Microsoft Patch Tuesday, October 2020 Edition

It’s Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it’s once again time to backup and patch up.

Eleven of the vulnerabilities earned Microsoft’s most-dire “critical” rating, which means bad guys or malware could use them to gain complete control over an unpatched system with little or no help from users.

Worst in terms of outright scariness is probably CVE-2020-16898, which is a nasty bug in Windows 10 and Windows Server 2019 that could be abused to install malware just by sending a malformed packet of data at a vulnerable system. CVE-2020-16898 earned a CVSS Score of 9.8 (10 is the most awful).

Security vendor McAfee has dubbed the flaw “Bad Neighbor,” and in a blog post about it said a proof-of-concept exploit shared by Microsoft with its partners appears to be “both extremely simple and perfectly reliable,” noting that this sucker is imminently “wormable” — i.e. capable of being weaponized into a threat that spreads very quickly within networks.

“It results in an immediate BSOD (Blue Screen of Death), but more so, indicates the likelihood of exploitation for those who can manage to bypass Windows 10 and Windows Server 2019 mitigations,” McAfee’s Steve Povolny wrote. “The effects of an exploit that would grant remote code execution would be widespread and highly impactful, as this type of bug could be made wormable.”

Trend Micro’s Zero Day Initiative (ZDI) calls special attention to another critical bug quashed in this month’s patch batch: CVE-2020-16947, which is a problem with Microsoft Outlook that could result in malware being loaded onto a system just by previewing a malicious email in Outlook.

“The Preview Pane is an attack vector here, so you don’t even need to open the mail to be impacted,” said ZDI’s Dustin Childs.

While there don’t appear to be any zero-day flaws in October’s release from Microsoft, Todd Schell from Ivanti points out that a half-dozen of these flaws were publicly disclosed prior to today, meaning bad guys have had a jump start on being able to research and engineer working exploits.

Other patches released today tackle problems in Exchange Server, Visual Studio, .NET Framework, and a whole mess of other core Windows components.

For any of you who’ve been pining for a Flash Player patch from Adobe, your days of waiting are over. After several months of depriving us of Flash fixes, Adobe’s shipped an update that fixes a single — albeit critical — flaw in the program that crooks could use to install bad stuff on your computer just by getting you to visit a hacked or malicious website.

Chrome and Firefox both now disable Flash by default, and Chrome and IE/Edge auto-update the program when new security updates are available. Mercifully, Adobe is slated to retire Flash Player later this year, and Microsoft has said it plans to ship updates at the end of the year that will remove Flash from Windows machines.

It’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any chinks in the new armor.

But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates even have known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

McAfee expands its MVISION portfolio with three all-in-one SaaS solution offerings

McAfee announced the expansion of its MVISION portfolio with three all-in-one software-as-a-service (SaaS) solution offerings – McAfee Device-to-Cloud suites. These suites are designed for customers who are adopting a cloud first stance and desire a simplified portfolio approach for device-to-cloud protection.

All three suites include McAfee MVISION Insights, the industry’s first proactive and actionable threat posture capability that prioritizes risk, predicts the success of countermeasures and prescribes remedial actions.

“Customers are facing a rise in cyber activity that can expose them to damaging threats. At the same time, they’re struggling with control, management and visibility across their organization as they enable their teams to work from anywhere,” said Anand Ramanathan, vice president of product management, McAfee.

“McAfee Device-to-Cloud suites provide all-inclusive security that sits alongside an organization’s device and cloud footprint, offering the end-to-end protection that dynamic modern environments need today – and for what may lie ahead.”

As the very definition of the workplace expands, McAfee Device-to-Cloud suites help ensure visibility, and the ability to control and effectively manage across hybrid IT environments. McAfee Device-to-Cloud suite options include:

  • MVISION Advanced: Proactive endpoint threat prevention that includes next-gen defense mechanisms and rollback remediation to protect against ransomware and other advanced malware.
  • MVISION Premium: Comprehensive endpoint and data protection, with AI-powered Endpoint Detection and Response (EDR) and Data Loss Prevention (DLP Endpoint), to more completely defend devices and data from advanced attacks.
  • MVISION Complete: Unifies McAfee’s full endpoint security portfolio with MVISION Unified Cloud Edge, that combines McAfee’s award-winning Secure Web Gateway (SWG), advanced DLP and Cloud Access Security Broker (CASB) to deliver complete device-to-cloud protection. MVISION Complete enables organizations to better safeguard their digital transformation efforts and distributed workforce, with unified threat and data protection across all threat vectors – endpoints, web and cloud.

The release of these newly designed suites bolsters the McAfee MVISION portfolio and provides security that spans devices, network and cloud. Simple cloud management with better visibility and control; automated responses and updates that increase staff productivity; and unified policies on endpoints, web and cloud all help lower total cost of ownership at a time where many organizations are looking to trim budgets.

“McAfee is committed to providing new and updated security delivery models that make security easier to buy and manage, and help drive businesses forward in any environment,” said Kathleen Curry, senior vice president, Global Channels, OEM and Strategic Alliances, McAfee.

“The Device-to-Cloud suites were built with our partner community in mind. At inception, we had discussed with partners their needs to ensure we got it right—from pricing to implementation services, which will all be partner driven. Together, we will deliver a premium experience to our customers.”

Measuring impact beyond a single incident

Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age.

true impact

In an environment where very limited transparency on the root cause and the true impact is afforded we are left with isolated examples to point to the direct cost of a security incident. For example, the 2010 attack on the Natanz nuclear facilities was and in certain cases is still used as the reference case study for why cybersecurity is imperative within an ICS environment (quite possibly substituted with BlackEnergy).

For the impact on ransomware, it was the impact WannaCry had on healthcare and will likely be replaced with the awful story where a patient sadly lost their life because of a ransomware attack.

What these cases clearly provide is a degree of insight into their impact. Albeit this would be limited in certain scenarios, but this approach sadly almost excludes the multitude of attacks that successfully occurred prior and in which the impact was either unavailable or did not make the headline story.

It can of course be argued that the use of such case studies are a useful vehicle to influence change, there is equally the risk that they simply are such outliers that decision makers do not recognise their own vulnerabilities within the broader problem statement.

If we truly need to influence change, then a wider body of work to develop the broader economic, and societal impact, from the multitude of incidents is required. Whilst this is likely to be hugely subjective it is imperative to understand the true impact of cybersecurity. I recall a conversation a friend of mine had with someone who claimed they “are not concerned with malware because all it does is slow down their computer”. This of course is the wider challenge to articulate the impact in a manner which will resonate.

Ask anybody the impact of car theft and this will be understood, ask the same question about any number of digital incidents and the reply will likely be less clear.

It can be argued that studies which measure the macro cost of such incidents do indeed exist, but the problem statement of billions lost is so enormous that we each are unable to relate to this. A small business owner hearing about how another small business had their records locked with ransomware, and the impact to their business is likely to be more influential than an economic model explaining the financial cost of cybercrime (which is still imperative to policy makers for example).

If such case studies are so imperative and there exists a stigma with being open about such breaches what can be done? This of course is the largest challenge, with potential litigation governing every communication. To be entirely honest as I sit here and try and conclude with concrete proposals I am somewhat at a loss as to how to change the status quo.

The question is more an open one, what can be done? Can we leave fault at the door when we comment on security incidents? Perhaps encourage those that are victims to be more open? Of course this is only a start, and an area that deserves a wider discussion.

BT Security announces critical security partners for global portfolio

BT Security has announced the key partners that it will work with going forward to provide industry-leading managed security services to customers. The decision follows BT’s largest-ever appraisal of its security suppliers, and a comprehensive review of the security vendor ecosystem as a whole.

BT’s decision to refine its security partner base was driven by the recognition that many of its customers find it difficult to navigate today’s complex security landscape.

The huge range of suppliers and products in the market can be bewildering, and lead to the adoption of multiple overlapping systems. This in turn can render security estates difficult to manage, burdened with unnecessary costs and, ultimately, with lower overall levels of protection.

