Featured Blogs
Why MITRE ATT&CK Matters?
MITRE ATT&CK enterprise is a “knowledge base of adversarial techniques”. In a Security Operations Center (SOC) this resource is serving as a progressive framework for practitioners to make sense of the behaviors (techniques) leading to system intrusions on enterprise networks. This resource is centered at how SOC practitioners of all ...
Hacking Proprietary Protocols with Sharks and Pandas
The human race commonly fears what it doesn’t understand. In a time of war, this fear is even greater if one side understands a weapon or technology that the other side does not. There is a constant war which plagues cybersecurity; perhaps not only in cybersecurity, but in the world ...
6 Best Practices for SecOps in the Wake of the Sunburst Threat Campaign
1. Attackers have a plan, with clear objectives and outcomes in mind. Do you have one? Clearly this was a motivated and patient adversary. They spent many months in the planning and execution of an attack that was not incredibly sophisticated in its tactics, but rather used multiple semi-novel attack ...
SOCwise Series: Practical Considerations on SUNBURST
This blog is part of our SOCwise series where we’ll be digging into all things related to SecOps from a practitioner’s point of view, helping us enable defenders to both build context and confidence in what they do. Although there’s been a lot of chatter about supply chain attacks, we’re going to ...
The Road to XDR
XDR (eXtended Detection and Response) is a cybersecurity acronym being used by most vendors today. It is not a new strategy. It’s been around for a while but the journey for customers and vendors has been slow for many reasons. For McAfee, XDR has been integral to our vision, strategy ...
How OCA Empowers Your XDR Journey
eXtended Detection & Response (XDR) has become an industry buzzword promising to take detection and response to new heights and improving security operations effectiveness. Not only are customers and vendors behind this but industry groups like Open Cybersecurity Alliance (OCA) share this same goal and there are some open projects ...
SOCwise: A Security Operation Center (SOC) Resource to Bookmark
Core to any organization is managing cyber risk with a security operations function whether it be in-house or outsourced. McAfee has been and continues their commitment to protecting cyber assets. We are dedicated to empowering security operations and with this dedication comes expertise and passion. Introducing SOCwise a monthly series ...
The Deepfakes Lab: Detecting & Defending Against Deepfakes with Advanced AI
Detrimental lies are not new. Even misleading headlines and text can fool a reader. However, the ability to alter reality has taken a leap forward with “deepfake” technology which allows for the creation of images and videos of real people saying and doing things they never said or did. Deep ...
How We’re Using AI to Usher in the Era of the “Smarter SOC”
In 2020, months seem to feel like years. Amid rapid change, adaptation is essential. Cyber threats are no exception to this rule. Technology can solve complex problems but can also be destabilizing. We think about this paradox regularly as artificial intelligence (AI) and Machine Learning gain prevalence in our field. ...
Time to Get Proactive About Threat Hunting
When I think about the many challenges that threat hunters face nowadays, trust me when I say that I feel their pain. Early in my career, I was a Security Engineer in a SOC who scrambled into action upon receiving the proverbial midnight call about an incident. The system I was part of wasn’t ...
