Security Connected Framework McAfee

Recently Dmitri Alperovitch, McAfee’s VP of Threat Research, published a blog about Operation Shady RAT. In the blog and corresponding mcafee.com/activate product key whitepaper  he details an investigation of targeted intrusions into www.mcafee.com/activate over 70 global companies www.mcafee/activate, governments, and non-profit organizations over the last five years that appear to be sourced from a single actor or group www.mcafee.com/activate product key. The targeted attacks used a combination of known attack components such as remote www.mcafee.com/activate download access tools or RATS and spearphishing.

Since the www.mcafee.com/activate download release of this information www.mcafee.com/activate, there have been questions regarding mitigation techniques for these types of attacks; we’ll look at some now www.mcafee.com/activate product key mcafee.com/activate product key.

It’s important to note that there is no single product that can be plugged in that will stop spearphishing, protect sensitive data, thwart malware, put an end to malicious insiders, etc. Instead there are several solutions across endpoint www.mcafee/activate, network, data security as well as www.mcafee.com/activate product key security management that can and should be used in a connected framework to enrich each other www.mcafee.com/activate and thus mitigate risk, increase ROI, and create greater efficiencies regarding incident detection, prevention, and response www.mcafee.com/activate download. Let’s take a look at some of these controls mcafee.com/activate product key.

Endpoint Controls

Endpoint controls are mcafee.com/activate product key likely the most intuitive solutions for addressing malware, and while they are well known in general, they warrant readdressing here www.mcafee/activate. Endpoint security suites can use a combination www.mcafee.com/activate product key of techniques such as blacklisting and dynamic whitelisting to prevent known and unknown malware and even prohibit its installation.

Whitelisting is particularly useful against unknown threats because it can prohibit the installation of www.mcafee.com/activate download any unauthorized  www.mcafee.com/activate software. Simply put, what isn’t explicitly allowed will be denied. It can also help detect and prevent inadvertent downloads of malicious programs. Many endpoint controls are able to look at the network www.mcafee/activate activity traversing the TCP/IP stack as well as the system internals, and correlate that information in www.mcafee.com/activate product key order to determine if there is nefarious   mcafee.com/activate product key system activity and or network activity emblematic of command and control.

Why is this important when addressing Shady RAT? The endpoint is ground zero. Regardless of the attack vector, the victim www.mcafee.com/activate, or the data that was to be stolen, the first goal of Shady RAT was the compromise of an endpoint. Once one endpoint was compromised it could be used to compromise other endpoints across the network www.mcafee/activate. By applying www.mcafee.com/activate download controls at the endpoint not only is the exploitation of vulnerabilities and installation of malware www.mcafee.com/activate product key at the endpoint stopped, but also the level of penetration in terms of number of systems compromised can be reduced mcafee.com/activate product key.

Network Controls

There are several algorithms www.mcafee.com/activate specific to targeted attacks, sometimes called APTs that can be leveraged in both firewall and IPS solutions.  These algorithms are designed to detect signs of attacks based on inbound and outbound activity www.mcafee/activate. Additionally, to address www.mcafee.com/activate download common breaches that occur through email and web, specialized anti-malware engines utilizing proactive scanning can block obfuscated code that is common in most  mcafee.com/activate product key sophisticated malware www.mcafee.com/activate product key as it passes through email and web conduits.

Network controls can also be utilized to not only detect malicious behavior such as RAT activity, but also de-obfuscate evasive traffic that is seen in command and control channels for analysis. When mcafee.com/activate product key these solutions are enriched with threat intelligence information, discussed later in this blog, they can even become aware www.mcafee/activate of threats before they touch their network and therefore employ filtering, redirection, etc. to not only mitigate the security www.mcafee.com/activate download risks, but even have a positive www.mcafee.com/activate impact on network and system performance www.mcafee.com/activate product key because these assets are busy processing malicious bits.

Why is this important when addressing Shady RAT? How does Shady RAT get to the endpoint; it works over the www.mcafee.com/activate product key Internet and internal networks. By having a layered network defense strategy, especially one that takes advantage of threat intelligence information mcafee.com/activate product key, it’s possible to mitigate the attack before ever www.mcafee/activate reaching the endpoints. Because Shady RAT favored social engineering as an attack vector, in addition to IPS and firewalls, it is necessary to utilize controls for email and web that can detect and filter malicious code.

