell you that there’s nothing more important to a security analyst than intelligence. Notice I didn’t say ‘data’ or ‘information’ – I didn’t even say ‘threat intelligence’. I’m talking about ‘Situational Awareness’. I’m specifically talking about business, user and data context that adds critical understanding and guidance in support of making more timely, accurate or informed decisions related to a given security event. A typical SOC analyst might deal with dozens of incidents each shift – some requiring no more than a few minutes and even fewer clicks to quickly and accurately determine the risk and impact of potential malicious activities. Some incidents require much more effort to triage in hopes to understand intent, impact and attribution.
More often we find the role of SOC analyst to be one of data wrangler – asking and answering key questions of the ‘data’ to determine if an attack is evident and if so, what is the scope and impact of the adversarial engagement. Today’s modern SOC is evolving from one of centralized data collection, information dissemination and coordination of intelligence – one where each stakeholder in security was a part of the pre-determined set of expectations throughout the evaluation and implementation process – to a fully distributed cast of owners/creators (application development, operations, analysts, transformation architects, management) where the lines of authority, expectation and accountability have blurred sometimes beyond recognition.
How can a modern SOC maintain the highest levels of advanced threat detection, incident response and compliance efficacy when they may no longer have all (or sometimes even some) of the necessary context with which to turn data into intelligence? Will Security Operations Centers of the future resemble anything like the ones we built in previous years. From the massive work-from-home migration brought on by an unexpected pandemic to cloud transformation initiatives that are revolutionizing our modern enterprise, the entire premise of a SOC as we know it are being slowly eroded. These are just some of the questions we will try to answer in this blog series.
I have worked for 20 years in this industry that we once used to call, information security. During this time, I have had the opportunity to be both on the offense and the defense side of the cyber security coin, as a practitioner and as a consultant, as an architect and as an engineer, as a student as well as a SANS author & instructor. I want to believe that I have learned a few things along the way. For example, as a penetration tester and a red teamer, I have learned that there is always a way in, that prevention is ideal, and that detection is a must. As a security architect I have learned that a defensible architecture is all about the right balance between prevention, monitoring, detection and response. As an incident responder I learned that containing an adversary is all about timing, planning and strategy. As a security analyst I have learned the power of automation and of human-machine teaming, to do more analysis and less data gathering. As a threat hunter I have learned to be laser focused on adversarial behaviors, and not on vulnerabilities. And as a governance, risk and compliance consultant, that security is all about tradeoffs, about cost and benefit, about being flexible, adaptable and realizing that for most of our customers, security is not their core business, but something they do to stay in business. To summarize 20 years in a few phrases is challenging, but no one has summarized it better than Bruce Schneier in my opinion, who wrote, precisely 20 years ago: “security is a process, not a product”.
And I am sure that you will agree with me that processes have changed a lot over the last 20 years. This transformation that had already started with the adoption of Cloud and DevOps technologies it is now creating an interesting and unforeseen circumstance. Just when security operations barely found its footing, and right when it was finally coming out from under the realm of IT, garnering respect and budget to achieve desired outcomes, just when we felt that we made it, we are told to pack our things, leave the physical boundaries of the SOC and have everyone work remote.
If this didn’t introduce enough uncertainty, I read that Gartner predicts that 85% of data centers will be gone by 2025. So, I can’t help but wonder: is this the end of it? Is the SOC dead as we know it? What is the future of SecOps in this new paradigm? How will roles change? Will developers own security in a ‘you code it, you own it’ fashion? Is it realistic to expect a fully automated SOC anytime soon?
Please join us in this new SOCwise series as Michael and I explore answers to these and more questions on the future and the democratization of SOC and SecOps.
The post SOCwise: A Security Operation Center (SOC) Resource to Bookmark appeared first on McAfee Blogs.
Change happens – sometimes much faster than expected – like it has in 2020. When the threat landscape shifts suddenly, security professionals must quickly react and change their security posture. This not only means reconfiguring existing security investments but also adding new ones.
But given the number of heterogenous security applications sold by multiple vendors, new security expansions are tough to manage. They not only have to co-exist with the existing security infrastructure, but they must be integrated to avoid leaving security gaps attackers can exploit. User and business experience must be maintained as well. Is it any wonder, then, that CISOs continue to struggle? It’s hard to optimize and manage existing cybersecurity software investments — and expand security capabilities – all the while keeping up with shifting business needs.
It is time you demand more from your security vendors. It’s perfectly reasonable to expect them to do the following:
Here’s where “Composable Security,” a breakthrough architectural extension from McAfee addresses this chronic IT turbulence. In practice, the concept allows MVISION ePO (ePolicy Orchestrator) administrators to add multi-vendor security modules quickly and easily assemble best-in-class solutions that meet your particular needs. Users can compose, and then re-compose, powerful, cloud-based or on-prem security solutions certified to seamlessly plug-and-play. With a few clicks, you can add new capabilities to your existing security infrastructure in minutes.
MVISION ePO now offers Composable Security capabilities. Let’s take a closer look:
The era of monolithic and often disconnected, security solutions has passed. We believe customers want a connected security architecture that can rapidly adopt and implement new tools, sensors and data from a myriad of disparate but innovative solutions. When change occurs seemingly overnight, like we saw with the explosion in the number of people working from home due to Covid-19, executives don’t have the luxury of waiting until the next budget cycle to take action. But with MVISION Marketplace, we are enabling companies to easily scale their security infrastructure.
This new application marketplace enables McAfee and our partners to deliver pre-integrated, best-in-class solutions to customers. The marketplace offers products that expand and extend McAfee solutions. Organized in easy to understand categories, the marketplace features a tile per partner. Each integration is “McAfee Certified” which means that McAfee has certified the integration with that partner.
Clicking on the tile enables you to drill down and understand the value delivered by each integration. When you see something you like, click through and try it out. Here’s where pre-integration makes the combined value proposition easy to understand. The idea is for customers to experience the value quickly before they make a decision.
By utilizing our partners in the MVISION Marketplace, you can not only evolve your security architecture; you also improve your team’s responsiveness to real-time threats—and become less preoccupied with tool integration.
We worked closely with multiple partners to build out this marketplace. These composable solutions are from leaders in their field including Attivo Networks, IBM Security, Seclore, Service Now, Siemplify, and ThreatQ. Their certified solutions extend the capabilities of existing security environments, whether cloud-based or on premise. This new ability to mix and match applications over and over also addresses many pressing business challenges. It helps organizations address technology, time, compliance, and resource constraints in minutes — rather than in hours, days or weeks.
Attivo working with McAfee delivers the best endpoint solution in the industry. Attivo’s blog covers how McAfee + Attivo are better together for customers.
Seclore working with McAfee delivers the best Information security solution in the industry. Read their blog to learn how McAfee + Seclore are better together for customers.
ThreatQuotient, Swimlane, and Siemplify, working with McAfee, deliver one of the best SOC solutions in the industry. Learn more about how ThreatQuotient, Swimlane, and Siemplify are better together with McAfee for our customers.
Our market leading Security Innovation Alliance Program has created the largest integrated security ecosystem in the industry. We’re not done. You can expect us to add new partners quickly. In the meantime, if you find a partner missing that you want us to add to our list, please reach out to me.
We live in an era where more security is automated rather than managed through consoles. MVISION API’s goal is to be the single interface for your non-console interactions with the McAfee portfolio. It’s a powerful capability that delivers a single, web scale, global interface with unparalleled access to your McAfee portfolio. The goal is threefold:
The API, at launch, is tuned towards an Open EDR solution enabling customers to expand and extend MVISION EDR. Top use cases are driven by the need of SOC analysts to build playbooks, manage cases, search for IOCs, synchronize Incidents and build intelligent extensions to the vast amount of control visibility we provide.
We have very ambitious plans. So, watch this space as we make rapid progress.
Opening up the MVISION Developer Portal to all Innovators using the MVISION APIs, application developers and ISVs can build public or private applications. This portal for application developers enables them to build, test, and certify their applications prior to making them available on MVISION Marketplace or for customers to develop and deploy their private apps.
I expect startups will leverage MVISION APIs to build their innovation on top of McAfee products. In fact, we encourage them to do so and deliver their innovations next to McAfee products and deliver them to our customers through the marketplace.
Of course, organizations can also choose to create a variety of custom apps using MVISION APIs from the MVISION Developer Portal. The only limit is your own creativity. You can build new Intelligent apps, automate your current processes, integrate your SIEM, build an OT extension, or just sit back and enjoy a comprehensive dashboard that tracks your security posture.
These capabilities work together to deliver a Composable Security Platform enabling McAfee and its ecosystem to deliver pre-integrated, high-value solutions to customers. This is a big breakthrough that will make your job easier. All it now takes is a few minutes to make a few clicks to add valuable new capability.
Try it out and see for yourself at http://marketplace.mcafee.com/ and https://developer.mcafee.com/. I hope you will find this set of capabilities valuable and welcome your ideas on how to make them even better. And don’t be shy. Drop me a line @ javed_hasan@mcafee.com to tell me what improvements you want to see.
The post Bridge the Gap Between the Security You Have and the Security You Need appeared first on McAfee Blogs.
Where would we be without our internet this year?
We’ve shopped, worked, studied and taught, job hunted, and cared for each other online this year in ways we haven’t before—not to mention entertained ourselves plenty too. As so many of us have faced challenges and outright adversity this year, it’s difficult to imagine what this year would have been like without the support of a reliable broadband internet connection. So much so, you can argue that it’s become a necessity.
For that, I’m thankful—and recognize that we have a long way to go before all of us can share in those same thanks. As I’ve mentioned in earlier blogs, fixed broadband internet access at home remains elusive for many. In the U.S. alone, one analysis shows that more than 150 million people do not use the internet at broadband speeds, which is practically half of the U.S. population.
A good question to ask here is what exactly constitutes “broadband?” The Federal Communications Commission (FCC) defines broadband speeds as 25 Megabits per second (Mbps) of download speed and 3 Mbps of upload speed. (Note that the FCC estimates only 21 million people in the U.S. are without broadband, a number widely considered to be low.)
Put in everyday terms, 25 Megabits per second of download speed is baseline figure that should provide a family of two to four people with enough capacity to engage in bandwidth-hungry activities like working from home, schooling online, or even receiving medical care through telemedicine, along with streaming to stay entertained and informed too.
As we look at that figure of 150 million underserved people, we see people who live in remote areas that simply aren’t wired for broadband yet, representing millions of rural residents and people living on tribal lands. Additionally, it also includes people in urban areas who potentially have access to a broadband connection, yet their income levels impact their ability to subscribe to it.
Obviously, a major hurdle in rolling out broadband nationwide is the 1.9 billion acres that makes up our country. The physical, technological, and financial efforts associated with building fixed broadband access across rural and remote terrain are substantial to say the least. Additionally, there are regulatory matters as well, like the rules that govern access to existing utility poles and conduits needed for broadband deployment.
Ultimately, we’re talking about connecting not just homes, but entire communities—people, businesses, libraries, granges, local government, and more. Getting them access to broadband isn’t just a commercial interest, it’s a matter of infrastructure as well. Just as water and electricity are utilities, we can argue that the internet, broadband internet, has long since evolved into a utility. The reasons are clear: education, economic growth, employment and even access to healthcare all stand to improve when broadband is available to a community, as has been seen in communities such as Chattanooga, Tennessee and in Delta County, Colorado. Thus it makes sense that connecting them has become a joint endeavor by the public and private sector.
Meanwhile, last summer, the lack of adequate broadband across Nebraska during the pandemic prompted the state’s governor and legislature to allocate pandemic relief funds and pass bills that would speed the deployment of broadband across the state. As reported by the Omaha World-Herald, one of Nebraska’s rural power district managers said of fixed broadband service, “It goes beyond economic development, it goes beyond watching Netflix, there’s some real business implications here.”
However, even in communities where broadband is physically available, pockets of low-speed connectivity exist as well. According to the Pew Research Center, only 53 percent of adults with an income under $30,000 had broadband access at home. For those with an income of between $30,000 and $100,000, that figure takes a major leap up to 81%. Instead, lower-income Americans turn to their smartphones for all their internet access. From the findings:
“As of early 2019, 26% of adults living in households earning less than $30,000 a year are “smartphone-dependent” internet users–meaning they own a smartphone but do not have broadband internet at home. In contrast, only 5% of those living in households earning $100,000 or more fall into this category in 2019.”
What does a smartphone-only internet life might look like? Pew Research Center put that into perspective in a survey where respondents were asked about job hunting on the internet. Some 32% of people with a reported household income of under $30,000 said that they submitted a job application by phone. For those households making more than $75,000, that figure was just 7%. (Cost is certainly a factor, yet it is encouraging to see that the reported average cost of broadband in the U.S. is dropping—down to $50 a month from just over $67 a month a year ago.)
That’s just one example of a smartphone-only internet, yet you can imagine how difficult it must be to create a resume, complete schoolwork, or work remotely when your internet experience is limited to the small screen of a phone. Contrast that with this year’s need to work and study at home. A low-income household that’s dependent on smartphones misses out. Their internet is a less useful and less productive internet experience. They simply can’t work, learn, and train at home like fully connected households can.
My hope in sharing this issue with you is so that we can all gain a bit of perspective. Far fewer people have access to a broadband internet experience than we might initially think, which results in a lack of connectivity that stunts the benefits and opportunities they and their communities can realize.
Granted, the solution for increasing broadband access largely rests with state-level broadband offices, budgeting and legislation at the federal government level, along with public partnerships and interest groups who are all pushing for improved broadband access. (And, in the states which allow it, municipal broadband solutions.) However, as individuals, we can let this reality shape some of our decision-making on a local level.
When library funding measures come up for approval in your community, consider giving them your “yes” vote, as they may present an opportunity to fund library locations and services where people can access free broadband. Likewise, give school levies your consideration, they may help get a computer in the hands of a student who doesn’t have one. (An 11% increase in PC, Mac, and Chromebook sales this year was largely driven by the education market, which needed to supply computers for in-home learning.) These are just a couple of ways that we can “think global, act local” and help others get access to a full broadband internet experience.
So as Thanksgiving approaches, let’s indeed say thanks for the connectivity and internet experience so many of us enjoy—and how vital that was this year. Likewise, let’s remember that our country and the communities within it still have a way to go before the overwhelming majority of us can benefit from that same experience—so that they can enjoy and be thankful for it too.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Thankful for broadband internet, and hopeful for much more appeared first on McAfee Blogs.
Corporate boards have many dimensions of responsibility. Cybersecurity can be one of the most nuanced and important areas of focus for a board, but not all board members are well versed in why and what they need to care about related to cybersecurity.
Cybersecurity is a board level topic for three main reasons:
Security breaches can hurt companies financially, negatively impact brand reputation, and result in data loss (both personal and company intellectual property) just to name a few of the impacts. Unfortunately breaches that impact hundreds of millions or even billions of people are more common that we would like. Some of the more notable cybersecurity breaches you may remember are Equifax back in 2017, Adobe in 2013, and Zynga (the company that makes Words with Friends) in 2019. In July 2020, we saw key high-profile Twitter accounts compromised. You don’t want to see your company name in the news headlines due to a breach!
Besides security breaches, governance in cybersecurity is becoming more important. Governance describes the policies and processes which determine how organizations detect, prevent, and respond to cyber incidents. In many organizations, there is a division between the governance and management activities. Board members should be involved in evaluating security related reporting requirements and overall competence of the cybersecurity program, policies and procedures. If you are a US public company, there are additional board requirements from the Securities and Exchange Commission that you should be familiar with such as requiring written disclosure of how the board administers its risk oversight function.
Government regulations and compliance also needs to be considered. However, just being compliant doesn’t mean you are secure. Cyber legislation has been frequently proposed by Congress over the years. Almost all US states have their own laws about what constitutes a security breach and when to disclose the breach. It is important to understand the local, state and federal laws (including international laws) related to cybersecurity for where you do business.
Everyone on the board is responsible and could potentially be held accountable for a breach both legally and financially. It is not only the CISO, CSO or CIO’s responsibility to care and do the right thing. We all have a role to play to ensure the company is protected and set up for success.
When one person doesn’t do their part, things can fall apart for a company. For instance, in August 2020, a former Uber company executive was criminally prosecuted for not disclosing a data breach back in 2016. Uber’s former Chief Security Officer was charged with obstruction of justice and concealing a felony for allegedly failing to report their 2016 breach to the Federal Trade Commission. This is the first direct example in the US of an executive facing criminal charges and jail time over how they responded to a data breach.
As you discuss cybersecurity on the board, how do you evaluate your company’s stance? Here are some tips you can start doing today. This list is by no way complete, but here are things you can start doing today.
Cybersecurity is a very important topic for the boardroom and should not be taken lightly; however, it doesn’t need to be overwhelming. Utilize these tips to get you on the right path for your company, and if you don’t have a cybersecurity expert on your board, there are experts who can provide guidance.
