FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayMcAfee Blogs

White House Executive Order – Removing Barriers to Sharing Threat Information

By Jason White

The latest guidance in the Executive Order on Improving the Nation’s Cybersecurity (EO), Section 2, discusses removing the barriers to sharing threat information. It describes how security partners and service providers are often hesitant or contractually unable to share information about a compromise. The EO helps ensure that security partners and service providers can share intelligence with the government and requires them to share certain breach data with executive level departments and agencies responsible for investigating and remediating incidents, namely CISA, the FBI, and the IC.  This approach will enable better comprehensive threat visibility across the Executive Branch departments and agencies to promote early detection and coordinated response actions. Indeed, the threat information sharing section will help enhance the public-private sector partnership that McAfee, and our colleagues in the cyber security industry are committed to supporting.  To achieve this goal the EO requires:

  • Elimination of contractual barriers that limit sharing across agencies through FAR modifications
  • The expansion of log retention
  • Mandatory reporting requirements for government technology and service partners
  • Standards-based incident sharing
  • Collaboration with investigative agencies on potential or actual incidents.

The EO is a positive first step towards improving incident awareness at a macro level, though the EO would be even more impactful if it pushed government agencies to share more threat information with the private sector. The U.S. government represents an incredibly large attack surface and being able to identify threats early in one agency or department may very well serve to protect other agencies by enabling stronger predictive and more proactive defenses.  While a government-built threat intelligence data lake is a critical first step, I think a logical next step should be opening the focus of threat intelligence sharing to be both real-time and bi-directional.

The EO focuses on the need for the private sector to improve its information sharing and collaboration with the government. However, the guidance is focused more on “post-breach” and unidirectional threat sharing.  Real-time, not just “post-breach,” threat sharing improves the speed and effectiveness of countermeasures and early detection.  Bi-directional data sharing opens possibilities for things like cross-sector environmental context, timely and prescriptive defensive actions, and enhanced remediation and automation capabilities.  Harnessing real-time sector-based threat intelligence is not a unique concept; companies like McAfee have started to deliver on the promise of predictive security using historical threat intelligence to guide proactive security policy decision making.

Real-time threat sharing will make one of the EO’s additional goals, Zero Trust, ultimately more achievable.  Zero Trust requires a dynamic analysis layer that will continuously evaluate user and device trust. As environmental variables change, so should the trust and ultimately access and authorization given. If the intent of threat intelligence sharing is to identify potentially compromised or risky assets specific to emerging campaigns, then it stands to reason that the faster that data is shared, the faster trust can be assessed and modified to protect high-value assets.

McAfee has identified the same benefits and challenges as the government for targeted threat intelligence and has developed a useful platform to enable robust threat sharing. We understand the value of sector specific data acting as an early indicator for organizations to ensure protection.  Focusing on our own threat intelligence data lakes, we deliver on the promise of sector-specific intelligence by identifying targeted campaigns and threats and then correlating those campaigns to protective measures.  As a result, government agencies now have the advantage of predicting, prioritizing, and prescribing appropriate defense changes to stay ahead of industry-focused emerging campaigns. We call that capability MVISION Insights.

This approach serves to drive home the need for collaborative shared threat intelligence. McAfee’s broad set of customers across every major business sector, combined with our threat research organization and ability to identify sector-specific targeted campaigns as they’re emerging, allows customers to benefit from threat intelligence collected from others in their same line of business. The federal government has a wide range of private sector business partners across healthcare, finance, critical infrastructure, and agriculture, to name a few. Each of these partners extends the government attack surface beyond the government-controlled boundary, and each represents an opportunity for compromise.

Imagine a scenario where an HHS healthcare partner is alerted, in real-time across a public/private sector threat intelligence sharing grid, to a threat affecting either the federal government directly or a healthcare partner for a different government agency. This approach allows them to assess their own environment for attack indicators, make quick informed decisions about defensive changes, and limit access where necessary.  This type of real-time alerting not only allows the HHS partner to better prepare for a threat, but ultimately serves to reduce the attack surface of the federal government.

Allowing industry partners to develop and participate in building out cyber threat telemetry enables:

  • Automation of the process for predicting and alerting
  • Proactively identifying emerging threats inside and across industries
  • Sharing detailed information about threats and actors (campaigns and IOCs)
  • Real-time insight and forensic investigation capabilities

The U.S. government can begin to effectively shift focus from a reactive culture to one that is more proactive, enabling faster action against threats (or something like this). In the next EO, the Administration should bulk up its commitment to sharing cyber threat information with the private sector. The capability to exchange cyber threat intelligence data across the industry in standards-based formats in near real time exists today.  The collective “we” just needs to make it a priority.

 

 

 

The post White House Executive Order – Removing Barriers to Sharing Threat Information appeared first on McAfee Blogs.

Transforming to a Predictive Cyber Defense

By Britt Norwood

How much of the global economy is managed from a home network these days? Or, more importantly, what percentage of your company’s most sensitive data passes through employee home networks right now?

If you’re like me, working from a home office, you can’t help but think about all of the cybersecurity tradeoffs that accompanied the widespread shift from on-premises to cloud-delivered services. Better productivity in exchange for deeper vulnerabilities—like man-in-the-middle attacks—wasn’t a choice many cybersecurity pros would make under normal circumstances.

Yet, for better—and worse—there’s no going back to how things were. When Gartner revealed its annual list of top cybersecurity trends last month, we learned that while 64% of employees now work from home, at least 30-40% will continue to do so once the pandemic is over.1 In the foreseeable future, the Wi-Fi streaming your kids’ favorite shows will transport an untold amount of business data, too. All of which must be protected from device to cloud.

In the same report, Gartner said that with so many employees continuing to work from home, “endpoint protection services will need to move to cloud-delivered services.” While the vast majority of our customers made the overnight switch—many still need to adopt a cloud-native architecture.

No doubt the best transformations are the ones you plan for and manage from end-to-end. But the cloud transformation that many didn’t plan for—and most cybersecurity defenses couldn’t handle—turned out to pack the biggest punch. Here are three ways to better prepare for what comes next.

1. Establish Building Blocks

Stopping unauthorized access to corporate assets—and protecting them—is, on the face of it, a never-ending battle. You can’t build a moat, a wall, or a bubble and say, hey, my work here is done. We’ve found our customers need to solve two primary issues:

  • First, identify where data can leak and be stolen.
  • Second, prevent that event from happening with data protection spanning endpoints, web gateway, and the cloud.

So, we created the MVISION Device-to-Cloud Suites to protect all of this data coursing through home networks. Among the many types of threats we’ve tracked, one of the biggest threats is viruses infecting browsers and capturing keystrokes to steal sensitive information. We solve this by isolating a browser so that no one can see what information has been entered.

While paradigms may shift, going forward we believe it’s predictive defenses that will enable faster, smarter and more effective data loss prevention. We get there by enabling optimized endpoint threat protection, Extended Detection and Response (EDRs) that improve mean time to detect and respond to threats, and useful analytics that not only empower your SOC but also help inform and engage executives.

2. Understand Threat Perspectives

Gaining executive and board-level buy-in has long been a topic of concern in the cybersecurity field. Thanks in part to the harsh publicity and severe damage caused by state-sponsored hacks that day is finally in sight. In a recent blog, McAfee’s Steve Grobman indicated SolarWinds is the first major supply chain attack which represents a shift in tactics where a nation state has employed a new weapon for cyber-espionage.”2

Cybersecurity is perceived as the second highest source of risk for enterprises, losing out to regulatory concerns, notes Gartner.3 While today only one in 10 board of directors have a dedicated cybersecurity committee, Gartner projects that percentage will rise to 40% in four years.

One reason why cybersecurity hasn’t been elevated to an ongoing board concern previously is that many executives lack a window into the cybersecurity in their midst. And lacking a window, they have no keen understanding of their organization’s vulnerabilities. Which also makes it difficult to assess the operational value of various cybersecurity investments.

The ability to gain visual insights and predictive assessments of your security posture against dangerous threats is what generates actionable intelligence. A CISO or CSO should be able to look at a single screen and understand in minutes how well protected they are against potential threats. They also need a team that’s ready to take action on these insights and enact appropriate countermeasures to protect corporate assets from imminent attack.

3. Eliminate Headaches

You want to protect your palace from thieves, but when do you finally have too many latches, locks, and bars on your doors? At some point, less is more, particularly if you can’t remember where you put your keys. Consolidation is one of Gartner top five trends this year. Four out of five companies plan to trim their list of cybersecurity vendors in the next three years.4

In fact, Gartner’s 2020 CISO Effectiveness Survey found that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, while 12% have a whopping 46 or more.5 Mind you, we know there is no end-all, be-all Security vendor who does everything. But with our Device-to-Cloud Suites, your security technology resides in one umbrella platform. Without McAfee, you’d need one vendor on the desktop, another in the cloud, and one more on the web gateway.

