Showing posts with label McAfee. Show all posts
Showing posts with label McAfee. Show all posts

Sunday, August 11, 2019

McAfee acquires NanoSec for container security

McAfee has acquired NanoSec, a start-up offering a multi-cloud, zero-trust application and security platform for containers. Financial terms were not disclosed.

NanoSec developed a wrapper technology that works as an agent and runs on any flavor of Linux and many flavors of Windows OS. NanoSec also provides an agentless Container scanning and Config Audit (including CIS Benchmarks). The NanoSec Intelligent backend can be hosted by the customer on any midsize server on-premise/cloud or as a SaaS service.

Nanosec is based in Santa Clara, California and Bengaluru, Karnataka, India.

McAfee said the acquisition will enable organizations to improve governance and compliance and to reduce risk of their cloud and container deployments. NanoSec’s security capabilities will be applied to applications and workloads deployed in containers and Kubernetes and will be integrated into McAfee MVISION Cloud and MVISION Server Protection offerings. These capabilities include continuous configuration compliance and vulnerability assessment as well as runtime application-level segmentation for detecting and preventing lateral movement of threats.

“NanoSec’s technology is a natural extension for McAfee MVISION Cloud, enhancing our current CASB and CWPP products, and adding to our ‘Shift-Left’ capabilities to deliver on the DevSecOps best practice to improve governance and security," said Rajiv Gupta, senior vice president and general manager of the cloud security business unit, McAfee.

“Joining forces with McAfee means that our groundbreaking capabilities including our unique application-identity based approach for app-level protection and micro-segmentation will be available on a global scale,” said Vishwas Manral, founder and CEO of NanoSec.

Sunday, January 6, 2019

Verizon to offer McAfee-based Home Network Security

Verizon is introducing a Home Network Protection (HNP) service powered by McAfee to provide protection throughout a home network.The servuce protects against malicious websites, provides parental controls and helps keep devices connected to the home network, including Internet of Things (IoT) devices, protected.

“Our homes are more connected than ever before. It’s imperative that consumers look beyond their PCs to keep their devices and information safe,” said Shailaja Shankar, general manager, mobile and ISP business units, McAfee. “We are delighted that Verizon shares our vision of making the home a secure space and chose us to help ensure its customers are protected from online threats.”

“We are committed to providing the security solutions that help our customers enjoy their digital lives to the fullest,” said Darren Kaufmann, executive director, Verizon. “Together with McAfee, we can help ensure the home network is secure, and that parents have the peace of mind knowing they have the simple tools they need to provide a safe online environment for their children.”

Monday, November 27, 2017

McAfee to Acquire Skyhigh for CASB

McAfee agreed to acquire Skyhigh Networks, a start-up offering a cloud access security broker (CASB), for an undisclosed sum.

Skyhigh Networks, which is based in Campbell, California, provides its clients with visibility into content, context, and user activity across SaaS, PaaS and IaaS environments. Skyhigh Networks CEO Rajiv Gupta will join McAfee CEO Chris Young’s leadership team to run McAfee’s new cloud business unit.


“Skyhigh Networks had the foresight five years ago to realize that cybersecurity for cloud environments could not be an impediment to, or afterthought of, cloud adoption,” Young stated. “They pioneered an entirely new product category called cloud access security broker (CASB) that analysts describe as one of the fastest growing areas of information security investments of the last five years – where Skyhigh continues to innovate and lead. Skyhigh’s leadership in cloud security, combined with McAfee’s security portfolio strength, will set the company apart in helping organizations operate freely and securely to reach their full potential.”

“Becoming part of McAfee is the ideal next step in realizing Skyhigh Networks’ vision of not simply making the cloud secure, but making it the most secure environment for business,” Gupta said. “McAfee will provide global scale to further accelerate Skyhigh’s growth, with the combined company providing leading technologies and solutions across cloud and endpoint security – categories Skyhigh and McAfee respectively helped create, and the two architectural control points for enterprise security.”

Tuesday, December 13, 2016

McAfee Labs Finds 93% of Security Ops Managers Overwhelmed by Alerts

Security Operations Managers are finding it difficult to triage cyber threats due increasing volume of activity and growing complexity, according to a primary research study commissioned by Intel Security.  The newly released McAfee Labs Threats Report details key 2016 developments in ransomware, and illustrates how attackers are creating difficult-to-detect malware by infecting legitimate code with Trojans and leveraging that legitimacy to remain hidden as long as possible.