BT Security is reflecting its customers’ desire to reduce complexity by having a leaner set of partners and clearly laying out its view of the best providers for specific security requirements.

The confirmed partners were agreed following a detailed evaluation of their respective capabilities across all security control and threat management technologies. The final selection provides BT’s view of the security market’s leading providers, who will support a harmonized portfolio of solutions to its customers going forward.

Kevin Brown, Managing Director of BT Security, said: “Our new security partner ecosystem showcases the benefits of BT Security as a Managed Security Services Provider. We’re able to use our deep experience and insight of the security ecosystem to help our customers navigate what can be an incredibly confusing market.

“We’re also ensuring that BT Security customers will benefit from working with the best suppliers from across the security industry.”

McAfee, Palo Alto Networks and Fortinet were selected as BT Security’s ‘Critical Partners’. Each of those companies will provide a range of services and products that will be incorporated into BT Security’s global portfolio, as well as providing holistic support to its commercial and operational activities.

BT Security will also work with these partners to develop a roadmap of security solutions which continue to reflect evolving customer demands and integrate the latest developments in security automation.

Lynn Doherty, Executive Vice President of Global Sales and Marketing at McAfee, said: “We’re proud to partner with BT to fight against cybercrime and accelerate new business environments for our customers as they look for more solution integrations, deeper engagement and faster modernization efforts.

“Together through our strategic service provider partners, like BT, McAfee is able to deliver world class security services that enable organizations to evolve their defenses into areas like Secure Access Service Edge (SASE) and Extended Detection and Response (XDR).”

Alex Zinin, VP, Global Service Provider Business at Palo Alto Networks, said: “We’ve been working closely with BT Security for several years to bring innovative cybersecurity solutions to our joint customers.

“We are honored to be selected as one of their critical partners to continue this close collaboration, in recognition of the breadth of our security capabilities across multiple market segments. This comes at a time when it’s never been more essential for communications and security to be closely aligned to help all organisations with staff working remotely.

“We look forward to working together as we strive to make each day safer and more secure than the one before.”

John Maddison, Executive Vice President of Products and Chief Marketing Officer at Fortinet, said: “Digital Innovation is disrupting all industries, markets, and segments, leading to increased risk as cyber threats take advantage of this disruption.

“To protect against known advanced threats as well as unknown sophisticated attacks, Fortinet enables organizations to apply security anywhere and protect all edges – including WAN, cloud, data center, endpoint, identity, and home – while reducing the number of required products to save costs and remove complexity.

“We’re proud to partner with BT Security to help customers address the most critical security challenges and protect data across the entire digital infrastructure.”

Microsoft, IBM and Cisco were all confirmed as ‘Strategic Partners’ for BT Security. This categorization reflects not only their relationship with BT Security, but also their broader activities and remit across the whole of BT.

BT Security also confirmed a further nine ‘Ecosystem Partners’, who will be incorporated into its global portfolio of solutions for customers due to their complementary technology capabilities. These partners are Skybox, Forescout, Zscaler, Check Point, CrowdStrike, Okta, Qualys, Netscout and F5.

Through deeper strategic relationships, BT Security and its partners will work together to provide better customer experience and protection, while those selected partners will also be BT Security’s main collaborators as they look to develop future customer solutions.

BT Security will regularly review the partnerships to monitor the latest vendor developments, while continuing to assess the wider industry for new and emergent security companies and technologies.

McAfee enhances SASE solution and global managed offerings to help orgs accelerate DX

McAfee announced significant enhancements to its Secure Access Service Edge (SASE) solution delivered by MVISION Unified Cloud Edge (UCE) by launching easy-to-use integrations with third-party Software-Defined Wide Area Networking (SD-WAN) solutions, and extending its UCE platform to enable global strategic partners to deliver managed SASE offerings.

In addition, McAfee continues to progress engagement with leading global service providers Atos and BT to offer a range of managed Web, CASB, and SASE offerings to help organizations who are struggling with the challenges of digital transformation.

According to a recent McAfee Cloud Adoption and Risk Report, the work from anywhere trend has led to a 50% increase in enterprise cloud use across all industries. This trend is merely the latest driver pushing many organizations to dramatically accelerate their cloud transformation plans and re-architect their networks to facilitate a “direct-to-cloud” model for remote users and branch offices.

By seamlessly integrating MVISION UCE with the direct-to-cloud network functionality of industry leading SD-WAN solutions, organizations benefit from a unified cloud-native offering that facilitates fast, secure, simple, and scalable access to web and cloud resources, in line with the Secure Access Service Edge (SASE) framework.

“McAfee is committed to helping our customers securely move their operations to the cloud and help their employees to work from wherever they are in these times. With these new enhancements to MVISION UCE, McAfee has delivered a SASE solution that will help customers optimize and secure their work-from-home infrastructure,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee.

SD-WAN partnerships

MVISON UCE delivers robust native support for virtually any SD-WAN solution via site-to-site and site-to-cloud deployments, leveraging industry standard Dynamic IPSec and GRE protocols.

To date, McAfee has certified interoperability with six of the industry’s leading SD-WAN vendors, including Viptela (Cisco), VeloCloud (VMware), and Citrix, with even deeper partnerships forged with Silver Peak, Fortinet, and Versa Networks through McAfee’s Security Innovation Alliance (SIA) program, one of the industry’s largest technology partnership programs.

“To realize the full promise of the cloud and digital transformation, enterprises will need to transform both their WAN and security architectures, and with the McAfee partnership, customers can achieve both with a tightly integrated solution,” said Fraser Street, vice president, technical alliances at Silver Peak.

“Certified interoperability as part of the SIA connected security ecosystem will expand the options for customer implementations of Versa Secure SD-WAN and Versa SASE,” said Michael Wood, chief marketing officer at Versa Networks.

Managed service provider offerings

Adoption of the SASE framework involves the consolidation of many traditionally siloed network and security technologies, requiring major architectural considerations and collaboration across many parts of the IT organization. Recognizing the importance of the partner relationship, McAfee has extended its UCE platform to enable partners.

Notably, Atos and BT have agreed to use their global scale to deliver managed Web, CASB and SASE offerings to organizations that want to adopt the Cloud without the challenges associated with having to plan and manage everything on their own.

“This partnership is key to how we provide our clients the best cloud security services, not just for the surge in work-from-home but for any challenges that lie ahead,” said Chris Moret, Senior Vice President, Head of Cybersecurity Services at Atos.

“Market-leading technologies like CASB or Web Gateway, which make up McAfee’s MVISION UCE, along with the processes and skills of our cybersecurity professionals across the globe enable Atos customers to modernize at the rate of market change.”

“The strategic partnership between BT and McAfee is a mutual choice made after intense scrutiny of the market,” said Chris Marwood, head of managed security services portfolio at BT.

“We believe McAfee’s cloud platform strategy is where the industry is heading, and that our managed service offerings including CASB will enable our joint customers to accelerate their journey to the cloud. We look forward to our continued partnership with much more on our roadmap this year and into 2021.”