The post Are You Prepared for Cybersecurity in the Boardroom? appeared first on McAfee Blogs.
Malicious actors are increasingly taking advantage of the burgeoning at-home workforce and expanding use of cloud services to deliver malware and gain access to sensitive data. According to an Analysis Report (AR20-268A) from the Cybersecurity and Infrastructure Security Agency (CISA), this new normal work environment has put federal agencies at risk of falling victim to cyber-attacks that exploit their use of Microsoft Office 365 (O365) and misuse their VPN remote access services.
McAfee’s global network of over a billion threat sensors affords its threat researchers the unique advantage of being able to thoroughly analyze dozens of cyber-attacks of this kind. Based on this analysis, McAfee supports CISA’s recommendations to help prevent adversaries from successfully establishing persistence in agencies’ networks, executing malware, and exfiltrating data. However, McAfee also asserts that the nature of this environment demands that additional countermeasures be implemented to quickly detect, block and respond to exploits originating from authorized cloud services.
Read on to learn from McAfee’s analysis of these attacks and understand how federal agencies can use cloud access security broker (CASB) and endpoint threat detection and response (EDR) solutions to detect and mitigate such attacks before they have a chance to inflict serious damage upon their organizations.
McAfee’s analysis supports CISA’s findings that adversaries frequently attempt to gain access to organizations’ networks by obtaining valid access credentials for multiple users’ O365 accounts and domain administrator accounts, often via vulnerabilities in unpatched VPN servers. The threat actor will then use the credentials to log into a user’s O365 account from an anomalous IP address, browse pages on SharePoint sites, and then attempt to download content. Next, the cyberthreat actor would connect multiple times from a different IP address to the agency’s Virtual Private Network (VPN) server, and eventually connect successfully.
Once inside the network, the attacker could:
McAfee’s comprehensive analysis of these attacks supports CISA’s proposed best practices to prevent or mitigate such cyber-attacks. These recommendations include:
While these recommendations provide a solid foundation for a strong cybersecurity program, these controls by themselves may not go far enough to prevent more sophisticated adversaries from exploiting and weaponizing cloud services to gain a foothold within an enterprise.
Organizations will gain a running start to identifying and thwarting the attacks in question by implementing a full-featured CASB such as McAfee MVISION Cloud, and an advanced EDR solution, such as McAfee MVISION Endpoint Threat Detection and Response.
Deploying MVISION Cloud for Office 365 enables agencies’ SOC analysts to assert greater control over their data and user activity in Office 365—control that can hasten identification of compromised accounts and resolution of threats. MVISION Cloud takes note of all user and administrative activity occurring within cloud services and compares it to a threshold based either on the user’s specific behavior or the norm for the entire organization. If an activity exceeds the threshold, it generates an anomaly notification. For instance, using geo-location analytics to visualize global access patterns, MVISION Cloud can immediately alert agency analysts to anomalies such as instances of Office 365 access originating from IP addresses located in atypical geographic areas.
When specific anomalies appear concurrently—e.g., a Brute Force anomaly and an unusual Data Access event—MVISION Cloud automatically generates a Threat. In the attacks McAfee analyzed, Threats would have been generated early on since the CASB’s user behavior analytics would have identified the cyber actor’s various activities as suspicious. Using MVISION Cloud’s activity monitoring dashboard and built-in audit trail of all user and administrator activities, SOC analysts can detect and analyze anomalous behaviors across multiple dimensions to more rapidly understand what exactly is occurring when and to what systems—and whether an incident concerns a compromised account, insider threat, privileged user threat, and/or malware—to shrink the gap to remediation.
In addition, with MVISION Cloud, an agency security analyst can clearly see how each cloud security incident maps to MITRE ATT&CK tactics and techniques, which not only accelerates the entire forensics process but also allows security managers to defend against similar attacks with greater precision in the future.
Furthermore, using MVISION Cloud for Office 365, agencies can create and enforce policies that prevent the uploading of sensitive data to Office 365 or downloading of sensitive data to unmanaged devices. With such policies in place, an attacker’s attempt to exfiltrate sensitive data will be mitigated.
In addition to deploying a CASB, implementing an EDR solution like McAfee MVISION EDR to monitor endpoints centrally and continuously—including remote devices—helps organizations defend themselves from such attacks. With MVISION EDR, agency SOC analysts have at their fingertips advanced analytics and visualizations that broaden detection of unusual behavior and anomalies on the endpoint. They are also able to grasp the implications of alerts more quickly since the information is presented in a format that reduces noise and simplifies investigation—so much so that even novice analysts can analyze at a higher level. AI-guided investigations within the solution can also provide further insights into attacks.
With a threat landscape that is constantly evolving and attack surfaces that continue to expand with increased use of the cloud, it is now more important than ever to embrace CASB and EDR solutions. They have become critical tools to actively defend today’s government agencies and other large enterprises.
Learn more about the cloud-native, unified McAfee MVISION product family. Get your questions answered by tweeting @McAfee
The post How CASB and EDR Protect Federal Agencies in the Age of Work from Home appeared first on McAfee Blogs.
(pictured credit: axel 795, Pixabay)
If you have teens and you haven’t yet heard of ‘Among Us’ then I guarantee it won’t be long. Among Us is an online deception and strategy game that is having a real moment worldwide. Over the last six months, it has amassed 85 million players on both PC and mobile. In September, it broke the all-time record-setting peak player ceiling on Steam when nearly 400,000 people played it simultaneously and, Google Trends reports that there were 50 times more Google searches for it at the beginning of October, as compared to the beginning of August.
Among Us is an online multi-player game that is set on a failing spaceship. Suitable for up to 10 players, it has been compared to ‘Murder in the Dark’ or ‘Murder Wink’ – the old-school party game you may have played as children.
At the start of the game, you’re advised whether you are a regular crew member or an imposter. Crew mates are tasked with completing small tasks that benefit the spaceship eg cleaning our air-conditioning ducts whereas imposters (between 1-3 players) create havoc on the spaceship and seek out victims to kill – without letting anyone know.
Every time a dead body is found, a crewmember will call a meeting to workshop who they think the imposter is. This is one of the few times players can talk to each other. As you can imagine, this can get very heated (and entertaining) as players try to implicate others and remove themselves from focus. All players then vote on who they think the imposter is – and the player with the most votes is ejected from the spaceship’s airlock.
Crewmates win by managing to repair the ship and eject all the imposters while the imposter wins by killing all the crewmates before they complete their jobs.
Among Us was actually launched in 2018 but to little fanfare. But the planets have aligned for the developers at InnerSloth and it has become one of the biggest online games ever. In fact, it’s so successful that the developers have abandoned plans for a sequel and are instead, investing their resources into perfecting the original.
There’s no doubt that pandemic life has contributed to the popularity of Among Us with many touting it as the ultimate group party game. In fact, some believe it brings all the energy and pizazz of board game night – just virtually.
It is extremely easy to learn. So, if you aren’t a gamer with years of experience (that’s me) you can absolutely play. This concept has been described by popular YouTube gamer Pegasus as ‘ingenious’ for its simplicity, and praised for its ‘extremely social’ nature.
The game is also very well priced. In fact, it’s free on mobile – but you will have to view some ads. And it’s only around $7 on a PC – so much cheaper than anything my kids have played in years!
The Classification Board here is Australia gives Among Us a PG rating which means the content is mild in impact. But they do state that PG rated content is ‘not recommended for viewing by people under the age of 15 without guidance from parents, teachers or guardians.’
In Australia, the game is rated as suitable for 9+ on the App Store. On Google Play it is nominated as suitable for ages 10+.
The role of the imposter in the game to hunt and murder players is aggressive and violent. Yes, it is a cartoon-like visual which does reduce the impact but there are still bodies left lying around after the deed is done.
Parents know their children the best. Absolutely take heed of the advice, but ultimately, you need to decide what’s suitable for them. If you do decide to let your younger children play – or they’ve already discovered it – please talk about violence in video games. Does watching violent images make them feel scared or more aggressive? Do they feel better if they talk about it or, in fact, choose to watch something less violent?
There is opportunity to chat with strangers in the game but it is less than most online games. Players can chat in the online waiting room before a game starts and of course, there is also interaction in the meetings during which the group tries to work out who the imposter is. Enabling the censor chat mode is a good option here – this limits word and aims to block out expletives however I understand that isn’t completely fool proof.
But you can choose to play the game offline, locally, which means you play only with people you know. You simply share a generated code with the players you want to join the game. I highly recommend this for younger children and teens or if you want to play the game as a family. The game can be played with as few as four players which makes an offline game far easier to get happening.
Both trust and deceit are at the core of this game. Learning who to place your trust in is part of being a successful crewmember in Among Us whilst being a master of deceit will win you the game as an imposter.
You could argue that these themes are no different to playing Murder in the Dark or even the old classic Cluedo. However, I would absolutely have a conversation with your kids about the difference between real life and online (or gaming) life. Why not weave it into your dinnertime conversation?
My boys are really enjoying playing Among Us, in fact – we have earmarked this weekend for a family game. But please ensure you are comfortable with the game before you give your kids the green light. And if you do, be assured that one of the reasons this game is so popular is because players feel like they are part of a community – and isn’t that what we all need at the moment?
‘till next time.
Alex xx
The post What You Need to Know About Among Us appeared first on McAfee Blogs.
Cybersecurity professionals know this drill well all too well. Making sense of lots of information and noise to access what really matters. XDR (Extended Detection & Response) continues to be a technical acronym thrown around in the cybersecurity industry with many notations and promises. Every vendor offering cybersecurity has an XDR song to sing. Interestingly, some either miss a beat or require tuning since it’s still quite an emerging market. This can be intriguing and nagging for cybersecurity professionals who are heads down defending against the persistent adversaries. The intent of this blog is to clarify XDR and remove the noise and hype into relevant and purposeful cybersecurity conversations with actions. And observe the need for a proactive approach.
Let’s begin with what does XDR refer to and its evolution. As noted earlier, XDR stands for Extended Detection and Response. “extended” is going beyond the endpoint to network and cloud infrastructure. You will find this cross-infrastructure or cross-domain capability is the common denominator for XDR. XDR is the next evolution of a solid Endpoint Detection and Response (EDR). Ironically it was a term introduced by a network security vendor with aspirations to enter the emerging Security Operations market.
Industry experts have weighed in on this XDR capability for cybersecurity and agree it’s still relatively early to market. Gartner’s definition, XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” Gartner notes three primary requirements of an XDR system are; centralization of normalized data primarily focused on the XDR vendors’ ecosystem, correlation of security data and alerts into incidents and centralized incident response capability that can change the state of individual security products as part of incident response or security policy setting. If you want to hear more from Gartner on this topic, check out the report.
ESG defines XDR as an integrated suite of security products spanning hybrid IT architectures, designed to interoperate and coordinate on threat prevention, detection and response. In other words, XDR unifies control points, security telemetry, analytics, and operations into one enterprise system. The cross-vector analytics must be enhanced to track advanced multi-stage attacks. In addition, implementation guidance such as reference architecture is needed to assure successful integrated workflows.
Forrester views XDR as the next generation of Endpoint Detection and Response to evolve to by integrating endpoint, network and application telemetry. The integration options are native where the integration is with one vendor’s portfolio or hybrid where the vendor integrates with other security vendors. The key goals include empowering analysts with incident-driven analytics for root cause analysis, offer prescriptive remediation with the ability to orchestrate it and map uses cases MITRE ATT&CK techniques and chain them into complex queries that describe behaviors, instead of individual events.
The common XDR themes from these XDR discussions are multiple security functions integrated and curated data across the control vectors all working together to achieve better security operational efficiencies while responding to a threat. Cross control points make sense since the adversary movement is erratic. Emphasis is on removing complexity and offering better detection and understanding of the risk in the environment and quickly sorting through a possible response. The range of detect and response capabilities also suggest that it cannot be done by one exclusive vendor. Many advocates an integrated partnership approach to unify defenses and streamline efforts across domains and vectors. It’s a more realistic approach as well since most organizations do not fulfil their entire security function with one vendor. While buying an XDR “suite” from one vendor is easier where most of the security tools come from one vendor, some critical security functions from another vendor should be included to drive a more effective detect and response. This is not a new concept to connect the security disciplines to work together, as matter fact, McAfee Enterprise has been professing and delivering on Together is Power motto for some time.
One more consideration on this unified and integrated security XDR theme, many vendors may proclaim this but look under the hood carefully. They may have a unified view in a single console but has the data from all the separate vectors been automatically assessed, triaged and providing meaningful and actionable next steps?
Another common XDR theme is the promise to accelerate investigation efforts by offering automatic analysis of findings and incidents to get closer to a better assessment. This makes your reactive cycles potentially less frequent.
Integrating security across the enterprise and control points and accelerating investigations are critical functions. Does it address organizational nuances like is this threat a high priority because it is prevalent in my geo and industry and it’s impacting target assets with highly sensitive data. Prioritization should also be an XDR theme but not necessarily noted in these XDR discussions. Encourage you to read this blog on The Art of Ruthless Prioritization and Why It Matters to Sec Ops.
After distilling the many point of views and the themes on XDR, it seems the core functions all focus on improving security operations immensely during an attack. So, it’s a reactive function
| XDR Core & Baseline functions | Why? |
| Cross infrastructure—comprehensive vector coverage |
Gain comprehensive visibility & control across your entire organization and stop operating in silos
Remove disparate efforts between tools, data and functional areas |
| Distilled data and correlated alerts across the organization | Remove manual discover and make sense of it all |
| Unified management with a common experience | From a common view or starting point removes the jumping between consoles and data pools to assure more timely and accurate responses |
| Security functions automatically exchange and trigger actions | Some security functions need to be automated like detection or response |
| Advanced functions—not noted in many XDR discussions | Why? |
| Actionable intelligence on potentially relevant threats | Allow organizations to proactively harden their environment before the attack |
| Rich context that includes threat intelligence and organizational impact insight | Organizations can prioritize their threat remediation efforts on major impact to the organization |
| Security working together with minimal effort |
Simply tie a range of security functions together to create a united front and optimize security investments
|
The end game is better security operational efficiencies. This can be expressed in a handy outcome check list perhaps helpful when assessing XDR solutions.
| Visibility | Control |
| More accurate detection | More accurate prevention |
| Adapt to changing technologies & infrastructure | Adapt to changing technologies & infrastructure |
| Less blind spots | Less gaps |
| Faster time to detect (or Mean Time to Detect-MTTD) | Faster time to remediate (or Mean Time to Respond-MTTR) |
| Better views and searchability | Prioritized hardening across portfolio—not isolated efforts |
| Faster & more accurate investigations (less false positive) | Orchestrate the control across the entire IT infrastructure |
McAfee Enterprise goes beyond the common XDR capabilities in the recently announced MVISION XDR and offers unmatched proactivity and prioritization producing smarter and better security outcomes. This means your SOC spends less time on error-prone reactive fire drills with weeks of investigation. SOCs will respond and protect what counts a lot quicker. Imagine getting ahead of the adversary before they attack.
Is XDR a solution or product to be bought or an approach an organization’s must rally their security strategy to take? Honestly it can be both. Many vendors are announcing XDR products to buy or XDR capabilities. An XDR approach will shift processes and likely to merge and encourage tighter coordination between different functions like SOC analysts, hunters, incident responders and IT administrators.
It depends on the organizations’ current cybersecurity maturity and readiness to embrace the breadth and required processes to obtain the SOC efficiency benefits. With the promise to correlate data across the entire enterprise implies some of the mundane and manual efforts to make sense of data into a better and actionable understanding of a threat are removed. Now this is good for organizations on both spectrums. Less mature organizations who do not have resources or expertise and do not consume data intelligence to shift through will appreciate this correlation and investigation step, but can they continue the pursuit of what does this mean to me. Medium to high mature cybersecurity organizations with expertise will not need to do the manual work to make sense of data. The difference with mature organizations comes with the next steps to further investigate and to decide on the remediation steps. Less mature organizations will not have the expertise to accomplish this. So, the real make a difference moment is for the more mature organization who can move more quickly to a response mode on the potential threat or threat in progress.
If you are a medium to high mature cybersecurity organization, the question comes how and when. Most organizations using an Endpoint Detection and Response (EDR) solution are likely quite ready to embrace the XDR capabilities since their efforts are already investigating and resolving endpoint threats. It’s time to expand this effort gaining better understanding of the adversary’s movement across the entire infrastructure. If you are using MVISION EDR you are already using a solution with XDR capabilities since it digests SIEM data from McAfee Enterprise ESM or Splunk (which means it goes beyond the endpoint, a key XDR requirement.) Check out the latest award MVISION XDR received amongst the many recognitions.
Hope this blog removed the jargon and fog around XDR and offers actionable considerations for your organization to boost their SOC efforts. Start your XDR journey here.
The post Unravel the XDR Noise and Recognize a Proactive Approach appeared first on McAfee Blog.
