Cybercrime costs the world more than $1 trillion, a 50% increase from 2018

Cybercrime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion, McAfee reveals. Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses. “The severity and frequency of cyberattacks on businesses continues to rise … More

The post Cybercrime costs the world more than $1 trillion, a 50% increase from 2018 appeared first on Help Net Security.

Consumer behaviors and cyber risks of holiday shopping in 2020

While consumers are aware of increased risks and scams via the internet, they still plan to do more shopping online – and earlier – this holiday season, McAfee reveals.

holiday shopping cyber risks

Thirty-six percent of Americans note they are hitting the digital links to give gifts and cheer this year, despite 60% feeling that cyber scams become more prevalent during the holiday season.

While more than 124 million consumers shopped in-store during the 2019 Black Friday to Cyber Monday holiday weekend, the survey indicates consumers have shifted direction due to global events this year, opening their risk to online threats as they live, work, play, and buy all through their devices.

The survey shows shopping activity in general has increased, with 49% stating they are buying online more since the onset of COVID-19. 18% of consumers are even shopping online daily, while 34% shop online 3-5 days a week.

Online cybercrime continues to increase

The research team recently found evidence that online cybercrime continues to increase, observing 419 threats per minute in Q2 2020, an increase of almost 12% over the previous quarter.

With activity set to rise from both consumers and criminals, there is an added concern of whether consumers are taking security threats as seriously as they should – with key differences seen across generational groups:

  • 79% of those 65+ in age believe there is a greater cyber risk due to COVID-19 while 70% of those 18-24 state the same
  • 27% of respondents ages 18-24 report checking if emailed or text messaged discounts and deals sent to them are authentic

“Many are wondering what this year’s holiday season will look like as consumer shopping behaviors continue to evolve and adapt to the challenges faced throughout 2020,” said Judith Bitterli, VP of Consumer Marketing, McAfee.

“With results showing the growing prevalence of online shopping, consumers need to be aware of how cybercriminals are looking to take advantage and take the necessary steps to protect themselves- and their loved ones- this holiday season.”

This juxtaposition of increased online activity from both consumers and cybercriminals serves as the perfect catalyst for misdeeds, especially as 36% of consumers note that while they are aware of risks, they plan to increase their holiday online shopping. This less-than-cautious approach is further seen when respondents are offered deals or discounts, with 43% checking to see if Black Friday or Cyber Monday emails and text messages sent are authentic and trustworthy.

Consumers purchasing more online gift cards this year

Additionally, as the National Retail Federation (NRF) reports 54% of consumers wish to receive gift cards this holiday season, the survey proved that 35% of respondents plan to fulfill this request by purchasing more online gift cards this year.

With this alignment set to occur, there are potentially negative implications as 25% of respondents automatically assume gift card links are safe and don’t always take the necessary steps to ensure legitimacy.

In order to stay safe this holiday season, it is advised to:

  • Employ multi-factor authentication to double check the authenticity of digital users and add an additional layer of security to protect personal data and information.
  • Browse with caution and added security using a tool to block malware and phishing sites via malicious links.
  • Protect your identity and important personal and financial details using an identity theft protection tool, which also includes recovery tools should your identity be compromised.

McAfee MVISION CNAPP enhances cloud-native security by integrating with AWS

McAfee announced the MVISION Cloud Native Application Protection Platform (CNAPP) with several native Amazon Web Services (AWS) integrations to help customers more easily secure their applications and data in their Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments.

Architected to support multiple AWS services, MVISION CNAPP helps customers continuously identify and fix misconfigurations and software vulnerabilities in their AWS environment and securely accelerate their deployment of cloud-native applications.

Announced last month, MVISION CNAPP is a new McAfee security service that combines Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and application and data security into one solution.

The unified solution provides security teams deep insight into service configurations for AWS, industry benchmarks to better assess their data and application security risk, as well as integrated workload protection tools to improve security across their entire application lifecycle.

CNAPP integrates with several AWS deployment services such as AWS Systems Manager and AWS PrivateLink to make deployment easier and more secure, as well as security services like AWS Security Hub with broader workload and data context for enhanced security.

“AWS Security Hub is a great example of a security service built specifically for AWS customers,” said Anand Ramanathan, vice president of product management, McAfee.

“We’ve collaborated with AWS to add hybrid security use cases and broader workload and data context to enhance the value of this service, as well as to leverage AWS-native deployment services allowing customers to simply add our CNAPP capabilities to deployment pipelines already in use thus seamlessly enhancing the security of their cloud-native applications.”

MVISION CNAPP is available in AWS Marketplace providing customers a streamlined method for purchasing the new service as well as providing consolidated billing for consumption.

What’s more, MVISION CNAPP has purpose-built security audit policies for AWS container services Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), and AWS Fargate.

“In today’s digital enterprise, security is a critical priority across the organization,” said Dan Plastina, Vice President, Security Services, Amazon Web Services, Inc. “We are delighted to be working with McAfee to facilitate collaboration across developer and security teams so that customers can more effectively secure their workloads in the cloud.”

“EA’s business depends on the public cloud, and it’s my role to manage the security of that environment,” said Bob Fish, Enterprise Security Architect at Electronic Arts.

“MVISION CNAPP integrates with AWS deployment services such as AWS Systems Manager and AWS PrivateLink and also integrates with AWS security services like AWS Security Hub, enhancing AWS native security capabilities.

“We prefer a single unified security platform over implementing separate point products for each security capability required. The unified approach of MVISION CNAPP allows us to use fewer people to manage security risk across all our AWS resources.”

Be Very Sparing in Allowing Site Notifications

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Notification prompts in Firefox (left) and Google Chrome.

When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers.

But many users may not fully grasp what they are consenting to when they approve notifications, or how to tell the difference between a notification sent by a website and one made to appear like an alert from the operating system or another program that’s already installed on the device.

This is evident by the apparent scale of the infrastructure behind a relatively new company based in Montenegro called PushWelcome, which advertises the ability for site owners to monetize traffic from their visitors. The company’s site currently is ranked by Alexa.com as among the top 2,000 sites in terms of Internet traffic globally.

Website publishers who sign up with PushWelcome are asked to include a small script on their page which prompts visitors to approve notifications. In many cases, the notification approval requests themselves are deceptive — disguised as prompts to click “OK” to view video material, or as “CAPTCHA” requests designed to distinguish automated bot traffic from real visitors.

An ad from PushWelcome touting the money that websites can make for embedding their dodgy push notifications scripts.

Approving notifications from a site that uses PushWelcome allows any of the company’s advertising partners to display whatever messages they choose, whenever they wish to, and in real-time. And almost invariably, those messages include misleading notifications about security risks on the user’s system, prompts to install other software, ads for dating sites, erectile disfunction medications, and dubious investment opportunities.

That’s according to a deep analysis of the PushWelcome network compiled by Indelible LLC, a cybersecurity firm based in Portland, Ore. Frank Angiolelli, vice president of security at Indelible, said rogue notifications can be abused for credential phishing, as well as foisting malware and other unwanted applications on users.

“This method is currently being used to deliver something akin to adware or click fraud type activity,” Angiolelli said. “The concerning aspect of this is that it is so very undetected by endpoint security programs, and there is a real risk this activity can be used for much more nefarious purposes.”

