The Well Connected Sandbox (Blog 3 of 4)

By on Feb 05, 2015

This blog was written by Nat Smith.

We’ll be releasing four blog posts over the next week.  Each blog will contain a repeated clue word to help you solve the puzzle below.  Track all four clues to help solve the final puzzle and a chance to win an Xbox One Gaming system!.   To enter the contest, after the last blog, email us at with the right answer and the clue words.  

Puzzle:  This adventure epic is a successful franchise on TV and in film

Blog 1 hint (1/29/2015) :   The Setting
Blog 2 hint (2/3/2015):   An Organization
Blog 3 hint (2/5/2015):   The Theme
Blog 4 hint (2/10/2015):   A Ship


My theme in recent posts has been the need for tighter integration across the security environment to enable faster threat discovery and incident response. It may seem a daunting challenge, but for some organizations, but a battle well worth fighting. My last post described how next-generation SIEM solutions are integrating data streams and sources far beyond the traditional system logs, which greatly extends their ability to detect and thwart stealthy, evasive attacks.

Today I’d like to point out some other examples of malware security integration: the ones between McAfee Advanced Threat Defense, our multi-engine sandbox solution, and McAfee products for the network edge, gateway, and endpoint. It’s nicely captured in a new solution brief: The Well Connected Sandbox.

The brief describes the two types of communications integration currently available between Advanced Threat Defense other McAfee security measures. Direct, point-to-point integrations can be configured when a sandbox is installed, and a brokered message exchange is enabled when McAfee Threat Intelligence Exchange is deployed. Both communication methods support process and workflow integrations that automatically incorporate the outputs of one system as inputs to another. This allows the deep inspection capabilities of Advanced Threat Defense to be utilized by multiple firewall, IPS, gateway and endpoint security instances as though they are local features, not functions of separate systems in hard-to-access data silos.

Integration points for finding, freezing and fixing malware
Integration points for finding, freezing and fixing malware

“The Well Connected Sandbox” points out five opportunities to win the battle against advanced malware faster, more effectively, and more efficiently—opportunities that can only be realized with seamless integration between a multi-engine sandbox and every other security measure in the environment.

1. Strengthen malware security at the network edge by incorporating the sandbox’s new file convictions directly into the logs and dashboards of McAfee Network Security Platform (our network IDS/IPS solution) and McAfee Next Generation Firewall, enabling immediate blocking of all future instances.

2. Strengthen malware security at web and email gateways with the same type of integration described above, but also leveraging additional capabilities of McAfee Email Gateway and McAfee Web Gateway, such as SSL decryption, to enhance detection speed and accuracy at the sandbox.

3. Strengthen malware security on the endpoint by leveraging the publishing capabilities of McAfee Threat Intelligence Exchange to make new sandbox conviction findings available to endpoint security measures in near real time.

4: Use indicators of compromise to find infected endpoints fast. Tight integration between the sandbox and our SIEM solution, McAfee Enterprise Security Manager, makes it possible to correlate security event data with IOCs from the sandbox analysis to find the faintest infection signals hidden in network traffic noise.

5. Synchronize security with real time threat intelligence sharing. McAfee Threat Intelligence Exchange acts in the security environment like the brain in the human central nervous system. New threats are immediately communicated to all other defensive systems to synchronize and orchestrate malware protection.

If there’s one core message in this paper it is that we cannot secure our networks and data against advanced malware attacks by adding new inspection tools in their own new silos. This organic, build as you grow approach only leads to greater complexity and risk.  To not only win the battle, but the war against sophisticated attacks, organizations need a more cognizant, deliberate approach that demands tighter integration across every element in the security environment. It may be a long trek, but our direction is clear.

About the Author

McAfee Enterprise

McAfee offers industry-leading cybersecurity solutions for all business and enterprise needs. See our blog to stay up-to-date with the latest security trends

Read more posts from McAfee Enterprise

Categories: McAfee Enterprise

Subscribe to McAfee Securing Tomorrow Blogs