Consolidation is intended to remove headaches rather than create them. With one SaaS-based suite that addresses your core security issues, you have lower maintenance, plus the ability to visualize where you’re vulnerable and learn what you need to do to protect it.

We’re Here to Help

McAfee is here to help organizations manage the transformation to a predictive cybersecurity defense and we provide the footprint to secure the data, endpoints, web, and cloud. From my vantage point, securing distributed digital assets demands effective security controls from device to cloud.

MVISION Device-to-Cloud Suites provide a simplified way to help accelerate your cloud transformation and adoption, better defend against attacks, and lower your total cost of operations. The suites scale with your security needs to deliver a unified endpoint, web, and cloud solution.

Learn More About McAfee Device-to-Cloud Suites:

 

Source:

1. Gartner Identifies Top Security and Risk Management Trends for 2021 (Gartner)

https://www.gartner.com/en/newsroom/press-releases/2021-03-23-gartner-identifies-top-security-and-risk-management-t

2. Why SolarWinds-SUNBURST is a Wakeup Call (McAfee)

https://www.mcafee.com/blogs/other-blogs/executive-perspectives/why-solarwinds-sunburst-is-a-wake-up-call/

3. Gartner Identifies Top Security and Risk Management Trends for 2021 (Gartner)

https://www.gartner.com/en/newsroom/press-releases/2021-03-23-gartner-identifies-top-security-and-risk-management-t

4. Ibid.

5. Gartner Survey Reveals Only 12% of CISOs Are Considered “Highly Effective” (Gartner)

https://www.gartner.com/en/newsroom/press-releases/2020-09-17-gartner-survey-reveals-only-12-percent-of-cisos-are-considered-highly-effective

The post Transforming to a Predictive Cyber Defense appeared first on McAfee Blogs.

McAfee Named a 2021 Gartner Peer Insights Customers’ Choice for SWG

By Sadik Al-Abdulla

The McAfee team is very proud to announce that, for the third year in a row, McAfee was named a 2021 Gartner Peer Insights Customers’ Choice for Secure Web Gateways for its Web Solution.

In its announcement, Gartner explains, “The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings.” To ensure fair evaluation, Gartner applies rigorous methodology for recognizing vendors with a high customer satisfaction rate.

For the distinction, a vendor needs at least 20+ Reviews from Customers with over $50M Annual Review in 18-month timeframe, above Market Average Overall Rating, and above Market Average User Interest and Adoption.

About Gartner Peer Insights and “Voice of the Customer” report:

Gartner Peer Insights is a peer review and ratings platform designed for enterprise software and services decision makers. Reviews are organized by products in markets that are defined by Gartner Research in Magic Quadrant and Market Guide documents.

The “Voice of the Customer” is a document that applies a methodology to aggregated Gartner Peer Insights’ reviews in a market to provide an overall perspective for IT decision makers. This aggregated peer perspective, along with the individual detailed reviews, is complementary to expert-generated research such as Magic Quadrants and Market Guides. It can play a key role in your buying process, as it focuses on direct peer experiences of buying, implementing and operating a solution. A complimentary copy of the Peer Insights ‘Voice of the Customer’ report is available on the McAfee Web site.

Here are some quotes from customers that contributed to this distinction:

“We were using an on-prem web gateway and we have been migrated to UCE recently due to the pandemic situations. It gives us the flexibility to manage our Web GW as a SaaS solution. The solution also provides us bunch of rulesets for our daily usage needs.” CIO in the Manufacturing Industry [Link here]

“McAfee Secure web gateway provides the optimum security required for the employees of the Bank surfing the Internet. It also provides the Hybrid capabilities which allows to deploy same policies regardless of the physical location of the endpoint.”       [Link here]

MVISION Unified Cloud Edge was specifically designed to enable our customers to make a secure cloud transformation by bringing the capabilities of our highly successful Secure Web Gateway appliance solution to the cloud as part of a unified cloud offering. This way, users from any location or device can access the web and the cloud in a fast and secure manner.

“The McAfee Web Gateway integrated well with existing CASB and DLP solutions. It has been very effective at preventing users from going to malware sites. The professional services we purchased for implementation was the best we’ve ever had from any vendor of any IT security product.” Senior Cybersecurity Professional in the Healthcare Industry   [Link here]

McAfee’s Next-Gen Secure Web Gateway technology features tight integration with our CASB and DLP solutions through a converged management interface, which provides unified policies that deliver unprecedented cloud control while reducing cost and complexity. By integrating our SWG, CASB, DLP, and RBI solutions, MVISION Unified Cloud Edge provides a complete SASE security platform that delivers unparalleled data and threat protection.

“We benchmarked against another very well known gateway and there was no comparison. The other gateway only caught a small fraction of what MWG caught when filtering for potentially harmful sites.” Information Security Officer in the Finance Industry   [Link here]

As the threat landscape continues to evolve, it’s important for organizations to have a platform that is integrated and seamless. That’s why McAfee provides integrated multi-layer security including global threat intelligence, machine learning, sandboxing, UEBA, and Remote Browser Isolation to block known threats and detect the most elusive attacks.

To learn more about this distinction, or to read the reviews written about our products by the IT professionals who use them, please visit Gartner Peer Insights’ Customers’ Choice announcement for Web. To all of our customers who submitted reviews, thank you! These reviews mold our products and our customer journey, and we look forward to building on the experience that earned us this distinction!

June 2021 Gartner Peer Insights ‘Voice of the Customer’: Secure Web Gateways

McAfee is named a Customers’ Choice in the June 2021 Gartner Peer Insights “Voice of the Customer”: Secure Web Gateways.

Download Now

 

The post McAfee Named a 2021 Gartner Peer Insights Customers’ Choice for SWG appeared first on McAfee Blogs.

McAfee a Leader in The Forrester Wave™ Unstructured Data Security Platforms

By Graham Clarke

The mass migration of employees working from home in the last 14 months has accelerated the digital transformation of businesses.  Cloud applications are no longer a “nice to have,” they are now essential to ensure that businesses survive.  This introduces new security challenges in being able to locate and control sensitive data across all the potential exfiltration vectors regardless of whether they are in the cloud; on premise via managed or unmanaged machines.  Attempting to control these vectors through multiple products results in unnecessary cost and complexity.

McAfee anticipated and responded to this trend, solving all these challenges through the launch of our MVISION Unified Cloud Edge solution in 2020. Unified Cloud Edge doesn’t simply offer data protections controls for endpoints, networks, web and the cloud; rather, Multi-Vector Data Protection provides customers with unified data classification and incident management that enables them to define data workflows once and have policies enforced consistently across each vector. Because of the unified approach and our extensive data protection heritage, we are delighted to be named a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021. In our opinion, we were the top ranked dedicated cyber security vendor within the report.

We received the highest possible score in nine criteria with Forrester Research commenting on our “cloud-first data security approachand customer recognition of our “breadth of capabilities (in particular for supporting remote work and cloud use)”.

We continue to innovate within our  Unified Cloud Edge solution through the introduction of remote browser isolation to protect against risky web sites (our “heavy focus in supporting security and data protection in the cloud), which uniquely to the market allows us to continue applying DLP controls even during isolated sessions. Delivering on increased customer value through innovation isn’t just limited to new features, for instance we continue to drive down costs through an unlimited SaaS application bundle.

Click below to read the full report.

The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021

McAfee is delighted to be named a Leader in The Forrester Wave™ Unstructured Data Security Platforms, Q2 2021 report. We received the highest possible score in nine criteria with Forrester Research

Download Now

 

The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021, 17 May 2021, Heidi Shey with Amy DeMartine, Shannon Fish, Peggy Dostie

The post McAfee a Leader in The Forrester Wave™ Unstructured Data Security Platforms appeared first on McAfee Blogs.

The Executive Order – Improving the Nation’s Cyber Security

By Jason White

On May 12, the President signed the executive order (EO) on Improving the Nation’s Cybersecurity. As with every executive order, it establishes timelines for compliance and specific requirements of executive branch agencies to provide specific plans to meet the stated objectives.

It is clear from the EO that the Executive Office of the President is putting significant emphasis on cyber threat intelligence and how it will help government agencies make better decisions about responding to cyber threats and incidents.  The EO also focuses on how federal agencies will govern resource access through Zero Trust and how to comprehensively define and protect hybrid service architectures.  These are critical aspects as government agencies are moving more and more mission-critical applications and services to the cloud.

