Tim Polzer – McAfee Blogs https://www.mcafee.com/blogs Securing Tomorrow. Today. Fri, 15 Nov 2019 08:21:18 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.1 https://www.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Tim Polzer – McAfee Blogs https://www.mcafee.com/blogs 32 32 It’s About Time: Cybersecurity Insights, Visibility, and Prioritization https://www.mcafee.com/blogs/enterprise/its-about-time-cybersecurity-insights-visibility-and-prioritization/ https://www.mcafee.com/blogs/enterprise/its-about-time-cybersecurity-insights-visibility-and-prioritization/#respond Thu, 24 Oct 2019 20:23:23 +0000 https://securingtomorrow.mcafee.com/?p=97164

As McAfee Chief Executive Officer Chris Young said in his 2019 MPOWER Cybersecurity Summit keynote address, time is the most valuable resource that we all share. But time isn’t always on our side – especially when it comes to cybersecurity. “Time is the one constant that we cannot change. It’s the one constraint that we […]

The post It’s About Time: Cybersecurity Insights, Visibility, and Prioritization appeared first on McAfee Blogs.

]]>

As McAfee Chief Executive Officer Chris Young said in his 2019 MPOWER Cybersecurity Summit keynote address, time is the most valuable resource that we all share. But time isn’t always on our side – especially when it comes to cybersecurity.

“Time is the one constant that we cannot change. It’s the one constraint that we cannot ignore. Every second counts,” Young said. “… Our adversaries are using time to their advantage. It’s the single greatest weapon they have. It’s taken over the language of our industry. Persistence. Dwell time. Used to describe the time the work that our adversaries do as they run up the clock until they try to exfiltrate our most sensitive information. Versus ransomware, which applies time pressure to run down the clock. If you don’t pay the ransom you’ll lose your data forever. Zero-day attacks. Mean time to detect. Mean time to respond. These are just a few of the many, many examples of the way time is woven into the fabric of our industry.”

Time is a major challenge for organizations attempting to keep pace with cyber threats that are rapidly increasing in volume and complexity. Elevated efficiency is cybersecurity’s counterpunch against agile and elusive adversaries weaponizing time. Organizations that constantly find themselves in reactive mode struggle to maintain staff efficiency—but time and resources can be saved by using improved visibility and prioritization to get ahead of the threat curve.

The findings of an ESG paper commissioned by McAfee concurred: “Organizations want more visibility into cyber-risks so they can tailor and prioritize their threat response and risk remediation actions in alignment with threats that may hit them,” said Jon Oltsik, ESG fellow. “Many firms want to be more proactive but do not have the resources and talent to execute.”

Better cybersecurity intelligence and insights can enable organizations to assume a more proactive cybersecurity program without dramatically upgrading resources and talent.

Better Visibility Through Next Generation Open Architecture

Modern adversaries are using next-generation tools, tactics and techniques to evade traditional reactive security systems. The next generation of open cyberthreat identification, investigation, and response capabilities paired with human and artificial intelligence can enable organizations to answer key questions about how to respond to threats. Open architecture can enable security teams to add their own expertise and analytics, empowering insight into the high-impact threats that matter. Security analysts will need the right technology to do the analysis, a combination of human expertise and the most advanced artificial intelligence and machine-learning capabilities that provide insight as to which actions to take.

The diversity of the raw materials an organization uses matters. If you only have one type of sensor, such as endpoint, you’re limited in what you can see. Gaining insight requires the ability to look at a wide range of capabilities from traditional on-premise environments to the cloud. Sensors should cover on-premise, perimeter, network, endpoint, and cloud environments. From the data gathered by these sensors, security teams can then extract context, detecting the characteristics, structure, and behavior of suspicious activity. Efficiencies are empowered through diverse telemetry at scale.

Prioritization: Decoding the DNA of Cyber Threats

“We and the rest of the cybersecurity industry have to move beyond the hash,“ said Steve Grobman, senior vice president and chief technology officer. “Features are a lot like markers in DNA and biology. By understanding the markers and characteristics, we can understand the structure, the behavior. We can understand what a threat is even if we’ve never seen it before. We can basically see the characteristics of a threat we’ve never seen before and have a very good understanding of what it actually is.”