There are new and expanding opportunities for women’s participation in cybersecurity globally as women are present in greater numbers in leadership. In recent years, the international community has recognized the important contributions of women to cybersecurity, however, equal representation of women is nowhere near a reality, especially at senior levels.
The RSA Conference USA 2019 held in San Francisco — which is the world’s largest cybersecurity event with more than 40,000 people and 740 speakers — is a decent measuring stick for representation of women in this field. “At this year’s Conference 46 percent of all keynote speakers were women,” according to Sandra Toms, VP and curator, RSA Conference, in a blog she posted on the last day of this year’s event. “While RSAC keynotes saw near gender parity this year, women made up 32 percent of our overall speakers,” noted Toms.
Forrester also predicts that the number of women CISOs at Fortune 500 companies will rise to 20 percent in 2019, compared with 13 percent in 2017. This is consistent with new research from Boardroom Insiders which states that 20 percent of Fortune 500 global chief information officers (CIOs) are now women — the largest percentage ever.
Research from Cybersecurity Ventures, which first appeared in the media early last year, predicts that women will represent more than 20 percent of the global cybersecurity workforce by the end of 2019. This is based on in-depth discussions with numerous industry experts in cybersecurity and analyzing and synthesizing third-party reports, surveys, and media sources.
Either way, the 20 percent figure is still way too low, and our industry needs to continue pushing for more women in cyber. Heightened awareness on the topic — led by numerous women in cyber forums and initiatives — has helped move the needle in a positive direction.
Thursday, November 5, 2020
10am PT | 12pm CT | 1pm ET
Please join McAfee, AWS, and our customers to discuss the impact women are having on information security in the cloud. These remarkable women represent multiple roles in cloud and security, from technical leadership through executive management. Can’t make it? This same panel will reconvene later in the year during the AWS re:Invent.
Alexandra Heckler
Chief Information Security Officer
Collins Aerospace
Alexandra Heckler is Chief Information Security Officer at Collins Aerospace, where she leads a diverse team of cyber strategy and defense experts to protect against cyber threats and ensure regulatory compliance. Prior to joining Collins, Alexandra led Booz Allen’s Commercial Aerospace practice, building and overseeing multi-disciplinary teams to advise C-level clients on cybersecurity and digital transformation initiatives. Her work centered on helping aerospace manufacturers manage the convergence of cyber risk across their increasingly complex business ecosystem, including IT, OT and connected products. Alexandra also helped build and led the firm’s automotive practice, working with OEMs, suppliers and the Auto-ISAC to drive industry-leading vehicle cyber security capabilities. During her first few years at Booz Allen, she supported technology, innovation and risk analysis initiatives across U.S. government clients. Throughout her tenure, she engaged in Booz Allen’s Women in Cyber—a company-wide initiative to attract, develop and retain female cyber talent—and supported the firm’s partnership with the Executive Women’s Forum. She also served as Finance and Audit Chair on the Executive Committee of the newly-founded Space-ISAC. Alexandra holds a B.S. in Foreign Service with an Honors Certificate in International Business Diplomacy, and a M.A. in Communication, Culture and Technology from Georgetown University.
Diane Brown
Sr. Director/CISO of IT Risk Management
Ulta Beauty
Diane Brown is the Sr. Director/CISO of IT Risk Management at Ulta Beauty located in Bolingbrook, IL. In this role, Diane is accountable for the security of the retail stores, cyber-security, infrastructure, security/network engineering, data protection, third-party risk assessments, Directory Services, SOX & PCI compliance, application security, security awareness and Identity Management. Diane has more than three decades of IT experience in the retail environment and has honed her expertise in information technology leadership with a focus on risk management for the past 15 years. She values her strategic alliances with the business focusing on delivery of secure means to deploy new technologies, motivating people and managing an expanding technology portfolio. She holds a Bachelor’s degree in Information Security and CISSP/ISSAP certifications and is a member of the Executive Security Council for NRF and one of the original members of the RH-ISAC.
Elizabeth Moon
Director, Industry Solutions Americas Solutions Architecture & Customer Success
Amazon Web Services
Elizabeth has been with AWS for 5-1/2 years and leads Industry Solutions within the Americas Solutions Architecture and Customer Success organization. Elizabeth’s team of Specialist Solutions Architects provide industry specific depth for customers in the following segments: Games, Private Equity, Media & Entertainment, Manufacturing/Supply Chain, Healthcare Life Sciences, Financial Services, and Retail. They focus on accelerating cloud migration and building customer confidence and capability on the AWS platform through expert, prescriptive guidance on Foundations (Security, Identity, and Networking), Cost Optimization, Developer Experience, Cloud Migrations and Modernization.
Prior to her role at AWS, Elizabeth led the pre-sales Oracle Enterprise Architecture team within Oracle’s North America Public Sector Consulting organization. She helped customers maximize their investment in Oracle technologies, align business initiatives with the right IT solutions, and mitigate risk of implementations, focused on Oracle Engineered Systems, Database, and Infrastructure solutions.
Elizabeth got her start in technology with Metropolitan Regional Information Systems (MRIS), the nation’s largest Multiple Listing Service (MLS) and real estate information provider. She spent 15 years at this small company across multiple functions: DBA, data architect, system administrator, technical program lead, and operations leader. Most notably, she led design, deployment and growth of the patented database behind the Cornerstone Universal Data Exchange.
She earned a bachelor’s degree in International Business from Eckerd College in St. Petersburg, Florida.
Deana Elizondo
Director of Cyber Risk & Security Services
American Electric Power
Deana Elizondo is the Director of Cyber Risk & Security Services at American Electric Power. She has been with AEP for 16 years and has spent the last 11 years in Cybersecurity. Deana’s organization includes Security Ambassadors, Security Education & Regional Support, Data Protection & Privacy, Enterprise Content Management, and Strategy, Risk & Policies. Deana’s passion is growing and developing her leaders and team members, as well as educating the entire AEP workforce on the value and benefits of reducing Security risk.
Aderonke (Addie) Adeniji
Director Information Assurance Office of Cybersecurity
House of Representatives
Addie Adeniji is a seasoned cybersecurity professional with expertise in Federal IT security governance, risk and compliance (GRC). Currently, she serves as the Director of Information Assurance, within the Office of Cybersecurity, for the U.S. House of Representatives. In this role, she oversees Information Assurance standard and process development and directs risk management and audit compliance efforts across the House. Ms. Adeniji works with House staff to identify, evaluate and report risks to ensure the House maintains a strengthened security risk posture. Her past experience includes security consulting within the Federal health (i.e., FDA, NIH, and HHS headquarters) and energy domains.
Brooke Noelke (Moderator)
Senior Enterprise Cloud Security Strategist/Architect
McAfee
Brooke joins McAfee’s Customer Cloud Security Architecture team after leading McAfee IT’s cloud technical architects and business-facing cloud service management efforts, driving McAfee’s cloud transformation and migration of 70% of our applications to the cloud. She’s spent most of her career in technical leadership roles in cloud strategy, architecture and engineering, spanning professional services strategy though IT delivery leadership. She believes cloud services have already rewritten our IT universe, and we’re all just catching up… but that the cloud “easy buttons” we’re handing developers and business functions aren’t as risk-free as commonly assumed. Her mission is to make the secure path, the easy path to deploying new products, solutions and intelligence in the cloud, through enablement of organizational change, agile automation and well-designed, reusable cloud security reference architectures
Source: https://cybersecurityventures.com/women-in-cybersecurity/
The post SPOTLIGHT: Women in Cybersecurity appeared first on McAfee Blogs.
McAfee MVISION Cloud was the first to market with a CASB solution to address the need to secure corporate data in the cloud. Since then, Gartner has published several reports dedicated to the CASB market, which is a testament to the critical role CASBs play in enabling enterprise cloud adoption. Today, Gartner named McAfee a Leader in the 2020 annual Gartner Magic Quadrant for Cloud Access Security Brokers (CASB) for the fourth time evaluating CASB vendors.
Cloud access security brokers have become an essential element of any cloud security strategy, helping organizations govern the use of cloud and protect sensitive data in the cloud. Security and risk management leaders concerned about their organizations’ cloud use should investigate CASBs.
In its fourth Magic Quadrant for Cloud Access Security Brokers, Gartner evaluated eight vendors that met its inclusion criteria. MVISION Cloud, as part of the MVISION family of products at McAfee, is recognized as a Leader in the report; and for the fourth year in a row. To learn more about how Gartner assessed the market and MVISION Cloud, download your copy of the report here.
This year, Gartner commissioned a highly rigorous process to compile its Gartner Magic Quadrant for Cloud Access Security Brokers (CASB) report and they relied on numerous inputs to compile the report, including these materials from vendors to understand their product offerings:
In 2020, McAfee made several updates and additions to its solutions, strengthening its position as an industry experts including:
McAfee also received recognition as the only vendor to be named the January 2020 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers based on customer feedback and ratings for McAfee MVISION Cloud.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved
Gartner Peer Insights ‘Voice of the Customer’: Cloud Access Security Brokers, Peer Contributors, 13 March 2020. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.
The post McAfee Named a Leader in the 2020 Gartner Magic Quadrant for CASB appeared first on McAfee Blogs.
Most businesses cannot survive without being connected to the internet or the cloud. Websites and cloud services enable employees to communicate, collaborate, research, organize, archive, create, and be productive.
Yet, the digital connection is also a threat. External attacks on cloud accounts increased by an astounding 630% in 2019. Ransomware and phishing remain major headaches for IT security teams, and as users and resources have migrated outside of the traditional network security perimeter, it’s become increasingly difficult to protect users from clicking on a link or opening a malicious file.
This challenge has increased the tension between two IT mandates—allowing unfettered access to necessary services, while preventing attacks and blocking access to malicious sites. Automation helps significantly with modern security pipelines blocking about 99.5% of malicious and suspicious activity by filtering known bad files and sites, as well as using sophisticated anti-malware scanning and behavioral analytics.
However, the remaining half of 1% still represents a significant number of sites and potential threats that require time for a team of security analysts to triage. Therefore, IT managers are faced with the challenge of devising balanced security policies. Many companies default to blocking unknown traffic, but over-blocking of web sites and content can hinder user productivity while creating a surge in help-desk tickets as users attempt to go to legitimate sites that have not yet been classified. On the flipside, web policies that allow access too freely greatly increases the likelihood of serious, business-threatening security incidents.
With a focus on digital transformation, accelerated by the change in work habits and locations during the pandemic, companies need flexible, transparent security controls that enable safe user access to critical web and cloud resources without overwhelming security teams with constant help desk calls, policy changes, and manual triaging. Remote Browser Isolation – if implemented properly – can help achieve this.
While security solutions leveraging URL categorization, domain reputation, antivirus, and sandboxes can stop 99.5% of threats, remote browser isolation (RBI) can handle the remaining unknown events, rather than the common strategy of choosing to rigidly block or allow everything. RBI allows web content to be delivered and viewed in a safe environment, while analysis is conducted in the background. Using RBI, any request to an unknown site or URL that remains suspicious after traversing the web protection defense-in-depth pipeline will be rendered remotely, preventing any impact to a user’s system in the event the content is malicious.
Remote browser isolation blocks malicious code from running on an employee’s system just because they clicked a link. The technology will also prevent pages from using unprotected cookies to try and gain access to protected web services and sites. Such protections are particularly important in the age of ransomware, when an inadvertent click on a malicious link can lead to significant damage to a company’s digital assets.
Given the benefits of remote browser isolation, some companies have deployed the technology to render every site. While this can very effectively mitigate security risk, isolating all web and cloud traffic demands considerable computing resources and is prohibitively expensive from a license cost point of view.
By integrating remote browser isolation (RBI) technology directly into our MVISION Unified Cloud Edge (UCE) solution, McAfee integrates RBI with the existing triage pipeline. This means that the rest of the threat protection stack – including global threat intelligence, anti-malware, reputation analysis, and emulation sandboxing – can filter out the majority of threats while only one out of every 200 requests needs to be handled using the RBI. This dramatically reduces overhead. McAfee’s UCE makes this approach dead simple: rather than positioning remote browser isolation as a costly and complicated add-on service, it is included with every MVISION UCE license.
However, there are specific people inside a company—such as the CEO or the finance department—with whom you cannot take chances. For those privileged users, full isolation from potential internet threats is also available. This approach ensures full virtual segmentation of the user’s system from the internet and shields it against any potential danger, enabling him to use the web and cloud freely and productively.
McAfee’s approach greatly reduces the risk of users being compromised by phishing campaigns or inadvertently getting infected by ransomware – such attacks can incur substantial costs and impact an organization’s ability to operate. At the same time, organizations benefit from a workforce that is freely able to access the web and cloud resources they need to be productive, while IT staff are freed from the burden of rigid web policies and constantly addressing help-desk tickets. .
Want to know more? Check out our RBI demonstration.
The post Catch the Most Sophisticated Attacks Without Slowing Down Your Users appeared first on McAfee Blogs.
You’ve more than likely heard the phrase “with great power comes great responsibility.” Alternatively called the “Peter Parker Principle” this phrase became well known in popular culture mostly due to Spider-Man comics and movies – where Peter Parker is the protagonist. The phrase is so well known today that it actually has its own article in Wikipedia. The gist of the phrase is that if you’ve been empowered to make a change for the better, you have a moral obligation to do so.
However, what I’ve noticed as I talk to customers about cloud security, especially security for the Infrastructure as a Service (IaaS) is a phenomenon I’m dubbing the “John McClane Principle” – the name has been changed to protect the innocent
The John McClane Principle happens when someone has been given responsibility for fixing something but at the same time has not been empowered to make necessary changes. At the surface this scenario may sound absurd, but I bet many InfoSec teams can sympathize with the problem. The conversation goes something like this:
That’s when “with no power comes more responsibility” rings true.
And why is that? The reason being is that IaaS has fundamentally changed how we consume IT and along with that how we scale security. No longer do we submit purchase requests and go through a long, lengthy processes to spin up infrastructure resources. Now anyone with a credit card can spin up the equivalent of a data center within minutes across the globe.
The agility however introduced some unintended changes to InfoSec and in order to scale, cloud security cannot be the sole responsibility of one team. Rather cloud security must be embedded in process and depends on collaboration between development, architects, and operations. These teams now have a more significant role to play in cloud security, and in many cases are the only ones who can implement change in order to enhance security. InfoSec now acts as Sherpas instead of gatekeepers to make sure every team is marching to the same, secure pace.
However, as John McClane can tell you the fact that more teams look after cloud security doesn’t necessarily mean you have a better solution. In fact, having to coordinate across multiple teams with different priorities can make security even more complex and slow you down. Hence the need for a streamlined security solution that facilitates collaboration between developers, architects, and InfoSec but at the same time provides guardrails, so nothing slips throw the cracks.
With that, I’m excited to announce our new cloud security service built especially for customers moving and developing applications in the cloud. We call it MVISION Cloud Native Application Protection Platform – or just CNAPP because every service deserves an acronym.
What is CNAPP? CNAPP is a new security service we’ve just announced today that combines solutions from Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Data Loss Prevention (DLP), and Application Protection into a single solution. Now in beta with a target launch date of Q1, 2021, we built CNAPP to provide InfoSec teams broad visibility into their cloud native applications. For us, the goal wasn’t how do we slow things down to make sure everything is secure; rather how do we enable InfoSec teams the visibility and context they need for cloud security while allowing dev teams to move fast.
Let me briefly describe what features CNAPP has and list some features that are customer favorites.
The vast majority of breaches in IaaS today are due to service misconfigurations. Gartner famously said in 2016 that “95% of cloud security failures will be the customer’s fault.”Just last year Gartner updated that quote to say “99% of cloud security failures will be the customers’ fault.” I’m waiting for the day when Gartner’s says “105% will be the customer’s fault.”
Why is the percentage so high? There are multiple reasons, but we hear a lot from our customers that there is a huge lack of knowledge on how to secure new services. Each cloud provider is releasing new services and capabilities at a dizzying pace with no blockers for adoption. Unfortunately, the industry hasn’t matched pace of having a workforce that knows and understands how best to configure these new services and capabilities. CNAPP provides customers with the ability to immediately audit all cloud services and benchmark those services against best security practices and industry standards like CIS Foundations, PCI, HIPPA, and NIST.
Within that audit (we call it a security incident), CNAPP provides detailed information on how to reconfigure services to improve security, but the service also provides the ability to assign the security incident to dev teams with SLAs so there’s no ambiguity on who owns what and what needs to change. All of these workflows can be automated so multiple teams are empowered in near real-time to find and fix problems.
Additionally, CNAPP has a custom policy feature where customers can create policies for identifying risky misconfigurations unique to their environments as well as integrations with developer tools like Jenkins, Bitbucket, and GitHub that provide feedback on deployments that don’t meet security standards.
