Become a Modern Endpoint Security Master

By on May 09, 2017

A new wave of advanced, targeted malware is seeking out the gaps in conventional endpoint defenses and finding novel ways to exploit them. These attacks use packing, encryption, and polymorphism to mask their true intent, hammering away at your organization with previously unseen “zero-day” attacks that signature-based mechanisms are too slow to catch. They use sophisticated executables that can recognize when they’re being sandbox-analyzed and delay execution. They weaponize legitimate files and applications that appear clean on the surface but have malicious code buried deep within.

It all adds up to a nonstop, overwhelming effort as your endpoint administrators race against the clock to detect, contain, and remediate new malware threats. And if you’re like many organizations, this is a race you’re losing far too often. Too many threats get through. Too many resources are needed to sift through alerts from multiple siloed point solutions and clean up infections. And the time between detection and remediation keeps growing.

There’s an underlying problem here that may sound familiar. When you’re relying on multiple siloed endpoint defense products that can’t talk to each other, you require extra steps and manual effort from your administrators. That takes time and slows your response. Why not try a different approach? Instead of racing around swiveling between half a dozen siloed security tool interfaces, what if your team could use next-generation machine learning techniques to stop most threats before they ever gain a foothold on your endpoints? What if you had a unified, fully integrated, multi-layered defense fabric that could respond to new events and information immediately, without human intervention?

Peel Away the Malware Mask

Next-generation anti-malware capabilities from McAfee can help your organization combat the most evasive modern threats. Drawing on powerful machine learning analysis and application containment tools, your team can unmask hidden threats and stop them in their tracks—much faster with much less effort. These capabilities are delivered through three new innovations:

  • Real Protect Static: Malware authors may be able to change how their code looks, but it’s still malware. So it’s likely to share many attributes with known attacks, such as the compiler used, the shared libraries it references, and many other features. Real Protect Static pre-execution analysis goes beneath the surface, performing an exhaustive machine learning statistical comparison of static binary code features to compare suspicious executables against known threats. It unmasks most malware for what it is in milliseconds, without signatures.
  • Real Protect Dynamic: Even if a sophisticated attack masks its static attributes, it can’t hide how it behaves. Real Protect Dynamic behavioral analysis also provides machine learning statistical analysis, but now comparing the code’s actual behavior against profiles of hundreds of millions of malware samples. The executable is allowed to run while being closely monitored by the endpoint. If it starts behaving maliciously—such as overwriting files or making registry changes that match known malware behavior—the endpoint shuts it down, typically within seconds.
  • Dynamic Application Containment: This new endpoint defense, available only from McAfee, protects against zero-day malware by blocking process actions that malware often uses. Unlike techniques that would hold up the file (and the user) for minutes at a time, Dynamic Application Containment lets the suspicious file load into memory without allowing it to make certain changes to the endpoint or infect other systems while it is under suspicion. The endpoint and user can remain fully productive while providing an opportunity for security teams to perform in-depth analysis.

With these capabilities, your administrators can stop most threats before they can damage an endpoint. They can take on the most sophisticated, evasive malware without needing a team of highly trained security experts. They can fine-tune application containment tools to restrict what can happen on endpoints, and achieve the right balance of security and flexibility for the organization.

Drive Down Complexity, Accelerate Response

Real Protect and Dynamic Application Containment work with each other, as well as the other elements of McAfee Endpoint Security, and with other solutions such as McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense as a single, integrated system. For example, when Real Protect identifies an evasive threat as zero-day malware, it immediately communicates that information to McAfee Threat Intelligence Exchange, which then automatically inoculates the broader environment, in near real time.

The result is a continually evolving threat model for your organization. Each new threat detected enhances the organization’s defenses as a whole. Previously manual steps in the detect, correct, and protect phases of the threat defense lifecycle disappear. And you gain the flexibility to mix and match the industry’s broadest portfolio of threat defense capabilities through a single interface.

Armed with these capabilities, your team can:

  • Unmask the attack: Stop more attacks by stripping away obfuscation techniques to see more malware threats.
  • Limit the impact: Contain, shield, and prevent damage to systems, either before an attack occurs or before it can cause irreversible damage or infection.
  • Track and adapt: Use automated, integrated defenses to perform a wider range of security operations without having to think about them or manually activate them.


About the Author

McAfee Enterprise

McAfee offers industry-leading cybersecurity solutions for all business and enterprise needs. See our blog to stay up-to-date with the latest security trends

Read more posts from McAfee Enterprise

Subscribe to McAfee Securing Tomorrow Blogs