Data Controls

While there are several motivations behind attacks, information theft generally ranks on the top of the list regardless of the www.mcafee.com/activate download aggressor or the victim www.mcafee.com/activate.  This is also true for Shady RAT. Network controls and endpoint controls while necessary and useful need to be augmented by www.mcafee.com/activate product key specific solutions designed to get close to the target: data.  As such, one of the best ways to prevent the ex-filtration of sensitive data, and www.mcafee/activate to provide forensic information is through DLP. DLP needs to be assisted by encryption solutions, and mcafee.com/activate product key specialized solutions for protecting structured data found in databases such as database activity monitoring or DAM. These DAM solutions are particularly useful in addressing database-centric attacks that often go unnoticed by some network controls. These solutions, together with host DLP and network DLP can work synergistically to protect data at rest, in motion, and in use.

Why is this important when addressing Shady RAT? Data is what Shady RAT was after. Even if an www.mcafee.com/activate download endpoint is compromised www.mcafee.com/activate  and Shady RAT was able to get through the various network controls, the data controls could step in to make www.mcafee/activate it unusable – www.mcafee.com/activate product key because it’s encrypted, or to deny the sensitive data from leaving the network or even leaving mcafee.com/activate product key the host it resides on via DLP

Comments

Post a Comment

Popular posts from this blog

Introducing tracking prevention, now available in Microsoft Edge preview builds

Image
Today, we’re releasing an experimental preview of tracking prevention for Microsoft Edge. We features of build microsoft edge as one of the concepts we’re exploring www.mcafee.com/activate product key to offer greater transparency and control over your online data . Microsoft Edge Insiders can www.mcafee/activate now try out tracking mcafee.com/activate product key prevention by enabling the experimental flag on Microsoft Edge preview builds starting with version 77.0.203.0 (today’s Canary channel release).  (Note: Today’s Canary release www.mcafee.com/activate download is not currently www.mcafee.com/activate available for macOS due to a build issues. Tracking prevention will be available in the next update to the Canary channel on macOS.) Tracking prevention is designed to protect you from being tracked by websites that you aren’t accessing directly. Whenever a website is visited, trackers from other sites may save information in the browser www.mcafee/activate using cookies and oth
Read more

Powering past limits with financial services in the cloud

Image
At KeyBank, we serve our 3.5 million customers online and in-person, and managing and analyzing data is  www.mcafee.com/activate product key  essential to providing great service. We process more than four billion records every single day   www.mcafee/activate , and move that data to more than 40 downstream systems. Our teams use that data in many ways; we have about 400 SAS users and 4,000 Tableau users exploring  www.mcafee.com/activate download  analytics results and running reports. We introduced Hadoop four or five years ago as our data  mcafee.com/activate product key  lake architecture, using Teradata for high-performance analytics. We stored more than a petabyte of data in Hadoop on about 150 servers, and more than 30 petabytes in our Teradata environment.  We decided to move operations to the cloud when   www.mcafee.com/activate  we started hitting the limits of what an on-premises data warehouse could do to meet our business needs. We wanted to move to cloud quickly and open
Read more

Arrange your Windows in a Snap

Image
Windows 7 indroduce Aero as a way to effortlessly position windows on the desktop just the way you want them. You no longer had to frustratingly fiddle with the sizes and positions of windows just to get  mcafee.com/activate product key  them into common layouts   www.mcafee/activate . Windows 8 increased productivity further, being the first OS to support true side-by-side multitasking on tablets as well. Anyone could effortlessly snap  www.mcafee.com/activate  with a simple touch gesture, resize side-by-side  www.mcafee.com/activate product key  apps simultaneously  www.mcafee.com/activate download , and watch apps automatically adjust to take up available space on the screen. When we started designing Windows 10, we stuck with our original goal of helping you be more productive by reducing the amount of effort it takes to manage your window layouts. By allowing Store apps to run in a window, we gave ourselves more flexibility to blend the best of both Windows 7 and 8 for this new r
Read more