IaaS platforms have become catalysts for Open Source Software (OSS) like Linux (OS), Docker (container), and Kubernetes (orchestration). The challenge with using these tools is the inherit risk of Common Vulnerabilities and Exposures (CVE) found in software libraries and misconfigurations in deploying new services. Another famous quote by Gartner is that “70% of attacks against containers will be from known vulnerabilities and misconfigurations that could have been remediated.” But how does the InfoSec team quickly spot those vulnerabilities and misconfigurations, especially in ephemeral environments with multiple developer teams pushing frequent releases into CI/CD pipelines?
Based on our acquisition of NanoSec last year, CNAPP provides full workload protection by identifying all compute instances, containers, and container services running in IaaS while identifying critical CVEs, misconfigurations in both repository and production container services, and introducing some new protection features. These features include application allow listing, OS hardening, and file integrity monitoring with plans to introduce nano-segmentation and on-prem support soon.
We’ve had a great time working jointly with our customers to release CNAPP. I’d like to highlight some of the use cases that have proven to be game changers for our customers.
There are a lot more features I’d love to highlight, but instead I invite you to check out the solution for yourself. Visit https://mcafee.com/CNAPP for more information on our release or request a demo at https://mcafee.com/demo. We’d love to get your feedback and hear how MVISION CNAPP can help you become more empowered and responsible in the cloud.
This post contains information on products, services and/or processes in development. All information provided here is subject to change without notice at McAfee’s sole discretion. Contact your McAfee representative to obtain the latest forecast, schedule, specifications, and roadmaps.
The post With No Power Comes More Responsibility appeared first on McAfee Blogs.
There are few situations more personal than a distressed family member calling to ask for financial help. But personal is precisely the angle bad actors are taking these days in scams that target both the young and old.
Called “The Grandparent Scam,” this con usually begins with a simple, “Hi, Grandma!” from a criminal posing as the victim’s grandchild who claims to be in trouble. Then comes the ask — that the loving (and worried) Grandparent wire money for bail, airfare, a collision, or some other emergency. Some scammers have even managed to spoof the incoming caller ID to read “U.S. District Court.”
Safe Family Tips: 1) Ask the caller to prove who they are and call the child’s parent or another relative to verify the situation. 2) Never wire money, gift cards, or send cash by courier. 3) Be skeptical of “urgent” requests and tearful pleas for cash or personal information.
While it’s hard to imagine being duped by this kind of phone call, you might be surprised to learn that it’s younger people falling hardest for scams. The Federal Trade Commission reports that Millennials (20-30-year-olds) are most likely to lose money to online fraud. The top 5 scams targeting Millennials include online shopping, business imposters, government imposters, fake check scams, and romance scams.
Safe Family Tips: Be skeptical when shopping online. Cybercriminals have created countless look-a-like merchant sites to gain access to your credit card and other personal information. Confirm the seller’s physical address and phone number before you make a purchase. Consider putting security software on your family’s devices that protect against malware, viruses, and provide families with Virtual Private Network (VPN) encryption for safe shopping.
With many school districts operating on a hybrid virtual and in-class education model, the digital gap between teachers and remote students has given bad actors a new channel to launch ransomware, phishing, and social engineering scams against exposed IT infrastructures. According to the FBI, “cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic.”
Too, a recent Microsoft Security Intelligence study found that 61 percent of the 7.7 million malware over the previous month targeted education, a number far higher than other sectors. Scams include malware attacks on e-learning platform ransomware attacks on larger districts.
Safe Family Tips: Inquire about on-site security measures in place at your child’s school. Look into software to protect your home network and personal devices against cyberattacks launched through email, school networks, or social media sites.
Your best defense against a scam — should it come via phone, email, or a website — is a solid offense. Consider boosting your cyber hygiene routine by using strong passwords, a VPN, and staying informed about the latest scams. By now, we know the bad actors online don’t discriminate based on age; they are out to steal data and dollars from anyone who lets down their guard.
The post Cruel Ghouls: New Digital Scams Target Every Age Group appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Imagine it’s 20 years ago and someone at a dinner party predicts that one day you could pop down to the appliance store and buy an internet-connected fridge. Your year 2000 self might have shook that off and then then asked, “Why would someone ever do that?”
Yet here we are.
Today, so much is getting connected. Our appliances, security systems, and even our coffeemakers too. So far this month, we’ve talked about protecting these connected things and securing these new digital frontiers as Internet of Things (IoT) devices transform not only our homes, but businesses and communities as well.
To wrap up Cybersecurity Awareness Month, let’s take a look ahead at how the next wave of connected devices could take shape by taking a look at the network that billions of them will find themselves on: 5G networks.
You’ve no doubt seen plenty of commercials from the big mobile carriers as they tout the rollout of their new, more powerful 5G networks. And more powerful they are. For starters, 5G is expected to operate roughly 10 times faster than the 4G LTE networks many of us enjoy now—with the potential to get yet faster than that over time.
While mention of faster speeds continues to be the top selling point in ads and the like, 5G offers another pair of big benefits: greater bandwidth and lower latency. Taken together, that means 5G networks can host more devices than before and with a near-instantaneous response time.
The implication of these advances is that billions and billions of new devices will connect to mobile networks directly, at terrific speeds, rather than to Wi-Fi networks. Of those, many billions will be IoT devices. And that means more than just phones.
What will those devices look like?
One answer is plenty more of what we’re already starting to see today—such as commercial and industrial devices that track fleet vehicles, open locks on tractor trailer deliveries based on location, monitor heating and air conditioning systems, oversee supply chains. We’ll also see more devices that manage traffic, meter utilities, and connect devices used in healthcare, energy, and agriculture. That’s in addition to the ones we’ll own ourselves, like wearables and even IoT tech in our cars.
All together, we’ll add about 15 billion new IoT devices to the 26 billion IoT devices already in play today for a total of an expected 41 billion IoT devices in 2025.
Citing those examples of IoT applications underscores the critical need for safety and security in the new 5G networks. This is a network we will count on in numerous ways. Businesses will trust their operations to the IoT devices that operate on it. Cities will run their infrastructure on 5G IoT devices. And we, as people, will use 5G networks for everything from entertainment to healthcare. Not only will IoT devices themselves need protection, yet the networks will need to be hardened for protection as well. And you can be certain that increased network security, and security in general, is a part of our future forecast.
The GSMA, an industry group representing more than 750 operators in the mobile space, calls out the inherent need for security for 5G networks in their 5G Reference Guide for Operators. In their words, “New threats will be developed as attackers are provided live service environment to develop their techniques. 5G is the first generation that recognizes this threat and has security at its foundation.” When you consider the multitude of devices and the multitude of applications that will find their way onto 5G, a “square one” emphasis on security makes absolute sense. It’s a must.
While standards and architectures are taking shape and in their first stages of implementation, we can expect operators to put even more stringent defenses in place, like improved encryption, ways of authenticating devices to ensure they’re not malicious, creating secure “slices” of the network, and more, which can all improve security.
Another consideration for security beyond the oncoming flood of emerging devices and services that’ll find their way onto 5G networks is the sheer volume of traffic and data they’ll generate. One estimate puts that figure of 5G traffic at 79.4 zettabytes (ZB) of data in 2025. (What’s a zettabyte? Imagine a 10 followed by 21 zeroes.) This will call for an evolution in security that makes further use of machine learning and AI to curb a similarly increased volume of threats—with technologies much like you see in our McAfee security products today.
“Siri/Alexa/Cortana/Google, play Neko Case I Wish I Was the Moon.”
We’ve all gotten increasingly comfy with the idea of connected devices in our homes, like our smart assistants. Just in 2018, Juniper Research estimated that there’d be some 8 billion digital voice assistants globally by 2023, thanks in large part to things like smart TVs and other devices for the home. Expect to see more IoT devices like those available for use in and around your house.
What shape and form might they take? Aside from the voice-activated variety, plenty of IoT devices will help us automate our homes more and more. For example, you might have smart sensors in your garden that can tell when your tomatoes are thirsty and activate your soaker hoses for a drink—or other smart sensors placed near your water heater that will text you when they detect a leak.
Beyond that, we’re already purchasing connected lights and smart thermostats, yet how about connecting these things all together to create presets for your home? Imagine a setting called “Movie Night,” where just a simple voice command draws the shades, lowers the lights, turns on the gas fireplace, and fires up the popcorn maker. All you need to do is get your slippers.
Next, add in a degree of household AI, which can learn your preferences and habits. Aspects of your home may run themselves and predict things for you, like the fact that you like your coffee piping hot at 5:30am on Tuesdays. Your connected coffeemaker will have it ready for you.
These scenarios were once purely of the George Jetson variety (remember him?), yet more and more people will get to indulge in these comforts and conveniences as the technology becomes more pervasive and affordable.
One point of consideration with any emerging technology like the IoT on 5G is access.
This year drove home a hard reality: access to high-speed internet, whether via mobile device or a home network is no longer a luxury. It’s a utility. Like running water. We need it to work. We need it to study. We need it to bank, shop, and simply get things done.
Yet people in underserved and rural communities in the U.S. still have no access to broadband internet in their homes. Nearly 6 in 10 of U.S. parents with lower incomes say their child may face digital obstacles in schoolwork because of reduced access to devices and quality internet service. And I’ve heard anecdotes from educators about kids taking classes online who have to pull into their school’s parking lot to get proper Wi-Fi, simply because they don’t have a quality connection at home.
The point is this: as these IoT innovations continue to knit their way into our lives and the way the world works, we can’t forget that there’s still a digital divide that will take years of effort, investment, and development before that gap gets closed. And I see us closing that gap in partnership, as people and communities, businesses and governments, all stand to benefit when access to technology increases.
So as we look to the future, my hope is that we all come to see high-speed internet connections for what they are—an absolute essential—and take the steps needed to deliver on it. That’s an advance I’d truly embrace.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5G and the IoT: A Look Ahead at What’s Next for Your Home and Community appeared first on McAfee Blogs.
Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear – we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive, acceptable definition of Zero Trust Architecture.
Today, most entities utilize a multi-phased security approach. Most commonly, the foundation (or first step) in the approach is to implement secure access to confidential resources. Coupled with the shift to remote and distance work, the question arises, “are my resources and data safe, and are they safe in the cloud?”
Thankfully, the DoD is in the process of developing a long-term strategy for ZTA. Industry partners, like McAfee, have been briefed along the way. It has been refreshing to see the DoD take the initial steps to clearly define what ZTA is, what security objectives it must meet, and the best approach for implementation in the real-world. A recent DoD briefing states “ZTA is a data-centric security model that eliminates the idea of trusted or untrusted networks, devices, personas, or processes and shifts to a multi-attribute based confidence levels that enable authentication and authorization policies under the concept of least privilege access”.
What stands out to me is the data-centric approach to ZTA. Let us explore this concept a bit further. Conditional access to resources (such as network and data) is a well-recognized challenge. In fact, there are several approaches to solving it, whether the end goal is to limit access or simply segment access. The tougher question we need to ask (and ultimately answer) is how to do we limit contextual access to cloud assets? What data security models should we consider when our traditional security tools and methods do not provide adequate monitoring? And is securing data, or at least watching user behavior, enough when the data stays within multiple cloud infrastructures or transfers from one cloud environment to another?
Increased usage of collaboration tools like Microsoft 365 and Teams, SLACK and WebEx are easily relatable examples of data moving from one cloud environment to another. The challenge with this type of data exchange is that the data flows stay within the cloud using an East-West traffic model. Similarly, would you know if sensitive information created directly in Office 365 is uploaded to a different cloud service? Collaboration tools by design encourage sharing data in real-time between trusted internal users and more recently with telework, even external or guest users. Take for example a supply chain partner collaborating with an end user. Trust and conditional access potentially create a risk to both parties, inside and outside of their respective organizational boundaries. A data breach whether intentional or not can easily occur because of the pre-established trust and access. There are few to no limited default protection capabilities preventing this situation from occurring without intentional design. Data loss protection, activity monitoring and rights management all come into question. Clearly new data governance models, tools and policy enforcement capabilities for this simple collaboration example are required to meet the full objectives of ZTA.
So, as the communities of interest continue to refine the definitions of Zero Trust Architecture based upon deployment, usage, and experience, I believe we will find ourselves shifting from a Zero Trust model to an Advanced Adaptive Trust model. Our experience with multi-attribute-based confidence levels will evolve and so will our thinking around trust and data-centric security models in the cloud.
The post Data-Centric Security for the Cloud, Zero Trust or Advanced Adaptive Trust? appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Fitness trackers worn on the wrist, glucose monitors that test blood sugar without a prick, and connected toothbrushes that let you know when you’ve missed a spot—welcome to internet-connected healthcare. It’s new realm of care with breakthroughs big and small. Some you’ll find in your home, some you’ll find inside your doctor’s office, yet all of them are connected. Which means they all need to be protected. After all, they’re not tracking any old data. They’re tracking our health data, one of the most precious things we own.
Internet-connected healthcare, also known as connected medicine, is a broad topic. On the consumer side, it covers everything from smart watches that track health data to wireless blood pressure monitors that you can use at home. On the practitioner side, it accounts for technologies ranging from electronic patient records, network-enabled diagnostic devices, remote patient monitoring in the form of wearable devices, apps for therapy, and even small cameras that can be swallowed in the form of a pill to get a view of a patient’s digestive system.
Additionally, it also includes telemedicine visits, where you can get a medical issue diagnosed and treated remotely via your smartphone or computer by way of a video conference or a healthcare provider’s portal—which you can read about more in one of my blogs from earlier this year. In all, big digital changes are taking place in healthcare—a transformation that’s rapidly taking shape to the tune of a global market expected to top USD 534.3 billion by 2025.
Advances in digital healthcare have come more slowly compared to other aspects of our lives, such as consumer devices like phones and tablets. Security is a top reason why. Not only must a healthcare device go through a rigorous design and approval process to ensure it’s safe, sound, and effective, it also held to similar rigorous degrees of regulation when it comes to medical data privacy. For example, in the U.S., we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets privacy and security standards for certain health information.
Taken together, this requires additional development time for any connected medical device or solution, in addition to the time it takes to develop one with the proper efficacy. Healthcare device manufacturers cannot simply move as quickly as, say, a smartphone manufacturer can. And rightfully so.
However, for this blog, we’ll focus on the home and personal side of the equation, with devices like fitness trackers, glucose monitors, smart watches, and wearable devices in general—connected healthcare devices that more and more of us are purchasing on our own. To be clear, while these devices may not always be categorized as healthcare devices in the strictest (and regulatory) sense, they are gathering your health data, which you should absolutely protect. Here are some straightforward steps you can take:
Many medical IoT devices use a smartphone as an interface, and as a means of gathering, storing, and sharing health data. So whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls. Additionally, installing it will protect you and your phone in general as well.
Some IoT devices have found themselves open to attack because they come with a default username and password—which are often published on the internet. When you purchase any IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager.
You’ve probably come across two-factor authentication while banking, shopping, or logging into any other number of accounts. Using a combination of your username, password, and a security code sent to another device you own (typically a mobile phone) makes it tougher for hackers to crack your device. If your IoT device supports two-factor authentication, use it for extra security.
This is vital. Make sure you have the latest updates so that you get the latest functionality from your device. Equally important is that updates often contain security upgrades. If you can set your device to receive automatic updates, do so.
Your medical IoT device will invariably use your home Wi-Fi network to connect to the internet, just like your other devices. All the data that travels on there is personal and private use already, and that goes double for any health data that passes along it. Make sure you use a strong and unique password. Also change the name of your router so it doesn’t give away your address or identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. You may also want to consider investing in an advanced internet router that has built-in protection, which can secure and monitor any device that connects to your network.
Similar to the above, another way you can further protect the health data you send over the internet is to use a virtual private network, or VPN. A VPN uses an encrypted connection to send and receive data, which shields it from prying eyes. A hacker attempting to eavesdrop on your session will effectively see a mish-mash of garbage data, which helps keep your health data secure.
One recent study found that 25% of U.S. homeowners with broadband internet expect to purchase a new connected consumer health or fitness device within the next year. Just be sure yours is secure. Read up on reviews and comments about the devices you’re interested in, along with news articles about their manufacturers. See what their track record is on security, such as if they’ve exposed data or otherwise left their users open to attack.
Bottom line, when we speak of connected healthcare, we’re ultimately speaking about one of the most personal things you own: your health data. That’s what’s being collected. And that’s what’s being transmitted by your home network. Take these extra measures to protect your devices, data, and yourself as you enjoy the benefits of the connected care you bring into your life and home.
The post Seven Tips for Protecting Your Internet-Connected Healthcare Devices appeared first on McAfee Blog.
Detrimental lies are not new. Even misleading headlines and text can fool a reader. However, the ability to alter reality has taken a leap forward with “deepfake” technology which allows for the creation of images and videos of real people saying and doing things they never said or did. Deep learning techniques are escalating the technology’s finesse, producing even more realistic content that is increasingly difficult to detect.
