This blog was written by Barbara Kay.
Picture this: you’re having a good day, just minding your own business, then all of a sudden the alarm bells start ringing and you realize that cybercriminals have infiltrated your network. You just lost the cybersecurity game (and you hate that). So what do you do now? How do you fight back? First, you have to figure out how they got in, and second, you’ve got to make sure they don’t do it again.
Here’s the thing about cybercriminals: they’re sneaky, yes, but they can also be sloppy. They often leave a trail of clues that can be picked up by adaptive behavioral scanning utilized by Endpoint Security 10. This analytics framework looks at the behaviors of untrusted apps and processes, increasing event monitoring for events that look suspicious — revealing systems that may be compromised. This dynamic analysis is impractical without automation.
Working with the event analytics from ENS 10, McAfee® Active Response (MAR) allows businesses to automate the capturing and monitoring of both active and dormant security events. This intelligence is shared with the analytics, operations, and forensic teams for a coordinated defense. The information collected is also presented in an understandable language within the McAfee ePolicy Orchestrator console, helping analysts associate an event with the attack source, target, and duration of the attack.
Administrators using McAfee Active Response have easy access to attack artifacts from these clues and can also use McAfee Active Response to search for indicators gathered from other resources (threat feeds, alerts, a SIEM solution). This instant visibility helps them quickly see where an attack is active, how it is spreading, and the associated threat vectors so they can better understand where they are exposed and rapidly take action.
In addition to the investigation capabilities listed above, you’re going to need adaptable and continuous collaboration for your protection technologies if you want to keep the cyber criminals from getting back in — and they will try to come back.
One of the most important components of our adaptable architecture is the intelligent endpoint protection capability. This automatic, closed-loop escalation from an individual endpoint to a centralized malware analysis system can evaluate unknown executables and apply real-time intelligence and actionable threat forensics to both identify and then automatically remediate a malicious file. Through real-time collaboration, defenses communicate and learn from each other to combat advanced threats. Only mcAfee protects and collectively learns instantly across endpoint, network, gateway, and cloud security components.
Closed loop analysis and conviction helps minimize the impact of zero-day malware. Continuous monitoring for uncovered indicators of attack helps administrators quickly see where a malicious event may be re-occurring and automatically block, mitigate, or activate a script or escalation.
Underpinning the active detection and monitoring of the intelligent endpoint, countermeasures can check in with the perpetually updated reputation database of McAfee Global Threat Intelligence, which has insights from more than 100 million nodes in over 120 countries. This level of ongoing collaboration is essential to maintaining the highest cybersecurity standards.
For example, McAfee Threat Intelligence Exchange utilizes both local and global information to optimize threat detection — shortening the time between malware encounter and malware containment from days, weeks, or months down to milliseconds.
Now that you know how to spot the intruders and stop them from getting in, you can beat them at their own game. Cybercriminals are going to have to face the fact that you’re winning now (and they hate that).
About the Author