“One of the harder problems in the security industry is identifying the malicious actions of code that was designed to behave like legitimate software, with low false positives,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “The more authentic a piece of code appears, the more likely it is to be overlooked. Just as 2016 saw more ransomware become sandbox-aware, the need to conceal malicious activity is driving a trend toward ‘Trojanizing’ legitimate applications. Such developments place an ever greater workload on an organization’s SOC – where success requires an ability to quickly detect, hunt down, and eradicate attacks in progress.”

Some highlights:

  • Alert overload. On average, organizations are unable to sufficiently investigate 25 percent of their security alerts, with no significant variation by country or company size.
  • Triage trouble. While most respondents acknowledged being overwhelmed by security alerts, as many as 93 percent are unable to triage all potential threats.
  • Incidents on the rise. Whether from an increase in attacks or better monitoring capabilities, 67 percent of respondents reported an increase in security incidents.
  • Cause of the rise. Of the respondents reporting an increase in incidents, 57 percent report they are being attacked more often, while 73 percent believe they are able to better spot attacks.
  • Threat signals. The most common threat detection signals for a majority of organizations (64 percent) come from traditional security control points, such as antimalware, firewall and intrusion prevention systems.
  • Proactive vs. reactive. The majority of respondents claim to be progressing toward the goal of a proactive and optimized security operation, but 26 percent still operate in reactive mode, with ad hoc approaches to security operations, threat hunting and incident response.
  • Adversaries. More than two-thirds (68 percent) of investigations in 2015 involved a specific entity, either as a targeted external attack or an insider threat.
  • Causes for investigation. The respondents reported that generic malware led the list of incidents (30 percent) leading to security investigations, followed by targeted malware-based attacks (17 percent), targeted network-based attacks (15 percent), accidental insider incidents resulting in potential threats or data loss (12 percent), malicious insider threats (10 percent), direct nation-state attacks (7 percent), and indirect or hacktivist nation-state attacks (7 percent).

In the third quarter of 2016, McAfee Labs’ Global Threat Intelligence network registered notable surges in ransomware, mobile malware and macro malware:
  • Ransomware. The count of total ransomware grew by 18 percent in Q3 2016 and 80 percent since the beginning of the year.
  • Mac OS malware. New Mac OS malware skyrocketed by 637 percent in Q3, but the increase was due primarily to a single adware family, Bundlore. Total Mac OS malware remains quite low in comparison to other platforms.
  • New Malware. The growth of new unique malware dropped 21 percent in Q3.
  • Mobile malware. We cataloged more than 2 million new mobile malware threats in Q3. Infection rates in Africa and Asia each dropped by 1.5 percent, while Australia increased by 2 percent in Q3.
  • Macro malware. New Microsoft Office (primarily Word) macro malware continued the increase first seen in Q2.
  • Spam botnets. The Necurs botnet multiplied its Q2 volume by nearly seven times, becoming the highest-volume spam botnet of Q3. We also measured a sharp drop in spamming by Kelihos, which resulted in the first decline in quarterly volume we have observed in 2016.
  • Worldwide botnet prevalence. Wapomi, which delivers worms and downloaders, remained No. 1 in Q3, declining from 45 percent in Q2. CryptXXX ransomware served by botnets jumped into second place; it was responsible for only 2 percent of traffic last quarter.
http://www.intelsecurity.com/

Monday, January 11, 2016

Blueprint: What’s Coming in 2016 and Beyond for Cybersecurity

by Vincent Weafer, VP of Intel Security’s McAfee Labs, Intel Corporation

A five-year look ahead at how cybersecurity is likely to evolve

Clouds, devices, and sophistication are three of the big areas that will affect cyber threats and security over the next five years, according to McAfee Labs 2016 Threats Predictions report. Cloud applications, storage, and services are converging with rapid growth in mobile and connected devices to create an ever-expanding attack surface. At the same time, increasing sophistication and sharing among cybercriminals is making attacks more targeted and harder to detect. These issues will drive significant changes in cybersecurity over the next five years, including transformation of the efficiency and effectiveness of defenses, broader threat intelligence collaboration, and sophisticated behavioral analytics.

Criminals follow the money, so as long as we have valuable digital assets, we will have cybercrime. The increasing attack surface gives them more vectors of attack and increasingly valuable assets. The value of personal data is growing rapidly, and is already outpacing payment card info as the prime target. This trend will only continue, as criminals apply big data techniques to build warehouses of personal information for sale.

The increasing sophistication of attackers and malware developers will have an interesting effect, as they develop more targeted and stealthy attacks, but also deliver packaged cybercrime-as-a-service tools to a growing audience possessing fewer tech skills. This commoditization of cybercrime will fuel new waves of personal and customized attacks, with new criminal motivations including embarrassment, harassment, and vandalism.