The call to action in this executive order is long overdue, as modernizing the nation’s cybersecurity approach and creating coordinated intelligence and incident response capabilities should have occurred years ago. Requiring that agencies recognize the shift in the perimeter and start tearing down silos between cloud services and physical data center services is going serve to improve visibility and understanding of how departments and sub-agencies are being targeted by adversaries.

I am sure government leaders have started to review their current capability along with their strategic initiatives to ensure they map to the new EO requirements.  Where gaps are identified, agencies will need to update their plans and rethink their approach to align with the new framework and defined capabilities such as endpoint detection and response (EDR) and Zero Trust.

While the objectives outlined are critical, I do believe that agencies need to take appropriate cautions when deciding their paths to compliance. The goal of this executive order is not to add additional complexity to an already complex security organization. Rather, the goal should be to simplify and automate wherever possible. If the right approach is not decided on early, the risk is very real of adding too much complexity in pursuit of compliance, thus eroding the desired outcomes.

On the surface, it would seem that the areas of improvement outlined in the EO can be taken individually – applied threat intelligence, EDR, Zero Trust, data protection, and cloud services adoption. In reality, they should be viewed collectively. When considering solutions and architectures, agency leaders should be asking themselves some critical questions:

  1. How does my enterprise derive specific context from threat intelligence to drive proactive and predictive responses?
  2. How can my enterprise distribute locally generated threat intelligence to automatically protect my assets in a convict once, inoculate many model?
  3. How does threat intelligence drive coordinated incident response through EDR?
  4. How do threat intelligence and EDR capabilities enable informed trust in a Zero Trust architecture?
  5. How do we build upon existing log collection and SIEM capabilities to extend detection and response platforms beyond the endpoint?
  6. How do we build a resilient, multi-layered Zero Trust architecture without over complicating our enterprise security plan?

The executive order presents a great opportunity for government to evolve their cybersecurity approach to defend against modern threats and enable a more aggressive transition to the cloud and cloud services. There is also significant risk, as the urgency expressed in the EO could lead to hasty decisions that create more challenges than they solve.  To capitalize on the opportunity presented in this executive order, federal leaders must embrace a holistic approach to cybersecurity that integrates all the solutions into a platform approach including robust threat intelligence.  A standalone Zero Trust or EDR product will not accomplish an improved or modernized cybersecurity approach and could lead to more complexity.  A well-thought-out platform, not individual products, will best serve public sector organizations, giving them a clear architecture that will protect and enable our government’s future.

 

 

The post The Executive Order – Improving the Nation’s Cyber Security appeared first on McAfee Blogs.

Why May 2021 Represents a New Chapter in the “Book of Cybersecurity Secrets”

By Ken Kartsen
Was ist ein Trojaner?

May 2021 has been an extraordinary month in the cybersecurity world, with the DoD releasing its DoD Zero Trust Reference Architecture (DoDZTRA), the Colonial Pipeline being hit with a ransomware attack, and the White House releasing its Executive Order on Improving the Nation’s Cybersecurity (EO). Add to that several major vendors that our government depends on for its critical operations disclosing critical vulnerabilities that could potentially expose our nation’s critical infrastructure to even more risk, ranging from compromised email and cloud infrastructures to very sophisticated supply chain attacks like the SolarWinds hack, which could have started as early as 2019.

If the situation sounds ominous, it is. The words and guidance outlined in the DoDZTRA and EO must be followed up with a clear path to action and all the stakeholders, both public and private, are not held accountable for progress. This should not be another roll-up reporting exercise, time to study the situation, or end up in analysis paralysis thinking about the problem. Our adversaries move at speeds we never anticipated by leveraging automation, artificial intelligence, machine learning, social engineering, and more vectors against us. It’s time for us to catch up and just very possibly think differently to get ahead.

There is no way around it: This time our nation must invest in protecting our way of life today and for future generations.

The collective “we” observed what happened when ransomware hit a portion of the nation’s critical infrastructure at Colonial Pipeline. If the extortion wasn’t bad enough, the panic buying of gasoline and even groceries in many of Eastern U.S. states impacted thousands of people seemingly overnight, with help from social and traditional media. It’s too early to predict what the exact financial and social impacts may have been on this attack. I suspect the $4.4M ransom paid was very small in the greater scheme of the event.

May 2021 has provided a wake-up call for public-private cooperation like we’ve never seen before. Perhaps we need to rethink cybersecurity altogether. During his keynote remarks at the recent RSA Conference, McAfee CTO Steve Grobman talked about how “as humans, we are awful at perceiving risk.” Influenced by media, anecdotal data, and evolutionary biology, we let irrational fears drive decision-making, which leads humans to misperceive actual risks and sub-optimize risk reduction in both the physical and cyber world. To combat these tendencies, Steve encourages us to “be aware of our biases and embrace data and science-based approaches to assess and mitigate risk.”

Enter Zero Trust Cybersecurity, which is an architectural approach – not a single vendor product or solution. The DoDZTRA takes a broader view of Zero Trust than the very narrow access control focus, saying it is “a cybersecurity strategy and framework that embeds security throughout the architecture to prevent malicious personas from accessing our most critical assets.” And our most critical assets are data.

NSA also recently weighed in on Zero Trust, recommending that an organization invest in identifying its critical data, assets, applications, and services. The NSA guidance goes on to suggest placing additional focus on architecting from the inside out; ensuring all paths to data, assets, applications, and services are secure; determining who needs access; creating control policies; and finally, inspecting and logging all traffic before reacting.

These practices require full visibility into all activity across all layers — from endpoints to the network (which includes cloud) — to enable analytics that can detect suspicious activity. The ability to have early or advanced warnings of global and local threat campaigns, indicators of compromise, and the capability to deliver proactive countermeasures is a must-have as part of an organization’s defensive strategies.

The Zero Trust guidance from both DoD and NSA is worth following. It’s also worth reprising the concept of defense in depth – the cybersecurity strategy of leveraging multiple security mechanisms to protect an organization’s assets. Relying on a single vendor for all an organization’s IT and security needs makes it much easier for the adversary.

If you believe in a good conspiracy theory, the month of May 2021 could provide great material for a made-for-TV movie. Earlier I mentioned that the collective “we” needs to be held accountable. Part of that accountability is defining success metrics as we take on a new path to real cybersecurity.

 

 

The post Why May 2021 Represents a New Chapter in the “Book of Cybersecurity Secrets” appeared first on McAfee Blogs.

Gartner names McAfee a Leader in 2021 Magic Quadrant for Endpoint Protection Platforms

By Nathan Jenniges

At McAfee, we believe no one person, product or organization can combat cybercrime alone. That is why we continue to build our device-to-cloud security platform on the premise of working together – together with customers, partners and even other cybersecurity vendors. We continue this fight against the greatest challenges of our digital age: cybercrime. As part of our ongoing effort to protect what matters, we have developed breakthrough technologies over the past several years that enable customers to proactively respond to emerging threats and adversaries despite a constantly evolving threat landscape. So, today, we are extremely proud to announce that McAfee is positioned as a “Leader” in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP).   

This is a monumental development in so many ways, especially when you consider that we were not recognized in the Magic Quadrant a few years ago. This recognition speaks volumes about the innovations we are bringing to market that resonate both with our customers and industry experts. Let me review, from my perspective, why McAfee is recognized in the Leaders Quadrant.  

Here are some key innovations in our Endpoint Protection Platform that contributed to our Leader recognition: 

  • MVISION Endpoint Security (ENS) – to prevent ransomware, fileless attacks, and defend against other advanced persistent threats.  
  • MVISION Insights – to preempt and prevent attacks before they hit. 
  • MVISION EDR – to identify and stop sophisticated threat campaigns 
  • Unique capabilities to Auto-recover from ransomware attacks (Demo) 

Vision    

We set out with a vision, to create the most powerful endpoint protection platform and we are aggressively executing towards this vision. Over the past 12 months, we have made great strides in developing a market leading product, MVISION Insights, and our cloud delivered MVISION EDR. Looking ahead, our goal is to develop a unified and open eXtended Detection and Response (XDR) solution and strategy that further delivers on our device-to-cloud strategy 

We believe, McAfee’s position as a Leader further acknowledges some of our key differentiators, such as MVISION Insights, and our ability to eclipse the market with an innovative device-to-cloud strategy that spans the portfolio, including web gateway, cloud, and our network security offerings. 