Sites affiliated with PushWelcome often use misleading messaging to trick people into approving notifications.

Angiolelli said the external Internet addresses, browser user agents and other telemetry tied to people who’ve accepted notifications is known to PushWelcome, which could give them the ability to target individual organizations and users with any number of fake system prompts.

Indelible also found browser modifications enabled by PushWelcome are poorly detected by antivirus and security products, although he noted Malwarebytes reliably flags as dangerous publisher sites that are associated with the notifications.

Indeed, Malwarebytes’ Pieter Arntz warned about malicious browser push notifications in a January 2019 blog post. That post includes detailed instructions on how to tell which sites you’ve allowed to send notifications, and how to remove them.

KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com.

Clicking on the PushWelcome notification in the bottom right corner of the screen opened a Web site claiming my brand new test system was infected with 5 viruses.

It seems likely that PushWelcome and/or some of its advertisers are trying to generate commissions for referring customers to purchase antivirus products at these companies. McAfee has not yet responded to requests for comment. Norton issued the following statement:

“We do not believe this actor to be an affiliate of NortonLifeLock. We are continuing to investigate this matter. NortonLifeLock takes affiliate fraud and abuse seriously and monitors ongoing compliance. When an affiliate partner abuses its responsibilities and violates our agreements, we take necessary action to remove these affiliate partners from the program and swiftly terminate our relationships. Additionally, any potential commissions earned as a result of abuse are not paid. Furthermore, NortonLifeLock sends notification to all of our affiliate partner networks about the affiliate’s abuse to ensure the affiliate is not eligible to participate in any NortonLifeLock programs in the future.”

Requests for comment sent to PushWelcome via email were returned as undeliverable. Requests submitted through the contact form on the company’s website also failed to send.

While scammy notifications may not be the most urgent threat facing Internet users today, most people are probably unaware of how this communications pathway can be abused.

What’s more, dodgy notification networks could be used for less conspicuous and sneakier purposes, including spreading fake news and malware masquerading as update notices from the user’s operating system. I hope it’s clear that regardless of which browser, device or operating system you use, it’s a good idea to be judicious about which sites you allow to serve notifications.

If you’d like to prevent sites from ever presenting notification requests, check out this guide, which has instructions for disabling notification prompts in Chrome, Firefox and Safari. Doing this for any devices you manage on behalf of friends, colleagues or family members might end up saving everyone a lot of headache down the road.

McAfee’s open API framework enables orgs to respond faster to threats while reducing cost

McAfee announced the launch of MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISION platform that will allow customers to quickly and easily integrate McAfee and trusted Security Innovation Alliance (SIA) partner applications as well as privately developed applications within their current security environment.

This enables security teams to swiftly address security gaps in their architecture and easily improve security posture. The newly launched open API framework enables organizations to respond faster to threats while reducing total cost of operations by automating MVISION Platform (ePolicy Orchestrator) capabilities and integrating with their IT and security operations.

In many security environments, IT and Security Operations Center (SOC) teams lack unified information, spend too much time on routine operations, and lack automation.

By utilizing McAfee cloud security tools both customers and partners can deliver automated security outcomes through the components of the platform including MVISION Marketplace, MVISION Developer Portal and MVISION API.

These cloud delivered offerings are key components of the recently announced MVISION Extended Detection and Response (XDR) solution and accelerate McAfee and SIA partner solutions working together for better security outcomes.

  • MVISION Marketplace – An application marketplace enabling McAfee and ecosystem partners to deliver pre-integrated, best in industry solutions to customers.
  • MVISION Developer Portal – A portal for application developers to build, test, and certify their applications prior to making them available on MVISION Marketplace or for customers to develop and deploy their private apps.
  • MVISION API – A single, hyper scale, global security Application Programming Interface enabling real time visibility, and response to the McAfee portfolio. Customers and Partners can now See what McAfee Sees, know what McAfee knows and do what McAfee can do through this API.

“With today’s ever-changing business and threat landscape, organizations need to adopt new technologies to help resolve emerging threats and to secure all their assets,” said Javed Hasan, global head of enterprise products strategy and alliances, McAfee.

“Time is critical in the context of defense against threats and enterprises need the ability to integrate and deploy new solutions. With the new Marketplace, Developer Portal, and API we are enabling customers to quickly and easily implement the security tools they need.”

MVISION Marketplace is launching with best of breed partners to complement customers’ existing security solutions. Customers can easily search based on categories such as; Attivo Networks in Endpoint Protection and Active Directory, Siemplify in SOAR, ServiceNow in SOC and IT, Seclore for Data-centric Security, ThreatQuotient in SOC, IBM QRadar in SOC, and more.

“Orchestrated prevention, detection, and remediation is essential to effective scale and results,” said Jeff Hausman, VP ITOM, Security and CMDB at ServiceNow.

“The MVISION composable platform connected with the ServiceNow platform helps resource-starved security teams streamline investigation and response for more use cases. It enables real-time links between the myriad data sources and processes of investigations and hooks directly into workflows for remediation and incident management by security and IT.”

“McAfee MVISION EDR plus Attivo EDN is a comprehensive solution for superior endpoint security as evidenced by the MITRE ATT&CK framework,” said Marc Feghali, VP of product management, Attivo Networks. “We are pleased to be a part of the MVISION marketplace and offer innovation for the best possible endpoint protection and lateral movement threat detection.”

“The changing threat landscape is requiring cyber professionals to prioritize the integration and interoperability of existing tools and services,” said Matt McCormick, SVP business and corporate development, ThreatQ.

“The combination of McAfee products and the ThreatQ platform broadens the security ecosystem and enables customers to solve this real problem through an open security architecture.”

“Providing customers with the fast and simple ability to deploy Siemplify for their SOAR needs is critical,” said Amos Stern, co-founder and CEO, Siemplify. “We are pleased to be a part of the MVISION marketplace to address these needs.”

“Threat Prevention plus Data Protection creates the perfect security posture. Embedded with the McAfee ePO framework, Seclore can automatically protect customer data via actions invoked from McAfee DLP, Email Prevent, and/or MVision Cloud,” said Vishal Gupta, CEO at Seclore.

“The data chase across networks, devices and applications ends and gets replaced with persistent protection and tracking of data and its use, another example of what best-of-breed technologies coming together can do.”

MVISION Marketplace solutions include complete endpoint protection, complete network protection, complete cloud protection, complete data protection, and complete SOC security.

Customer and partner benefits include:

  • Evaluate quickly – Customers can evaluate McAfee and partner applications in minutes and then move to production through a simple purchasing step.
  • Build easily – Customers can build bespoke applications with full ability to embed McAfee and partner IP.
  • Streamlined deployment – Partners and McAfee can jointly demo and POC market-leading solutions which can be deployed in production in minutes.