New infosec products of the week: July 31, 2020

Qualys unveils Multi-Vector EDR, a new approach to endpoint detection and response

Traditional EDR solutions singularly focus on endpoints’ malicious activities to hunt and investigate cyberattacks. Qualys’ multi-vector approach provides critical context and full visibility into the entire attack chain to provide a comprehensive, more automated and faster response to protect against attacks.

infosec products July 2020

McAfee MVISION Cloud now maps threats to MITRE ATT&CK

With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming – especially as cloud-native threats become more abundant.

infosec products July 2020

Amazon Fraud Detector: Use machine learning in the fight against online fraud

Amazon Fraud Detector is a fully managed service that makes it easy to quickly identify potentially fraudulent online activities like online payment and identity fraud. With just a few clicks in the Amazon Fraud Detector console, customers can select a pre-built machine learning model template, upload historical event data, and create decision logic to assign outcomes to the predictions.

infosec products July 2020

Veritas is unifying data protection, from the edge to core to cloud

Veritas Technologies introduced new innovations to its Enterprise Data Services Platform to help customers reduce risk, optimize cost, strengthen ransomware resiliency, and manage multi-cloud environments at scale. With the launch of NetBackup 8.3, Veritas empowers enterprise customers by improving the resiliency of their applications and infrastructure regardless of the context.

infosec products July 2020

Sonrai Dig maps relationships between identities and data inside public clouds

Sonrai Security announced the Governance Automation Engine for Sonrai Dig, re-inventing how customers ensure security in AWS, Azure, Google Cloud and Kubernetes by automatically eliminating identity risks and reducing unwanted access to data.

infosec products July 2020

Pulse Zero Trust Access simplifies management and mitigates cyber risks

Pulse Zero Trust Access simplifies access management with single-pane-of-glass visibility, end-to-end analytics, granular policies, automated provisioning, and advanced threat mitigation that empowers organizations to further optimize their increasingly mobile workforce and hybrid IT resources.

infosec products July 2020

CyberStrong platform updates allow customers to dynamically manage their risk posture

The updates reinforce CyberSaint’s mission to enable organizations to manage cybersecurity as a business function by enabling agility, measurement, and automation across risk, compliance, audit, vendor, and governance functions for information security organizations.

infosec products July 2020

McAfee MVISION Cloud now maps threats to MITRE ATT&CK

McAfee introduced MITRE ATT&CK into McAfee MVISION Cloud, the company’s Cloud Access Security Broker (CASB), delivering a precise method to hunt, detect and stop cyberattacks on cloud services.

MVISION Cloud MITRE ATT&CK

Empowering SecOps teams

This new integration gives SecOps teams a direct source of cloud vulnerabilities and threats mapped to the tactics and techniques of ATT&CK. McAfee is the first CASB provider to tag and visualize cloud security events within an ATT&CK.

“Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm,” said Rajiv Gupta, senior vice president and general manager of Cloud Security, McAfee. “By translating cloud threats and vulnerabilities into the common language of ATT&CK, MVISION Cloud allows security teams to extend their processes and runbooks to the cloud, understand and preemptively respond to cloud vulnerabilities, and improve enterprise security.”

According to data from McAfee research, most enterprises average more than 485 external threat incidents per month on their cloud services. The ATT&CK integration brings cloud attacks into focus and provides the opportunity to identify gaps in protection and make policy and configuration changes directly from McAfee MVISION Cloud.

MITRE ATT&CK with McAfee MVISION Cloud

The ATT&CK integration with McAfee MVISION Cloud introduces new capabilities to mitigate the risk of cloud attacks and vulnerabilities, including the ability to:

  • Advance from reactive to proactive: McAfee MVISION Cloud allows SecOps teams to visualize not only executed threats in the ATT&CK framework, but also potential attacks they can stop across multiple Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) environments
  • Break silos: SecOps teams can now bring pre-filtered cloud security incidents into their Security Information Event Management/Security Orchestration, Automation and Response platforms via API, mapped to the same ATT&CK framework they use for device and network threat investigation
  • Take direct action: McAfee MVISION Cloud now takes Cloud Security Posture Management (CSPM) to a new level, providing security managers with cloud service configuration recommendations for SaaS, PaaS and IaaS environments, which address specific ATT&CK adversary techniques

With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming – especially as cloud-native threats become more abundant.

Security teams using MVISION Cloud now have all of their threat incidents automatically mapped to ATT&CK, allowing them to see all cloud attacks that have been fully executed; attacks in progress in order to take action; as well as the ability to combine incidents, anomalies, threats and vulnerabilities into one holistic, familiar view.

McAfee ESM Cloud: Removing traditional barriers to SecOps efficiency

McAfee, the device-to-cloud cybersecurity company, announced McAfee Enterprise Security Manager (ESM) Cloud, a new cloud-based security and information event management (SIEM) offering that supports the detection, incident response and threat hunting activities of a security operations team.

As a cloud-based solution, McAfee ESM Cloud extends the value of a traditional SIEM by providing faster onboarding of security telemetry, automatic updates and continuous system health monitoring.

“Today’s SecOps teams face a multitude of issues, including the need to take on new efforts such as digital transformation, the convergence of internet technology and operation technology, and the sudden shift to remote working,” said Anand Ramanathan, vice president of enterprise products, McAfee.

“ESM Cloud helps customers tackle these challenges, allowing them to maintain and improve upon their security posture as they progress through their journey of transitioning to the cloud.”

McAfee ESM Cloud leverages the power of cloud computing to accelerate time to value for security operations centers through:

  • Advanced analytics: real-time and historical analysis powered by rich contextual data to detect and prioritize threats, uncover anomalous user behavior and respond to attacker tactics, techniques and procedures (TTPs)
  • Time to value: use case focused security content packs that deliver immediate value through pre-built threat detection rules and fully operational dashboards, reports, watchlists and alarms
  • Unmatched data source coverage: out-of-the-box coverage of 100’s of data sources across the endpoint, network and cloud-based services and applications
  • Open integration fabric: open interface facilitates integration with McAfee and third-party solutions for immediate response to threats
  • Simplicity and operational efficiency: auto-provisioning allows event ingestion from day one and improves efficacy by minimizing engineering efforts required to deploy and maintain infrastructure
  • Continuous improvement: new capabilities and enhancements delivered automatically, freeing customers from the burden of software updates and upgrades
  • Scalability and elasticity: cloud-based service supports dynamically changing customer requirements, automatically increasing scale and capacity to process vast amounts of data

McAfee MVISION Insights: Stopping threats before the attack

McAfee, the device-to-cloud cybersecurity company, announced general availability of McAfee MVISION Insights, the industry’s first proactive security solution that changes the cyber security paradigm by helping to stop threats before the attack.

MVISION Insights provides actionable and preemptive threat intelligence by leveraging McAfee’s cutting-edge threat research, augmented with sophisticated Artificial intelligence (AI) applied to real-time threat telemetry streamed from over 1 billion sensors.

The integration of MVISION Insights significantly enhances the capabilities of McAfee’s award winning endpoint security platform by managing the attack surface, preventing ransomware and aiding security teams to easily investigate and respond to advanced attacks.

According to recent internal research by McAfee, over 90 percent of security teams feel that they are not proactively prepared for the emerging threat landscape. While there is a plethora of threat intelligence feeds available in the market, actionable and contextual threat intelligence is hard to find.

Additionally, multiple siloed endpoint security tools are tiring down security teams who are struggling to enable their organizations to safely adopt the cloud for digital transformation. The integration of MVISION Insights into McAfee’s endpoint security platform is designed to eliminate some of the burden on security operations professionals.

“CISOs want an answer to a fundamental question: How truly protected they are against the latest adversarial campaign targeting their organization,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee.

“Our latest endpoint security innovation, MVISION Insights, delivers the industry first actionable threat intelligence so organizations can preempt an attack rather than scramble to contain a breach.”

McAfee’s endpoint security platform incorporates MVISION Insights and integrates multiple proven and new innovations to help deliver the following key customer outcomes:

  • Preempt attacks by “shifting-left” (engaging early) in the attack lifecycle with security posture scores, configuration assessment and automated policies and updates
  • Prevent ransomware and other advanced malware with integrated native OS controls, behavioral blocking, exploit prevention, machine learning and file-less threat defense
  • Simplify investigation and response to sophisticated threat campaigns with unified Endpoint Detection and Response (EDR) capabilities that include continuous monitoring, multi-sensor telemetry, AI-guided investigations, MITRE ATT&CK mapping and real-time hunting
  • Diminish the impact of an attack with enhanced remediation capabilities, which can roll back the destructive effect of a ransomware attack by restoring affected files and negating the need for system reimaging
  • Gain operational efficiencies with a cloud-delivered and unified endpoint solution that reduces total cost of operations and complexity

How do I select a mobile security solution for my business?