Most security teams are constrained by the available data and traditional indicators of compromise such as hashtags and IP addresses. An open architecture consisting of a variety of sensors provides the capability to gather more and richer information on a threat’s DNA.

The goal goes beyond a simple patch or remedy. It’s about being better able to understand the unknown through improved data and intelligence. To enhance efficiency in dealing with the things that matter. The threats that are inherently difficult to detect. The threats that are engineered to target you.

By gaining this understanding, you’ll be more able to answer strategic questions such as:

  • Am I protected from this threat?
  • What do I need on my platform in to defend against this threat?
  • What is the technology?
  • What is the content?
  • What is the configuration I need to defend myself?
  • Was I protected when this threat impacted my environment on that very first day or the day that threat emerged?
  • What did I need to have zero-day protection?
  • Did I have the right real-protect model?

Intelligence that helps answer these questions can provide insight into not only how a threat fared against one organization’s security but how a security plan can proactively prepare for next-generation threats.

Anticipating Next-Generation Threats

Understanding threats is not just about protection but also anticipation, both of threats in your environment and on a global scale. Improved insights can leave organizations with a complete view of how a threat is impacting their environment.

Decoding the DNA of threats through an expanded variety of sensors can help organizations recognize and anticipate the next generation of threats:

  • Using machine-learning algorithm that recognizes potentially malicious activity, extracts characteristics and recognizes its similarities to threats we’ve seen before.
  • Finding outliers that allow us to find things that have uncommon characteristics.
  • Finding things that appear to be engineered for things in your environment. The fact that this only in your environment and it has characteristics that really look different from anything we’ve ever seen before. That tells us you really need to pop this to the top of your stack of investigation priorities because this could be targeting you.
  • Identifying targeted attacks by mapping threats tied to specific industrial sectors and being able to cluster the highest level of intensity by sector.
  • Separating the noise from the signal.
  • Triaging the priority and raising the urgency on threats critical to your organization.

Gaining cybersecurity efficiency via visibility and prioritization isn’t only about gathering richer data. It’s also about having the right technology to do the analysis. It’s not just about being able to identify the things that matter, it’s about being able to take action with your current security staff. It’s about saving time against an adversary using time as a weapon.

Read more on how the McAfee MVISION Insights platform’s integration into the McAfee architecture provides better intelligence capable of empowering better insights

The post It’s About Time: Cybersecurity Insights, Visibility, and Prioritization appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/enterprise/its-about-time-cybersecurity-insights-visibility-and-prioritization/feed/ 0
Cybersecurity Platforms: 8 Must-Have Attributes https://www.mcafee.com/blogs/enterprise/cybersecurity-platforms-8-must-have-attributes/ https://www.mcafee.com/blogs/enterprise/cybersecurity-platforms-8-must-have-attributes/#respond Fri, 20 Sep 2019 16:17:24 +0000 https://securingtomorrow.mcafee.com/?p=96759

Defending enterprises against the growing frequency and complexity of cyberattacks is becoming an ever-increasing burden to cybersecurity budgets and manpower. An ESG enterprise-class cybersecurity technology platform white paper commissioned by McAfee shows CISOs have “reached a tipping point where the current cybersecurity point tools are no longer acceptable.” Current high-cost, complex strategies using disconnected point […]

The post Cybersecurity Platforms: 8 Must-Have Attributes appeared first on McAfee Blogs.

]]>

Defending enterprises against the growing frequency and complexity of cyberattacks is becoming an ever-increasing burden to cybersecurity budgets and manpower. An ESG enterprise-class cybersecurity technology platform white paper commissioned by McAfee shows CISOs have “reached a tipping point where the current cybersecurity point tools are no longer acceptable.” Current high-cost, complex strategies using disconnected point tools aren’t working and CISOs are abandoning their collection of cybersecurity point tools in favor of a consolidated, integrated approach.

ESG reports that consolidation is wide spread and growing – 22% of organizations are actively consolidating the number of cybersecurity vendors they do business with on a large scale while 44% of respondents are consolidating the number of cybersecurity vendors they do business with on a limited basis. ESG expects this trend to gain momentum over the next 12 to 24 months.