New infosec products of the week: November 6, 2020

Qualys Container Runtime Security: Defense for containerized applications

Qualys Runtime Container Security, once instrumented in the image, will work within each container irrespective of where the container is instantiated and does not need any additional administration containers. This new solution addresses, in real time, container security use cases like critical file-access monitoring and blocking, network micro-segmentation, vulnerability and exploit mitigation, and virtual patching.

infosec products November 2020

iStorage launches diskAshur M2, a portable PIN authenticated, hardware encrypted SSD

The diskAshur M2 is iStorage’s smallest, lightest, fastest and most rugged FIPS compliant encrypted portable SSD and includes connectivity for both USB type A and C ports. The new diskAshur M2 SSD encrypts data using FIPS PUB 197 validated, AES-XTS 256-bit hardware encryption and uniquely incorporates a Common Criteria EAL4+ ready secure microprocessor, which employs built-in physical protection mechanisms.

infosec products November 2020

Ermetic’s platform provides full stack visibility and control over multi-cloud infrastructure entitlements

By analyzing identity and access management (IAM) policies as well as the configuration of network, storage and secrets assets, Ermetic eliminates attack surface blind spots and enables organizations to enforce least privilege across their entire cloud infrastructure.

infosec products November 2020

McAfee launches MVISION XDR, a cloud-based advanced threat management solution

MVISION XDR improves security operations centers (SOC) effectiveness with quick risk mitigation and delivers total cost of ownership (TCO) for threat response with the inclusion of MVISION Insight’s proactive threat analytics.

infosec products November 2020

SailPoint updates its SaaS identity platform to accelerate enterprises’ identity processes

SailPoint announced a series of planned updates to its SaaS identity platform to enable enterprises to automate important identity processes that match the speed and pace of today’s dynamic business environment. The new features, which include role insights and access request recommendations, leverage machine learning algorithms to deliver on the SailPoint Predictive Identity vision.

infosec products November 2020

McAfee launches MVISION XDR, a cloud-based advanced threat management solution

McAfee announced industry-first extended detection and response (XDR) capabilities with the introduction of MVISION XDR platform, a cloud-based advanced threat management solution with complete coverage across the attack lifecycle, prioritization to protect what matters, easy orchestration and efficient response.

MVISION XDR improves security operations centers (SOC) effectiveness with quick risk mitigation and delivers total cost of ownership (TCO) for threat response with the inclusion of MVISION Insight’s proactive threat analytics.

SOCs are still maturing and face three key challenges that impact time to resolve: 1) Reactive processes and workflows, 2) Alert fatigue and fragmented tools, and 3) Limited staff and expertise.

According to recent ESG1 research, 66 percent of organizations says that detection & response effectiveness is limited due to multiple independent tools. Siloed tools inhibit faster and better security outcomes by requiring security operations to manually correlate data and orchestrate response across the disparate tools.

Time to resolve or contain a threat continues to be in months allowing dwell time for the adversary to do more damage. According to SANS research, only 40 percent of the SOCs have incident response function.

The shortage of cybersecurity staff and expertise continues to limit security effectiveness. MVISION XDR removes the complexity of fragmented tools and provides new levels of proactivity, prioritization and orchestration to improve the SOC effectiveness.

“SOCs continue to face a dynamic threat landscape especially in this work-from-everywhere environment. The fragmented nature of their traditional tools, which require a lot of manual and cumbersome processes, make it near impossible for their already stretched teams to be as effective as they need to be.

“MVISION XDR is the industry’s first XDR platform that allows organizations to proactively get ahead of adversaries and manage threats across their entire enterprise with unified visibility, control, and automation to protect what matters most,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee.

“Organizations indicate that threat detection and response is much harder today than two years ago,” states Jon Oltsik, Enterprise Strategy Group. “This difficulty is characterized by the constant fire drill mode of reacting to growing volumes of alerts.

“Most EDR and budding XDR solutions are reactive, so adding proactivity and prioritization to XDR can produce better & smarter security outcomes. In this way, security professionals can spend less time on error-prone reactive fire drills with weeks of investigation and get to responding and protecting what counts quicker.”

MVISION XDR capabilities address the entire attack lifecycle before and after an attack with:

  • Organizations can be proactive and act on external threats that matter before the attack. Organizations can prioritize threats, predict if countermeasures will work and prescribe corrective actions.
  • Visibility and control of threats across the entire enterprise (endpoint, network and cloud) from a unified view equips analyst of any experience level to speed threat triage with their choice of automatic or AI-guided investigations.
  • Unique data awareness allows for automatic prioritization of threats based on the risk and the impact to the organization. Incidents are assessed based on user, data classification, device, vulnerability and threat intelligence. A good example is if a threat is targeting sensitive data on a device it will take a higher priority for action.
  • Open and cloud-delivered security platform simplifies integration with external threat intelligence, existing SOC tools like ticketing systems and lowers TCO.

Initial MVISION XDR experiences are available today with MVISION EDR. Additional MVISION XDR experiences will be available to early access customers in Q1 2021, with general availability to follow.

Microsoft Patch Tuesday, October 2020 Edition

It’s Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it’s once again time to backup and patch up.

Eleven of the vulnerabilities earned Microsoft’s most-dire “critical” rating, which means bad guys or malware could use them to gain complete control over an unpatched system with little or no help from users.

Worst in terms of outright scariness is probably CVE-2020-16898, which is a nasty bug in Windows 10 and Windows Server 2019 that could be abused to install malware just by sending a malformed packet of data at a vulnerable system. CVE-2020-16898 earned a CVSS Score of 9.8 (10 is the most awful).

Security vendor McAfee has dubbed the flaw “Bad Neighbor,” and in a blog post about it said a proof-of-concept exploit shared by Microsoft with its partners appears to be “both extremely simple and perfectly reliable,” noting that this sucker is imminently “wormable” — i.e. capable of being weaponized into a threat that spreads very quickly within networks.

“It results in an immediate BSOD (Blue Screen of Death), but more so, indicates the likelihood of exploitation for those who can manage to bypass Windows 10 and Windows Server 2019 mitigations,” McAfee’s Steve Povolny wrote. “The effects of an exploit that would grant remote code execution would be widespread and highly impactful, as this type of bug could be made wormable.”

Trend Micro’s Zero Day Initiative (ZDI) calls special attention to another critical bug quashed in this month’s patch batch: CVE-2020-16947, which is a problem with Microsoft Outlook that could result in malware being loaded onto a system just by previewing a malicious email in Outlook.

“The Preview Pane is an attack vector here, so you don’t even need to open the mail to be impacted,” said ZDI’s Dustin Childs.

While there don’t appear to be any zero-day flaws in October’s release from Microsoft, Todd Schell from Ivanti points out that a half-dozen of these flaws were publicly disclosed prior to today, meaning bad guys have had a jump start on being able to research and engineer working exploits.

Other patches released today tackle problems in Exchange Server, Visual Studio, .NET Framework, and a whole mess of other core Windows components.

For any of you who’ve been pining for a Flash Player patch from Adobe, your days of waiting are over. After several months of depriving us of Flash fixes, Adobe’s shipped an update that fixes a single — albeit critical — flaw in the program that crooks could use to install bad stuff on your computer just by getting you to visit a hacked or malicious website.

Chrome and Firefox both now disable Flash by default, and Chrome and IE/Edge auto-update the program when new security updates are available. Mercifully, Adobe is slated to retire Flash Player later this year, and Microsoft has said it plans to ship updates at the end of the year that will remove Flash from Windows machines.