The percentage of companies admitting to suffering a mobile-related compromise has grown, despite a higher percentage of organizations deciding not to sacrifice the security of mobile devices to meet business targets.

To make things worse, the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols – despite also being highly targeted by cyberattacks.

In order to select a suitable mobile security solution for your business, you need to consider a lot of factors. We’ve talked to several industry professionals to get their insight on the topic.

Liviu Arsene, Global Cybersecurity Analyst, Bitdefender

select mobile security solutionA business mobile security solution needs to have a clear set of minimum abilities or features for securing devices and the information stored on them, and for enabling IT and security teams to remotely manage them easily.

For example, a mobile security solution for business needs to have excellent malware detection capabilities, as revealed by third-party independent testing organizations, with very few false positives, a high detection rate, and minimum performance impact on the device. It needs to allow IT and security teams to remotely manage the device by enabling policies such as device encryption, remote wipe, application whitelisting/blacklisting, and online content control.

These are key aspects for a business mobile security solution as it both allows employees to stay safe from online and physical threats, and enables IT and security teams to better control, manage, and secure devices remotely in order to minimize any risk associated with a compromised device. The mobile security solution should also be platform agnostic, easily deployable on any mobile OS, centrally managed, and allow users to switch from profiles covering connectivity and encryption (VPN) settings based on the services the user needs.

Fennel Aurora, Security Adviser at F-Secure

select mobile security solutionMaking any choice of this kind starts from asking the right questions. What is your company’s threat model? What are your IT and security management capabilities? What do you already know today about your existing IT, shadow IT, and employees bring-your-own-devices?

If you are currently doing nothing and have little IT resources internally, you will not have the same requirements as a global corporation with whole departments handling this. As a farming supplies company, you will not face the same threats, and so have the same requirements, as an aeronautics company working on defense contracts.

In reality, even the biggest companies do not systematically do all of the 3 most basic steps. Firstly, you need to inventory your devices and IT, and be sure that the inventory is complete and up-to-date as you can’t protect what you don’t know about. You also need at minimum to protect your employees’ devices against basic phishing attacks, which means using some kind of AV with browsing protection. You need to be able to deploy and update this easily via a central tool. A good mobile AV product will also protect your devices against ransomware and banking trojans via behavioral detection.

Finally, you need to help people use better passwords, which means helping them install and start using a password manager on all their devices. It also means helping them get started with multi-factor authentication.

Jon Clay, Director of Global Threat Communications, Trend Micro

select mobile security solutionMany businesses secure their PC’s and servers from malicious code and cyber attacks as they know these devices are predominately what malicious actors will target. However, we are increasingly seeing threat actors target mobile devices, whether to install ransomware for quick profit, or to steal sensitive data to sell in the underground markets. This means is that organizations can no longer choose to forego including security on mobile devices – but there are a few challenges:

  • Most mobile devices are owned by the employee
  • Most of the data on the mobile device is likely to be personal to the owner
  • There are many different device manufacturers and, as such, difficulties in maintaining support
  • Employees access corporate data on their personal devices regularly

Here are a few key things that organizations should consider when looking to select a mobile security solution:

  • Lost devices are one reason for lost data. Requiring users to encrypt their phones using a passcode or biometric option will help mitigate this risk.
  • Malicious actors are looking for vulnerabilities in mobile devices to exploit, making regular update installs for OS and applications extremely important.
  • Installing a security application can help with overall security of the device and protect against malicious attacks, including malicious apps that might already be installed on the device.
  • Consider using some type of remote management to help monitor policy violations. Alerts can also help organizations track activities and attacks.

Discuss these items with your prospective vendors to ensure they can provide coverage and protection for your employee’s devices. Check their research output to see if they understand and regularly identify new tactics and threats used by malicious actors in the mobile space. Ensure their offering can cover the tips listed above and if they can help you with more than just mobile.

Jake Moore, Cybersecurity Specialist, ESET

select mobile security solutionCompanies need to understand that their data is effectively insecure when their devices are not properly managed. Employees will tend to use their company-supplied devices in personal time and vice versa.

This unintentionally compromises private corporate data, due to activities like storing documents in unsecure locations on their personal devices or online storage. Moreover, unmanaged functions like voice recognition also contribute to organizational risk by letting someone bypass the lock screen to send emails or access sensitive information – and many mobile security solutions are not fool proof. People will always find workarounds, which for many is the most significant problem.

In oder to select the best mobile security solution for your business you need to find a happy balance between security and speed of business. These two issues rarely go hand in hand.

As a security professional, I want protection and security to be at the forefront of everyone’s mind, with dedicated focus to managing it securely. As a manager, I would want the functionality of the solution to be the most effective when it comes to analyzing data. However, as a user, most people favor ease of use and convenience at the detriment of other more important factors.

Both users and security staff need to be cognizant of the fact that they’re operating in the same space and must work together to strike the same balance. It’s a shared responsibility but, importantly, companies need to decide how much risk they are willing to accept.

Anand Ramanathan, VP of Product Management, McAfee

select mobile security solutionThe permanent impact of COVID-19 has heightened attacker focus on work-from-home exploits while increasing the need for remote access. Security professionals have less visibility and control over WFH environments where employees are accessing corporate applications and data, so any evaluation of mobile security should be based on several fundamental criteria:

  • “In the wild security”: You don’t know if or how mobile devices are connecting to a network at any given time, so it’s important that the protection is on-device and not dependent on a connection to determine threats, vulnerabilities or attacks.
  • Comprehensive security: Malicious applications are a single vector of attack. Mobile security should also protect against phishing, network-based attacks and device vulnerabilities. Security should protect the device against known and unknown threats.
  • Integrated privacy protection: Given the nature of remote access from home environments, you should have the ability to protect privacy without sending any data off the device.
  • Low operational overhead: Security professionals have enough to do in response to new demands of supporting business in a COVID world. They shouldn’t be obligated to manage mobile devices differently than other types of endpoint devices and they shouldn’t need a separate management console to do so.

External attacks on cloud accounts grew 630 percent from January to April

The McAfee report uncovers a correlation between the increased use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, along with an increase in cyber attacks targeting the cloud.

external attacks on cloud accounts

There are significant and potentially long-lasting trends that include an increase in the use of cloud services, access from unmanaged devices and the rise of cloud-native threats. These trends emphasize the need for new security delivery models in the distributed work-from-home environment of today–and likely the future.

In the time surveyed, overall enterprise adoption of cloud services spiked by 50 percent, including industries such as manufacturing and financial services that typically rely on legacy on-premises applications, networking and security more than others.

Use of cloud collaboration tools increased by up to 600 percent, with the education sector seeing the most growth as more students are required to adopt distance learning practices.

Surging external attacks on cloud accounts

Threat events from external actors increased by 630 percent over the same period. Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials.

Insider threats remained the same, indicating that working from home has not negatively influenced employee loyalty. Access to the cloud by unmanaged, personal devices doubled, adding another layer of risk for security professionals working to keep their data secure in the cloud.

“While we are seeing a tremendous amount of courage and global goodwill to overcome the pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home,” said Rajiv Gupta, Senior VP, Cloud Security, McAfee.

“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior. Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices.

Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization.”

external attacks on cloud accounts

How to maintain strong security posture

With cloud-native threats increasing in step with cloud adoption, all industries need to evaluate their security posture to protect against account takeover and data exfiltration. Companies need to safeguard against threat actors attempting to exploit weaknesses in their cloud deployments.

Tips to maintain strong security posture include:

  • Think cloud-first: A cloud-centric security mindset can support the increase in cloud use and combat cloud-native threats. Enterprises need to shift their focus to data in the cloud and to cloud-native security services so they can maintain full visibility and control with a remote, distributed workforce.
  • Consider your network: Remote work reduces the ability for hub and spoke networking to work effectively with scale. Network controls should be cloud-delivered and should connect remote users directly to the cloud services they need.
  • Consolidate and reduce complexity: Cloud-delivered network security and cloud-native data security should smoothly interoperate, ideally be consolidated to reduce complexity and total cost of ownership and increase security effectiveness and responsiveness.