Security industry response

Our research and predictions dictate some fundamental changes to digital security. Network perimeters, isolated security tools, and file or signature based defenses are a rapidly fading paradigm. Instead, we will need to re-architect the tools to operate more efficiently. Using machine learning techniques, we will improve scanning speeds by identifying trusted processes and focusing resources on suspicious activities. Security in silicon will be necessary, not only to combat the growth of low-level hardware and firmware attacks, but also to protect the billions of devices that may not have sufficient general-purpose computing power to protect themselves. Secure boot, trusted execution environments, tamper protection, active memory protection, and immutable device identity will improve the effectiveness of our digital defenses as we fight attacks that try to go lower in the stack to remain undetected.

Improved defenses will be insufficient unless we take them out of isolation. Sharing and integrating threat intelligence between endpoints, gateways, and centralized analytics will improve detection and significantly speed up correction efforts, quickly blocking new attack vectors and protecting vulnerabilities before they can be exploited in multiple locations. Threat data sharing and collaboration between businesses, governments, industry organizations, and security vendors will also deliver faster and better protections, as threat exchanges expand throughout supply chains, industries, and nations.

Behavioral analytics will augment detection capabilities as the newest weapon for defenders. Baselines for normal behavior and continuous monitoring will quickly separate legitimate activities and identities from suspicious and compromised ones. These products are in their early stages today, but applying skills from big data and other analytics and machine learning research will help them to mature rapidly over the next five years.

Poor integration, talent shortages, and the costs of failure

The lack of integrated security technology, shortage of skilled talent, and rising cost of breaches. These factors will drive increased automation and machine learning, greater simplification of security controls, and predictable funding and insurance models for security operations.

With attacks growing in sophistication and stealth, isolated individual defenses quickly fall behind. Fileless attacks, remote shell exploits, and credential theft are increasing in popularity as ways to evade detection by traditional tools. The speed of these attacks means that response times of minutes or hours leave the system open to compromise and data exfiltration. Machine learning and greater automation are necessary to match defense speed to attack speed. We are seeing steady progress in the ability of systems to translate alerts and behavior into appropriate action, detecting and correcting an attack far faster than a human operator can. At the same time, the automation will notify the operations center of its actions, so that they can begin further investigations and take any additional necessary steps.

Automation and machine learning will also help alleviate the growing shortage of skilled security personnel. Shared threat intelligence, behavioral analytics, and contextual information will enable much better orchestration between the various defense elements. An endpoint under attack will immediately publish that information so that other endpoints and gateways can block the malicious files and addresses. Threat intelligence exchanges will deliver context, scored for trust and quality, and corroborate attack info to reduce false positives. Perhaps more important, these tools will reduce the complexity of security system configurations and operations, easing the transactional burden on security personnel. Whether it is improved default configurations, automated actions based on learned behavior, or intelligently filtered and scored alerts, machines will play a vital role in augmenting the skills and resources of the security team.

Finally, the rising cost of breaches and demand for increased predictability will bring innovations in risk management, investment, and even insurance. As the value of personal data goes up, so does the total cost of a security breach. At the same time, the increasing range of security tools will make it more difficult to plan and budget. Insurance and hedging products will emerge that enable predictable levels of security investments, or limit the organization’s financial exposure to a catastrophic security event. Security as a service will continue to evolve, shifting more of the security budget to operating expenses instead of capital outlays.

Over the next five years, we are going to see some far-reaching changes in digital security, as the perimeter-based models that we have worked with almost since the dawn of the industry are replaced by a more fluid, mobile, and cloudy reality.

For a more detailed look at these and other predictions, download McAfee Labs 2016 Threats Predictions report.

About the Author

Vincent Weafer is a Sr. Vice President of McAfee Labs at Intel Security, where he oversees a team of hundreds of researchers in dozens of countries, as well as millions of sensors around the globe, all dedicated to helping protect Intel customers from the latest cyber threats. He has presented at numerous international security conferences, is the coauthor of a book on Internet security has also been invited to testify on multiple government committees, including the United States Senate Committee on the Judiciary hearing on Combating Cyber Crime and Identify Theft in the Digital Age; the United States Sentencing Commission’s public hearing on Identity Theft and the Restitution Act of 2008; and the United States Senate Committee on Commerce, Science, and Transportation on Impact and Policy Implications of Spyware on Consumers and Businesses.


Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

See also