It’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any chinks in the new armor.

But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates even have known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

McAfee expands its MVISION portfolio with three all-in-one SaaS solution offerings

McAfee announced the expansion of its MVISION portfolio with three all-in-one software-as-a-service (SaaS) solution offerings – McAfee Device-to-Cloud suites. These suites are designed for customers who are adopting a cloud first stance and desire a simplified portfolio approach for device-to-cloud protection.

All three suites include McAfee MVISION Insights, the industry’s first proactive and actionable threat posture capability that prioritizes risk, predicts the success of countermeasures and prescribes remedial actions.

“Customers are facing a rise in cyber activity that can expose them to damaging threats. At the same time, they’re struggling with control, management and visibility across their organization as they enable their teams to work from anywhere,” said Anand Ramanathan, vice president of product management, McAfee.

“McAfee Device-to-Cloud suites provide all-inclusive security that sits alongside an organization’s device and cloud footprint, offering the end-to-end protection that dynamic modern environments need today – and for what may lie ahead.”

As the very definition of the workplace expands, McAfee Device-to-Cloud suites help ensure visibility, and the ability to control and effectively manage across hybrid IT environments. McAfee Device-to-Cloud suite options include:

  • MVISION Advanced: Proactive endpoint threat prevention that includes next-gen defense mechanisms and rollback remediation to protect against ransomware and other advanced malware.
  • MVISION Premium: Comprehensive endpoint and data protection, with AI-powered Endpoint Detection and Response (EDR) and Data Loss Prevention (DLP Endpoint), to more completely defend devices and data from advanced attacks.
  • MVISION Complete: Unifies McAfee’s full endpoint security portfolio with MVISION Unified Cloud Edge, that combines McAfee’s award-winning Secure Web Gateway (SWG), advanced DLP and Cloud Access Security Broker (CASB) to deliver complete device-to-cloud protection. MVISION Complete enables organizations to better safeguard their digital transformation efforts and distributed workforce, with unified threat and data protection across all threat vectors – endpoints, web and cloud.

The release of these newly designed suites bolsters the McAfee MVISION portfolio and provides security that spans devices, network and cloud. Simple cloud management with better visibility and control; automated responses and updates that increase staff productivity; and unified policies on endpoints, web and cloud all help lower total cost of ownership at a time where many organizations are looking to trim budgets.

“McAfee is committed to providing new and updated security delivery models that make security easier to buy and manage, and help drive businesses forward in any environment,” said Kathleen Curry, senior vice president, Global Channels, OEM and Strategic Alliances, McAfee.

“The Device-to-Cloud suites were built with our partner community in mind. At inception, we had discussed with partners their needs to ensure we got it right—from pricing to implementation services, which will all be partner driven. Together, we will deliver a premium experience to our customers.”

Measuring impact beyond a single incident

Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age.

true impact

In an environment where very limited transparency on the root cause and the true impact is afforded we are left with isolated examples to point to the direct cost of a security incident. For example, the 2010 attack on the Natanz nuclear facilities was and in certain cases is still used as the reference case study for why cybersecurity is imperative within an ICS environment (quite possibly substituted with BlackEnergy).

For the impact on ransomware, it was the impact WannaCry had on healthcare and will likely be replaced with the awful story where a patient sadly lost their life because of a ransomware attack.

What these cases clearly provide is a degree of insight into their impact. Albeit this would be limited in certain scenarios, but this approach sadly almost excludes the multitude of attacks that successfully occurred prior and in which the impact was either unavailable or did not make the headline story.

It can of course be argued that the use of such case studies are a useful vehicle to influence change, there is equally the risk that they simply are such outliers that decision makers do not recognise their own vulnerabilities within the broader problem statement.

If we truly need to influence change, then a wider body of work to develop the broader economic, and societal impact, from the multitude of incidents is required. Whilst this is likely to be hugely subjective it is imperative to understand the true impact of cybersecurity. I recall a conversation a friend of mine had with someone who claimed they “are not concerned with malware because all it does is slow down their computer”. This of course is the wider challenge to articulate the impact in a manner which will resonate.

Ask anybody the impact of car theft and this will be understood, ask the same question about any number of digital incidents and the reply will likely be less clear.

It can be argued that studies which measure the macro cost of such incidents do indeed exist, but the problem statement of billions lost is so enormous that we each are unable to relate to this. A small business owner hearing about how another small business had their records locked with ransomware, and the impact to their business is likely to be more influential than an economic model explaining the financial cost of cybercrime (which is still imperative to policy makers for example).

If such case studies are so imperative and there exists a stigma with being open about such breaches what can be done? This of course is the largest challenge, with potential litigation governing every communication. To be entirely honest as I sit here and try and conclude with concrete proposals I am somewhat at a loss as to how to change the status quo.

The question is more an open one, what can be done? Can we leave fault at the door when we comment on security incidents? Perhaps encourage those that are victims to be more open? Of course this is only a start, and an area that deserves a wider discussion.

BT Security announces critical security partners for global portfolio

BT Security has announced the key partners that it will work with going forward to provide industry-leading managed security services to customers. The decision follows BT’s largest-ever appraisal of its security suppliers, and a comprehensive review of the security vendor ecosystem as a whole.

BT’s decision to refine its security partner base was driven by the recognition that many of its customers find it difficult to navigate today’s complex security landscape.

The huge range of suppliers and products in the market can be bewildering, and lead to the adoption of multiple overlapping systems. This in turn can render security estates difficult to manage, burdened with unnecessary costs and, ultimately, with lower overall levels of protection.

BT Security is reflecting its customers’ desire to reduce complexity by having a leaner set of partners and clearly laying out its view of the best providers for specific security requirements.

The confirmed partners were agreed following a detailed evaluation of their respective capabilities across all security control and threat management technologies. The final selection provides BT’s view of the security market’s leading providers, who will support a harmonized portfolio of solutions to its customers going forward.

Kevin Brown, Managing Director of BT Security, said: “Our new security partner ecosystem showcases the benefits of BT Security as a Managed Security Services Provider. We’re able to use our deep experience and insight of the security ecosystem to help our customers navigate what can be an incredibly confusing market.

“We’re also ensuring that BT Security customers will benefit from working with the best suppliers from across the security industry.”

McAfee, Palo Alto Networks and Fortinet were selected as BT Security’s ‘Critical Partners’. Each of those companies will provide a range of services and products that will be incorporated into BT Security’s global portfolio, as well as providing holistic support to its commercial and operational activities.

BT Security will also work with these partners to develop a roadmap of security solutions which continue to reflect evolving customer demands and integrate the latest developments in security automation.

Lynn Doherty, Executive Vice President of Global Sales and Marketing at McAfee, said: “We’re proud to partner with BT to fight against cybercrime and accelerate new business environments for our customers as they look for more solution integrations, deeper engagement and faster modernization efforts.

“Together through our strategic service provider partners, like BT, McAfee is able to deliver world class security services that enable organizations to evolve their defenses into areas like Secure Access Service Edge (SASE) and Extended Detection and Response (XDR).”