McAfee and Atlassian come together to accelerate BornSecure cloud capabilities

McAfee, the device-to-cloud cybersecurity company, announced a collaboration with Atlassian, a leading provider of team collaboration and productivity software, to bring advanced data security and threat protection to common customers looking to accelerate their move to the cloud.

As a result of this collaboration, Atlassian customers can now leverage the power of McAfee MVISON Cloud to apply their security policies to their use of Atlassian services.

MVISION Cloud provides visibility and control for Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) environments, across Content Management systems and DevOps environments, via a unified security platform which helps customers get comprehensive control over their cloud services from managed and unmanaged devices.

The need for solutions that are designed to secure the cloud are further validated within a recent McAfee report that found the average enterprise organization uses 1,400 different cloud services.

As more organizations move their operations to the cloud and to remote work environments, they must evolve their security measures to meet the challenges of unintentional data uploads, device usage outside traditional network parameters, insider threats from rogue employees, application misconfiguration and more.

Further, industry analyst firm Gartner warns that, “through 2025, 99 percent of cloud security failures will be the customer’s fault.” This has caused enterprises to look for ways to enforce additional security controls on their cloud solutions beyond Software-as-a-Service (SaaS) or Infrastructure-as-a-Service (IaaS).

Through integration efforts with McAfee, Atlassian customers can now use MVISION Cloud to help securely accelerate their business in the following ways:

  • Prevent sensitive or regulated data from being uploaded or shared with unauthorized parties while using Atlassian’s Jira Software or Confluence Cloud products.
  • Limit downloading or syncing to unmanaged devices and gain total control over user access to Jira Software Cloud and Confluence Cloud by enforcing context-specific access policies.
  • Provide ability to capture the complete audit trail of all user activity enriched with threat intelligence to facilitate post incident forensic investigations. MVISION Cloud detects threats from compromised accounts, insider threats, privileged access misuse and malware infection.
  • Detect and remediate against misconfigurations and configuration drift in Atlassian’s Bitbucket Cloud and Bamboo products from standard benchmarks such as CIS and NIST or custom configuration policies.

Shared right: Shared responsibility between customers and cloud providers

Atlassian’s cloud tools are mission critical to customer businesses. One of the reasons that 99% of issues are expected to be attributed to the customer, is that while cloud providers (like Atlassian), have invested very heavily in security and have directly addressed core challenges that an on-prem solutions may cause, their customers may be much earlier on in their security journey. Here’s where McAfee MVISION Cloud steps to help customers deliver on their share of the cloud security responsibility.

Shift left: Securing DevOps to deliver DevSecOps

Atlassian is making it easier for developers to build and operate secure products, while responding to security incidents more quickly and effectively.

McAfee MVISION Cloud integrates security for Atlassian services into DevOps toolchains to deliver on the promise of DevSecOps and enable organizations to rapidly deploy infrastructure, workloads, and applications while meeting their security and regulatory compliance best practices.

This “shift left” integration seamlessly incorporates security checks without any friction to or burden on the developers or DevOps teams.

“Organizations of all sizes are looking for security solutions that enable their business to securely leverage cloud services,” said Rajiv Gupta, senior vice president and general manager of Cloud Security, McAfee.

“Our collaboration with Atlassian helps organizations deliver on their share of the cloud security responsibility, while providing them with the ability to “shift left” in a seamless manner that deploys the right security configurations without burdening developers or DevOps teams.”

Zyxel and McAfee offer a one-box security solution designed for small- to medium-sized businesses

Zyxel Networks, a leader in delivering secure, AI- and cloud-powered home and business solutions, announced it has partnered with McAfee, the device-to-cloud cybersecurity company, to offer customers an integrated, one-box security solution designed specifically for small- to medium-sized businesses.

According to the 2019 Verizon Data Breach Investigations Report, more than 40 percent of cyberattacks are currently targeted at small businesses, driving the need for SMBs to find robust, easy-to-deploy and manage protection solutions that fit the size of their network.

The integration of McAfee’s anti-malware solution into Zyxel’s high-end ATP firewall family will provide SMBs with best-of-breed malware detection, security performance, and advanced web filtering within a single firewall device.

“Small businesses need cybersecurity support now more than ever. At McAfee, we’re keeping the world safe from cyberthreats so that customers can focus on running their business. We’re proud to partner with Zyxel to help better protect their customers’ confidential data,” says Javed Hasan, Global Head of Enterprise Product Strategy and Alliances at McAfee.

Growing ATP family stops zero-day attacks

Zyxel also announced the addition of the ZyWALL ATP100W and ATP700 to the SMB-focused Advanced Threat Protection Firewall Series. These all-in-one solutions integrate scalable, cloud-based sandboxing with multiple additional layers of security to detect and block known and unknown threats.

ZyWALL ATP firewalls using the ZLD 4.5 firmware release or later can run anti-malware scans in both Express and Stream modes concurrently. The Express mode leverages an ever-expanding AI-driven cloud database to provide an unprecedented level of threat intelligence, while the Stream mode uses a signature-based database to provide a granular and thorough deep local scan.

The new hybrid mode combines the two functions to maximize security coverage with wide and deep security scans to protect the network from the inside-out and defend the business from rapidly evolving cyber attacks.

“With SMBs facing an ever-increasing threat of cyberattacks, implementing a robust, dynamic network security solution is critical to safeguard the network from new and rapidly changing threats, including malware and zero-day exploits,” explained Tri Nguyen, Market Development Manager at Zyxel.

“The addition of the new ATP firewalls and integration of McAfee’s anti-malware technology provides SMBs with a wide variety of solutions to match the unique size and demands of their individual networks.

“These self-evolving network protection solutions deliver a critical combination of performance, ease-of-use, and comprehensive protection that gives SMBs peace-of-mind and enables them to focus on running their businesses.”

The Zyxel ZyWALL series of Advanced Threat Protection Firewalls for small- and medium-businesses includes:

  • ATP100 – $449.99 (street)
  • ATP100W – $549.99
  • ATP200 – $674.99
  • ATP500 – $929.99
  • ATP700 – $1,379.99
  • ATP800 – $2,199.99

ZyWALL ATP firewalls carry a lifetime limited warranty and are available now through all Zyxel authorized resellers and e-Commerce partners.

McAfee MVISION Cloud now supports encryption enhancements in Microsoft Teams

McAfee, a device-to-cloud cybersecurity company, announced that McAfee MVISION Cloud now supports encryption enhancements in Microsoft Teams, including encrypted webhooks and encrypted payloads.

This enables organizations to improve productivity of their employees by letting them use Teams as a collaboration platform, participate in conversations and calls and upload and share documents while ensuring customer data remains secure with encryption when evaluated by McAfee MVISION Cloud.

By staying abreast of the enhancements in Teams, McAfee MVISION Cloud remains one of the only Cloud Access Security Brokers (CASB) that is Certified for Microsoft Teams.

Working from home has become a new reality for many as more and more companies are requesting that their staff work remotely. Teams, the hub for teamwork in Microsoft 365, integrates the people, content and tools employees need to be more engaged and effective.

Microsoft has seen an unprecedented spike in Teams usage with more than 44 million daily users—a figure that has grown by 12 million in just seven days. Those users generate over 900 million meeting and calling minutes on Teams each day as employees work from home.

Employers must not only educate their employees on digital security best practices but also give them the tools to combat online threats that may stem from remote work.

“Effective collaboration allows organizations to accelerate business. However, it is critical to have the right guardrails in place to protect from accidental data leakage or misuse,” said Rajiv Gupta, senior vice president and general manager of Cloud Security, McAfee.

“McAfee MVISION Cloud provides these capabilities for Microsoft Teams, assuring that only the right data is shared with the appropriate internal and external parties. This helps protect corporate data and intellectual property, and meet governance, risk and compliance policies thus enabling effective and safe collaboration.”

