Top Five Security Trends Affecting your Security and Risk Management Strategy
- Targeted Attacks
- Data Centre Transformation
- Cloud Security
- Data Protection
- Securing Specialty Environments
McAfee Labs – Threat Report March 2016
The total amount of Malware is now approaching 500 million hashes.
After three quarters of decline, the number of new malware samples resumed its ascent in Q4, with 42 million new malicious hashes discovered, 10% more than in Q3 and the second highest on record. The growth in Q4 was driven, in part, by 2.3 million new mobile threats, 1 million more than in Q3.
This quarter we recorded a 72% increase in new mobile malware samples.
We saw a 26% increase in new ransomware samples in Q4 2015. The reason? Opensource ransomware code (for example, Hidden Tear, EDA2) and ransomware-as-a-service (Ransom32, Encryptor) make it simpler to create successful attacks. TeslaCrypt and CryptoWall 3 campaigns also continue. And as we detailed in the McAfee Labs Threats Report: May 2015, ransomware campaigns are financially lucrative with little chance of arrest, so they have become quite popular.
The full report can be downloaded here.
Security Connected from Intel Security
The Security Connected platform is a unified, adaptive framework for encouraging Intel Security and third-party products and services to learn from each other, share threat intelligence and context in real time, and act as a team to keep data and networks safe. It’s a sustainable way to reduce risk, minimize incident volume and response time, and lower overhead and operational costs.
Intel Security: It's Time to Simplify the Threat Defence Lifecycle.
With the rising volume and complexity of threats, and the shrinking time and resources to handle them, security practitioners must evolve their approach. The job hasn’t changed: to protect vital services and information from theft, manipulation, and loss from external and internal actors. But the way we do the job needs to change, by focusing on ways to reduce security fragmentation, automate tasks, and force-multiply capabilities.
Intel Security believes that an open and integrated system best enables organizations to effectively block threats, identify compromises, and expedite remediation. It’s at the centre of our commitment to enable a safe and connected world. Building on our leading endpoint protection solutions, diverse technologies, and widely adopted and open centralized management platform, we can help you expedite the entire threat defence lifecycle.
Work with Intel Security and Somerville / ISNet to apply actionable intelligence, selective automation, and real-time collaboration. We’ll help you integrate a dynamic endpoint, intelligent analytics, cloud-delivered security, and centralized management into an adaptive system that protects, detects, and corrects today’s threats. Together, we can reduce the threats that get through, find them faster, and use fewer resources in the process.
Threat Defence Lifecycle
Enable users to be more productive while blocking the most pervasive attacks and disrupting never-before-seen techniques and payloads. Our hybrid, integrated system unites endpoint and cloud controls to deliver anti-malware, data protection, and web security managed through a single, centralized platform. This reduces fragmentation, allows for security automation, and enhances capabilities to combat attacks more effectively with less effort.
No single analysis or intelligence source can detect sophisticated attacks. You need multifaceted, tiered analysis that identifies atypical behaviour of low-threshold attacks that would otherwise go unnoticed. This allows for detecting, containing, and resolving more issues with far less damage. Our solution gathers both local and global security intelligence, integrates an array of behavioural and contextual analytics, and leverages centralized management for better insight, more effective threat identification, and faster investigation of events.
Streamline the threat defence lifecycle by facilitating triage, investigation, and remediation. Our cloud-based management reduces maintenance while making it easier to enhance protection and policies. Security and threat insights become triggers for automated action to expedite clean-up and quickly adapt current security policies. It’s a system that learns from security incidents and continually evolves, providing you better protection going forward.
McAfee Advanced Threat Defence
Advanced detection for the stealth, zero-day malware.
Integrated advanced threat detection: Enhancing protection from network edge to endpoint.
Advanced targeted attacks are designed to defeat security systems through approaches that either confuse or evade defences. McAfee Advanced Threat Defence detects targeted attacks and connects with existing defences, converting threat intelligence into immediate action and protection.
Unlike traditional sandboxes, it provides multiple analysis engines to broaden detection and expose evasive threats. As part of the Security Connected platform, McAfee Advanced Threat Defence is tightly integrated with other Intel Security solutions—from network to endpoint—enabling instant sharing of threat intelligence across the entire infrastructure to enhance zero-day threat protection, reduce time from detection to containment, and aid investigation to remediate post-attack.
McAfee Threat Intelligence Exchange
Adaptive, real-time threat detection and response
Shared threat intelligence to fight targeted attacks
McAfee Threat Intelligence Exchange optimizes threat detection and response by closing the gap from malware encounter to containment from days, weeks, and months down to milliseconds. This collaborative system operationalizes threat intelligence data in real time, delivering protection to all points in your enterprise as new threats emerge.
Leveraging the McAfee Data Exchange Layer (DXL), McAfee Threat Intelligence Exchange combines multiple threat information sources, and instantly shares this data out to all your connected security solutions, including third-party solutions. It provides adaptive threat detection on unknown files, resulting in faster time to protection and lower costs.
McAfee Active Response
Comprehensive endpoint detection and response
An endpoint detection and response tool for advanced threats
Bolster your defences beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defence lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:
• Collectors: Find and visualize data from systems.
• Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.
• Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.
• Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.
An endpoint detection and response tool for advanced threats
Capture and monitor events, files, host flows, process objects, context, and system state changes that may be indicators of attack (IoAs) or attack components lying dormant, and send intelligence to analytics, operations, and forensic teams.
Ensure consistent policy enforcement
Establish common, enterprise-wide data security policies to ensure that data protection is uniformly enforced out to the network boundary.
Receive immediate alerts so you can adjust to changes in attack methodologies, and execute both custom and standard searches, drilling down on specific IoAs to understand, scope, and remediate attacks.
Define persistent collectors—built-in, always-on search capabilities that analyze insightful data on your system—to trigger alerts on detection of attack events, notifying you about future attack activity and providing targeted monitoring tools.
McAfee Endpoint Security 10
Intelligent, collaborative, advanced threat defences
Actionable Threat Forensics
Finding it hard to keep up with attacks and threat incidents? Simplify and speed threat remediation, and keep your team productive in the face of today’s advanced and complex attacks.
McAfee Endpoint Security 10 helps you take control of the threat defence lifecycle with technologies that communicate and learn from each other in real time to combat advanced threats and deliver insights with actionable threat forensics—all in language you can easily understand. Protect your productivity and get visibility into advanced threats as McAfee Endpoint Security 10 shares events to take actions against potentially dangerous applications, downloads, websites, and files immediately.
A Security Framework for Today and Tomorrow
Duplicate technologies and an overwhelming amount of solutions to manage. Sound familiar? With the McAfee Endpoint Security 10 framework, you can eliminate redundancies, connect other solutions, and enable more of your defences to communicate with each other using our endpoint security framework.
Our framework is built with the future in mind and is extensible so that you are able to centralize even more of your ongoing endpoint solutions management as your business grows.
Our Best Protection and Performance
Speed and performance matter when defending your business from advanced threats. With McAfee Endpoint Security 10, you’ll get faster scans, threat updates, maximized CPU use and protection that is proven to be highly effective in third-party tests.
We also leverage intelligent, adaptive behavioral scanning to protect your processing power. Known and trusted sources will require reduced scanning and monitoring while those that are new or suspicious will be met with increased monitoring and escalating actions to protect your systems.
- Ranked best usability for business users by AV-Test
- Our .DAT is 60% smaller than traditional antivirus .DATs
- Zero-impact user scans only run when a device is idle