Alex Zinin, VP, Global Service Provider Business at Palo Alto Networks, said: “We’ve been working closely with BT Security for several years to bring innovative cybersecurity solutions to our joint customers.

“We are honored to be selected as one of their critical partners to continue this close collaboration, in recognition of the breadth of our security capabilities across multiple market segments. This comes at a time when it’s never been more essential for communications and security to be closely aligned to help all organisations with staff working remotely.

“We look forward to working together as we strive to make each day safer and more secure than the one before.”

John Maddison, Executive Vice President of Products and Chief Marketing Officer at Fortinet, said: “Digital Innovation is disrupting all industries, markets, and segments, leading to increased risk as cyber threats take advantage of this disruption.

“To protect against known advanced threats as well as unknown sophisticated attacks, Fortinet enables organizations to apply security anywhere and protect all edges – including WAN, cloud, data center, endpoint, identity, and home – while reducing the number of required products to save costs and remove complexity.

“We’re proud to partner with BT Security to help customers address the most critical security challenges and protect data across the entire digital infrastructure.”

Microsoft, IBM and Cisco were all confirmed as ‘Strategic Partners’ for BT Security. This categorization reflects not only their relationship with BT Security, but also their broader activities and remit across the whole of BT.

BT Security also confirmed a further nine ‘Ecosystem Partners’, who will be incorporated into its global portfolio of solutions for customers due to their complementary technology capabilities. These partners are Skybox, Forescout, Zscaler, Check Point, CrowdStrike, Okta, Qualys, Netscout and F5.

Through deeper strategic relationships, BT Security and its partners will work together to provide better customer experience and protection, while those selected partners will also be BT Security’s main collaborators as they look to develop future customer solutions.

BT Security will regularly review the partnerships to monitor the latest vendor developments, while continuing to assess the wider industry for new and emergent security companies and technologies.

McAfee enhances SASE solution and global managed offerings to help orgs accelerate DX

McAfee announced significant enhancements to its Secure Access Service Edge (SASE) solution delivered by MVISION Unified Cloud Edge (UCE) by launching easy-to-use integrations with third-party Software-Defined Wide Area Networking (SD-WAN) solutions, and extending its UCE platform to enable global strategic partners to deliver managed SASE offerings.

In addition, McAfee continues to progress engagement with leading global service providers Atos and BT to offer a range of managed Web, CASB, and SASE offerings to help organizations who are struggling with the challenges of digital transformation.

According to a recent McAfee Cloud Adoption and Risk Report, the work from anywhere trend has led to a 50% increase in enterprise cloud use across all industries. This trend is merely the latest driver pushing many organizations to dramatically accelerate their cloud transformation plans and re-architect their networks to facilitate a “direct-to-cloud” model for remote users and branch offices.

By seamlessly integrating MVISION UCE with the direct-to-cloud network functionality of industry leading SD-WAN solutions, organizations benefit from a unified cloud-native offering that facilitates fast, secure, simple, and scalable access to web and cloud resources, in line with the Secure Access Service Edge (SASE) framework.

“McAfee is committed to helping our customers securely move their operations to the cloud and help their employees to work from wherever they are in these times. With these new enhancements to MVISION UCE, McAfee has delivered a SASE solution that will help customers optimize and secure their work-from-home infrastructure,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee.

SD-WAN partnerships

MVISON UCE delivers robust native support for virtually any SD-WAN solution via site-to-site and site-to-cloud deployments, leveraging industry standard Dynamic IPSec and GRE protocols.

To date, McAfee has certified interoperability with six of the industry’s leading SD-WAN vendors, including Viptela (Cisco), VeloCloud (VMware), and Citrix, with even deeper partnerships forged with Silver Peak, Fortinet, and Versa Networks through McAfee’s Security Innovation Alliance (SIA) program, one of the industry’s largest technology partnership programs.

“To realize the full promise of the cloud and digital transformation, enterprises will need to transform both their WAN and security architectures, and with the McAfee partnership, customers can achieve both with a tightly integrated solution,” said Fraser Street, vice president, technical alliances at Silver Peak.

“Certified interoperability as part of the SIA connected security ecosystem will expand the options for customer implementations of Versa Secure SD-WAN and Versa SASE,” said Michael Wood, chief marketing officer at Versa Networks.

Managed service provider offerings

Adoption of the SASE framework involves the consolidation of many traditionally siloed network and security technologies, requiring major architectural considerations and collaboration across many parts of the IT organization. Recognizing the importance of the partner relationship, McAfee has extended its UCE platform to enable partners.

Notably, Atos and BT have agreed to use their global scale to deliver managed Web, CASB and SASE offerings to organizations that want to adopt the Cloud without the challenges associated with having to plan and manage everything on their own.

“This partnership is key to how we provide our clients the best cloud security services, not just for the surge in work-from-home but for any challenges that lie ahead,” said Chris Moret, Senior Vice President, Head of Cybersecurity Services at Atos.

“Market-leading technologies like CASB or Web Gateway, which make up McAfee’s MVISION UCE, along with the processes and skills of our cybersecurity professionals across the globe enable Atos customers to modernize at the rate of market change.”

“The strategic partnership between BT and McAfee is a mutual choice made after intense scrutiny of the market,” said Chris Marwood, head of managed security services portfolio at BT.

“We believe McAfee’s cloud platform strategy is where the industry is heading, and that our managed service offerings including CASB will enable our joint customers to accelerate their journey to the cloud. We look forward to our continued partnership with much more on our roadmap this year and into 2021.”

New infosec products of the week: July 31, 2020

Qualys unveils Multi-Vector EDR, a new approach to endpoint detection and response

Traditional EDR solutions singularly focus on endpoints’ malicious activities to hunt and investigate cyberattacks. Qualys’ multi-vector approach provides critical context and full visibility into the entire attack chain to provide a comprehensive, more automated and faster response to protect against attacks.

infosec products July 2020

McAfee MVISION Cloud now maps threats to MITRE ATT&CK

With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming – especially as cloud-native threats become more abundant.

infosec products July 2020

Amazon Fraud Detector: Use machine learning in the fight against online fraud

Amazon Fraud Detector is a fully managed service that makes it easy to quickly identify potentially fraudulent online activities like online payment and identity fraud. With just a few clicks in the Amazon Fraud Detector console, customers can select a pre-built machine learning model template, upload historical event data, and create decision logic to assign outcomes to the predictions.

infosec products July 2020

Veritas is unifying data protection, from the edge to core to cloud

Veritas Technologies introduced new innovations to its Enterprise Data Services Platform to help customers reduce risk, optimize cost, strengthen ransomware resiliency, and manage multi-cloud environments at scale. With the launch of NetBackup 8.3, Veritas empowers enterprise customers by improving the resiliency of their applications and infrastructure regardless of the context.

infosec products July 2020

Sonrai Dig maps relationships between identities and data inside public clouds

Sonrai Security announced the Governance Automation Engine for Sonrai Dig, re-inventing how customers ensure security in AWS, Azure, Google Cloud and Kubernetes by automatically eliminating identity risks and reducing unwanted access to data.

infosec products July 2020

Pulse Zero Trust Access simplifies management and mitigates cyber risks

Pulse Zero Trust Access simplifies access management with single-pane-of-glass visibility, end-to-end analytics, granular policies, automated provisioning, and advanced threat mitigation that empowers organizations to further optimize their increasingly mobile workforce and hybrid IT resources.

infosec products July 2020

CyberStrong platform updates allow customers to dynamically manage their risk posture

The updates reinforce CyberSaint’s mission to enable organizations to manage cybersecurity as a business function by enabling agility, measurement, and automation across risk, compliance, audit, vendor, and governance functions for information security organizations.

infosec products July 2020

McAfee MVISION Cloud now maps threats to MITRE ATT&CK

McAfee introduced MITRE ATT&CK into McAfee MVISION Cloud, the company’s Cloud Access Security Broker (CASB), delivering a precise method to hunt, detect and stop cyberattacks on cloud services.