Executing on Innovation 

We started by redefining our endpoint security offering with the release of MVISION Insights, a game-changing product that functions as the equivalent of an early warning system – effectively delivering preventative security. It’s hard to understate the significance of this innovation; we’re breaking the old paradigm of post-attack detection and analysis and enabling customers to stay ahead of threats. In parallel, we streamlined our EDR capabilities, which now provide AI-driven, guided investigations that ease the burden on already-stretched Security Operations Centers (SOCs) 

Increasing Value 

The bottom line is that we’re the only vendor taking a proactive risk management approach for safer cloud usage while reducing total cost of ownership. In addition, we have improved our licensing structure to fit customer needs and simplify consumption of our endpoint security solutions. We’ve made it easy to choose from a simplified licensing structure allowing customers to buy subscriptions for complete endpoint protection with no add-ons or extra costs. Our user-based licensing agreements provide for 5 devices, thus enabling frictionless expansion to incorporate additional device support in remote work environments 

Validation 

In just under a year, our latest release of McAfee Endpoint Security (ENS) 10.7 has emerged as our highest deployed version of any McAfee product worldwide and our fastest-ever single-year ramp. More than 15,000 customers comprising tens of millions of nodes are now on ENS 10.7 and are deploying its advanced defenses against escalating threats. Customers get added protected because ENS 10.7 is backed by our Global Threat Intelligence (GTI) service to provide adaptable, defense in-depth capabilities against the techniques used in targeted attacks, such as ransomware or fileless threats. It’s also easier to use and upgrade. All of this means your SOC can be assured that customers are protected with ENS 10.7 on their devices.  

Customer input guides our thinking about what to do next. Since the best critics are the people who use our products, let’s give them the last word here.  

“We are now positioned to block usage of personal instances of Sanctioned services while allowing the business to move forward with numerous cloud initiatives, without getting in the way. We also now have the visibility that was lacking to ensure that we can allow our user community to work safely from their homes without introducing risks to our corporate environment.” 

 Kenn JohnsonCybersecurity Consultant 

Commitment:  

Our continued commitment to our customers is to protect what matters. We believe that McAfee’s position in the Leaders  Quadrant validates that we are innovating at the pace and scale that meets the most stringent needs of our enterprise customers. We are proud of our product teams and threat researchers who continue to be driven by our singular mission, and who strive to stay ahead of adversaries with their focus on technological breakthroughs, and advancements in researching threats and vulnerabilities. 

What we have accomplished over the past several years, and our position as a Leader in the 2021 Gartner Magic Quadrant for EPP, is only the tip of the iceberg for what’s ahead.  

2021 Gartner Magic Quadrant for Endpoint Protection Platforms

McAfee named a Leader in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms. Download the Magic Quadrant report, which evaluates the 19 vendors based on ability to execute and completeness of vision.

Download Now

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Gartner Magic Quadrant for Endpoint Protection Platforms, 5 May 2021 Paul Webber, Peter Firstbrook, Rob Smith , Mark Harris, Prateek Bhajanka

The post Gartner names McAfee a Leader in 2021 Magic Quadrant for Endpoint Protection Platforms appeared first on McAfee Blogs.

RSA Conference 2021: The Best Place to Strengthen Your Resilience

By Melissa Gaffney

This year’s RSA Conference will look a little different. Instead of booking flights and hotel rooms in the busy city of San Francisco, we’ll be powering up computers in our home office with family in the next room. We’ve all had a tumultuous year and with that comes resilience, which is also this year’s conference theme.

Ahead of the RSA virtual conference, I spoke with a few of my colleagues about the major themes we should expect to see at RSA this year.

Q: This year’s RSA Conference theme is resilience. What does ‘resilience’ mean to you when protecting the world from cyberthreats?

Scott Howitt, Senior Vice President and Chief Information Officer – The COVID lockdown has exposed to enterprises that the ability to recover your business (Business Continuity) is important in the face of disaster, but Business Resilience means that your business will be able to adapt to Black Swan events. I’ve seen technology be the catalyst for resilience for most organizations.

Raj Samani, Chief Scientist and McAfee Fellow – For me, it would be ability to continue operations in light of disruption. Whether that disruption originated from digital factors, or indeed physical but to keep the wheels turning.

John Fokker, Principal Engineer and Head of Cyber Investigations for McAfee ATR – Just like Boxing: Isn’t as much about not being hit, because you are in the ring and punches are thrown, but resilience to me is more about how fast you can get back up on your feet once you do get hit. The same is true with security operations, attackers are going to try to hit you, but how good is your defense so you can minimize the impact of the attack and in the case you do get knocked down what controls do you have in place that you can get back up and resume operations.

Amanda House, Data Scientist – Cybersecurity is a unique industry in that new cyberthreats are always improving to avoid detection. A machine learning model made a month ago could now have weakness an adversary has learned to exploit. Machine learning model practitioners need to be resilient in always innovating and improving on past models to outpace new threats. Resilience is constantly monitoring machine learning models so that when we notice decay we can quickly improve them to stop new cyberthreats.

Sherin Mathews, Senior Research Scientist – To me, cyber-resilience implies being able to protect critical assets, maintain operations, and, most importantly, embrace new technologies in the face of evolving threats. The cybersecurity field is an arms race scenario with the threat landscape changing so much. In case of threats like deepfakes, some deepfakes will reach ultra-realism in the coming few years, many will still be more amateurish, and we need to keep advancing towards the best detection methods with newer forms of threats. I feel resiliency doesn’t mean you can survive or defend against all attacks, but it means that if you are compromised, you have a plan that lets us recover quickly after a breach and continue to function. Deepfakes and other offshoots of AI will require businesses to create a transparent, agile, and holistic detection approach to protect endpoints, data, apps, and cloud services.

Q: What topic(s) do you think will play an important role at this year’s RSAC? 

Samani – I anticipate Zero Trust will play a prominent role, considering the year of remote working, and a myriad of significant threats being realised. 

Fokker – Definitely Zero-Trust but also combatting threats that come with working from home, and threat intelligence so organization can better understand the actions of their adversaries even before they step into the ring.

Q: What are you hoping to get out of RSAC this year and what do you want your attendees to take away from your session?

Howitt – I am hoping to see how others have adapted to life with COVID and now that it is receding, what do they think life with look like after.  As for my session, I want to highlight the importance of adaptability and stress that this paradigm shift means we will never go back to normal.

Q: What led you to pursue a career in cybersecurity, and what makes you stay in the industry?

House – Cybersecurity is not a career path I ever imagined for myself. As a student I always enjoyed math and computer science and I naturally gravitated toward those topics. My love of both subjects led me to pursue data science and machine learning. My first job out of college was in the cybersecurity industry and that was my first introduction to this career. Since then, I have loved how cybersecurity requires constant innovation and creative ways of using AI to stop new threats.

Mathews – My background and Ph.D. focused on developing novel dictionary learning and deep learning algorithms for classification tasks related to remote health monitoring systems (e.g., activity recognition for wearable sensors and heartbeat classification). With a background in machine learning, deep learning with applications to computer vision areas, I  entered the field of cybersecurity during my work at Intel Security/Mcafee in 2016.  I contributed towards increasing the effectiveness of cybersecurity products by creating novel machine learning/deep learning models to detect advanced threats(e.g., ransomware & steganography). In my industry work experience, I also had a chance to develop leading-edge research such as eXplainable A.I. (XAI) and deepfakes.   Overall, the advent of artificial intelligence can be considered a significant milestone as A.I. is steadily flooding several industries. However, A.I. platforms can also be misused if in the wrong hands, and as research professionals, we need to step up to detect attacks or mishaps before they happen. I feel deeply passionate about XAI, ethical A.I., the opportunity to combat deepfakes and digital misinformation, and topics related to ML and DL with cybersecurity applications. Overall, it is an excellent feeling as a researcher to use your knowledge to combat threats that affect humanity and safeguard humans.  Also, I believe that newer A.I. research topics such as GANs, Reinforcement learning, and few-shot learning have a lot to offer to combat advanced cybersecurity threats.

Q: Follow-up: What can women bring to the cybersecurity table?

House – I am fortunate to work with a lot of great women in technology at McAfee. Not only are these women on the cutting edge of innovation but they are also great mentors and leaders. We need more smart people pursuing jobs in this industry and in order to recruit new talent, especially young graduates, we need to mentor and encourage them to pursue this career. Every woman I have met in this industry wants to see new talent succeed and will go the extra mile to provide mentorship. I have also noticed women tend to have unique backgrounds in this industry. For example, some of the women I look up to have degrees in biomedical engineering or physics. These unique backgrounds allow these women to bring innovative ideas from outside cybersecurity to solve some of the toughest problems in the cybersecurity industry. We need more talent from diverse backgrounds to bring in fresh ideas.

McAfee is a proud platinum with keynote level sponsor of RSA Conference 2021. Take in the McAfee virtual booth and sessions presented by McAfee industry leaders Here are some of the best ways to catch McAfee at RSA. Can’t wait to see you there!

The post RSA Conference 2021: The Best Place to Strengthen Your Resilience appeared first on McAfee Blogs.

Bring on 2021!