McAfee MVISION Cloud for Teams leverages McAfee’s Cloud Access Security Broker (CASB) technology in a single, unified platform—offering a frictionless, cloud-native solution for organizations to consistently protect their data and defend against threats in the cloud. MVISION Cloud for Teams also provides:

  • Modern data security. Extends existing DLP policies to messages and files in all types of Teams channels, enforcing policies based on keywords, fingerprints, data identifiers, regular expressions and match highlighting for content and metadata.
  • Collaboration control. Restricts messages or files posted in channels to specific users, including blocking the sharing of data to any external location.
  • Comprehensive remediation. Enables auditing of regulated data uploaded to Teams and remediates policy violations by coaching users, notifying administrators, quarantining, tombstoning, restoring and deleting user actions. End users can autonomously correct their actions thereby reducing the burden on IT security teams.
  • Threat prevention. Empowers organizations to detect and prevent anomalous behavior indicative of insider threats and compromised accounts; captures a complete record of all user activity in Teams and leverages machine learning to analyze activity across multiple heuristics to accurately detect threats.
  • Forensic investigations. Provides rich capabilities for forensics and investigations including an auto-generated, detailed audit trail of all user activity.
  • On-the-go security, for on-the-go policies. Helps secure multiple access modes, including browsers and native apps, and applies controls based on contextual factors, including user, device, data and location; blocks access from personal devices lacking adequate control over data.

MVISION Cloud for Teams is already in use at many large organizations to enable them to meet their security, governance and compliance requirements. The solution fits all industry verticals and all sizes of organizations due to its flexibility of policies and its ease of use.

“With McAfee MVISION Cloud, we can better protect our sensitive information—we can easily enforce DLP policies and collaboration controls, contextual access control, address threats from insiders and compromised accounts, audit all user activity and secure corporate data as our users work remotely and collaborate using cloud applications,” said Elliott Breukelman, Senior Information Security Engineer at Land O’Lakes.

“We’re pleased to see McAfee’s continued commitment to supporting and securing this ever-increasing demand,” said Rushmi Malaviarachchi, Microsoft’s Partner Director of Program Management for Information Protection in Microsoft Teams.

“McAfee MVISION Cloud integrates with Microsoft Teams APIs, ensuring our joint customers can enable their employees to drive productivity and collaboration with Teams in a secure and compliant way.”

IRS scams during tax season target unsuspecting consumers

Scam robocalls and phishing emails disguised as banks continue to trick consumers to put their personal information at risk, and tax season is no exception.

IRS scams

Increase in potential threats

During this time of the year consumers need to be aware of the increase in potential threats as hackers pose as collectors from the IRS, tax preparers or government bureaus.

These tactics are particularly effective due to tax payers concerns of misfiling their taxes or accidentally running into trouble with groups like the IRS.

McAfee researchers recently uncovered an example of an illegitimate IRS site created to scam unsuspecting consumers. If you look closely, you will notice a non-IRS domain and not a secure connection, these are key things to look out for when seeking online resources.

Fake sites such as this pose particular risk to consumers when combined with phishing email campaigns. In fact, 41% of Americans admitted to falling victim to email phishing scams in 2019, serving as another reminder to be vigilant during the stressful tax season.

File before a scammer does it for you

The easiest defense you can take against IRS scams is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a fraudster.

Beware of phishing attempts

Phishing is a common tactic crooks leverage during tax season, so stay vigilant around your inbox and double-check legitimacy of any unfamiliar or remotely suspicious emails. Be wary of strange file attachment names such as “virus-for-you.doc” and remember that the Office of Social Security or IRS do not call or email tax payers.

IRS scams: Watch out for spoofed websites

Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search.

Consider an identity theft protection solution

If your data does become compromised, be sure to use an identity theft solution, allowing users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

Hackers using hidden mobile apps and unique distribution methods to target consumers

Hackers are using hidden mobile apps, third-party login and counterfeit gaming videos to target consumers, according to McAfee.

hackers target consumers

Worldwide detections of LeifAccess, 2019

Last year, hackers targeted consumers with a wide variety of methods, from backdoors to mining cryptocurrencies. Hackers have expanded the ways of hiding their attacks, making them increasingly difficult to identify and remove, which makes it seem like 2020 will be the year of mobile sneak attacks.

Hidden apps: The most active mobile threat

Hidden apps are the most active mobile threat facing consumers, generating nearly 50% of all malicious activities in 2019- a 30% increase from 2018. Hackers continue to target consumers through channels that they spend the most time on- their devices, as the average person globally is expected to own 15 connected devices by 2030.

Hidden apps take advantage of unsuspecting consumers in multiple ways, including taking advantage of consumers using third-party login services or serving unwanted ads.

“Consumers are connected more than ever, and as we look at the current security landscape, as well as future risks, we want to make sure we are doing everything to help consumers protect what matters more to them- their personal data, as well as their family and friends,” said Terry Hicks, Executive Vice President, Consumer Business Group at McAfee.

Mobile threats are playing a game of hide and steal, and we will continue to empower consumers to safeguard their most valued assets and data.”

Hackers use gaming popularity to spoof consumers

Hackers are taking advantage of the popularity of gaming by distributing their malicious apps via links in popular gamer chat apps and cheat videos by creating their own content containing links to fake apps. These apps masquerade as genuine with icons that closely mimic those of the real apps but serve unwanted ads and collect user data.

Researchers uncovered that popular apps like FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting consumers, especially younger users.

New mobile malware uses third-party sign-on to cheat app ranking systems

Researchers have uncovered new information on mobile malware dubbed LeifAccess, also known as Shopper. This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device.

Researchers observed apps based on LeifAccess being distributed via social media, gaming platforms, malvertising, and gamer chat apps. Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.

Unique approach to steal sensitive data through legitimate transit app

A series of South Korean transit apps, were compromised with a fake library and plugin that could exfiltrate confidential files, called MalBus. The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account.

The series provides a range of information for each region of South Korea, such as bus stop locations, route maps, and schedule times for more than 5 years. MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.

“There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers digital world,” said Raj Samani, McAfee Fellow and Chief Scientist.

“Now, more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully.”

McAfee announces eight new partnerships and seven newly-certified integrations

McAfee, the device-to-cloud cybersecurity company, announced substantial headway with its partner program. Eight new partnerships and seven new certified integrations to McAfee Security Innovation Alliance (SIA) and McAfee CASB Connect Program give organizations a competitive advantage to secure people, devices and data in the cloud. RSA Conference 2020 attendees can learn more about these programs at the McAfee booth.

McAfee SIA accelerates the development of open and interoperable security products and simplifies integration within complex customer environments. These capabilities provide a truly integrated, connected security ecosystem to maximize the value of existing customer security investments.

As an extension of McAfee SIA, the McAfee CASB Connect Program is the industry’s first self-serve framework that enables any cloud service provider or partner to rapidly onboard any SaaS application onto McAfee MVISION Cloud. This fosters the ability to secure data within any cloud service in McAfee’s catalog.

New partners that joined the McAfee SIA program include:

  • A10 Networks
  • AttackIQ
  • Cythereal
  • D3 Security
  • Dragos
  • Indegy
  • Mimecast
  • Nasuni
  • Nutanix
  • OpenText
  • Siemplify

The McAfee CASB Connect framework, which allows cloud service providers or partners to build lightweight API connectors to McAfee MVISION Cloud, has significantly expanded. As a result, the following new service providers adopted the MVISION Cloud Platform:

  • Atlassian
  • Clarizen
  • DbCom
  • Introhive

Opposed to uncertainty concerning the availability and maturity of most cloud service APIs, the McAfee CASB Connect Framework provides a unified platform for comprehensive control over all sanctioned and unsanctioned cloud services, from managed and unmanaged devices. This allows cloud services and partners to be fast-tracked onto the MVISION Cloud Security Platform.

