Cloud Threat Intelligence – the New Division of McAfee Cloud Security Labs

By on Feb 16, 2016

A new cloud service pops up nearly every day, making it impossible for companies to keep up with every cloud services’ security capabilities. Factor in the breaches and 0-day vulnerabilities that have now started targeting cloud services, and it’s clear that keeping up with the cutting edge of cloud security threats cloud requires a dedicated research team. Enterprises are not equipped to research and chase down every potential threat in this emerging area. IT professionals report that a lack of expertise is the primary barrier to stopping data loss in the cloud.

As a result, a trusted advisor has become a requirement for companies seeking to minimize risk from cloud use. McAfee’s (formerly Skyhigh Networks) Cloud Security Labs is responsible for leveraging the latest research and innovation in cloud security to combat new threats and accelerate cloud adoption. Today, we announced the expansion of the labs to include cloud threat intelligence. The team will research activity across a global user base of 23 million enterprise employees to discover patterns that compromise the security of corporate information.

Cutting-Edge Research into Threat Intelligence

As an example of this cutting edge work, McAfee CSL pioneered an innovative approach to behavioral botnet detection by creating an algorithm that uses multi-dimensional probabilistic weighting to percolate domains that display characteristics of a Command & Control server.  By using classical signal processing techniques McAfee can characterize abnormally programmatic behaviors, providing customers with detailed forensics to pinpoint and remediate exact systems that have been compromised.

Another project took aim at data exfiltration to unknown domains. The team developed capabilities to visualize outbound data flows to non-cloud service IPs and domains and analyzes the traffic by characteristics such as IP reputation and geography, enabling companies to identify outbound data flows.

The team is also charged with leveraging McAfee’s massive datasets to create robust behavioral models to detect high-risk anomalous activity with a high-degree of accuracy and proactively alerts customers to potential incidents. With this unique information, McAfee can identify emerging malicious cloud activity – for example, those within encrypted traffic patterns, to proactively determine indications of data theft using massively scaled data science and machine learning techniques.

The other areas of focus for the McAfee Cloud Security Labs include:

Cloud Service Intelligence

McAfee CSL researches cloud services to provide customers with a comprehensive view of the state of cloud services available in the global market and insight into the risks of each of these cloud services.  In addition to continuously identifying and evaluating cloud services in real-time, McAfee CSL extends the depth of intelligence via integration with Darknet and other sources of cyber-risk intelligence while extending the breadth of risk visibility into the B2B partner ecosystem. In addition, McAfee CSL also audits over 17,000 cloud services when a major vulnerability, such as Heartbleed, VENOM, FREAK, POODLE, or BASH, is exposed, determines the security implications using advanced data mining and natural language processing, proactively informs customers of cloud service risks, and provides recommendations for remediation. 

Cryptography Research and Development

McAfee CSL works with five leading cryptography academics from Cornell Tech, University of London, Georgia Tech, and University of California, San Diego, who form the McAfee Cryptography Advisory Board, to collaborate on cutting edge research and deploy cryptographic innovations for the cloud security market.  In conjunction with the Cryptography Advisory Board, McAfee CSL has developed and brought to market several important advancements in cloud cryptography such as searchable symmetric encryption, order-preserving encryption, and format-preserving encryption.

Gartner posits that companies should, “Favor CASB [Cloud Access Security Broker] providers that maintain their own proactive cloud threat research laboratories, actively research vulnerabilities and attacks on cloud service providers, and can use this intelligence to protect their CASB customers by recommending policy changes.” McAfee customers have benefitted from the ongoing innovation in discovering and remediating new vulnerabilities from cloud services. As McAfee customer Brian Lillie, CIO of Equinix, says, “McAfee Cloud Security Labs ensures that security teams have access to the latest cloud security R&D. The new cloud threat intelligence division of McAfee Cloud Security Labs is crucial because it provides unique data-driven insights on the ever changing threat landscape.” We view it as an essential responsibility to invest in new research to detect threats and malicious behavior more rapidly and with greater accuracy. We’re excited to continue to put the work of our cloud security experts at the disposal of all our customers, now in the fast-evolving field of cloud threat intelligence.


Security Intelligence in the Cloud

We explore the two distinct risk vectors that have created a cyber-security blind spot and how to protect your company from data loss.

Download Now

About the Author

McAfee Cloud BU

Learn about cloud threats, the latest cloud security technologies, and the leading approaches for protecting data in cloud services.

Read more posts from McAfee Cloud BU

Categories: Cloud Security

Subscribe to McAfee Securing Tomorrow Blogs