By Shishir Singh

With 2021 approaching, it is a time to both reflect on the outstanding progress we have each made – personally and professionally, and warmly welcome a new chapter in 2021!  

2020 has been one of the most unexpected years in our history. However, despite COVID-19, we had some amazing successes. 

January brought McAfee our new CEO – Peter Leav. It’s hard to believe it has only been a year under his leadership. What an impact! And, McAfee is back on the stock exchange.   

2020 has also seen the rapid acceleration of cloud adoption. Typically, a move like that involves immense planning to minimize complexity. That didn’t always happen.  And, as our Advanced Threat Research team has reported, cybercriminals took full advantage of more ransomware, malware, and general bad behavior. In fact, a recent McAfee report estimates global cybercrime losses will exceed $1 Trillion.  Fortunately, McAfee customers benefited from the get-go with a robust, award-winning cloud-native portfolio that became even stronger in 2020.   

Excelling at Cloud Security with SASE and CNAPP 

Shortly after Peter joined, we closed our LightPoint Acquisition, enabling us to add Remote Browser Isolation (RBI) to MVISION Unified Cloud Edge (UCE). In March, we delivered multi-vector data protection for unified and comprehensive data protection across endpoints, web, and cloud. In August, we further enhanced our MVISION UCE offering by announcing pivotal SD-WAN Technology integrations. Finally, at MPOWER, we announced the industry first integration of Remote Browser Isolation into our Unified Cloud Edge solution.  

To our award-winning and unmatched MVISION Cloud solution which is natively integrated into UCE, we were the first CASB to map cloud threats to MITRE ATT&CK. Introducing MITRE ATT&CK into the MVISION Cloud workflow helps SOC analysts to investigate cloud threats and security managers defend against future attacks with increased precision. Our new MVISION Cloud Security Advisor (CSA) – provides recommendations – broken into visibility and control metrics – to help prioritize cloud security controls implementation.  We also delivered MVISION Cloud for Teams, which provides policy and collaboration controls to enable organizations to safely collaborate with partners without having to worry about exposing confidential data to guest users.   

MVISION Cloud received its FedRAMP High JAB P-ATO designation and McAfee MVISION for Endpoint achieved FedRAMP Moderate Authorization. Both of those are important to enable our Federal customers to take advantage of the MVISION portfolio.  

All of this helps our customers accelerate the easy adoption of a more complete Secure Access Service Edge (SASE) architecture and better defend against advanced web and cloud-based threats. In fact, our MVISION UCE customers can enjoy nearly 40% annual TCO savings when they go from on-prem to cloud. 

For our customers who want cloud native IaaS security while dealing existing on-prem data center deployments, we rolled out our new McAfee MVISION Cloud-Native Application Protection Platform (CNAPP), an integrated hybrid cloud security platform for comprehensive data protection, threat prevention, governance, and compliance for the cloud-native application lifecycle. We also announced native AWS Integrations for MVISION CNAPP.  

Delivering future proof SOC with XDR  

The team and I are also extremely excited about the progress with our Endpoint portfolio across ENSEDR and momentum behind MVISION Insights 

The still unfolding SolarWinds supply chain compromise has shown how unprepared SOC teams can be and why it is ever more important to have proactive and actionable threat intelligence at your fingertips. As news of an emerging campaign becomes viral, SOC teams must answer the topical question raised by the C-level or the Board “Are we impacted” which unfortunately till now took weeks if not days of scrambling to answer. We launched MVISION Insights early this summer to solve for exactly this problem. MVISION Insights leverages McAfee’s cutting-edge threat research, augmented with AI applied to real-time telemetry streamed from over a Billion sensors to identify and prioritize threats, before they hit. MVISION Insights can predict the impact on your countermeasures, and then tells you exactly how and where to improve your security posture. In essence, it enables you to “shift left” and anticipate and stop breaches before they happen. As the SolarWinds compromise was unfolding, MVISION Insights delivered actionable threat intelligence to McAfee’s customers within hours. The fact that we now have hundreds of customers who have adopted MVISION Insights as part of their SOC framework within a few months of release is a testament to the real value add they are enjoying. Best part is that it is also free for all our customers who have our integrated EPP+EDR SKUs: MV6 or MV7. 

Our latest Endpoint protection product, ENS 10.7, is stronger with the highest quality and customer satisfaction than ever. ENS 10.7 couples all our endpoint protection capabilities with machine learning, behavior monitoring, fileless threat defense and Rollback Remediation. It’s also backed by our Global Threat Intelligence (GTI) to provide adaptable, defense in depth capability against the techniques used in targeted ransomware attacks. ENS 10.7 delivers meaningful value. Rollback Remediation, for instance, can save an average $500 per node in labor and productivity costs by eliminating need to reimage machines. ENS 10.7 became generally available about a year ago and has emerged as our #1 deployed enterprise product worldwide – the fastest ramp of any ENS release. 

Equally on the EDR front, we delivered capabilities that make a measurable improvement for the ever tired SOC teams. The included AI Guided investigations can speed threat investigations from greater than 2 hours to as little as 6 minutes per incident. The SolarWinds compromise also showed that Organizations need an integrated platform that delivers complete visibility and control across their infrastructure including their supply chain. The recently announced MVISION XDR builds upon our EDR solution making it easier for our customers to achieve this complete visibility and control. It extends MVISION Insights across endpoints, network and cloud, making it the first proactive XDR platform to manage your risk. MVISION XDR dramatically expands the capabilities of traditional Endpoint Detection and Response (EDR) point solutions by delivering a fully integrated, SaaS-based platform to rapidly discover and mitigate the real threats to your users and data across all threat vectors.  And, complementing our MVSION XDR solution is a host of partner solutions available via MVISION Marketplace.  

Finally, we rolled out the Device-to-Cloud suites, making it easier for our customers to move to a cloud-native architecture. These three SaaS offerings all feature MVISION Insights and endpoint protection to provide right-sized security solutions in a simple-to-acquire package.  

I am so proud that our customers and the industry also recognize the McAfee teams’ hard work. We were able to add a long list of awards and accolades to our portfolio in 2020. 

  

 

Now that we’ve looked back at our successes, let’s take a moment to look forward and set goals for ourselves in the coming year. My team and I are committed to:  

  • Expanding on our XDR strategy by changing the landscape of how we enable our customers to being more proactive and get complete visibility and control halting threats before they reach devices, networks, and the cloud.  
  • Strengthening UCE by innovating and expanding our portfolio features and functionality to enable comprehensive Zero Trust and SASE coverage from McAfee that spans all major threat vectors.   
  • Raising the bar of MVISION CNAPP innovation and making it easier (and safer) to accelerate cloud transitions with continued cloud security innovation. 

 

Against today’s increasingly sophisticated adversaries, your success is our success.    

As we head into 2021, I want to take a moment to wish each of you peace, good health, and prosperity.   

Happy holidays to you and yours! 

Thanks, Shishir 

The post Bring on 2021! appeared first on McAfee Blogs.

10 Reasons to Celebrate 2020

By Melissa Gaffney

Everyone deserves a break after surviving this past year and I cannot think of better way to celebrate than to share some of our greatest accomplishments from 2020.

1.

January 2020 Gartner Peer Insights VOC Customers’ Choice for CASB

 

McAfee was the only vendor to be named the January 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Cloud Access Security Brokers (CASBs). The recognition is based on customer feedback and ratings for McAfee MVISION Cloud, which we believe provides a cloud-native and frictionless way for organizations to consistently protect their data and defend from threats across the spectrum of Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). Everyone at McAfee is extremely proud and honored to be named by customers as a 2020 Gartner Peer Insights Customers’ Choice for CASB.

Disclaimer: Gartner, Gartner Peer Insights ‘Voice of the Customer’: Cloud Access Security Brokers, 13 March 2020

2.

Coolest Cloud and Coolest Endpoint Security Companies

 

CRN, the top news source for solution providers and the IT channel, included McAfee on its Security 100 list and named McAfee one of “The 20 Coolest Cloud Security Companies” and “The 20 Coolest Endpoint Security Companies” of 2020.

3.

Most Innovative and Scalable Cloud and Endpoint Security Company

 

During RSA 2020, Cyber Defense Magazine, the industry’s leading electronic information security magazine, named McAfee the Most Innovative Company in its Cloud Security category for McAfee MVISION Cloud. The magazine also listed McAfee Endpoint Security Most Innovative and McAfee MVISION EDR Most Scalable, both in the Endpoint Security category.

4.

CASB Category Winner

 

Info Security Products Guide, the industry’s leading information security research and advisory guide, named McAfee a winner in the 16th Annual 2020 Info Security PG’s Global Excellence Awards® in its Cloud Access Security Brokers (CASB) category for MVISION Cloud for Container Security.

5.