Leveraging the power of CASB Connect, MVISION Cloud customers can extend the same levels of data security across all cloud services through a single platform to:

  • Enforce Data Loss Prevention (DLP) policies to protect sensitive and regulated data.
  • Enforce internal and external collaboration policies.
  • Inspect login, data upload, data download and administrator activity to maintain an audit trail for forensic investigation to detect any anomalous behavior.
  • Enforce contextual access control policies to enforce data access and download controls based on user, location or device (both managed and unmanaged).

“Not all cloud service providers have the APIs needed to integrate with MVISION Cloud,” said Javed Hasan, global head of enterprise products, strategy and alliances, McAfee.

“Even in those cases, the CASB Connect framework can now be used out-of-the-box to quickly onboard a SaaS application to McAfee’s CASB platform with support for the most critical use cases.

“The unique advantage of this new capability helps customers enforce security policies to prevent sensitive data from being downloaded on to any managed or unmanaged device, both within and outside of the corporate network perimeter.”

McAfee has a total of 160 integration partners through its McAfee SIA and McAfee CASB Connect Programs.

“MVISION Cloud allowed security to say yes to the business at Pacific Dental Services (PDS) by transparently addressing our critical security and compliance needs in the use of cloud services like Office365, Box, and AWS among others,” said Nemi George, CISO at PDS.

“Through McAfee’s CASB Connect program we have seamlessly extended those same policies and controls to cloud services like Okta and SmartSheet thereby improving our cloud maturity and reducing our TCO.”

According to Bryant Lee, head of partnerships and integrations at Atlassian, “Through the CASB Connect program, McAfee and Atlassian have collaborated to provide Atlassian customers with advanced data security and threat protection capabilities to help businesses reduce the risk of data breaches and data loss as well as more easily detect malicious activity.”

Partner highlights

A10 Networks – The A10 Thunder SSLi is an SSL/TLS visibility solution that eliminates encryption-induced security blind spots by decrypting enterprise traffic and enabling security devices to detect and stop encrypted attacks.

Thunder SSLi integrates with the McAfee Network Security Platform (NSP) by intercepting enterprise traffic, decrypting it and forwarding it to NSP in clear text. This enables NSP to inspect encrypted traffic easily and perform advanced intrusion prevention and malware analysis without compromising performance.

Clarizen – With ongoing concerns over data security and privacy, the McAfee and Clarizen partnership offers an added layer of protection for large enterprise organizations.

By leveraging self-service API connectors to McAfee MVISION Cloud, Clarizen can give their customers confidence that their data is safe and secure without sacrificing collaboration and business processes managed through Clarizen One.

D3 Security – D3 SOAR provides security orchestration, automation and response with MITRE ATT&CK in its DNA. This allows SOC operators to coordinate incident response workflows across all tools and assets, ensuring rapid and consistent remediations.

The integration between D3 SOAR and McAfee ESM helps SOC and IR teams by improving the speed and quality of investigations, enabling proactive analysis and dramatically reducing MTTR.

Events in ESM trigger detailed playbooks in D3, which automatically act on intelligence from security infrastructure and data sources, which keeps SOC operators focused on suspicious behavior and threats.

DbCom – Eqube is a regulatory compliance system designed and hosted by DbCom to maintain sensitive customer data for large multinational financial systems. Cloud security controls are essential for DbCom as they undergo frequent cyber audits to ensure customer data is secured.

It is critical these organizations have 100 percent clarity on content and patterns of data moving between their premises and DbCom’s hosted application in AWS. With McAfee’s CASB technology, DbCom can provide real-time visibility of data in motion, providing the utmost sense of security to DbCom and their customers.

Indegy – The Indegy Security Suite gives users visibility and control of their industrial operations, operational technology (OT), and IT networks. Indegy surfaces industrial control system (ICS) events and OT security event information in McAfee ESM, so security administrators have view into both the IT and OT environments for enhanced situational awareness.

Introhive – Introhive’s API integrates seamlessly with MVISION Cloud to allow clients to expose and correct negligent, malicious and suspicious user behavior. This helps to prevent sensitive data from integrating into Introhive and customer relationship management systems via Introhive Data Automation.

Siemplify – Siemplify, a leading independent provider of security orchestration, automation and response (SOAR), has partnered with McAfee to make its flagship Siemplify Security Operations Platform available to McAfee customers via MVISION ePolicy Orchestrator.

SOAR technology, which is experiencing booming adoption rates across industries, allows security operations teams to work more efficiently and effectively by seamlessly automating and orchestrating the multitude of tools and processes required to triage, investigate and respond to cyber threats at scale.

Lack of .GOV validation and HTTPS leaves states susceptible to voter disinformation campaigns

There’s a severe lack of U.S. government .GOV validation and HTTPS encryption among county election websites in 13 states projected to be critical in the 2020 U.S. Presidential Election, a McAfee survey reveals.

election website security

Example of what a fraudulent email might look like

Malicious actors could establish false government websites

The survey found that as many as 83.3% of these county websites lacked .GOV validation across these states, and 88.9% and 90.0% of websites lacked such certification in Iowa and New Hampshire respectively.

Such shortcomings could make it possible for malicious actors to establish false government websites and use them to spread false election information that could influence voter behavior and even impact final election results.

“Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” said Steve Grobman, McAfee Senior Vice President and CTO.

“An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times.

“In this way, this malicious actor could impact election results without ever physically or digitally interacting with voting machines or systems.”

Lack of governing authority preventing .COM, .NET, .ORG, and .US domain names purchase

Government entities purchasing .GOV web domains have submitted evidence to the U.S. government that they truly are the legitimate local, county, or state governments they claimed to be.

Websites using .COM, .NET, .ORG, and .US domain names can be purchased without such validation, meaning that there is no governing authority preventing malicious parties from using these names to set up and promote any number of fraudulent web domains mimicking legitimate county government domains.

The HTTPS encryption measure assures citizens that any voter registration information shared with the site is encrypted, and that they can give greater confidence in the entity with which they are sharing that information.

Websites lacking .GOV and encryption cannot assure voters seeking election information that they are visiting legitimate county and county election websites, leaving malicious actors an opening to set up disinformation schemes.

“In many cases, these websites have been set up to provide a strong user experience versus a focus on the implications that they could be spoofed to exploit the communities they serve,” Grobman continued.

“Malicious actors can pass off fake election websites and mislead large numbers of voters before detection by government organizations. A campaign close to election day could confuse voters and prevent votes from being cast, resulting in missing votes or overall loss of confidence in the democratic system.”

State counties lacking .GOV validation

Of the 1,117 counties in the survey group, 83.3% of their websites lack .GOV validation. Minnesota ranked the lowest among the surveyed states in terms of .GOV website validation with 95.4% of counties lacking U.S. government certification.

Other states severely lacking in .GOV coverage included Texas (94.9%), New Hampshire (90.0%), Michigan (89.2%), Iowa (88.9%), Nevada (87.5%), and Pennsylvania (83.6%).

Arizona had the highest percentage of main county websites validated by .GOV with 66.7% coverage, but even this percentage suggests that a third of the Grand Canyon State’s county websites are unvalidated and that hundreds of thousands of voters could still be subjected to disinformation schemes.

State counties lacking HTTPS protection

The survey found that 46.6% of county websites lack HTTPS encryption. Texas ranked the lowest in terms of encryption with 77.2% of its county websites failing to protect citizens visiting these web properties. Other states with counties lacking in encryption included Pennsylvania (46.3%), Minnesota (42.5%), and Georgia (38.4%).

Assessment of Iowa and New Hampshire

In Iowa, 88.9% of county websites lack .GOV validation, and as many as 29.3% lack HTTPS encryption. Ninety percent of New Hampshire’s county websites lack .GOV validation, and as many as 30% of the Granite State’s counties lack encryption.

Inconsistent naming standards

The research found that some states attempted to establish standard naming standards, such as www.co.[county name].[two-letter state abbreviation].us. Unfortunately, these formats were followed so inconsistently that a voter seeking election information from her county website cannot be confident that a web domain following such a standard is indeed a legitimate site.