Deepfakes began to gain attention when a fake pornography video featuring a “Wonder Woman” actress was released on Reddit in late 2017 by a user with the pseudonym “deepfakes.” Several doctored videos have since been released featuring high-profile celebrities, some of which were purely for entertainment value and others which have portrayed public figures in a demeaning light. This presents a real threat. The internet already distorts the truth as information on social media is presented and consumed through the filter of our own cognitive biases.
Deepfakes will intensify this problem significantly. Celebrities, politicians and even commercial brands can face unique forms of threat tactics, intimidation, and personal image sabotage. The risks to our democracy, justice, politics and national security are serious as well. Imagine a dark web economy where deepfakers produce misleading content that can be released to the world to influence which car we buy, which supermarket we frequent, and even which political candidate receives our vote. Deepfakes can touch all areas of our lives; hence, basic protection is essential.
Deepfakes are a cutting-edge advancement of Artificial Intelligence (AI) often leveraged by bad actors who use the technology to generate increasingly realistic and convincing fake images, videos, voice, and text. These videos are created by the superimposition of existing images, audio, and videos onto source media files by leveraging an advanced deep learning technique called “Generative Adversarial Networks” (GANs). GANs are relatively recent concepts in AI which aim to synthesize artificial images that are indistinguishable from authentic ones. The GAN approach brings two neural networks to work simultaneously: one network called the “generator” draws on a dataset to produce a sample that mimics it. The other network, known as the “discriminator”, assesses the degree to which the generator succeeded. Iteratively, the assessments of the discriminator inform the assessments of the generator. The increasing sophistication of GAN approaches has led to the production of ever more convincing and nearly impossible to expose deepfakes, and the result far exceeds the speed, scale, and nuance of what human reviewers could achieve.
To mitigate this threat, McAfee today announced the launch of the McAfee Deepfakes Lab to focus the company’s world-class data science expertise and tools on countering the deepfake menace to individuals, organizations, democracy and the overall integrity of information across our society. The Deepfakes Lab combines computer vision and deep learning techniques to exploit hidden patterns and detect manipulated video elements that play a key role in authenticating original media files.
To ensure the prediction results of the deep learning framework and the origin of solutions for each prediction are understandable, we spent a significant amount of time visualizing the layers and filters of our networks then added a model-agnostic explainability framework on top of the detection framework. Having explanations for each prediction helps us make an informed decision about how much we trust the image and the model as well as provide insights that can be used to improve the latter.
We also performed detailed validation and verification of the detection framework on a large dataset and tested detection capability on deepfake content found in the wild. Our detection framework was able to detect a recent deepfake video of Facebook’s Mark Zuckerberg giving a brief speech about the power of big data. The tool not only provided an accurate detection score but generated heatmaps via the model-agnostic explainability module highlighting the parts of his face contributing to the decision, thereby adding trust in our predictions.
Such easily available deepfakes reiterate the challenges that social networks face when it comes to policing manipulated content. As advancements in GAN techniques produce very realistic looking fake images, advanced computer vision techniques will need to be developed to identify and detect advanced forms of deepfakes. Additionally, steps need to be taken to defend against deepfakes by making use of watermarks or authentication trails.
We realize that news media do have considerable power in shaping people’s beliefs and opinions. As a consequence, their truthfulness is often compromised to maximize impact. The dictum “a picture is worth a thousand words” accentuates the significance of the deepfake phenomenon. Credible yet fraudulent audio, video, and text will have a much larger impact that can be used to ruin celebrity and brand reputations as well as influence political opinion with terrifying implications. Computer vision and deep learning detection frameworks can authenticate and detect fake visual media and text content, but the damage to reputations and influencing opinion remains.
In launching the Deepfakes Lab, McAfee will work with traditional news and social media organizations to identify malicious deepfakes videos during this crucial 2020 national election season and help combat this new wave of disinformation associated with deepfakes.
In our next blog on deepfakes, we will demonstrate our detailed detection framework. With this framework, we will be helping to battle disinformation and minimize the growing challenge of deepfakes.
To engage the services of the McAfee Deepfakes Lab, news and social media organizations may submit suspect video for analysis by sending content links to media@mcafee.com.
The post The Deepfakes Lab: Detecting & Defending Against Deepfakes with Advanced AI appeared first on McAfee Blogs.
Before the cloud, organizations would collaborate and store documents on desktop/laptop computers, email and file servers. Private cloud use-cases such accessing and storing documents on intranet web servers and network attached storage (NAS) improved the end-user’s experience. The security model followed a layered approach, where keeping this data safe was just as important as not allowing unauthorized individuals into the building or data center. This was followed by a directory service to sign into to protect your personal computer, then permissions on files stored on file servers to assure safe usage.
Most organizations now consider cloud services to be essential in their business. Services like Microsoft 365 (Sharepoint, Onedrive, Teams), Box, and Slack are depended upon by all users. The same fundamental security concepts exist – however many are covered by the cloud service themselves. This is known as the “Shared Security Model” – essentially the Cloud Service Provider handles basic security functions (physical security, network security, operations security), but ultimately the end customer must correctly give access to data and is ultimately responsible for properly protecting it.
The big difference between the two is that in the first security model, the organization owned and controlled the entire process. In the second cloud model, the customer owns the controls surrounding the data they choose to put in the cloud. This is the risk that collaborating and storing data in the cloud brings; once the documents have been stored in M365, what happens if it is mishandled from this point forward? Who is handling these documents? What if my most sensitive information has left the safe confines of the cloud service, how can I protect that once it leaves? Fundamentally: How can I control data that lives hypothetically anywhere, including areas that I do not have control over?
McAfee and Seclore have extended an integration recently to address these cloud-based use cases. This integration fundamentally answers this question: If I put sensitive data in the cloud that I do not control, can I still protect the data regardless of where it lives?
The solution works like this:
The solution puts guardrails around end-user cloud usage, but also adds significant compliance protections, security operations, and data visibility for the organization.
Once an unprotected sensitive file has been uploaded to a cloud service, McAfee MVISION Cloud Data Loss Prevention (DLP) detects the file upload. Customers can assign a DLP policy to find sensitive data such as credit card data (PCI), customer data, personally identifiable information (PII) or any other data they find to be sensitive.
Sample MVISION Cloud DLP Policy
If data is found to be in violation of policy, it means the data must be properly protected. For example, if the DLP engine finds PII, rather than let it sit unprotected in the cloud service, the McAfee policy the customer sets should enact some protection on file. This action is known as an “Response”, and MVISION Cloud will properly show the detection, violating data, and actions taken in the incident data. In this case, McAfee will call Seclore to protect the file. These actions can be performed both in near real-time, or will enact protection whenever data already exists in the cloud service (on demand scan).
“Seclore-It” – Protection Beyond Encryption
Now that the file has been protected, downstream access to the file is managed by Seclore’s policy engine. Examples of policy-based access could be end-user location, data type, user group, time of day, or any other combination of policy choices. The key principle here is the file is protected regardless of where it goes and enforced by a Seclore policy that the organization sets. If a user accesses the file, an audit trail is recorded to assure that organizations have the confidence that data is properly protected. The audit logs show allows and denies, completing the data visibility requirements.
Addressing one last concern; if a file is “lost” or the need to restrict access to files that are no longer in direct control such as when a user leaves the company, or if the organization simply wants to update policies on protected files, the policy on those files can be dynamically updated. This addresses a major data loss concern that companies have for cloud service providers and general data use for remote users. Ensuring files are always protected, regardless of scenario is simple to achieve with Seclore by taking the action to update a policy. Once the policy has been updated, even files on a thumb drive stuffed in a drawer are now re-protected from accidental or intentional disclosure.
This article addresses several notable concerns for customers doing business in a cloud model. Important/sensitive data can now be effortlessly protected as it migrates to and through cloud services to its ultimate destination. The organization can prove compliance to auditors that the data was protected and continues to be protected. Security operations can track incidents and follow the access history of files. Finally, the joint solution is easy to use and enables businesses to confidently conduct business in the cloud.
McAfee and Seclore partner both at the endpoint and in the cloud as an integrated solution. To find out more and see this solution running in your environment, send an inquiry to cloud@mcafee.com
The post “Best of Breed” – CASB/DLP and Rights Management Come Together appeared first on McAfee Blogs.
2020 has seen cloud adoption accelerate with Microsoft Teams as one of the fastest growing collaboration apps, McAfee customers use of Teams increased by 300% between January and April 2020. When we looked into Teams use in more detail in June, we found these statistics, on average, in our customer base:
Teams Created 367
Members added to Teams 6,526
Number of Teams Meetings 106,000
3rd Party Apps added to Teams 185
Guest users added to Teams 2,906
This means that a typical enterprise has a new guest user added to their teams every few minutes – you wouldn’t allow unknown people to walk into an office, straight past security and walk around the building unescorted looking at papers sitting on people’s desks, but at the same time you want to allow in those guests you trust. For Teams, you need the same controls – allow in those guests you trust, but confirm their identity and make sure that they don’t see confidential information.
Microsoft invests huge amounts of time and money in the security of their systems, but security of the data in those systems and how they are used by the users is the responsibility of the enterprise.
The breadth of options, including inviting guest users and integration with 3rd party applications can be the Achilles heel of any collaboration technology. It takes just seconds to add an external third party into an internal discussion without realizing the potential for data loss, so sadly the risk of misconfiguration, oversharing or misuse can be large.
IT security teams need the ability to manage and control use to reduce risk of data loss or malware entering through Teams.
After working with hundreds of enterprises and over 40 million MVISION Cloud users worldwide and discussing with IT security, governance and risk teams how they address their Microsoft Teams security concerns, we have published a paper that outlines the top ten security threats and how to address them.
This collaboration potentially increases threats such as data loss and malware distribution. In this paper, McAfee discusses the top threats resulting from Teams use along with recommended actions.
Download Now
McAfee has a wealth of experience helping customers security their cloud computing systems, built around the MVISION Cloud CASB and other technologies. We can advise you about Microsoft Teams security and discuss possible threats of taking no action. Contact us to let us help you.
Teams is just one of the many applications within the Microsoft 365 suite and it is important to deploy common security controls for all cloud apps. MVISION Cloud provides security for Microsoft 365 and other cloud-based applications such as Salesforce, Box, Workday, AWS, Azure, Google Cloud Platform and customers’ own internally developed applications.
The post Top 10 Microsoft Teams Security Threats appeared first on McAfee Blogs.
If you are someone who works for a cloud service provider in the business of federal contracting, you probably already have a good understanding of FedRAMP. It is also likely that our regular blog readers know the ins and outs of this program.
For those who are not involved in these areas, however, this acronym may be more unfamiliar. Perhaps you have only heard of it in passing conversation with a few of your expert cybersecurity colleagues, or you are just curious to learn what all of the hype is about. If you fall into this category – read on! This blog is for you.
At first glance, FedRAMP may seem like a type of onramp to an interstate headed for the federal government – and in a way, it is.
FedRAMP stands for the Federal Risk and Authorization Management Program, which provides a standard security assessment, authorization and continuous monitoring for cloud products and services to be used by federal agencies. The program’s overall mission is to protect the data of U.S. citizens in the cloud and promote the adoption of secure cloud services across the government with a standardized approach.
Once a cloud service has successfully made it onto the interstate – or achieved FedRAMP authorization – it’s allowed to be used by an agency and listed in the FedRAMP Marketplace. The FedRAMP Marketplace is a one-stop-shop for agencies to find cloud services that have been tested and approved as safe to use, making it much easier to determine if an offering meets security requirements.
In the fourth year of the program, FedRAMP had 20 authorized cloud service offerings. Now, eight years into the program, FedRAMP has over 200 authorized offerings, reflecting its commitment to help the government shift to the cloud and leverage new technologies.
Any cloud service provider that has a contract with a federal agency or wants to work with an agency in the future must have FedRAMP authorization. Compliance with FedRAMP can also benefit providers who don’t have plans to partner with government, as it signals to the private sector they are committed to cloud security.
Using a cloud service that complies with FedRAMP standards is mandatory for federal agencies. It has also become popular with organizations in the private industry, which are more often looking to FedRAMP standards as a security benchmark for the cloud services they use.
There are two ways for a cloud service to obtain FedRAMP authorization. One is with a Joint Authorization Board (JAB) provisional authorization (P-ATO) and the other is through an individual agency Authority to Operate (ATO).
A P-ATO is an initial approval of the cloud service provider by the JAB, which is made up of the Chief Information Officers (CIOs) from the Department of Defense (DoD), Department of Homeland Security (DHS) and General Services Administration (GSA). This designation means that the JAB has provided a provisional approval for agencies to leverage when granting an ATO to a cloud system.
The head of an agency grants an ATO as part of the agency authorization process. An ATO may be granted after an agency sponsor reviews the cloud service offering and completes a security assessment.
Achieving FedRAMP authorization for a cloud service is a very long and rigorous process, but it has received high praise from security officials and industry experts alike for its standardized approach to evaluate whether a cloud service offering meets some of the strongest cybersecurity requirements.
There are several benefits for cloud providers who authorize their service with FedRAMP. The program allows an authorized cloud service to be reused continuously across the federal government – saving time, money and effort for both cloud service providers and agencies. Authorization of a cloud service also gives service providers increased visibility of their product across government with a listing in the FedRAMP Marketplace.
By electing to comply with FedRAMP, cloud providers can demonstrate dedication to the highest data security standards. Though the process for achieving FedRAMP approval is complex, it is worthwhile for providers, as it signals a commitment to security to government and non-government customers.
At McAfee, we are dedicated to ensuring our cloud services are compliant with FedRAMP standards. We are proud that McAfee’s MVISION Cloud is the first Cloud Access Security Broker (CASB) platform to be granted a FedRAMP High Impact Provisional Authority to Operate (P-ATO) from the U.S. Government’s Joint Authorization Board (JAB).
Currently, MVISION Cloud is in use by ten federal agencies, including the Department of Energy (DOE), Department of Health and Human Services (HHS), Department of Homeland Security (DHS), Food and Drug Administration (FDA) and National Aeronautics and Space Administration (NASA).
MVISION Cloud allows federal organizations to have total visibility and control of their infrastructure to protect their data and applications in the cloud. The FedRAMP High JAB P-ATO designation is the highest compliance level available under FedRAMP, meaning that MVISION Cloud is authorized to manage highly sensitive government data.
We look forward to continuing to work closely with the FedRAMP program and other cloud providers dedicated to authorizing cloud service offerings with FedRAMP.
The post FedRAMP – What’s the Big Deal? appeared first on McAfee Blogs.
These days, work and home mean practically the same thing. Our house is now an office space or a classroom, so that means a lot of our day-to-day happens online. We check emails, attend virtual meetings, help our children distance learn, use social media platforms to check in on our friends and family – our entire lives are digital! This increase in connectivity could mean more exposure to threats – but it doesn’t have to. That’s why this National Cybersecurity Awareness Month (NCSAM) you should learn what it means to be cyber smart.
In our third blog for this NCSAM this year, we examine what that entails. Let’s dive in.
Stay Secure While Working Remote
According to Stanford research, almost twice as many employees work from home than at the office in the U.S. in response to the COVID-19 pandemic. And this new work-from-home economy is probably only going to expand in the future. Your pets and children will continue to make surprise guest appearances on work calls, or you may continue your new job hunt from the kitchen table. But as you work on juggling your work life and personal life at home base, this doesn’t mean that you should have to juggle security threats too.
The new WFH landscape has also brought about increased risk from . Unlike corporate offices – which usually have IT staff responsible for making any necessary network security updates and patches – users’ home network security is in their own hands. This means users must ensure that their Wi-Fi connections are private and locked with a complex password or employ the help of a VPN to prevent hackers from infiltrating your work.
Be Cybersmart While Distance Learning
Work isn’t the only element of consumers’ lives that’s recently changed – school is also being conducted out of many students’ homes as they adapt to distance learning. As a result, parents are now both professionals and teachers, coaching students through new online learning obstacles. But as more students continue their curriculum from home and online activity increases, so does the possibility of exposure to inappropriate content or other threats.
For instance, the transition to distance learning has led to an increase in online students to lose valuable time meant to be spent on their education.
To help ensure that learning from home goes as smoothly as possible, parents must stay updated on the threats that could be lurking around the corner of their children’s online classrooms. Take the time to secure all the devices that power your kids’ learning with a comprehensive security solution.
Of course, everyone needs to find a balance between work, school, and play! These days, that means scavenging the internet for new content to help keep entertained at home. In fact, according to Nielson, there was an 85% increase in American streaming rates in the first three weeks of March this year compared to March 2019 reports. However, causing users to turn to other less secure alternatives such as illegal downloads and links to “free” content riddled with malware. This could open consumers up to a whole host of threats.
Users looking to stream the latest TV show or movie should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.