2020 Gartner Peer Insights Customers’ Choice VOC for Secure Web Gateways

 

We’re thrilled to be named the 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Secure Web Gateways (SWGs) for the second year in a row. The recognition is based on customer feedback and ratings for the McAfee Web Security portfolio which consists of McAfee Web Protection (MWP), McAfee Web Gateway (MWG) and McAfee Web Gateway Cloud Service (MWGCS). We believe this customer recognition validates our commitment to innovate and invest in technology that aims to reduce the cost and complexity of modern cybersecurity. With the McAfee Web Security portfolio, organizations can enforce their internet policy compliance and extend their perimeter security for a borderless IT environment.” said Ash Kulkarni, executive vice president and chief product officer, McAfee.

Disclaimer: Gartner, Gartner Peer Insights ‘Voice of the Customer’: Secure Web Gateways, 09 April 2020

6.

MVISION Cloud Wins 2020 Fortress Cyber Security Award

 

McAfee MVISION Cloud took top honors in the 2020 Fortress Cyber Security Awards in the data protection category for its cloud access security broker (CASB) technology. The industry awards program seeks to highlight, discuss and reward the creative thinking, engineering, people and projects that are taking proactive steps to thwart cybersecurity attacks.

7.

2020 Gartner Peer Insights ‘Voice of the Customer’ for Both Enterprise DLP and SIEM Solutions Report

 

We’re excited to be named a 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Enterprise Data Loss Prevention (DLP) and a 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Security Information Event Management (SIEM). The Gartner Peer Insights Customers’ Choice Recognition is based on feedback and ratings from end-user professionals who purchase, implement and/or use McAfee’s DLP and SIEM solutions. “We think rigorously validated customer reviews are the true mark of value and quality,” said Anand Ramanathan, vice president of enterprise products, McAfee.

Disclaimer: Gartner, Gartner Peer Insights ‘Voice of the Customer’: Enterprise Data Loss Prevention, 01 July 2020 & Gartner, Gartner Peer Insights ‘Voice of the Customer’: Security Information Event Management, 03 July 2020

8.

Named to the Diversity Best Practices Inclusion Index

It’s an honor to be recognized as an inclusive workplace by Diversity Best Practices (DBP), a division of Working Mother Media. McAfee was among the 98 organizations that earned a place on the fourth annual Inclusion Index. McAfee’s efforts to create a more inclusive workplace focus on attracting and hiring diverse talent, cultivating an environment where everyone thrives, and igniting change within our industry and community. Read more about McAfee’s strategy and results in the 2019 Impact Report.

9.

Named a Leader in 2020 Gartner Magic Quadrant for Cloud Access Security Brokers

 

This year, we are positioned as a Leader in the 2020 Gartner “Magic Quadrant for Cloud Access Security Brokers” (CASB) for every one of the four years the quadrant has been published. The report, which evaluates vendors based on their ability to execute and on their completeness of vision, positioned McAfee highest and furthest, respectively, for these attributes in the entire Magic Quadrant. A complimentary copy is available on the McAfee web site.

Disclaimer: Gartner, Magic Quadrant for Cloud Access Security Brokers, Steve Riley, Craig Lawson, 30 October 2020.

10.

Ken McCray Named One of CRN’s 50 Most Influential Channel Chiefs

 

Ken McCray, head of channels sales and operations Americas at McAfee, was named to CRN’s exclusive list of the 50 Most Influential Channel Chiefs for 2020. This annual list recognizes the elite vendor executives who lead, influence, innovate, and disrupt the IT channel. We congratulate McCray for his outstanding commitment, ability to lead, and passion for progress within the channel through our partner programs.

 

The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliate.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

 

The post 10 Reasons to Celebrate 2020 appeared first on McAfee Blogs.

2020 Hindsight – Top 10 Highlights from McAfee

By Melissa Gaffney

2020 has been a tumultuous and unpredictable year, where we restructured our lives and redefined how we work and interact with each other. In the past nine months, we saw IT security and the digital world challenged and taken to new heights. Although 2020 has undoubtedly been a year of trials and tribulations, I wanted to share some of McAfee’s top highlights.

The list that follows is drawn from some of this year’s greatest accomplishments.

1.

New Global Managed Detection and Response Platform

At the RSA Conference in February, we launched our MDR platform and our first strategic partner to leverage our MVISION EDR solution to proactively detect cyber threats faced by customers and resolve security incidents faster. Our MDR service with DXC Technology provides 24/7 critical alert monitoring, managed threat hunting, advanced investigations, and threat disruption 365 days a year.

2.

Cloud Risk & Adoption Report: Work-from-Home Edition

With the new work from home environment, we released a report uncovering a correlation between the increased use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, along with an increase in cyber-attacks targeting the cloud.

3.

MVISION Cloud Becomes First CASB to Receive U.S. Government’s FedRAMP High JAB P-ATO Designation

To support today’s U.S. governments race to modernize its IT infrastructure in the constantly evolving threat landscape, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level. Learn more here.

4.

Election Website Security Shortcomings

Ahead of the 2020 U.S. Presidential election, we released a survey revealing a severe lack of U.S. government .GOV validation and HTTPS encryption among county election websites in 13 states. The January 2020 survey found that as many as 83.3% of these county websites lacked .GOV validation across these states, and 88.9% and 90.0% of websites lacked such certification. Subsequently, reports emerged from the U.S. Federal Bureau of Investigations and the FBI and Department of Homeland Security, which compelled us to conduct a follow-up survey of county election websites in all 50 U.S. states.

5.

Industry’s First Proactive Security Solution to Help Organizations Stay Ahead of Emerging Threats

MVISION Insights provides actionable and preemptive threat intelligence by leveraging our cutting-edge threat research, augmented with sophisticated AI applied to real-time threat telemetry streamed from over 1 billion sensors. The integration of MVISION Insights significantly enhances the capabilities of our award winning endpoint security platform by managing the attack surface, preventing ransomware and aiding security teams to easily investigate and respond to advanced attacks.

6.

Threat Actor Evolution During the Pandemic

Our McAfee Labs team released a report examining cybercriminal activity related to COVID-19 and the evolution of cyber threats in Q1 2020. The team saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. Read the full report Q1 2020 here, and feel free to enjoy the bumper edition of the McAfee Labs Threats Report: November 2020, here.

7.

Introducing MVISION CNAPP

McAfee announced CNAPP, a new security service that combines solutions from Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Data Loss Prevention (DLP), and Application Protection into a single solution. Now in beta with a target launch date of Q1, 2021, we built CNAPP to provide InfoSec teams broad visibility into their cloud native applications.

8.

Taking Threat Detection and Response to a New Level

At MPOWER 2020, we announced McAfee XDR, a complete platform that provides SOCs visibility into how threats are impacting your key business processes, prioritizes  response and delivers a full-integrated platform of security technologies. Our AI and Big Data analytics capabilities supplies SOCs with threat and campaign insights before an attack changes course, to avoid wasting time chasing false positives. Defenders get fewer and more meaningful alerts, making it easier to prioritize their response based on the severity and potential impact of a threat.

9.

Expansions to McAfee’s MVISION Platform

Continuing on MPOWER’s momentum, we launched MVISION Marketplace, MVISION API and MVISION Developer Portal, allowing customers to quickly and easily integrate McAfee and trusted SIA partner applications as well as privately developed applications within their current security environment. The launch enables security teams to swiftly address security gaps in their architecture and easily improve security posture.

10.

McAfee Goes Public

On October 22, 2020, McAfee rang the bell on NASDAQ and officially became a publicly traded company again. It was a momentous occasion for the company and all our dedicated employees and partners. A huge thank you goes out to our employees for their support and invaluable contributions in helping McAfee reach this milestone We’re excited for the future!

Thank you to our wonderful employees, partners and customers for helping us achieve our goals and we look forward to working with everyone in the new year!

The post 2020 Hindsight – Top 10 Highlights from McAfee appeared first on McAfee Blogs.

McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements

By McAfee

Today’s U.S. government is in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams—and do so facing a constantly evolving threat landscape. To support these efforts, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level.

This FedRAMP Moderate designation is equivalent to DoD Impact Level 2 (IL2) and certifies that the McAfee solution has passed rigorous security requirements for the increasingly complex and expanding cloud environments of the U.S. government. The FedRAMP Moderate authorization validates the McAfee solution’s implementation of the baseline 325 NIST 800-53 controls, allowing users from federal agencies, state and local government, and other industries in regulated environments to manage Controlled Unclassified Information (CUI) such as personally identifiable information (PII) and routine covered defense information (CDI).

By achieving FedRAMP Moderate Authorization for MVISION for Endpoint, McAfee can provide the command and control cyber defense capabilities government environments need to enable on-premise and remote security teams, allowing them to maximize time and resources, enhance security efficiency and boost resiliency.