MVISION Cloud MITRE ATT&CK

Empowering SecOps teams

This new integration gives SecOps teams a direct source of cloud vulnerabilities and threats mapped to the tactics and techniques of ATT&CK. McAfee is the first CASB provider to tag and visualize cloud security events within an ATT&CK.

“Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm,” said Rajiv Gupta, senior vice president and general manager of Cloud Security, McAfee. “By translating cloud threats and vulnerabilities into the common language of ATT&CK, MVISION Cloud allows security teams to extend their processes and runbooks to the cloud, understand and preemptively respond to cloud vulnerabilities, and improve enterprise security.”

According to data from McAfee research, most enterprises average more than 485 external threat incidents per month on their cloud services. The ATT&CK integration brings cloud attacks into focus and provides the opportunity to identify gaps in protection and make policy and configuration changes directly from McAfee MVISION Cloud.

MITRE ATT&CK with McAfee MVISION Cloud

The ATT&CK integration with McAfee MVISION Cloud introduces new capabilities to mitigate the risk of cloud attacks and vulnerabilities, including the ability to:

  • Advance from reactive to proactive: McAfee MVISION Cloud allows SecOps teams to visualize not only executed threats in the ATT&CK framework, but also potential attacks they can stop across multiple Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) environments
  • Break silos: SecOps teams can now bring pre-filtered cloud security incidents into their Security Information Event Management/Security Orchestration, Automation and Response platforms via API, mapped to the same ATT&CK framework they use for device and network threat investigation
  • Take direct action: McAfee MVISION Cloud now takes Cloud Security Posture Management (CSPM) to a new level, providing security managers with cloud service configuration recommendations for SaaS, PaaS and IaaS environments, which address specific ATT&CK adversary techniques

With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming – especially as cloud-native threats become more abundant.

Security teams using MVISION Cloud now have all of their threat incidents automatically mapped to ATT&CK, allowing them to see all cloud attacks that have been fully executed; attacks in progress in order to take action; as well as the ability to combine incidents, anomalies, threats and vulnerabilities into one holistic, familiar view.

McAfee ESM Cloud: Removing traditional barriers to SecOps efficiency

McAfee, the device-to-cloud cybersecurity company, announced McAfee Enterprise Security Manager (ESM) Cloud, a new cloud-based security and information event management (SIEM) offering that supports the detection, incident response and threat hunting activities of a security operations team.

As a cloud-based solution, McAfee ESM Cloud extends the value of a traditional SIEM by providing faster onboarding of security telemetry, automatic updates and continuous system health monitoring.

“Today’s SecOps teams face a multitude of issues, including the need to take on new efforts such as digital transformation, the convergence of internet technology and operation technology, and the sudden shift to remote working,” said Anand Ramanathan, vice president of enterprise products, McAfee.

“ESM Cloud helps customers tackle these challenges, allowing them to maintain and improve upon their security posture as they progress through their journey of transitioning to the cloud.”

McAfee ESM Cloud leverages the power of cloud computing to accelerate time to value for security operations centers through:

  • Advanced analytics: real-time and historical analysis powered by rich contextual data to detect and prioritize threats, uncover anomalous user behavior and respond to attacker tactics, techniques and procedures (TTPs)
  • Time to value: use case focused security content packs that deliver immediate value through pre-built threat detection rules and fully operational dashboards, reports, watchlists and alarms
  • Unmatched data source coverage: out-of-the-box coverage of 100’s of data sources across the endpoint, network and cloud-based services and applications
  • Open integration fabric: open interface facilitates integration with McAfee and third-party solutions for immediate response to threats
  • Simplicity and operational efficiency: auto-provisioning allows event ingestion from day one and improves efficacy by minimizing engineering efforts required to deploy and maintain infrastructure
  • Continuous improvement: new capabilities and enhancements delivered automatically, freeing customers from the burden of software updates and upgrades
  • Scalability and elasticity: cloud-based service supports dynamically changing customer requirements, automatically increasing scale and capacity to process vast amounts of data

McAfee MVISION Insights: Stopping threats before the attack

McAfee, the device-to-cloud cybersecurity company, announced general availability of McAfee MVISION Insights, the industry’s first proactive security solution that changes the cyber security paradigm by helping to stop threats before the attack.

MVISION Insights provides actionable and preemptive threat intelligence by leveraging McAfee’s cutting-edge threat research, augmented with sophisticated Artificial intelligence (AI) applied to real-time threat telemetry streamed from over 1 billion sensors.

The integration of MVISION Insights significantly enhances the capabilities of McAfee’s award winning endpoint security platform by managing the attack surface, preventing ransomware and aiding security teams to easily investigate and respond to advanced attacks.

According to recent internal research by McAfee, over 90 percent of security teams feel that they are not proactively prepared for the emerging threat landscape. While there is a plethora of threat intelligence feeds available in the market, actionable and contextual threat intelligence is hard to find.

Additionally, multiple siloed endpoint security tools are tiring down security teams who are struggling to enable their organizations to safely adopt the cloud for digital transformation. The integration of MVISION Insights into McAfee’s endpoint security platform is designed to eliminate some of the burden on security operations professionals.

“CISOs want an answer to a fundamental question: How truly protected they are against the latest adversarial campaign targeting their organization,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee.

“Our latest endpoint security innovation, MVISION Insights, delivers the industry first actionable threat intelligence so organizations can preempt an attack rather than scramble to contain a breach.”

McAfee’s endpoint security platform incorporates MVISION Insights and integrates multiple proven and new innovations to help deliver the following key customer outcomes:

  • Preempt attacks by “shifting-left” (engaging early) in the attack lifecycle with security posture scores, configuration assessment and automated policies and updates
  • Prevent ransomware and other advanced malware with integrated native OS controls, behavioral blocking, exploit prevention, machine learning and file-less threat defense
  • Simplify investigation and response to sophisticated threat campaigns with unified Endpoint Detection and Response (EDR) capabilities that include continuous monitoring, multi-sensor telemetry, AI-guided investigations, MITRE ATT&CK mapping and real-time hunting
  • Diminish the impact of an attack with enhanced remediation capabilities, which can roll back the destructive effect of a ransomware attack by restoring affected files and negating the need for system reimaging
  • Gain operational efficiencies with a cloud-delivered and unified endpoint solution that reduces total cost of operations and complexity

How do I select a mobile security solution for my business?