Easy-to-remember naming formats

The research found 103 cases in which counties set up easy-to-remember, user-friendly domain names to make their election information easier to remember and access for the broadest possible audience of citizens.

Examples include www.votedenton.com, www.votestanlycounty.com, www.carrollcountyohioelections.gov, www.voteseminole.org, and www.worthelections.com.

While 93 of these counties (90.2%) protected voters visiting these sites with encryption, only two validated these special domains and websites with .GOV. This suggests that malicious parties could easily set up numerous websites with similarly named domains to spoof these legitimate sites.

Strategies for transitioning to .GOV

While only 19.3% of Ohio’s 88 county main websites have .GOV validation, the state leads McAfee’s survey with 75% of county election websites and webpages validated by .GOV certification. This leadership position appears to be the result of a state-led initiative to transition county election-related content to .GOV validated web properties.

A majority of counties have subsequently transitioned their main county websites to .GOV domains, their election-specific websites to .GOV domains, or their election-specific webpages to Ohio’s own .GOV-validated ohio.gov domain.

Such a .GOV transition strategy constitutes an interim solution until more comprehensive efforts are made at the state and federal government level through initiatives such as The DOTGOV Act of 2020. This legislation would require the Department of Homeland Security (DHS) to support .GOV adoption for local governments with technical guidance and financial support.

“Ohio has made a commendable effort to lead in driving election websites to .GOV, either directly or by using the state run ohio.gov domain,” said Grobman.

“While main county websites still largely lack .GOV validation, Ohio does provide a mechanism for voters to quickly assess if the main election website is real or potentially fake. Other states should consider such interim strategies until all county and local websites with election functions can be fully transitioned to .GOV.”

52% of companies use cloud services that have experienced a breach

Seventy-nine percent of companies store sensitive data in the public cloud, according to a McAfee survey.

accessing cloud services

Anonymized cloud event data showing percentage of files in the cloud with sensitive data

While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach.

By leaving significant gaps into the visibility of their data, organizations leave themselves open to loss of sensitive data and to regulatory non-compliance.

Cloud services have replaced many business-critical applications formerly run as on-premises software, leading to a migration of sensitive data to the cloud. Use of personal devices when accessing cloud services, the movement of data between cloud services, and the sprawl of high-risk cloud services drive new areas of risk for companies using the cloud.

For organizations to secure their data they need a thorough understanding of where their data is and how it is shared – especially with the rapid adoption of cloud services.

As part of this report, McAfee surveyed 1,000 enterprise organizations in 11 countries and investigated anonymized events from 30 million enterprise cloud users to gain a holistic view of modern data dispersion.

Shadow IT continues to expand enterprise risk

According to the study, 26 percent of files in the cloud contain sensitive data, an increase of 23 percent year-over-year. Ninety-one percent of cloud services do not encrypt data at rest; meaning data isn’t protected if the cloud provider is breached.

Personal devices are black holes

Seventy-nine percent of companies allow access to enterprise-approved cloud services from personal devices. One in four companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they can’t see or control what happens to the data.

Accessing cloud services: Intercloud travel and risk

Collaboration facilitates the transfer of data within and between cloud services, creating a new challenge for data protection. Forty-nine percent of files that enter a cloud service are eventually shared.

One in 10 files that contain sensitive data and are shared in the cloud use a publicly accessible link to the file, an increase of 111 percent year-over-year.

accessing cloud services

Anonymized cloud event data showing percentage of files shared in the cloud with sensitive data using a public access link

A new era of data protection is on the horizon

Ninety-three percent of CISOs understand it’s their responsibility to secure data in the cloud. However, 30 percent of companies lack the staff with skills to secure their Software-as-a-Service applications, up 33 percent from last year. Both technology and training are outpaced by the rapid expansion of cloud.

“The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk,” said Rajiv Gupta, senior vice president, Cloud Security, McAfee.

“Security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud provides the opportunity to break the paradigm of yesterday’s network-centric protection that is not sufficient for today’s cloud-first needs.”

McAfee products now available on Flipkart

McAfee and Flipkart, India’s leading e-commerce marketplace, announced that McAfee products are now available on Flipkart.com. In today’s world of hyper-digital consumption, McAfee’s trusted security solutions go beyond just protecting devices to help consumers safeguard their digital lives.

“McAfee’s partnership with Flipkart aims to give consumers peace of mind by highlighting the importance of online security and helping them protect what matters to them, from their mobile devices and connected homes,” said Venkat Krishnapur, vice president of engineering and managing director McAfee India.

Millions of Flipkart consumers will now be able to access award-winning and trusted McAfee products on its platform, helping to ensure that evolving consumer cybersecurity demands are addressed while providing a seamless customer experience. These include McAfee’s award-winning security solutions like McAfee AntiVirus, McAfee Internet Security and McAfee Total Protection.

This also includes features that protect devices against malware, including ransomware. Included with the security solutions. McAfee WebAdvisor secures consumers against risky websites and malicious downloads, and PC Boost increases the performance of computers, browsers and apps alike.

“We are pleased to work with McAfee to help millions of Flipkart customers get access to McAfee’s products, which will enable them to have a safer and more secure online experience,” said Adarsh Menon, Senior Vice President at Flipkart.

New infosec products of the week: December 13, 2019

IBM Security adds AI features to its Cloud Identity solution

IBM Cloud Identity now features AI-based adaptive access capabilities that help continually assess employee or consumer user risk levels when accessing applications and services. The solution escalates suspicious user interactions for further authentication, while those identified as lower risk are “fast tracked” so they can access applications and services they need.

infosec products December 2019

STEALTHbits launches Privileged Activity Manager with zero standing privilege architecture

STEALTHbits Privileged Activity Manager is a next generation Privileged Access Management solution that seeks to not just control privileged accounts, but effectively reduce the quantity of them altogether using a variety of modern techniques, such as the use of ephemeral accounts and a just-in-time (JIT), just-enough privilege (JEP) approach to privileged access.

infosec products December 2019

ClearDATA Comply: A SaaS solution for automated healthcare cloud compliance

Comply provides healthcare organizations direct access to the cloud with automated compliance and remediation, as well as a real-time compliance dashboard, facilitating rapid adoption of cloud services with peace of mind. Combined with ClearDATA’s cloud services expertise and deep understanding of complex healthcare compliance frameworks like HIPAA and GDPR, Comply is designed to streamline compliance by automatically enforcing technical controls according to different standards and regulations across multiple cloud services thereby achieving and maintaining a compliant posture.

infosec products December 2019

McAfee MVISION Cloud for Containers: A CASB and CSPM integrated security platform

Leveraging NanoSec’s zero trust application visibility and control capabilities for container-based deployments in cloud environments, McAfee MVISION Cloud for Containers provides customers with the ability to speed up application delivery while enhancing the governance, compliance and security of their container workloads.

infosec products December 2019

Spirent launches C200 appliance, a security and application performance testing solution

Enabling industry-leading 100G and Crypto performance testing, the C200 represents a significant expansion of the Spirent CyberFlood security and application performance testing solution family. An all-in-one solution, the C200 packs the full capabilities of CyberFlood into a quint-speed appliance that uses only 1U of rack space. Available immediately, the C200 provides carrier-class performance for applications, attacks and cryptographic testing.

infosec products December 2019

Kanguru launches a new biometric fingerprint access flash drive

This biometric fingerprint access flash drive supplants the bulky pinpads and fussy combo keypads of leading encrypted devices. With just a tap of the finger, the new Kanguru Defender Bio-Elite30 Fingerprint Hardware Encrypted Flash Drive provides quick access to encrypted files.

infosec products December 2019

Yubico launches latest version of its Authenticator mobile application for iOS

Yubico Authenticator now extends support for near field communication (NFC) on iOS, delivering tap-and-go flexibility in addition to authentication over a Lightning connection. The Yubico Authenticator App series now works seamlessly across all major desktop and mobile platforms, with full support for Windows, Mac, Linux, Android and iOS.

infosec products December 2019