McAfee MVISION for Endpoint consists of three primary components: McAfee MVISION Endpoint Detection and Response (EDR), McAfee MVISION ePolicy Orchestrator (ePO) and McAfee Endpoint Security Adaptive Threat Protection with Real Protect (ENS ATP):

  • McAfee MVISION EDR simplifies investigation and response to sophisticated threat campaigns with unified detection and response (EDR) capabilities that include continuous monitoring, multi-sensor telemetry, AI-guided investigations, MITRE ATT&CK mapping and real-time hunting.
  • McAfee MVISION ePO provides a cloud-native single-pane-of-glass console to manage both McAfee and other security controls, automating workflows and prioritizing risk assessment to reduce the time and tasks required to triage, investigate and respond to security incidents.
  • McAfee ENS ATP prevents advanced malware from infecting the endpoint with integrated next-gen AV capabilities that include behavioral blocking, exploit prevention, machine learning and file-less threat defense. ENS can also diminish the impact of an attack with enhanced remediation capabilities, which, for example, can roll back the destructive effect of a ransomware attack by restoring affected files and negating the need for system reimaging.

Together, these solutions provide today’s U.S. government agencies the AI-guided endpoint threat detection, investigation and response capabilities they need to confront today’s ever evolving threats across a wide variety of devices. This important FedRAMP milestone is the latest affirmation of McAfee’s long-standing commitment to providing U.S. government agencies advanced, cloud-based cyber defenses to help them meet whatever mission they may confront today and in the future.

Other recent McAfee public sector achievements include:

  • McAfee MVISION Cloud became the first Cloud Access Security Broker (CASB) platform to be granted a FedRAMP High Impact Provisional Authority to Operate (P-ATO) from the U.S. Government’s Joint Authorization Board (JAB). This designation certified that chief information officers from the DoD, the General Services Administration (GSA) and the Department of Homeland Security (DHS) have evaluated and approved MVISION Cloud for their increasingly complex cloud environments.
  • The DoD’s Defense Innovation Unit (DIU) selected McAfee to develop a Secure Cloud Management platform around McAfee MVISION Unified Cloud Edge (UCE), which integrates its Next-Generation Secure Web Gateway, CASB and data loss prevention capabilities into one cloud-native platform.
  • McAfee is working with the DoD’s Defense Information Systems Agency (DISA) to achieve DoD compliance at Impact Levels 4 and 5 to simplify how DoD agencies can procure secure systems with confidence.

Please see the following for more information on McAfee’s efforts in the FedRAMP mission:

The post McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements appeared first on McAfee Blogs.

Bridge the Gap Between the Security You Have and the Security You Need

By Javed Hasan

Change happens – sometimes much faster than expected – like it has in 2020. When the threat landscape shifts suddenly, security professionals must quickly react and change their security posture. This not only means reconfiguring existing security investments but also adding new ones.

But given the number of heterogenous security applications sold by multiple vendors, new security expansions are tough to manage. They not only have to co-exist with the existing security infrastructure, but they must be integrated to avoid leaving security gaps attackers can exploit. User and business experience must be maintained as well. Is it any wonder, then, that CISOs continue to struggle? It’s hard to optimize and manage existing cybersecurity software investments — and expand security capabilities – all the while keeping up with shifting business needs.

It is time you demand more from your security vendors. It’s perfectly reasonable to expect them to do the following:

  • Anticipate the changes you now face
  • Offer solutions that handle those changes with pre-integrated capabilities from multiple best of breed vendors
  • Enable you to not only select the right vendor but also compose a solution quickly for your environment
  • With a few clicks, do a quick POC in your environment and move rapidly into production

Here’s where “Composable Security,” a breakthrough architectural extension from McAfee addresses this chronic IT turbulence. In practice, the concept allows MVISION ePO (ePolicy Orchestrator) administrators to add multi-vendor security modules quickly and easily assemble best-in-class solutions that meet your particular needs. Users can compose, and then re-compose, powerful, cloud-based or on-prem security solutions certified to seamlessly plug-and-play. With a few clicks, you can add new capabilities to your existing security infrastructure in minutes.

MVISION ePO now offers Composable Security capabilities. Let’s take a closer look:

MVISION Marketplace delivers value quickly and simply

The era of monolithic and often disconnected, security solutions has passed. We believe customers want a connected security architecture that can rapidly adopt and implement new tools, sensors and data from a myriad of disparate but innovative solutions. When change occurs seemingly overnight, like we saw with the explosion in the number of people working from home due to Covid-19, executives don’t have the luxury of waiting until the next budget cycle to take action. But with MVISION Marketplace, we are enabling companies to easily scale their security infrastructure.

This new application marketplace enables McAfee and our partners to deliver pre-integrated, best-in-class solutions to customers. The marketplace offers products that expand and extend McAfee solutions. Organized in easy to understand categories, the marketplace features a tile per partner. Each integration is “McAfee Certified” which means that McAfee has certified the integration with that partner.

Clicking on the tile enables you to drill down and understand the value delivered by each integration. When you see something you like, click through and try it out. Here’s where pre-integration makes the combined value proposition easy to understand. The idea is for customers to experience the value quickly before they make a decision.

By utilizing our partners in the MVISION Marketplace, you can not only evolve your security architecture; you also improve your team’s responsiveness to real-time threats—and become less preoccupied with tool integration.

We worked closely with multiple partners to build out this marketplace. These composable solutions are from leaders in their field including Attivo Networks, IBM Security, Seclore, Service Now, Siemplify, and ThreatQ. Their certified solutions extend the capabilities of existing security environments, whether cloud-based or on premise. This new ability to mix and match applications over and over also addresses many pressing business challenges. It helps organizations address technology, time, compliance, and resource constraints in minutes — rather than in hours, days or weeks.

Attivo working with McAfee delivers the best endpoint solution in the industry. Attivo’s blog covers how McAfee + Attivo are better together for customers.

Seclore working with McAfee delivers the best Information security solution in the industry. Read their blog to learn how McAfee + Seclore are better together for customers.

ThreatQuotient, Swimlane, and Siemplify, working with McAfee, deliver one of the best SOC solutions in the industry. Learn more about how ThreatQuotient, Swimlane, and Siemplify are better together with McAfee for our customers.

Our market leading Security Innovation Alliance Program has created the largest integrated security ecosystem in the industry. We’re not done. You can expect us to add new partners quickly. In the meantime, if you find a partner missing that you want us to add to our list, please reach out to me.

A new MVISION API enables customers to add their own innovations

We live in an era where more security is automated rather than managed through consoles. MVISION API’s goal is to be the single interface for your non-console interactions with the McAfee portfolio. It’s a powerful capability that delivers a single, web scale, global interface with unparalleled access to your McAfee portfolio. The goal is threefold:

  • See what McAfee sees: As you deploy McAfee controls in your IT infrastructure, McAfee products start seeing security events; they discover devices; they see users access assets; they see processes running on endpoints; they see network movement; they see cloud access as well as any files being uploaded to the cloud. That same visibility will be delivered through this API.
  • Know what McAfee knows: When it comes to threat intelligence, McAfee has vast knowledge about what is good, what is bad, what is suspicious and what is not known. All this is available to your controls from McAfee and shows up as alerts or reputations of files, URLs etc. If you are an inquisitive SOC analyst, you may want to increase your knowledge through queries and searches or get more details about a campaign. The bidirectional “Know API” is geared towards enabling you to get access to this type of information.
  • Do what McAfee can do: McAfee is the market leader in security orchestration. McAfee launched the industry’s most popular orchestration product 15 years ago as McAfee ePolicy Orchestrator (ePO). That knowledge and power is now available through the DO APIs. You can now use the DO APIs to essentially orchestrate and automate the McAfee portfolio like you have used ePO.

The API, at launch, is tuned towards an Open EDR solution enabling customers to expand and extend MVISION EDR.  Top use cases are driven by the need of SOC analysts to build playbooks, manage cases, search for IOCs, synchronize Incidents and build intelligent extensions to the vast amount of control visibility we provide.

We have very ambitious plans. So, watch this space as we make rapid progress.

What’s a marketplace without developers?

Opening up the MVISION Developer Portal to all Innovators using the MVISION APIs, application developers and ISVs can build public or private applications. This portal for application developers enables them to build, test, and certify their applications prior to making them available on MVISION Marketplace or for customers to develop and deploy their private apps.

I expect startups will leverage MVISION APIs to build their innovation on top of McAfee products. In fact, we encourage them to do so and deliver their innovations next to McAfee products and deliver them to our customers through the marketplace.

