The Clock Is Ticking: Can You Find and Kill Advanced Malware Before it Kills Your Endpoints?

By on Nov 09, 2017

Your company’s computer system has been compromised by disguised malware. There is no greater feeling of dread for a security professional. This may put your mind at ease: Through automation, McAfee’s endpoint and sandbox tools can round up the malware, detonate it in a safe place, identify any compromised areas, and prepare them for you to remediate all threats. With one click.

Today this kind of always-on protection is badly needed.

According to 2016 data from Verizon, 63 percent of organizations faced one or more “advanced attacks” in the past 12 months[1]. These are the attacks that, once they’ve penetrated your front-line defenses, can remain in networks for 200 days[2], on average, quietly collecting information about your organization and waiting for an opportunity to spread. Even when your defenses detect an advanced attack, performing all of the analysis and forensics to understand what it is and where it went takes time—an average of 39 days to contain attacks and 43 days to remediate them, according to the Ponemon Institute[3]. Seeing the disconnect?

It’s not that organizations have no way to detect the signs of an attack—quite the opposite. Too often, they’re struggling with a massively complex security infrastructure, using multiple point solutions that can provide lots of information, but don’t talk to each other. So security analysts get buried in an avalanche of alerts and false positives. They struggle to manually connect the dots between siloed defenses. And while many large enterprises now have sophisticated endpoint detection and response (EDR) tools, they require advanced skills to use effectively—and there just isn’t enough expertise to go round.

Fortunately, there’s a way out of this Catch-22. New McAfee EDR and sandbox tools provide powerful threat analysis and response capabilities that front-line endpoint administrators can use, on their own, without advanced training or expertise. They can help you detect the most evasive malware threats in your environment, and shorten the time between detection and remediation from days or weeks to seconds.

Get to the Bottom of Suspicious or Unwanted Incidents in Seconds

McAfee Active Response EDR tools and McAfee Advanced Threat Defense sandboxing can help you cut through the complexity of siloed defense solutions, without sacrificing the in-depth analysis needed to detect and remediate advanced threats. They can help you:

  • Understand what’s happening more quickly: McAfee Active Response filters through the thousands of alerts coming in from endpoints and other defense systems. It automatically surfaces the most unusual and highest-priority threats, without requiring expert investigators.
  • Quickly uncover advanced threats wherever they are: Through the same interface, administrators can see the full context for any threat, without having to swivel between multiple complex tools and interfaces. Through a single pane of glass, they can view aggregated threat details based on analysis from both internal and external sources, including behavior scores, reputation scores, and other parameters. And they can drill down through a historical timeline that traces when the threat came in, what it did, and where it went.
  • Unmask the most cleverly camouflaged attacks: The most advanced cyberthreats disguise themselves to look like normal application traffic—making it even harder for security teams to understand where and how they’re under attack. McAfee Advanced Threat Defense uncovers the most advanced malware by detonating suspicious files in a safe environment and performing fine-grained analysis on the entire code base. It generates in-depth indicator of attack (IoA) information that your security teams can then use to hunt for similar attacks across your organization.

Shut Down Advanced Cyberthreats with a Click

With much more detailed information—already prioritized and collected in one place—your security teams can identify and control suspicious objects much more quickly. They can then use integrated, automated McAfee EDR tools to take instant action—typically moving from detecting a threat to remediating it on the same screen, with a single click of a mouse.

Security teams can:

  • Remediate threats with one click: When administrators identify an infection, they can see every other endpoint it’s infected at a glance. With one mouse click, they can then remediate the malware threat on an isolated host or across the entire organization.
  • Set triggers and reactions against future attacks: McAfee Active Response provides powerful tools to quickly hunt for IoAs. Administrators can set triggers to search for similar IoAs in the future—in a single action, from the same interface.
  • Inoculate the broader environment: Both McAfee Active Response and McAfee Advanced Threat Defense sandboxing integrate with other McAfee endpoint defenses (McAfee Threat Intelligence Exchange, McAfee Data Exchange Layer (DXL), McAfee Endpoint Security) to create a single, adaptive security fabric. When a new malware threat is uncovered, they update the file’s reputation and immediately inform every other McAfee endpoint agent and security system in the environment to block that threat in the future.

Detect and Stop Malware More Quickly with Integrated Defenses

With conventional endpoint platforms, most of these activities—correlating and prioritizing a suspected threat, discovering all endpoints it’s infected, removing it, tuning other security solutions (IPS, firewall, web gateways, endpoint agents) to detect it in the future—are handled by separate, slioed tools. They require specialized experts and a huge amount of time and effort. That’s why McAfee integrates many of these capabilities with standard endpoint operations.

With McAfee EDR and sandboxing tools, even front-line administrators can view comprehensive information about the security posture of the organization. At a glance, they can see the sources of threat events, the methods used to detect them, the systems affected, attack duration, targets, and actions taken to mitigate them. With instant, actionable threat forensics, along with real-time endpoint data, they can quickly understand the full context of a threat and where deeper scrutiny or action is warranted. They can remediate even advanced attacks throughout the environment with one click, and activate continuous monitoring of the IT infrastructure for every newly unmasked zero-day attack. And they can continually move from detection, to correction, to proactive global protection, in seconds, with a lot less manual time and effort.

Learn More

McAfee can help you detect and respond to advanced threats more quickly, with less time and effort. Learn more about our Dynamic Endpoint Threat Defense solution.


[1] Verizon, 2016 Data Breach Investigation Report.

[2] Verizon, 2016 Data Breach Investigation Report.

[3] Ponemon Institute, The State of Malware Detection and Prevention, March 2016.

About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs