Endpoint Security

Get up to date on the latest endpoint solutions and learn how to secure your entire attack surface from enterprise security threats.

Endpoint Security

What the hell does “zero day” even mean anymore?

I seem to have spent a fair amount of my time recently talking to a variety of people about “zero days” and the one thing that has really struck me is that almost everyone has a different view on what a “zero day” actually is….so I figured the time had ...

Endpoint Security

MITRE APT29 Evaluation – Importance of Prevention in Endpoint Security

In our recent Racing with Cozy Bear blog, we covered the concept of Time Based Security and highlighted the value protection brings to the defender. This is not to say that blocking an attack removes the threat actor from the equation. Attack-blocking protection slows down the offender, buying the defender ...

Endpoint Security

Global Managed Detection and Response: Managing EDR Without the Red Bull

Staying on top of threats 24/7, 365 days a year can overwhelm the best SOC analysts. The need for constant vigilance of cyber threats, not to mention security tasks such as new tool installs, running reports and investigations, followed by reporting to exec levels is becoming unsustainable – just like ...

Endpoint Security

McAfee’s Defenses Against Microsoft’s CryptoAPI Vulnerability

Microsoft made news this week with the widely reported vulnerability known as CVE-2020-0601, which impacts the Windows CryptoAPI. This highly critical vulnerability allows an attacker to fake both signatures and digital certificates. The attacker would use spoofed Elliptic-curve cryptography (ECC) certificates for signing malicious files to evade detection or target specific hostnames ...

Endpoint Security

MITRE ATT&CK™, What’s the Big Idea?

MITRE describes ATT&CK™ as “a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.”  While this is a fine definition, it helps to understand the significance this framework enables. The tactics, techniques, and procedures (TTPs) represented in ATT&CK allow organizations to understand how adversaries operate.  Once you ...

Endpoint Security

How to Apply the Lessons of 2019 to the Security of 2020

What keeps executives up at night? According to the World Economic Forum’s (WEF) 2019 Executive Opinion Survey, it’s cyberattacks. When reflecting on 2019, it’s clear why that is. From healthcare and insurance to manufacturing and telecommunications, cybercriminals spared no industry from their schemes, with a few key verticals bearing the ...

Endpoint Security

Endpoint Security 301: When Products, Policies, and People Break Down the Lines of Communication

Security architecture is like the ocean: no one owns it, and it is constantly affected by change. New technologies are introduced, staff changes occur, and as a result, communication suffers. I often see environments where ownership is placed into silos across teams in the enterprise, meaning IT administrators preventing threats ...

Endpoint Security

Response Required: Why Identifying Threats With Your EDR Isn’t Enough

The perpetrator was a master of disguise, outfitting himself as an employee to bypass the extensive preventive security controls and flee with the contents of the vault. Fortunately, the building was equipped with strong detection security measures, and the burglar—unaware of the location of a laser tripwire—soon set off a ...

Endpoint Security

Threat Hunting or Efficiency: Pick Your EDR Path?

“Do You Want It Done Fast, Or Do You Want It Done Right?” “Yes.” “Help out more with our business objectives.” “Cover an increasing number of endpoints.” “Cut budgets.” “Make it all work without adding staff.” Cybersecurity teams face a lot of conflicting objectives—both within their teams and from upper ...

Endpoint Security

Define Cloud Security – Is It the Endpoint, Your Data, or the Environment?

You’ve heard it once; you’ve heard it a hundred times – “secure the cloud.” But what does that phrase mean? On the surface, it’s easy to assume this phrase means using cloud-enabled security products. However, it’s much more than that. Cloud security is about securing the cloud itself through a combination ...

Subscribe to McAfee Securing Tomorrow Blogs