The percentage of companies admitting to suffering a mobile-related compromise has grown, despite a higher percentage of organizations deciding not to sacrifice the security of mobile devices to meet business targets.

To make things worse, the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols – despite also being highly targeted by cyberattacks.

In order to select a suitable mobile security solution for your business, you need to consider a lot of factors. We’ve talked to several industry professionals to get their insight on the topic.

Liviu Arsene, Global Cybersecurity Analyst, Bitdefender

select mobile security solutionA business mobile security solution needs to have a clear set of minimum abilities or features for securing devices and the information stored on them, and for enabling IT and security teams to remotely manage them easily.

For example, a mobile security solution for business needs to have excellent malware detection capabilities, as revealed by third-party independent testing organizations, with very few false positives, a high detection rate, and minimum performance impact on the device. It needs to allow IT and security teams to remotely manage the device by enabling policies such as device encryption, remote wipe, application whitelisting/blacklisting, and online content control.

These are key aspects for a business mobile security solution as it both allows employees to stay safe from online and physical threats, and enables IT and security teams to better control, manage, and secure devices remotely in order to minimize any risk associated with a compromised device. The mobile security solution should also be platform agnostic, easily deployable on any mobile OS, centrally managed, and allow users to switch from profiles covering connectivity and encryption (VPN) settings based on the services the user needs.

Fennel Aurora, Security Adviser at F-Secure

select mobile security solutionMaking any choice of this kind starts from asking the right questions. What is your company’s threat model? What are your IT and security management capabilities? What do you already know today about your existing IT, shadow IT, and employees bring-your-own-devices?

If you are currently doing nothing and have little IT resources internally, you will not have the same requirements as a global corporation with whole departments handling this. As a farming supplies company, you will not face the same threats, and so have the same requirements, as an aeronautics company working on defense contracts.

In reality, even the biggest companies do not systematically do all of the 3 most basic steps. Firstly, you need to inventory your devices and IT, and be sure that the inventory is complete and up-to-date as you can’t protect what you don’t know about. You also need at minimum to protect your employees’ devices against basic phishing attacks, which means using some kind of AV with browsing protection. You need to be able to deploy and update this easily via a central tool. A good mobile AV product will also protect your devices against ransomware and banking trojans via behavioral detection.

Finally, you need to help people use better passwords, which means helping them install and start using a password manager on all their devices. It also means helping them get started with multi-factor authentication.

Jon Clay, Director of Global Threat Communications, Trend Micro

select mobile security solutionMany businesses secure their PC’s and servers from malicious code and cyber attacks as they know these devices are predominately what malicious actors will target. However, we are increasingly seeing threat actors target mobile devices, whether to install ransomware for quick profit, or to steal sensitive data to sell in the underground markets. This means is that organizations can no longer choose to forego including security on mobile devices – but there are a few challenges:

  • Most mobile devices are owned by the employee
  • Most of the data on the mobile device is likely to be personal to the owner
  • There are many different device manufacturers and, as such, difficulties in maintaining support
  • Employees access corporate data on their personal devices regularly

Here are a few key things that organizations should consider when looking to select a mobile security solution:

  • Lost devices are one reason for lost data. Requiring users to encrypt their phones using a passcode or biometric option will help mitigate this risk.
  • Malicious actors are looking for vulnerabilities in mobile devices to exploit, making regular update installs for OS and applications extremely important.
  • Installing a security application can help with overall security of the device and protect against malicious attacks, including malicious apps that might already be installed on the device.
  • Consider using some type of remote management to help monitor policy violations. Alerts can also help organizations track activities and attacks.

Discuss these items with your prospective vendors to ensure they can provide coverage and protection for your employee’s devices. Check their research output to see if they understand and regularly identify new tactics and threats used by malicious actors in the mobile space. Ensure their offering can cover the tips listed above and if they can help you with more than just mobile.

Jake Moore, Cybersecurity Specialist, ESET

select mobile security solutionCompanies need to understand that their data is effectively insecure when their devices are not properly managed. Employees will tend to use their company-supplied devices in personal time and vice versa.

This unintentionally compromises private corporate data, due to activities like storing documents in unsecure locations on their personal devices or online storage. Moreover, unmanaged functions like voice recognition also contribute to organizational risk by letting someone bypass the lock screen to send emails or access sensitive information – and many mobile security solutions are not fool proof. People will always find workarounds, which for many is the most significant problem.

In oder to select the best mobile security solution for your business you need to find a happy balance between security and speed of business. These two issues rarely go hand in hand.

As a security professional, I want protection and security to be at the forefront of everyone’s mind, with dedicated focus to managing it securely. As a manager, I would want the functionality of the solution to be the most effective when it comes to analyzing data. However, as a user, most people favor ease of use and convenience at the detriment of other more important factors.

Both users and security staff need to be cognizant of the fact that they’re operating in the same space and must work together to strike the same balance. It’s a shared responsibility but, importantly, companies need to decide how much risk they are willing to accept.

Anand Ramanathan, VP of Product Management, McAfee

select mobile security solutionThe permanent impact of COVID-19 has heightened attacker focus on work-from-home exploits while increasing the need for remote access. Security professionals have less visibility and control over WFH environments where employees are accessing corporate applications and data, so any evaluation of mobile security should be based on several fundamental criteria:

  • “In the wild security”: You don’t know if or how mobile devices are connecting to a network at any given time, so it’s important that the protection is on-device and not dependent on a connection to determine threats, vulnerabilities or attacks.
  • Comprehensive security: Malicious applications are a single vector of attack. Mobile security should also protect against phishing, network-based attacks and device vulnerabilities. Security should protect the device against known and unknown threats.
  • Integrated privacy protection: Given the nature of remote access from home environments, you should have the ability to protect privacy without sending any data off the device.
  • Low operational overhead: Security professionals have enough to do in response to new demands of supporting business in a COVID world. They shouldn’t be obligated to manage mobile devices differently than other types of endpoint devices and they shouldn’t need a separate management console to do so.

External attacks on cloud accounts grew 630 percent from January to April

The McAfee report uncovers a correlation between the increased use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, along with an increase in cyber attacks targeting the cloud.

external attacks on cloud accounts

There are significant and potentially long-lasting trends that include an increase in the use of cloud services, access from unmanaged devices and the rise of cloud-native threats. These trends emphasize the need for new security delivery models in the distributed work-from-home environment of today–and likely the future.

In the time surveyed, overall enterprise adoption of cloud services spiked by 50 percent, including industries such as manufacturing and financial services that typically rely on legacy on-premises applications, networking and security more than others.

Use of cloud collaboration tools increased by up to 600 percent, with the education sector seeing the most growth as more students are required to adopt distance learning practices.

Surging external attacks on cloud accounts

Threat events from external actors increased by 630 percent over the same period. Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials.

Insider threats remained the same, indicating that working from home has not negatively influenced employee loyalty. Access to the cloud by unmanaged, personal devices doubled, adding another layer of risk for security professionals working to keep their data secure in the cloud.

“While we are seeing a tremendous amount of courage and global goodwill to overcome the pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home,” said Rajiv Gupta, Senior VP, Cloud Security, McAfee.

“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior. Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices.

Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization.”

external attacks on cloud accounts

How to maintain strong security posture

With cloud-native threats increasing in step with cloud adoption, all industries need to evaluate their security posture to protect against account takeover and data exfiltration. Companies need to safeguard against threat actors attempting to exploit weaknesses in their cloud deployments.

Tips to maintain strong security posture include:

  • Think cloud-first: A cloud-centric security mindset can support the increase in cloud use and combat cloud-native threats. Enterprises need to shift their focus to data in the cloud and to cloud-native security services so they can maintain full visibility and control with a remote, distributed workforce.
  • Consider your network: Remote work reduces the ability for hub and spoke networking to work effectively with scale. Network controls should be cloud-delivered and should connect remote users directly to the cloud services they need.
  • Consolidate and reduce complexity: Cloud-delivered network security and cloud-native data security should smoothly interoperate, ideally be consolidated to reduce complexity and total cost of ownership and increase security effectiveness and responsiveness.

McAfee and Atlassian come together to accelerate BornSecure cloud capabilities

McAfee, the device-to-cloud cybersecurity company, announced a collaboration with Atlassian, a leading provider of team collaboration and productivity software, to bring advanced data security and threat protection to common customers looking to accelerate their move to the cloud.

As a result of this collaboration, Atlassian customers can now leverage the power of McAfee MVISON Cloud to apply their security policies to their use of Atlassian services.

MVISION Cloud provides visibility and control for Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) environments, across Content Management systems and DevOps environments, via a unified security platform which helps customers get comprehensive control over their cloud services from managed and unmanaged devices.

The need for solutions that are designed to secure the cloud are further validated within a recent McAfee report that found the average enterprise organization uses 1,400 different cloud services.

As more organizations move their operations to the cloud and to remote work environments, they must evolve their security measures to meet the challenges of unintentional data uploads, device usage outside traditional network parameters, insider threats from rogue employees, application misconfiguration and more.

Further, industry analyst firm Gartner warns that, “through 2025, 99 percent of cloud security failures will be the customer’s fault.” This has caused enterprises to look for ways to enforce additional security controls on their cloud solutions beyond Software-as-a-Service (SaaS) or Infrastructure-as-a-Service (IaaS).

Through integration efforts with McAfee, Atlassian customers can now use MVISION Cloud to help securely accelerate their business in the following ways:

  • Prevent sensitive or regulated data from being uploaded or shared with unauthorized parties while using Atlassian’s Jira Software or Confluence Cloud products.
  • Limit downloading or syncing to unmanaged devices and gain total control over user access to Jira Software Cloud and Confluence Cloud by enforcing context-specific access policies.
  • Provide ability to capture the complete audit trail of all user activity enriched with threat intelligence to facilitate post incident forensic investigations. MVISION Cloud detects threats from compromised accounts, insider threats, privileged access misuse and malware infection.
  • Detect and remediate against misconfigurations and configuration drift in Atlassian’s Bitbucket Cloud and Bamboo products from standard benchmarks such as CIS and NIST or custom configuration policies.

Shared right: Shared responsibility between customers and cloud providers

Atlassian’s cloud tools are mission critical to customer businesses. One of the reasons that 99% of issues are expected to be attributed to the customer, is that while cloud providers (like Atlassian), have invested very heavily in security and have directly addressed core challenges that an on-prem solutions may cause, their customers may be much earlier on in their security journey. Here’s where McAfee MVISION Cloud steps to help customers deliver on their share of the cloud security responsibility.

Shift left: Securing DevOps to deliver DevSecOps

Atlassian is making it easier for developers to build and operate secure products, while responding to security incidents more quickly and effectively.

McAfee MVISION Cloud integrates security for Atlassian services into DevOps toolchains to deliver on the promise of DevSecOps and enable organizations to rapidly deploy infrastructure, workloads, and applications while meeting their security and regulatory compliance best practices.

This “shift left” integration seamlessly incorporates security checks without any friction to or burden on the developers or DevOps teams.

“Organizations of all sizes are looking for security solutions that enable their business to securely leverage cloud services,” said Rajiv Gupta, senior vice president and general manager of Cloud Security, McAfee.

“Our collaboration with Atlassian helps organizations deliver on their share of the cloud security responsibility, while providing them with the ability to “shift left” in a seamless manner that deploys the right security configurations without burdening developers or DevOps teams.”

Zyxel and McAfee offer a one-box security solution designed for small- to medium-sized businesses

Zyxel Networks, a leader in delivering secure, AI- and cloud-powered home and business solutions, announced it has partnered with McAfee, the device-to-cloud cybersecurity company, to offer customers an integrated, one-box security solution designed specifically for small- to medium-sized businesses.

According to the 2019 Verizon Data Breach Investigations Report, more than 40 percent of cyberattacks are currently targeted at small businesses, driving the need for SMBs to find robust, easy-to-deploy and manage protection solutions that fit the size of their network.

The integration of McAfee’s anti-malware solution into Zyxel’s high-end ATP firewall family will provide SMBs with best-of-breed malware detection, security performance, and advanced web filtering within a single firewall device.

“Small businesses need cybersecurity support now more than ever. At McAfee, we’re keeping the world safe from cyberthreats so that customers can focus on running their business. We’re proud to partner with Zyxel to help better protect their customers’ confidential data,” says Javed Hasan, Global Head of Enterprise Product Strategy and Alliances at McAfee.

Growing ATP family stops zero-day attacks

Zyxel also announced the addition of the ZyWALL ATP100W and ATP700 to the SMB-focused Advanced Threat Protection Firewall Series. These all-in-one solutions integrate scalable, cloud-based sandboxing with multiple additional layers of security to detect and block known and unknown threats.

ZyWALL ATP firewalls using the ZLD 4.5 firmware release or later can run anti-malware scans in both Express and Stream modes concurrently. The Express mode leverages an ever-expanding AI-driven cloud database to provide an unprecedented level of threat intelligence, while the Stream mode uses a signature-based database to provide a granular and thorough deep local scan.

The new hybrid mode combines the two functions to maximize security coverage with wide and deep security scans to protect the network from the inside-out and defend the business from rapidly evolving cyber attacks.

“With SMBs facing an ever-increasing threat of cyberattacks, implementing a robust, dynamic network security solution is critical to safeguard the network from new and rapidly changing threats, including malware and zero-day exploits,” explained Tri Nguyen, Market Development Manager at Zyxel.

“The addition of the new ATP firewalls and integration of McAfee’s anti-malware technology provides SMBs with a wide variety of solutions to match the unique size and demands of their individual networks.

“These self-evolving network protection solutions deliver a critical combination of performance, ease-of-use, and comprehensive protection that gives SMBs peace-of-mind and enables them to focus on running their businesses.”

The Zyxel ZyWALL series of Advanced Threat Protection Firewalls for small- and medium-businesses includes:

  • ATP100 – $449.99 (street)
  • ATP100W – $549.99
  • ATP200 – $674.99
  • ATP500 – $929.99
  • ATP700 – $1,379.99
  • ATP800 – $2,199.99

ZyWALL ATP firewalls carry a lifetime limited warranty and are available now through all Zyxel authorized resellers and e-Commerce partners.