We all need to be cybersmart and aware of the threats that come with our lifestyle changes. By following these pointers, you can block threats from impacting your new day-to-day and ensure security is one less thing to worry about. When looking ahead to the future, incorporate the aforementioned pointers into your digital life so that you are prepared to take on whatever the evolving security landscape brings – now that’s being cybersmart!
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, look out for our other National Cybersecurity Awareness Month blogs, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Stay Connected and Protected During Work, School, and Play appeared first on McAfee Blogs.
2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, many of us have devoured digital content to entertain ourselves. But our love affair with online entertainment certainly hasn’t gone unnoticed by cybercriminals who have ‘pivoted’ in response and cleverly adapted their scams to adjust to our insatiable desire for content.
Cybercriminals are fully aware that we love searching for online entertainment and celebrity news and so devise their plans accordingly. Many create fake websites that promise users free content from a celebrity of the moment to lure unsuspecting Aussies in. But these malicious websites are purpose-built to trick consumers into sharing their personal information in exchange for the promised free content – and this is where many come unstuck!
McAfee, the world’s leading cybersecurity company, has researched which famous names generate the riskiest search results that could potentially trigger consumers to unknowingly install malware on their devices or unwillingly share their private information with cybercriminals.
And in 2020, English singer-songwriter Adele takes out the top honours as her name generates the most harmful links online. Adele is best known for smashing the music charts since 2008 with hit songs including ‘Rolling in the Deep’ and ‘Someone Like You’. In addition to her award-winning music, Adele is also loved for her funny and relatable personality, as seen on her talk show appearances (such as her viral ‘Carpool Karaoke’ segment) and concert footage. Most recently, her weight-loss and fitness journey have received mass media attention, with many trying to get to the bottom of her ‘weight-loss’ secrets.
Trailing Adele as the second most dangerous celebrity is actress and star of the 2020 hit show Stan ‘Love Life’ Anna Kendrick, followed by rapper Drake (no. 3), model and actress Cara Delevingne (no. 4), US TikTok star Charli D’Amelio (no. 5) and singer-songwriter Alicia Keys (no. 6). Rounding out the top ten are ‘Sk8r Boi’ singer Avril Lavigne (No. 7), New Zealand rising music star, Benee (no. 8), songstress Camila Cabello (no. 9), and global superstar, singer and actress Beyonce (no. 10).
Whether it was boredom or the fact that we just love a stickybeak, our love of celebrity news reached new heights this year with our many of us ‘needing’ to stay up to date with the latest gossip from our favourite public figures. Adele’s weight-loss journey (no.1), Drake’s first photos of ‘secret son’ Adonis (no. 4), and Cara Delevingne’s breakup with US actress Ashley Benson (no. 5), all had us Aussie fans flocking to the internet to search for the latest developments on these celebrity stories.
With many of us burning through catalogues of available movies and TV shows amid advice to stay at home, new release titles have definitely been the hottest ticket in town to stay entertained.
Rising to fame following her roles in ‘Twilight’ and musical comedy ‘Pitch Perfect’, Anna Kendrick (no. 2) starred in HBO Max series ‘Love Life’ which was released during the peak of COVID-19 in Australia, as well as the 2020 children’s film ‘Trolls World Tour’. R&B and pop megastar Beyonce (no. 10) starred in the 2019 remake of Disney cult classic ‘The Lion King’ and released a visual album ‘Black Is King’ in 2020.
While live concerts and festivals came to a halt earlier this year, many of us are still seeking music – both old and new – to help us navigate these unprecedented times. In fact, musicians make up 50% of the top 10 most dangerous celebrities – hailing from all genres, backgrounds and generations.
Canadian rapper Drake (No. 2) sparked fan interest by dropping his ‘Dark Lanes Demo Tapes’ album including hit songs ‘Chicago Freestyle’ and ‘Tootsie Slide’ that went massively viral on TikTok. New Zealand singer Benee also came out of the woodwork with viral sensations Supalonely and Glitter topping charts and reaching global popularity on TikTok.
Known for her enormously successful R&B/Soul music in the early 2000s, Alicia Keys (no. 6) released a string of new singles in 2020. Camila Cabello’s ‘Senorita’ duet with Canadian singer and now boyfriend Shawn Mendes, was Spotify’s most streamed song of 2019. The couple continued to attract copious attention as fans followed stories reporting on the lovebirds self-isolating together in Miami earlier this year.
Please don’t feel that getting caught by an ill-intentioned cybercrime is inevitable. If you follow these few simple tips, you can absolutely continue your love of online entertainment and all things celebrity:
If you are looking for new release music, movies or TV shows or even an update on your favourite celebrity then ALWAYS be cautious and only click on links to reliable sources. Avoid ‘dodgy’ looking websites that promise free content – I guarantee these sites will gift you a big dose of malware. The safest thing is to wait for official releases, use only legitimate streaming sites and visit reputable news sites.
Yes, illegal downloads are free but they are usually riddled with malware or adware disguised as mp3 files. Be safe and use only legitimate music streaming platforms – even if it costs a few bucks! Imagine how devastating it would be to lose access to everything on your computer thanks to a nasty piece of malware?
One of the best ways of safeguarding yourself (and your family) from cybercriminals is by investing in an comprehensive cybersecurity solution like McAfee’s Total Protection. This Rolls Royce cybersecurity package will protect you from malware, spyware, ransomware and phishing attacks. An absolute no brainer!
Kids love celebrities too! Parental control software allows you to introduce limits to your kids’ viewing which will help minimise their exposure to potentially malicious or inappropriate websites when they are searching for the latest new on TikTok star Charlie D’Amelio or go to download the latest Benee track.
I don’t know how my family of 6 would have survived this year without online entertainment. We’ve devoured the content from three different streaming services, listened to a record number of hours on Spotify and filled our heads with news courtesy of online news sites. And while things are looking up, it will be a while before life returns to normal. So, please take a little time to educate your family on the importance of ‘thinking before you click’ and the perils of illegal downloading. Let’s not make 2020 any more complicated!!
Stay safe everyone!
Alex x
The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.
Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
Refrain from using illegal streaming sites
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Protect your online safety with a cybersecurity solution
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Use parental control software
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.
Thanks to her recent starring roles, American actress Anna Kendrick has found herself at the top of McAfee’s 2020 Most Dangerous Celebrities list.
The Top Ten Most Dangerous Celebrities
You probably know Anna Kendrick from her popular roles in films like “Twilight,” Pitch Perfect,” and “A Simple Favor.” She also recently starred in the HBO Max series “Love Life,” as well as the 2020 children’s film “Trolls World Tour.” Kendrick is joined in the top ten list by fellow actresses Blake Lively (No. 3), Julia Roberts (No. 8), and Jason Derulo (No. 10). Also included in the top ten list are American singers Mariah Carey (No. 4), Justin Timberlake (No. 5), and Taylor Swift (No. 6). Rounding out the rest of the top ten are American rapper Sean (Diddy) Combs (No. 2), Kate McKinnon (No. 9), and late-night talk show host Jimmy Kimmel (No. 7).
Lights, Camera, Security
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows and movies to watch. However, people must understand that torrent or pirated downloads can lead to an abundance of cyberthreats. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.
Are you prepared to detect and defend against attacks that target your data in cloud services, or apps you’ve built that are hosted in the cloud?
Nearly all enterprises and public sector customers we work with have enabled cloud use in their organization, with many seeing a 600%+ increase1 in use in the March-April timeframe of 2020, when the shift to remote work rapidly took shape.
The first step to developing a strong cloud security posture is visibility over the often hundreds of services your employees use, what data is within these services, and then how they are being used collaboratively with third parties and other destinations outside of your control.
With that visibility, you can establish full control over end-user activity and data in the cloud, applying your policy at every entry and exit point to the cloud.
That covers your risk stemming from legitimate use by employees, external collaborators, and even API-connected marketplace apps, but what about your adversaries? If someone phished your CEO, stole their OneDrive credentials and exfiltrated data, would you know? What if your CEO used the same password across multiple accounts, and the adversary had access to apps like Smartsheet, Workday, or Salesforce? Are you set up to detect this kind of multi-cloud attack?
Most enterprise security operations centers (SOCs) use MITRE ATT&CK to map the events they see in their environment to a common language of adversary tactics and techniques. This helps to understand gaps in protection, model how attackers progress from access to exfiltration (or encryption/destruction), and to plan out security policy decisions.
The original ATT&CK framework applied to Windows/Mac/Linux environments, with Android/iOS included as well. For cloud environments, the MITRE ATT&CK framework has a shorter history (released October 2019), but is quickly gaining adoption as the model for cloud threat investigation.
In collaboration with the University of California Berkeley’s Center for Long-Term Cybersecurity (CLTC) and MITRE, we sought to uncover how enterprises investigate threats in the cloud, with a focus on MITRE ATT&CK. In this initiative, researchers from UC Berkeley CLTC conducted a survey of 325 enterprises in a wide range of industries, with 1K employees or above, split between the US, UK, and Australia. The Berkeley team also conducted 10 in-depth interviews with security leaders in various cybersecurity functions.
MITRE has done an excellent job identifying and categorizing adversary tactics and techniques used in the cloud. When asked about the prevalence of these tactics observed in their environment, 81% of our survey respondents had experienced each of the tactics in the Cloud Matrix on average. 58% had experienced the initial access phase of an attack at least monthly.
Given the frequency in which most enterprises experience these adversary tactics and techniques, we found widespread adoption of the ATT&CK Cloud Matrix, with 97% of our respondents either planning to or already using the Matrix.
In the full report, we explore deeper implications of using MITRE ATT&CK for Cloud, including consensus on the value it brings to enterprise organizations, challenges with implementation, and many more interesting results from our investigation. Head to the full report here to dive in.
One of the most promising benefits of MITRE ATT&CK is the unification of events derived from endpoints, network traffic, and the cloud together into a common language. Right now, only 39% of enterprises correlate events from these three environments in their threat investigation. Further adoption of MITRE ATT&CK over time will unlock the ability to efficiently investigate attacks that span multiple environments, such as a compromised endpoint accessing cloud data and exfiltrating to an adversary destination.
This research demonstrates promising potential for MITRE ATT&CK in the enterprise SOC, with downstream benefits for the business. 87% of our respondents stated that adoption of MITRE ATT&CK will improve cloud security in their organization, with another 79% stating that it would also make them more comfortable with cloud adoption overall. A safer transition to cloud-based collaboration and app development can accelerate businesses, a subject we’ve investigated in the past2. MITRE ATT&CK can play a key role in secure cloud adoption, and defense of the enterprise overall.
Dive into the full research report for more on these findings!
White Paper
81% of enterprise organizations told us they experience the adversary techniques identified in the MITRE ATT&CK for Cloud Matrix – but are they defending against them effectively?
1https://www.mcafee.com/enterprise/en-us/forms/gated-form.html?docID=3804edf6-fe75-427e-a4fd-4eee7d189265&eid=LAVVPBCF
2https://www.mcafee.com/enterprise/en-us/forms/gated-form.html?docID=75e3a9dc-793e-488a-8d8a-8dbf31aa5d62&eid=5PES9QHP
The post MITRE ATT&CK for Cloud: Adoption and Value Study by UC Berkeley CLTC appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
We live in a day and age when even lightbulbs can be hacked.
Perhaps you’ve caught the stories in the news: various devices like home cameras, smart appliances, and other Internet of Things (IoT) devices falling prey to hackers and attacks, such as when the Mirai botnet took out large swathes of the internet in 2016. As posted by Statista, estimates project that the world will have nearly 40 billion IoT devices in the next five years and upwards of 50 billion by 2030. That’s in homes and businesses alike, ranging anywhere from digital assistants, smart watches, medical devices, thermostats, vehicle fleet management devices, smart locks, and yes, even the humble lightbulb—and like our computers, laptops, smartphones, and tablets, they all need to be protected.
The reason is simple: your network is only as safe as the weakest device that’s on it. And we’re putting so much more on our networks than ever before. In effect, that means our homes have more targets for hackers than ever before as well. In the hands of a dedicated crook, one poorly protected device can open the door to your entire network—much like a thief stealing a bike by prying open the weak link in a chain lock. Therefore, so goes the saying, “If You Connect It, Protect It.”
What’s challenging is that our IoT devices don’t always lend themselves to the same sort of protections like our computers, laptops, and phones do. For example, you can’t actually install security software directly on them. However, there are things you can do to protect those devices, and the network they’re on too.
Just because that new smart device that’s caught your eye can connect to the internet doesn’t mean that it’s secure. Before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some IoT device manufacturers are much better at baking security protocols into their devices than others, so look into their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.
One issue with many IoT devices is that they often come with a default username and password. This could mean that your device, and thousands of others just like it, all share the same credentials, which makes it painfully easy for a hacker to gain access to them as those default usernames and passwords are often published online.
When you purchase an IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. As always, don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all of your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. If you’re renting your router or you’ve purchased it through your internet provider, they should have help documentation that can guide you through this the process. Likewise, if you purchased your own, your manual should provide the guidance you need.
As we mentioned above, the first thing to do is change the default password and name of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you’re unsure, reach out to your internet provider or check the documentation that came with your router.
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
Another line of defense that can hamper hackers is using a VPN, which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it.
As with our computers, laptops, phones, tablets, and apps, make sure you have the latest software updates for your IoT devices. The reasons here are the same: one, they’ll make sure you’re getting the latest functionality from your device; and two, updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” our smartphones—so protecting our phones has become yet more important. Whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.
And of course, let’s not forget our computers and laptops. While we’ve been primarily talking about IoT devices here, it’s a good reminder that computers and laptops need protection too. Using a strong suite of security software like McAfee® Total Protection, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.
We’re connecting our homes and ourselves with IoT devices at an tremendous rate—now at an average of 10 connected devices in our homes in the U.S. Gone by are the days when all we had was a computer or phone or two to look after. Now, even when we’re not in front of a laptop or have a smartphone in our hand, we’re still online, nearly all the time. Take this week to make sure that what you’ve connected is protected. Even that little lightbulb.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cybersecurity Awareness Month: If You Connect It, Protect It appeared first on McAfee Blogs.
Network Products Guide, the industry’s leading technology research and advisory guide, recently named the winners in their 15th Annual 2020 Network PG’s IT World Awards. Judges from a broad spectrum of industry voices around the world participated and their average scores determined the 2020 award winners. McAfee took center stage with three wins, including Gold for McAfee MVISION Endpoint Detection and Response (EDR) and Silver for McAfee MVISION Cloud for Containers and McAfee MVISION Unified Cloud Edge (UCE).
The IT World Awards are industry and peer recognitions from Network Products Guide honoring achievements of world’s best in organizational performance, product and service innovations, hot technologies, executives and management teams, successful deployments, product management and engineering, customer satisfaction, and public relations in information technology and cyber security. These wins further validate McAfee’s position as a company poised to successfully help organizations solve for real-time security issues.
McAfee was recognized in the following categories:
For a complete list of McAfee’s accolades and industry recognition, visit: https://www.mcafee.com/enterprise/en-us/about/awards.html
The post McAfee Leapfrogs Competition with trio of awards at 2020 IT World Awards appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness in conjunction with the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA). McAfee is pleased to announce that we’re a proud participant.
If there’s ever a year to observe Cybersecurity Awareness Month, this is it.
As millions worked, schooled, and simply entertained themselves at home (and continue to do so) this year, internet usage increased by up to 70%. Not surprisingly, cybercriminals followed. Looking at our threat dashboard statistics for the year so far, you’ll see:
And that doesn’t account for the millions of other online scams, ransomware, malicious sites, and malware out there in general—of which COVID-19-themed attacks are just a small percentage.
With such a high reliance on the internet right now, 2020 is an excellent year to observe Cybersecurity Awareness Month, along with its focus on what we can do collectively to stay safer together in light of today’s threats.
Unified under the hashtag #BeCyberSmart, Cybersecurity Awareness Month calls on individuals and organizations alike to take charge of protecting their slice of cyberspace. The aim, above making ourselves safer, is to make everyone safer by having us do our part to make the internet safer for all. In the words of the organizers, “If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees, our interconnected world will be safer and more resilient for everyone.”
Throughout October, we’re participating as well. Here in our blogs and across our broad and ongoing efforts to boost everyone’s awareness and expertise in cybersecurity and simply staying safe online, we’ll be supporting one key theme each week:
If you’ve kept up with our blogs, this is a theme you’ll know well. The idea behind “If you connect it, protect it” is that the line between our lives online and offline gets blurrier every day. For starters, the average person worldwide spends nearly 7 hours a day online thanks in large part to mobile devices and the time we spend actively connected on our computers. However, we’re also connecting our homes with Internet of Things (IoT) devices—all for an average of 10 connected devices in our homes in the U.S. So even when we don’t have a device in our hand, we’re still connected.
With this increasing number of connections comes an increasing number of opportunities—and challenges. During this weel, we’ll take a look at how internet-connected devices have impacted our lives and how you can take steps that reduce your risk.