Of course, organizations can also choose to create a variety of custom apps using MVISION APIs from the MVISION Developer Portal. The only limit is your own creativity. You can build new Intelligent apps, automate your current processes, integrate your SIEM, build an OT extension, or just sit back and enjoy a comprehensive dashboard that tracks your security posture.

MVISION ePO’s Composable Security extensions are simple and quick

These capabilities work together to deliver a Composable Security Platform enabling McAfee and its ecosystem to deliver pre-integrated, high-value solutions to customers. This is a big breakthrough that will make your job easier.  All it now takes is a few minutes to make a few clicks to add valuable new capability.

Try it out and see for yourself at http://marketplace.mcafee.com/ and https://developer.mcafee.com/.  I hope you will find this set of capabilities valuable and welcome your ideas on how to make them even better. And don’t be shy. Drop me a line @ javed_hasan@mcafee.com to tell me what improvements you want to see.

The post Bridge the Gap Between the Security You Have and the Security You Need appeared first on McAfee Blogs.

Are You Prepared for Cybersecurity in the Boardroom?

By Lynda Grindstaff

Corporate boards have many dimensions of responsibility. Cybersecurity can be one of the most nuanced and important areas of focus for a board, but not all board members are well versed in why and what they need to care about related to cybersecurity.

Cybersecurity is a board level topic for three main reasons:

  1. Cybersecurity breaches are a serious matter for any company
  2. Companies must be aware of cybersecurity governance, regulation and compliance
  3. Everyone in the company and on the board should be responsible and accountable for good cybersecurity practices

Security breaches are serious matters! 

Security breaches can hurt companies financially, negatively impact brand reputation, and result in data loss (both personal and company intellectual property) just to name a few of the impacts. Unfortunately breaches that impact hundreds of millions or even billions of people are more common that we would like. Some of the more notable cybersecurity breaches you may remember are Equifax back in 2017, Adobe in 2013, and Zynga (the company that makes Words with Friends) in 2019. In July 2020, we saw key high-profile Twitter accounts compromised. You don’t want to see your company name in the news headlines due to a breach!

Cybersecurity governance, regulation and compliance

Besides security breaches, governance in cybersecurity is becoming more important. Governance describes the policies and processes which determine how organizations detect, prevent, and respond to cyber incidents. In many organizations, there is a division between the governance and management activities. Board members should be involved in evaluating security related reporting requirements and overall competence of the cybersecurity program, policies and procedures. If you are a US public company, there are additional board requirements from the Securities and Exchange Commission that you should be familiar with such as requiring written disclosure of how the board administers its risk oversight function.

Government regulations and compliance also needs to be considered. However, just being compliant doesn’t mean you are secure. Cyber legislation has been frequently proposed by Congress over the years. Almost all US states have their own laws about what constitutes a security breach and when to disclose the breach. It is important to understand the local, state and federal laws (including international laws) related to cybersecurity for where you do business.

Everyone is responsible and accountable

Everyone on the board is responsible and could potentially be held accountable for a breach both legally and financially. It is not only the CISO, CSO or CIO’s responsibility to care and do the right thing. We all have a role to play to ensure the company is protected and set up for success.

When one person doesn’t do their part, things can fall apart for a company. For instance, in August 2020, a former Uber company executive was criminally prosecuted for not disclosing a data breach back in 2016. Uber’s former Chief Security Officer was charged with obstruction of justice and concealing a felony for allegedly failing to report their 2016 breach to the Federal Trade Commission.  This is the first direct example in the US of an executive facing criminal charges and jail time over how they responded to a data breach.

Evaluating your company’s cybersecurity stance

As you discuss cybersecurity on the board, how do you evaluate your company’s stance? Here are some tips you can start doing today. This list is by no way complete, but here are things you can start doing today.

  1. Approach – How does your company approach cybersecurity? Depending on which approach your company takes will determine how much your company is at risk and what you need to do differently.
    • Passive – all threats will just go away and aren’t a big deal
    • Reactive – cybersecurity responsibility is delegated to the IT department and they react as things happen internally or are seen in the news. They are always playing ‘catch up’
    • Proactive – Seek to avoid issues and pay attention on a regular basis. May consult with third party companies to ensure security posture is high
    • Progressive – There is extensive leadership involvement in reviewing the company’s security posture. They hold proactive frequent reviews knowing that an attack can happen at any time and may also consult with third party companies to proactively address weaknesses.
  2. Risk Management & Compliance – How much time and attention does senior management spend on evaluating cybersecurity risk management practices? Are they up to date on the latest regulations in their city, state, and country?
    • Every company should have an effective risk management plan they are executing towards. They should be gathering and analyzing data from multiple inputs, systems and teams to ensure they aren’t at risk for a major attack. Part of managing the risks is ensuring they are compliant with the rules and regulations of the government. The company should understand and know the laws that impact them.
  3. Review of Procedures – How often are you reviewing your cybersecurity policies and procedures?
    • Ideally you would want to review these policies and procedures at least 2x/year and when you have a major change within the company (i.e. has there been new or departure of key personnel, merger/acquisition, re-org, new regulations required, etc)
  4. Security Hygiene – Does the company practice good security hygiene?
    • Your company should keep up to date with the latest patches/updates for all hardware and software systems as well as utilize and enable the latest features in their security software.
    • Your company should be able to find the signal in the noise with their current security solutions and not have too many disparate products they don’t utilize fully.
    • The company should also perform frequent backups of key data and shut off old servers and virtual machines that aren’t being used anymore.
    • The suppliers and vendors to the company should follow any necessary rules and regulations to ensure they are protecting the company’s sensitive information appropriately.
  5. Bring in an ‘expert’ – Has the company hired reputable third-party experts to perform a risk analysis or see if they can “hack into” the company systems?
    • There are third party companies who will perform penetration testing to determine how easy a “hacker” can get into your company. These companies can tell you what can be seen publicly such as do you have IP addresses beaconing out and look at detailed areas of your company to identify risks. If a third party has been brought in, what were the findings and were changes made promptly to address vulnerabilities.
  6. Response procedures – What is the company’s breach response protocol?
    • Companies should have an incident response team and a detailed list of actions the incident response team members should take if a vulnerability or breach is discovered.
  7. Education – How often are you educating employees on best practices and holding simulations on what to do if a cyber related incident were to occur?
    • Companies hold fire drills so they are prepared with “muscle memory” if a fire were to break out. The same sentiment holds true for cyber related incidents. It is very important that there is continuous training for all levels of employees on how to keep the company safe from breaches and cyber-attacks as well as what to do if something was to happen. You can never be too prepared.

Cybersecurity is a very important topic for the boardroom and should not be taken lightly; however, it doesn’t need to be overwhelming. Utilize these tips to get you on the right path for your company, and if you don’t have a cybersecurity expert on your board, there are experts who can provide guidance.

 

The post Are You Prepared for Cybersecurity in the Boardroom? appeared first on McAfee Blogs.

McAfee Leapfrogs Competition with trio of awards at 2020 IT World Awards

By McAfee

Network Products Guide, the industry’s leading technology research and advisory guide, recently named the winners in their 15th Annual 2020 Network PG’s IT World Awards. Judges from a broad spectrum of industry voices around the world participated and their average scores determined the 2020 award winners.  McAfee took center stage with three wins, including Gold for McAfee MVISION Endpoint Detection and Response (EDR) and Silver for McAfee MVISION Cloud for Containers and McAfee MVISION Unified Cloud Edge (UCE).

The IT World Awards are industry and peer recognitions from Network Products Guide honoring achievements of world’s best in organizational performance, product and service innovations, hot technologies, executives and management teams, successful deployments, product management and engineering, customer satisfaction, and public relations in information technology and cyber security. These wins further validate McAfee’s position as a company poised to successfully help organizations solve for real-time security issues.

McAfee was recognized in the following categories:

  • Zero Day | Attack & Exploit Detection & Prevention Category: McAfee MVISION EDR uses Artificial intelligence to guide analysts through the investigation process. It is a cloud-delivered solution that detects advanced and previously unknown device threats, provides deep investigation capabilities and the intel for users to respond in a timely manner.
  • Cloud Security Category: McAfee MVISION Cloud for Containers provides the industry’s first Unified Cloud Security Platform with container optimized strategies for securing dynamic container workloads and the infrastructure on which they depend upon.
  • New Product-Service of the Year: McAfee MVISION UCE includes three core technologies converged into a single solution: Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Data Loss Prevention (DLP). These technologies work together to protect data from device to cloud and prevent cloud-native threats that are invisible to the corporate network.

 

For a complete list of McAfee’s accolades and industry recognition, visit: https://www.mcafee.com/enterprise/en-us/about/awards.html

The post McAfee Leapfrogs Competition with trio of awards at 2020 IT World Awards appeared first on McAfee Blogs.

❌