In response to this consolidation trend, more service providers are attempting to market their disparate tools as a platform. According to the ESG white paper, “Industry hyperbole has led to user confusion about what qualifies as a cybersecurity technology platform.”

Based on ESG’s survey findings, the following eight key attributes should be included in all RFIs/RFPs and become part of every cybersecurity technology platform:

  1. Prevention, detection, and response capabilities. CISOs expect cybersecurity platforms to provide strong defensive capabilities (i.e., rules, heuristics, machine learning models, behavioral algorithms, threat intelligence integration, etc.) capable of blocking and detecting threats with close to 100% efficacy. When threats are detected, cybersecurity platforms should average low false positive rates and provide concise forensic evidence that enables analysts to track events that led to an alert. Cybersecurity platforms should also include simple mitigation techniques such as quarantining a system, halting a process, or terminating a network connection. Users should have the ability to automate these remediation measures when desired.
  2. Coverage that spans endpoints, networks, servers, and cloud-based workloads and API-driven services. Cybersecurity platforms should be able to prevent, detect, and respond to threats across an enterprise IT infrastructure composed of endpoints, networks, servers, or cloud-based workloads and API-driven services. Prevention, detection, and response capabilities should be united so that security and IT operations teams can monitor activities and take actions across any security technology controls and any location.
  3. Central management and reporting across all products and services. All security controls should report to a central management plane delivering configuration management, policy management, monitoring, and remediation capabilities. Central management must be built for scale, support role-based access control, and offer the ability to customize multiple UIs and functions for different security and IT operations profiles.
  4. An “open” design. Security platforms must be built for integration by supporting common messaging buses and open APIs. Best-in-class cybersecurity platforms will also feature an open design capable of supporting third-party developers and security vendors with developer support resources, partner ecosystems, technical support services, and go-to market programs.
  5. Tightly coupled plug-and-play products and managed services. The transition from point tools to cybersecurity platforms may be an arduous process journey requiring a phased implementation. As a result, cybersecurity platforms must play the role of force multiplier, providing incremental value through the integration of additional products and services. Supplementing any security product or managed service should increase the security efficacy and operational efficiency of the entire platform.
  6. Security coverage that includes major threat vectors including email security and web security. Most malware attacks emanate through compromised systems using techniques such as phishing, malicious attachments/links, and drive-by downloads. Cybersecurity platforms must include strong prevention/detection filters that work inline and service the entire IT infrastructure. Filters can be provided by the platform vendor or through third-party integrations.
  7. Cloud-based services. Cybersecurity platforms should be capable of utilizing cloud-based resources for processes such as file analysis, threat intelligence integration, behavioral analytics, and reputation list maintenance. Cloud-based services should be applied to all cybersecurity platform users in real time. When a malicious file is detected at one site, all other platform customers should be updated with prevention and detection rules to safeguard them from that threat.
  8. Multiple deployment options and form factors. The components of cybersecurity platforms should be accessible as on-premises software/devices, cloud-based server implementation, SaaS, or some combination. ESG provides the example of a large global enterprise may deploy on-premises software/devices at corporate headquarters, cloud-based server implementation for large regional offices, and SaaS for remote workers. All form factor options should be anchored by central configuration management, policy management, and global monitoring.

ESG’s white paper advises CISOs to approach cybersecurity platforms with a long-term strategy and project plan that spans a 24-to-36-month timeframe.

ESG also identifies McAfee as “one of a few vendors” whose product fits the description of a cybersecurity technology platform. Because McAfee’s ePO-based cybersecurity technology platform aligns well with ESG’s eight key cybersecurity technology platform attributes and high priority enterprise customer requirements, ESG states “CISOs would be well served to explore McAfee’s ePO-based cybersecurity technology platform as it aligns well with current and future cybersecurity requirements for improving security efficacy, increasing operations efficiency, and enabling the business.

Read more on how McAfee’s ePO can consolidate and improve your enterprise’s cybersecurity defenses.

The post Cybersecurity Platforms: 8 Must-Have Attributes appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/enterprise/cybersecurity-platforms-8-must-have-attributes/feed/ 0