As we shared at the open of this article, this year saw a major disruption in the way we work, learn, and socialize online. There’s no question that our reliance on the internet, a safe internet, is greater than before. And that calls for a fresh look at the way people and businesses look at security.
This week of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet connected devices for both personal and professional use, all in light of a whole new set of potential vulnerabilities that are taking root.
Earlier this year, one of our articles on telemedicine reported that 39% of North Americans and Europeans consulted a doctor or health care provider online for the first time in 2020. stand as just one example of the many ways that the healthcare industry has embraced connected care. Another noteworthy example comes in the form of internet-connected medical devices, which are found inside care facilities and even worn by patients as they go about their day.
As this trend in medicine has introduced numerous benefits, such as digital health records, patient wellness apps, and more timely care, it’s also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. Here we’ll explore this topic and share what steps both can take do their part and #BeCyberSmart.
The growing trend of homeowners and businesses alike connecting all manner of things across the Internet of Things (IoT) continues. In our homes, we have smart assistants, smart security systems, smart door locks, and numerous other home IoT devices that all need to be protected. Businesses manage their fleets, optimize their supply chain, and run their HVAC systems with IoT devices, which also beg protection too as hackers employ new avenues of attack, such as GPS spoofing. And these are just a fraction of the applications that we can mention as the world races toward a predicted 50 billion IoT devices by 2030.
As part of Cybersecurity Awareness Month, we’ll look at the future of connected devices and how both people and businesses can protect themselves, their operations, and others.
As Cybersecurity Awareness Month ramps up, it presents an opportunity for each of us to take a look at our habits and to get a refresher on things we can do right now to keep ourselves, and our internet, a safer place. This brief list should give you a great start, along with a catalog of articles on identity theft, family safety, mobile & IoT security, and our regularly updated consumer threat notices.
Given the dozens of accounts you need to protect—from your social media accounts to your financial accounts—coming up with strong passwords can take both time and effort. Rather than keeping them on scraps of paper or in a notebook (and absolutely not on an unprotected file on your computer), consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. With just a single password, you can access all the tools your password manager offers.
Phishing scams like these are an old standard. If you receive an email or text from an unknown person or party that asks you to download software, share personal information, or take some kind of action, don’t click on anything. This will steer you clear of any scams or malicious content.
However, more sophisticated phishing attacks can look like they’re actually coming from a legitimate organization. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service. Also, you can hover over the link and get a link preview. If the URL looks suspicious, delete the message and move on.
Avoid hackers infiltrating your network by using a VPN, which allows you to send and receive data while encrypting – or scrambling – your information so others can’t read it. By helping to protect your network, VPNs also prevent hackers from accessing other devices (work or personal) connected to your Wi-Fi.
In addition, use a robust security software like McAfee® Total Protection, which helps to defend your entire family from the latest threats and malware while providing safe web browsing.
At a time where data breaches occur and our identity is at risk of being stolen, checking your credit is a habit to get into. Aside from checking your existing accounts for false charges, checking your credit can spot if a fraudulent account has been opened in your name.
It’s a relatively straightforward process. In the U.S., the Fair Credit Reporting Act (FCRA) requires credit reporting agencies to provide you with a free credit check at least once every 12 months. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
To track malicious pandemic-related campaigns, McAfee Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pm ET.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cybersecurity Awareness Month Helps Us All be #BeCyberSmart appeared first on McAfee Blogs.
Technology has come in handy for most of us during these days of pandemic distancing. But for the -at-risk, homebound senior population, technology has been a lifeline connecting them to family members, online services, and healthcare. Still, this unprecedented shift to virtual life has also come with potential risks that seniors and their families should keep in mind.
According to a Pew study, senior adults continue to become more digitally connected, but adoption rates continue to trail younger users, and digital divides remain. The study also revealed that 77% of older adults needed assistance when it came to learning how to use technology.
If you are a senior or someone helping a senior become more tech-savvy, online safety should be a priority. Here are just some of the risks seniors may encounter and some helpful ways to stay safe.
Secure home routers and devices. Be sure to change your router’s default username and password to something strong and unique. Also, change the default passwords of any connected device before connecting to your home network. IoT (Internet of Things) devices are all the technologies under your roof that can connect such as security systems, healthcare monitors, hearing aids, and smart TVs. These technologies are embedded with sensors or software that can connect and exchange data with other household devices — and each must be secured to close privacy gaps. There are also routers with embedded security, to help secure the home from threats, no matter what devices is connected to the home network.
Use strong passwords. Strong passwords are essential for in-home devices, personal devices, social media sites, and any healthcare or banking portal. Creating a strong password is also a front-line defense against identity theft and fraud. For seniors, keeping passwords in one place is important, but can be hard to remember them all. comprehensive security software includes password management functionality, which makes it easer, to create and safely archive your passwords. -.
Avoid scams. There are a number of scams that target seniors. Phishing scams are emails that look legitimate that end up taking millions from seniors every year. For this reason, never click on suspicious links from government agencies, banks, hospitals, brokerages, charities, or bill collectors unless you are certain they are legitimate. Scammers use these malicious links to con people out of giving away cash or personal data that can be used to create a number of fraudulent accounts. Consider protecting all personal devices with a comprehensive security solution.
Use a personal VPN. A Virtual Private Network (VPN) encrypts (or scrambles) your data when you connect to the Internet and enables you to browse or bank with your credentials and history protected. To learn about VPNs, watch this video.
Beware of dating scams. People aren’t always who they appear to be online. And while dating scams can happen to any age group, they can be especially harmful to a vulnerable senior who may be lonely and living on a limited income. Love scam red flags: Beware of people who claim to be from the U.S. but often travel or work overseas. Also, avoid people who profess their love too quickly, share personal struggles too soon, and never meet face-to-face.
Take a closer look. Fraudulent websites look very real these days. A secure website will have an “https” in the browser’s address bar. The “s” stands for “secure.” If the web address or URL is just http, it’s not a secure site. Still unsure? Read reviews of the site from other users before making a purchase. Never send cash, cashier’s check, or a personal check to any online vendor. If purchasing, always use a credit card in case there is a dispute.
Never share personal data. Be wary of emails or websites that require you to give personal information, such as your social security number, phone number, account, or family information. This includes those fun social media quizzes, which are also ways that cybercriminals can find out your personal details, such as a pets name, year you were born, your home town. All those pieces of personal data can be used to commit identity theft.
Monitor financial accounts. Nowadays, it’s essential to review all financial statements for fraudulent activity. If suspicious activity is found, report it to your bank or credit card account immediately. It’s also a good idea to put a credit alert on your accounts to detect potential fraud.
This unique time has issued unique challenges to every age group. However, if you know a senior, keep their potential technology needs in mind. Check in from time to time and offer your help. If you are a tech-savvy senior (and I know many), consider reaching out to peers who may be struggling and afraid to ask. In addition, YouTube has a number of easy-to-understand videos on any tech question. In addition, both Apple and Microsoft stores offer free advice on their products and may also help. Just be sure to visit their official websites to reach legitimate tech support channels.
The post 8 Ways to Help Senior Adults Stay Safe Online These Days appeared first on McAfee Blogs.
If you’re thinking career change or career shift, there’s a field that has an estimated 4 million jobs open. Cybersecurity.
According to survey and research data from the International Cybersecurity Organization (ICS)2, there’s a cybersecurity workforce gap—a terrifically high volume of jobs left unfilled. Published in 2019, the gap they identified looked like this:
Needless to say, there’s opportunity in the field for both technical and non-technical roles.
Here’s an important thing to keep in mind about cybersecurity:, it’s not solely about understanding technology. It’s about understanding people too and how people and technology interact.
The moment you see cybersecurity through that broader lens, you can see how the field opens widely to encompass a range of roles. Of course, there are analysts and engineers, yet it also includes other roles like digital forensics and cyber investigation, healthcare information security, cryptography, and even cyber law. Additionally, there’s needed expertise in the realms of privacy, governance, ethics, and even digital ethics. And if you take a role with a security company such as ours, the opportunity further extends to positions in account management, marketing, and operations. (In fact, you can drop by our careers page for a look at our current openings and what workday life is like around here.)
There are plenty of reasons. Above that data published in 2019, our unprecedented reliance on the internet to work, learn, and stay connected in 2020, demand for cybersecurity jobs is yet more so on the rise. As so many of us turned increasingly to the internet to get through our day, the same is true for hackers and crooks.
With that, let’s take a quick look at several of the factors working in your favor as you consider a change.
We’ve all seen the news stories of major breaches at big retailers, credit reporting agencies, hotels, and even healthcare providers. It’s not just the private sector that’s been grappling with cybersecurity concerns, there’s need in the public sector as well—like municipalities. In all, every organization needs cybersecurity (just as we all need cybersecurity for our homes), and thus there’s plenty of opportunity out there. Using just one of the many possible cybersecurity roles as an example, the U.S. Bureau of Labor Statistics predicts a 32% increase in demand for information security analysts through 2028—which is far higher than the average of other professions.
In fact, the same (ICS)2 survey discovered that only 42% of current cybersecurity pros said that their first job after higher education was in the field of cybersecurity. In other words, the majority of cybersecurity pros ended up that way by some means of career shift or change. And they got there through certifications and training rather than by way of a degree from a college or university.
Our own Chief Human Resources Officer, Chatelle Lynch, put it quite well in an interview with Business Insider just a few weeks ago: “It’s no secret that the demand for cybersecurity staff has steadily grown over the past decade,” she says. “This means opportunity, so if you don’t have a degree, don’t let that slow you down. You may have unique work experience or relevant certifications, alternative learning, or transferable skills that you need to make sure you highlight when applying and interviewing.”
For example, she goes on to say that prior military service, IT experience, and volunteer or hobbyist activities (even online gaming) are a good foundation for cybersecurity roles.
These skills absolutely apply, and they’re sought after skills as well. The ability to work independently, lead projects, write and document well, and particularly strong people skills are vital for a role where you’ll be interfacing with numerous individuals, departments, and business units. Likewise, as called out above, certain roles focus more on the non-technical side of security solutions.
The beauty of making a career change to cybersecurity is that there are plenty of ways you can get it done at home and on your time.
If you’re just getting started, you can test the waters for free or at relatively low cost with a Massively Open Online Course (MOOC) that gives you the basics on cybersecurity. Future Learn’s “Introduction to Cybersecurity” from The Open University is one example of an intro program, as is the University of Michigan’s “Securing Digital Democracy” class that’s offered through Coursera.
If you’re already an IT pro or have a strong technical background, there are similar MOOC courses available that cater to your current level of knowledge and skill. The University of Maryland’s “Cybersecurity Specialization” and “Usable Security” are geared accordingly.
For a list of cybersecurity programs available online, drop by CyberDegrees.org. Their listing is one of many good places to start.
Other free and low-cost avenues out there include subscribing to some security bloggers, grabbing some hands-on work with coding and IT networking fundamentals from online learning companies like Udemy, Codecademy, and Khan Academy, or joining some online cybersecurity groups for a little professional networking. In all, there’s plenty of opportunity to learn from others, both in structured class settings and in more unstructured peer and mentorship relationships.
When you’re ready to start your job search, there’s a good chance that your interview will be conducted online. Online interviews have been part of the job-hunting landscape for a few years now, yet with many employers enacting work from home measures, it’s the way hiring gets done right now. I expect this to continue, as employers have embraced its many benefits, particularly in the early stages of interviews. If the prospect of an online interview is new to you, I put together a pair of articles this spring that can help.
As you make the jump, here’s the most important thing you’ll need: a love of technology and a desire to protect the people who use it. If you can combine a drive to understand both technology and people better with the further drive to see it all through, you’ll be well on your way. Like any career shift or change, there’s work ahead, yet it’s my impression that our field is a welcoming and supportive one—and very much on a keen lookout for new talent.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Career change? Cybersecurity companies are hiring. appeared first on McAfee Blogs.
McAfee MVISION Cloud for Microsoft Teams, now offers secure guest user collaboration features allowing the security admins to not only monitor sensitive content posted in the form of messages and files within Teams but also monitor guest users joining Teams to remove any unauthorized guests joining Teams.
Working from home has become a new reality for many, as more and more companies are requesting that their staff work remotely. Already, we are seeing how solutions that enable remote work and learning across chat, video, and file collaboration have become central to the way we work. Microsoft has seen an unprecedented spike in Teams usage and they have more than 75 million daily users as of May 2020, a 70% increase in daily active users from the month of March1
MVISION Cloud for Microsoft Teams now provides policy controls for security admins to monitor and remove unauthorized guest users based on their domains, the team guest users are joining etc. As organizations use Microsoft Teams to collaborate with trusted partners to exchange messages, participate in calls, and share files, it is critical to ensure that partners are joining teams designated for external communication and only guest users from trusted partner domains are joining the teams.
Organizations can configure policies in McAfee MVISION Cloud to:
With these new features, McAfee offers complete data protection and collaboration control capabilities to enable organizations to safely collaborate with partners without having to worry about exposing confidential data to guest users.
Here is the comprehensive list of use cases organizations can enable by using MVISION Cloud for Microsoft Teams.
McAfee MVISION Cloud for Microsoft Teams is now in use with a substantial number of large enterprise customers to enable their security, governance and compliance capabilities. The solution fits all industry verticals due to the flexibility of policies and its ease of use.
The post MVISION Cloud for Microsoft Teams appeared first on McAfee Blogs.
According to Statista, 3.5 billion people worldwide are forecasted to own a smartphone by the end of 2020. These connected devices allow us to have a wealth of apps and information constantly at our fingertips – empowering us to remain in constant contact with loved ones, make quick purchases, track our fitness progress, you name it. Hackers are all too familiar with our reliance on our smartphones – and are eager to exploit them with stealthy tricks as a result.
One recent example of these tricks? Suspicious text messages claiming to be from USPS. According to Gizmodo, a recent SMS phishing scam is using the USPS name and fraudulent tracking codes to trick users into clicking on malicious links.
Let’s dive into the details of this scheme, what it means for users, and what you can do to protect yourself from SMS phishing.
To orchestrate this phishing scheme, hackers send out text messages from random numbers claiming that a user’s delivery from USPS, FedEx, or another delivery service is experiencing a transit issue that requires urgent attention. If the user clicks on the link in the text, the link will direct them to a form fill page asking them to fill in their personal and financial information to “verify their purchase delivery.” If the form is completed, the hacker could exploit that information for financial gain.
However, scammers also use this phishing scheme to infect users’ devices with malware. For example, some users received links claiming to provide access to a supposed USPS shipment. Instead, they were led to a domain that did nothing but infect their browser or phone with malware. Regardless of what route the hacker takes, these scams leave the user in a situation that compromises their smartphone and personal data.
While delivery alerts are a convenient way to track packages, it’s important to familiarize yourself with the signs of phishing scams – especially as we approach the holiday shopping season. Doing so will help you safeguard your online security without sacrificing the convenience of your smartphone. To do just that, follow these actionable steps to help secure your devices and data from SMiShing schemes:
Be skeptical of text messages claiming to be from companies with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check on your delivery status or contact customer service.
Many spammers send texts from an internet service in an attempt to hide their identities. Combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device by navigating to Settings, clicking on Spam protection, and turning on the Enable spam protection switch. Learn more about how you can block robotexts and spam messages on your device.
Prepare your mobile devices for any threat coming their way. To do just that, cover these devices with an extra layer of protection via a mobile security solution, such as McAfee Mobile Security.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Special Delivery: Don’t Fall for the USPS SMiShing Scam appeared first on McAfee Blogs.
2020 has propelled us into a new digital reality – one where we are reliant on technology to help us maintain our way of life. This forced all age groups, from 8-80, to learn how to conduct their day-to-day online. I personally had my mother asking a million questions about how to video conference!
But while we’re all looking to remain connected, we need to also focus on staying protected. For those of us a little more tech-savvy, that means helping our family and friends learn how this new digital reality impacts online security.
Let’s examine what that entails.
Digital healthcare’s rise was predicted back in January when Bain & Company reported that 40% of U.S. physicians expect to start using telemedicine over the next two years. Then came COVID-19, which drove healthcare providers to turn toward digital options to deliver socially distanced patient care. Many PCPs moved almost entirely to telehealth, with half of those surveyed using telemedicine in over 75% of their patient care.
While telehealth significantly increases patient care availability, there are also intrinsic privacy and security risks that go along with it. For example, telehealth requires that patients submit their health information through online platforms – some of which lack the proper data safeguards and don’t meet HIPAA requirements. Like all data transferred over the internet, private health information used for telemedicine could be intercepted by hackers if users don’t take proper security precautions. This means ensuring you and your loved one employ best practices – locking your platform account with a strong password, ensuring you only give your personal information to your doctor or verified resource, etc. These simple steps from McAfee experts are more important than ever before, as the healthcare industry is a preferred target for criminals.
School may be back in session, but it looks pretty different than previous years. For parents, this means navigating the unknown terrain that is a virtual classroom – and how the new environment affects your family’s online security.
