Cybersecurity detection is a criminal investigation. Cybercrime investigators are experts who are in limited supply.  Sometimes their hunt begins while an intrusion is in process, but more often than not, it occurs after the attack when a crime has occurred. The investigation is taunting and less glamorous, realizing that it can take an average of 228 days even to identify the breach[i]. At that point, you’re looking to find out what your adversaries have seen or stolen, you want to plug the holes that enabled the hack and kick out or remove the adversary completely. Figure on an average ..read more

The security industry is engulfed in the most asymmetric cyberwarfare we have ever seen. The outcome of an Attacker’s mission may depend entirely upon a single misplaced charge on a single memory chip on a single server, perhaps the difference between a vulnerable and secure setting in a registry key, and the difference between success and failure to gain access to infrastructure, information, and identities (I3) to subsequently wreak havoc, disable critical operations or infrastructure, and put lives at risk. The outcome of a Defender’s day depends entirely upon how well they secure trillion ..read more

Imagine, if you will, a scene straight out of one of your favorite impossible mission movies. The background music is driving a suspenseful beat while the antagonist attempts to steal the latest technology from a very favored industry competitor called Rad-X Incorporated. It’s a trade secret that will change the industry forever, and if the villain achieves her mission, she will hold the future of aviation in the palm of her hand. She’s bypassed laser motion detectors, swung from the ceiling to avoid floor placed pressure plates, and even performed some seriously intense acrobatics to slip th ..read more

The MITRE ATT&CK® Framework proves that authority requires constant learning and the actionable information it contains has never held greater currency. Likewise, XDR, the category of extended detection and response applications, is quickly becoming accepted by enterprises and embraced by Gartner analysts, because they “improve security operations productivity and enhance detection and response capabilities.”   It is less well known how these tools align to improve the efficacy of your cybersecurity defenses leveraging key active  ..read more

What is your organization’s readiness for the emerging eXtended Detection Response (XDR) technology? McAfee just released the first iteration of this technology, MVISION XDR. As XDR capabilities become available, organizations need to think through how to embrace the new security operations technology destined to empower detection and response capabilities. XDR is a journey for people and organizations.  The cool thing about McAfee’s offering is the XDR capabilities is built on the McAfee platform of MVISION EDR, MVISION Insights and is e ..read more

SIEM, we need to talk!  Albert Einstein once said, “We cannot solve our problems with the same thinking we used when we created them”.  Security vendors have spent the last two decades providing more of the same orchestration, detection, and response capabilities, while promising different results. And as the old adage goes, doing the same thing over and over again whilst expecting different results is…? I’ll let you fill in the blank yourself.    Figure 1: The Impact of XDR in the Modern SOC: Biggest SIEM challenges ..read more

Last month, I discussed the FedRAMP program’s basics and why it’s such a big deal for the federal government. In short, the program protects the data of U.S. citizens in the cloud and promotes the adoption of secure cloud services across the government with a standardized approach. But within the FedRAMP program, there are different authorizations. We’re pleased that McAfee MVISION for Endpoint Access recently achieved FedRAMP Moderate Authorization, which allows users from federal agencies, state and local government, and other industries in regulated environments to mana ..read more

Over the past 9 months, the world has grappled with the COVID-19 pandemic. With closing of borders, curfews and lockdowns, technology has become essential especially in the area of security. As we all have been spending more time at home, we are grateful for reliable energy as it provides our lights, air and heating. It is imperative during these critical times that businesses run smoothly without any interruptions from cyberthreats. A leading North American oil and gas company was already bombarded daily by cyberthreats before Covid-19, but the onset of the pandemic and the transition to tho ..read more

Truebill, Chargebee, Fusebill and other financial apps have been inundating my social feeds and until recently I didn’t understand why I would need one of these apps. I’m the type that knows her bank account  balance to the penny and I was shocked to discover that many of my co-workers and, of course, my college kid had no idea their balance was low until they tried to use their debit card and got declined. What also surprises me is how many people don’t know what is coming out of their bank account.  I may not realize precisely how much my Starbucks addiction costs but I’m in secur ..read more

Cybersecurity professionals know this drill well all too well. Making sense of lots of information and noise to access what really matters. XDR (Extended Detection & Response) has been a technical acronym thrown around in the cybersecurity industry with many notations and promises. This can be intriguing and nagging for cybersecurity professionals who are heads down defending against the persistent adversaries. The intent of this blog is to clarify XDR and remove the noise and&nbs ..read more