Distance learning has led to a substantial spike in online video conferencing tools to conduct virtual lectures – which is only compounded by the fact that kids are already constantly on devices to play and socialize. However, some of the tools they use have proven to lack necessary security measures, which could jeopardize your students’ academic success and online security. Beyond video platform concerns, the combination of increased personal device usage on not-as-secure home networks poses a threat of its own.
Parents must ensure their students succeed – at both school and security. While they’re helping kids adjust to distance learning, parents can help keep them safe online by conducting router firmware updates, changing any default passwords on home networks, and leveraging a VPN. Additionally, parents must teach kids good security hygiene, such as always updating an app or device when an update is available. With parents juggling so much right now, they can also look for some extra support in the form of a comprehensive security solution that covers all their family’s devices with an extra layer of protection.
Many consumers have adopted digital financial services to make contactless payments or participate in online banking – some for convenience, others to help minimize contact in light of recent events. However, as this tech grows, so does the need for up-to-date security.
As users incorporate digital financial services into their everyday lives, they may fall victim to the risks commonly associated with making online payments. My mother, for example, is new to mobile banking and doesn’t know to look out for targeted phishing attacks from hackers who are trying to trick her out of money. Even the most tech-savvy online banking users can fall victim to more sophisticated phishing schemes out there.
To ensure cybercriminals don’t trick my mom into sharing sensitive information by impersonating her bank, we’ve discussed some ways she can identify an attack. Now, she knows to always hover over suspicious links, avoid interacting with messages from unknown senders, and to go directly to her bank’s official website.
We can use technology to adapt and grow during this time, just as long as we all employ security best practices. So, whether it be telehealth, distance learning, or digital finances, your family should always keep the aforementioned tips top of mind.
And remember – you’re not in this alone. You’ve got the support you need during this new digital reality in the form of a comprehensive security solution, McAfee® Total Protection. With this solution, consumers are safeguarded from malware with cloud-based threat protection that uses behavioral algorithms to detect new threats. It includes comprehensive internet security, multi-faceted privacy protection, and our secure VPN to ensure your family is prepared for any potential threat.
With robust, comprehensive security in place, your family’s devices will be consistently protected from the latest threats that came from our digital reality. With all these devices safe, everyone’s online life is free from worry.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Telehealth, Distance Learning, & Online Banking: Securing Digital Frontiers appeared first on McAfee Blogs.
As a leader in cybersecurity, we at McAfee understand that every aspect of your digital life has potential weak spots that could make you vulnerable to threats and attacks. By incorporating security into everything you do online, you’re better protected from potential threats. To mount your offense, we’ve enlisted a team of partners that puts your security needs first, seamlessly blending our security with their services so you can live a confident life online. We bring our McAfee security teams together with industry players like PC & smartphone manufacturers, software & operating system developers, and more to make sure we can keep scoring security wins for you.
When was the last time you worried about security while you were shopping for a new PC? You were probably checking out the specs, price, and making sure it had all the capabilities you needed for working remotely, distance learning, and maybe a little gaming. And that’s all in addition to the day-to-day productivity, banking, and browsing you do. Like a strong defensive line, HP, Dell, Lenovo, and ASUS work closely with us to make sure that your personal data and devices are secure, especially as you spend more time online than ever before. That’s why so many new PCs are preloaded with a free McAfee® LiveSafe trial to provide integrated protection from malware, viruses, and spyware from day 1 with minimal impact on performance.
McAfee protection goes beyond just antivirus. We help you keep apps and Windows up to date and patched against vulnerabilities, block intruders with our firewall, and help you clean up cookies and temporary files to minimize the digital footprint on your PC.
We build our security directly into the devices consumers rely on for everything from remote yoga to distance learning, so that they know they’ll be safer online, regardless of what their new normal looks like.
Part of a good defense is understanding how the game has changed. We recognize that our customers are using multiple devices to connect online these days. In fact, their primary device may not even be a computer. That’s why we work with mobile providers to ensure customers like you have access to our comprehensive multidevice security options. Devices like mobile phones and tablets allow users to access social media, stream content, and even bank on their terms. For that reason, our mobile protection includes features like VPN, so that you can connect any time, any place safely and use your apps securely.
Our online and brick & mortar retail partners are also irreplaceable on the field. We understand that shopping for security can be complicated – even intimidating – when faced with a wall of choices. Whether you’re in-store or browsing online, we’ll work together to address your security needs so that your devices and personal data are protected with the solution that works best for you. Many of our retailers offer additional installation and upgrade support so you can have one less thing to worry about.
Your web browser is more than a shortcut to the best chocolate chip cookie recipe; it connects you to endless content, information, and communication. Equally important is your operating system, the backbone that powers every app you install, every preference you save, and every vacation destination wallpaper that cycles through. We partner closely with web browsers, operating systems, and other software developers to ensure that our opponents can’t find holes in our defense. Everything that seamlessly works in the background stays that way, helping stop threats and intruders dead in their tracks. Whether it’s routine software updates or color-coded icons that help differentiate safe websites from phishing scams, we’re calling safety plays that keep our customers in the game.
At McAfee, we work tirelessly to do what we do best: blocking the threats you see, and even the ones you don’t. These days your “digital life” blurs the lines between security, identity, and privacy. So, we go into the dark web to hunt down leaked personal info stolen by identity thieves. We include Secure VPN in all our suites to give you privacy online. It’s these capabilities that strengthen both the offense and defense in our starting lineup of security suites like McAfee® Total Protection and McAfee® LiveSafe.
In short, your protection goes from a few reminders to scan your device to a team of experts helping you stay primed for the playoffs. It’s a roster that includes technology and humans solely devoted to staying ahead of the bad guys, from McAfee Advanced Threat Research (ATR) investigating and reporting like to artificial intelligence and machine learning that strengthens with every threat from every device. In fact, in just the first three months of this year, our labs detected over six threats per second!
Cybercriminals may be taking advantage of this current moment, but together, we can ensure our defense holds strong. After all, defense wins championships.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Together, We Block and Tackle to Give You Peace of Mind appeared first on McAfee Blogs.
When I was a threat analyst, too long ago for me to actually put in writing, I remember the thrill of discovery at the apex of the boredom of investigation. We all know that meme:
And over the years, investigation leads became a little more substantial. It would begin in one of a few ways, but the most common began through an alert as a result of SIEM correlation rules firing. In this situation, we already knew for what we were looking… the SIEM had been configured to alert us on regex matches, X followed by Y, and other common logistics often mis-named as “advanced analytics”. As we became more mature, we would ingest Threat Intelligence feeds from third party sources. Eager and enthusiastic about the hunt, we would voraciously search through a deluge of false alarms (yes, the IPS did find a perimeter attack against Lotus Notes, but we had been using MS Exchange for over 5 years) and false positives (no, that’s not Duqu… just someone who cannot remember their AD credentials).
And the idea that these intelligence sources could spur an entirely new mechanic in the SOC, which we affectionately now refer to as Threat Hunting, was incredibly empowering. It allowed us to move beyond what was already analyzed (and most likely missed) by the SIEM and other security control technologies. True, we had to assume that the threat was already present and that the event had already established a foothold in the organization, but it allowed us to begin discovery at enterprise scale for indicators that perhaps we were compromised. I mean, remember we need to know a problem exists before we can manage it. But again, bad threat data (I once received a list of Windows DLL’s as IoCs in a fairly large campaign) and overly unimportant threat data (another provider listed hashes associated with polymorphic malware) led us down a rabbit hole we were all but too happy to come out from.
So, did all of that threat data guised under the marketing of “Threat Intelligence” really help us uncover threats otherwise acting in the shadows like a thief in the night? Or did it just divert our attentions to activity that was largely uninteresting while the real threats were just another needle in a stack of needles?
In most mature organizations, Threat Intelligence is a critical component to the SecOps strategy. Of course, it is; it must be. How else could you defend against such a copious amount of threats trying to attack from every angle? We have ontological considerations. Which threat actors are targeting my industry vertical or geography? Have I discovered any of the associated campaign indicators? And, most importantly, will my existing controls protect me? None of which could be addressed without a Threat Intelligence capability.
I remember working with a customer who was just beginning to expand their security operations resources, and they were eager and excited to be bringing in Threat Intelligence capabilities. The board was putting pressure on the CISO to increase the scope of accountability for his response organization, and the media was beginning to make mincemeat out of any business which was compromised by threat actors. The pressure was on and the intelligence began to flow in… like a firehose. About a month after it began, we spoke over lunch when he was interrupted at least 3 times for escalations. “What’s going on,” I asked. He told me that he was getting called day and night now about findings for which his team lacked complete context and understanding. Surely, they had more threat data, but if you asked him, that feature did not include “intelligence.”
Threat intelligence is supposed to help you filter the signals from the noise. At some point, without context and understanding, it is likely just more noise.
Consider the Knowledge Hierarchy: Data, Information, Knowledge, and Wisdom.
Intelligence is defined by dictionary.com as “knowledge of an event, circumstance, etc., received or imparted; news; information.” If we think of Threat Intelligence as a form of data feeding your Security Operations with a listing of parts, or atomic elements that in and of themselves serve little in the way of context, the SOC will regularly be forced to be reactive. With millions of indicators being pushed daily in the form of file hashes, names, URLs, IP addresses, domains, and more, this is hardly useful data.
When Data is correlated in the form of context using ontology, such as grouping by specific types of malware, we gain just enough to classify the relationships as information. When we know that certain malware and malware families will exhibit groups of indicators, we can better ready our controls, detection mechanisms, and even incident response efforts and playbooks. But, still, we lack the adequate context to understand if, in general, this malware or family of malware activities will apply to my organization. We still need more context.
So, at this point we form an entire story. It’s nice to know that malware exists and exhibits key behavior, but its even better if we know which threat actors tend to use that malware and in what way. These threat actors, like most businesses, operate in structured projects. Those projects, or campaigns, seek to find an outcome. They are targeting specific types of businesses through industry. At the writing of this article, COVID-19 has created such a dramatic vacuum in the pharmaceuticals industry that there is a race to create the first vaccine. The “winner” of such race would reap incredible financial rewards. So, it stands to reason that APT29 (also known as Cozy Bear) who notoriously hacked the DNC before the US 2016 election, would target pharmaceutical R&D firms. Now, KNOWLEDGE of all of this allows one to deduce that if I were a pharmaceutical R&D company, especially one working on a COVID-19 vaccine, that I should look at how APT29 typically behaves and ask some very important questions: what procedures do they typically follow, which tactics are typically witnessed and in what order/timing, which techniques are executed by which processes, and so on. If I could answer all of these questions, I could be reactive, proactive, and even prescriptive:
However, it seems the one instrument lacking in this race to context and understanding is predictability. Surely, we can predict with the knowledge we have whether or not we may be targeted; but isn’t it much more difficult to predict what the outcome of such an attack may be? Operationally, you may have heard of dry runs or table-top exercises. These are effective operational activities required by functions such as Business Continuity and Disaster Recovery. But what if you could take the knowledge you gleaned from others in the industry, compiled with the security footprint tied to your environment today, and address the elephant in the room which every CISO brings up at the onset of “Threat Intelligence”…
Will I be protected?
– Every CISO, Ever
This level of context and understanding is what leads to Wisdom. Do not wait until the threat makes landfall in your organization. My grandfather always said, “A smart [knowledgeable] man learns from his own mistakes, but a wise man learns from everyone else’s.” I think that rings true with SecOps and Threat Intelligence as well. Once we are able to correlate what we know about our industry vertical, threat actors, campaigns, and geo- and socio-political factors with our own organization’s ability to detect and prevent threats we will truly be wise. Thanks, Pop!
Wisdom as it relates to anti-threat research is not necessarily new. The Knowledge Hierarchy has been a model in Computer Science since about 1980. What is new, is McAfee’s ability to provide a complete introspective of your stakeholder’s landscape. McAfee has one of the largest Threat Intelligence Data Lakes with over 1 billion collection points; a huge Advanced Threat Research capability responsible for converting data gleaned from the data lake, incident response consultations, and underground investigations into actionable information and knowledge; and one of the largest Cybersecurity pure-play portfolios providing insights into your overall cybersecurity footing. This unique position has led way for the creation of MVISION Insights. MVISION Insights provides context in that we have the knowledge of campaigns and actors potentially targeting your vertical. Then, it can alert you when your existing security control configuration is not tuned to prevent such a threat. It then prescribes for you the appropriate configuration changes required to offer such protection.
MVISION Insights allows an organization to immediately answer the question, “Am I protected?” And, if you are not protected it prescribes for your environment appropriate settings which will defend against threat vectors important to you. This methodology of tying together threat data with context of campaign information and the knowledge of your security control configuration allows MVISION Insights to offer a novel perspective on the effectiveness of your security landscape.
When I think back to all of the investigations that led me down the rabbit hole, I wonder what my days would have been filled with had I such a capability. Certainly, there is an element of “fun” in the discovery. I loved the hunt, but I think having the ability to quickly arm myself with the context and understanding of what I was searching for and why I was searching would have accelerated those moments (read hours or days). I’m excited to discuss and demonstrate how McAfee is using MVISION Insights to turn knowledge into wisdom!
To take MVISION Insights for a spin, check out McAfee’s MVISION Insights Preview.
The post What A Threat Analyst Really Thinks of Intelligence appeared first on McAfee Blogs.
As Congress prepares to return to Washington in the coming weeks, finalizing the FY2021 National Defense Authorization Act (NDAA) will be a top priority. The massive defense bill features several important cybersecurity provisions, from strengthening CISA and promoting interoperability to creating a National Cyber Director position in the White House and codifying FedRAMP.
These are vital components of the legislation that conferees should work together to include in the final version of the bill, including:
One of the main recommendations of the Cyberspace Solarium Commission’s report this spring was to further strengthen CISA, an agency that has already made great strides in protecting our country from cyberattacks. An amendment to the House version of the NDAA would do just that, by giving CISA additional authority it needs to effectively hunt for threats and vulnerabilities on the federal network.
Bad actors, criminal organizations and even nation-states are continually looking to launch opportunistic attacks. Giving CISA additional tools, resources and funding needed to secure the nation’s digital infrastructure and secure our intelligence and information is a no-brainer and Congress should ensure the agency gets the resources it needs in the final version of the NDAA.
Perhaps now more than ever before, interoperability is key to a robust security program. As telework among the federal workforce continues and expands, an increased variety of communication tools, devices and networks put federal networks at risk. Security tools that work together and are interoperable better provide a full range of protection across these environments.
The House version of the NDAA includes several provisions to promote interoperability within the National Guard, military and across the Federal government. The Senate NDAA likewise includes language that requires the DoD craft regulations to facilitate DoD’s access to and utilization of system, major subsystem, and major component software-defined interfaces to advance DoD’s efforts to generate diverse and effective kill chains. The regulations and guidance would also apply to purely software systems, including business systems and cybersecurity systems. These regulations would also require acquisition plans and solicitations to incorporate mandates for the delivery of system, major subsystem, and major component software defined interfaces.
For too long, agencies have leveraged a grab bag of tools that each served a specific purpose, but didn’t offer broad, effective coverage. Congress has a valuable opportunity to change that and encourage more interoperable solutions that provide the security needed in today’s constantly evolving threat landscape.
The House version of the NDAA would establish a Senate-confirmed National Cyber Director within the White House, in charge of overseeing digital operations across the federal government. This role, a recommendation of the Cyberspace Solarium Commission, would give the federal government a single point person for all things cyber.
As former Rep. Mike Rodgers argued in an op-ed published in The Hill last month, “the cyber challenge that we face as a country is daunting and complex.” We face new threats every day. Coordinating cyber strategy across the federal government, rather than the agency by agency approach we have today, is critical to ensuring we stay on top of threats and effectively protect the nation’s critical infrastructure, intellectual property and data from an attack.
The FedRAMP Authorization Act, included in the House version of the NDAA, would codify the FedRAMP program and give it a formal standing for Congressional review, a critical step towards making the program more efficient and useful for agencies across the government. Providing this program more oversight will further validate the FedRAMP approved products from across the industry as safe and secure for federal use. The FedRAMP authorization bill also includes language that will help focus the Administration’s attention on the need to secure the vulnerable spaces between and among cloud services and applications. Agencies need to focus on securing these vulnerabilities between and among clouds since sophisticated hackers target these seams that too often are left unprotected.
Additionally, the Pentagon has already committed to FedRAMP reciprocity. FedRAMP works – and codifying it to bring the rest of the Federal government into the program would offer an excellent opportunity for wide-scale cloud adoption, something the federal government would benefit greatly from.
We hope that NDAA conferees will consider these important cyber provisions and include them in the final version of the bill and look forward to continuing our work with government partners on important cyber issues like these.
The post NDAA Conference: Opportunity to Improve the Nation’s Cybersecurity Posture appeared first on McAfee Blogs.
FreshRSS 