Security Connected Framework

Recently Dmitri Alperovitch, McAfee’s VP of Threat Research, published a blog about Operation Shady RAT. In the blog and corresponding mcafee.com/activate product key whitepaper www.mcafee.com/activate download he details an investigation of targeted intrusions www.mcafee.com/activate into over 70 global companies www.mcafee/activate, governments, and non-profit organizations over the last five years that appear to be sourced from a single actor or group. The targeted attacks used a combination of known attack components such as remote access tools or RATS and spearphishing.

Since the release of this information, there have been www.mcafee/activate questions regarding mitigation techniques for these types of attacks; we’ll look at some now.

It’s important to note that there is no single product that can be plugged in that will stop spearphishing, protect sensitive data, thwart malware mcafee.com/activate product key, put an end to malicious insiders, etc. Instead there are mcafee.com/activate product key several solutions across endpoint www.mcafee/activate, network, data security as well as security management that can and should be used in a connected framework to enrich each www.mcafee.com/activate other and thus mitigate risk, increase ROI, and create greater efficiencies regarding incident detection, prevention www.mcafee.com/activate download, and response. Let’s take a look at some of these controls.

Endpoint Controls

Endpoint controls are likely www.mcafee.com/activate the most intuitive solutions for addressing malware, and while they are well known in general, they warrant readdressing here www.mcafee/activate. Endpoint security suites can use a combination of techniques such as blacklisting and dynamic whitelisting www.mcafee.com/activate download to prevent known  www.mcafee.com/activate and unknown malware and even prohibit its installation.

Whitelisting is particularly mcafee.com/activate product key useful against unknown threats because it can prohibit the installation of any unauthorized www.mcafee.com/activate software. Simply put, what isn’t explicitly allowed will be denied. It can also help detect and prevent inadvertent downloads of malicious programs. Many endpoint controls are able to look at the network www.mcafee/activate activity traversing the TCP/IP stack as well as the system internals www.mcafee.com/activate download, and correlate that information in order to determine if there is nefarious system activity and or network activity emblematic www.mcafee.com/activate of command and control.

Why is this important when addressing Shady RAT? The endpoint is ground zero. Regardless of the attack vector www.mcafee.com/activate download, the victim, or the data that was to be stolen, the first goal of Shady RAT was the compromise of an endpoint www.mcafee.com/activate. Once one endpoint was compromised it could be used to compromise other endpoints across the network www.mcafee/activate. By applying controls at the endpoint not only is the exploitation of vulnerabilities and installation of malware at the mcafee.com/activate product key endpoint stopped, but also the level of penetration in terms of number of systems compromised can be reduced.

Network Controls

There are several algorithms specific to targeted attacks, sometimes called APTs that can be leveraged in both mcafee.com/activate product key firewall and IPS solutions.  These algorithms are designed to detect signs of attacks based on inbound and outbound activity www.mcafee/activate. Additionally, to address www.mcafee.com/activate download common breaches that occur through email and web, specialized anti-malware engines utilizing proactive scanning can www.mcafee.com/activate block obfuscated code that is common in most sophisticated malware as it passes through email and web conduits.

Network controls can also www.mcafee.com/activate download be utilized to not only detect malicious behavior such as RAT activity, but also de-obfuscate evasive traffic www.mcafee.com/activate that is seen in command and control channels for analysis. When these solutions are enriched with threat intelligence information, discussed later in this blog, they can even become aware of threats www.mcafee/activate before they touch their network and therefore employ filtering, redirection, etc. to not only mitigate the security risks mcafee.com/activate product key, but even have a positive impact on network and system performance because these assets are busy processing malicious bits.

Comments

Post a Comment

Popular posts from this blog

Introducing tracking prevention, now available in Microsoft Edge preview builds

Image
Today, we’re releasing an experimental preview of tracking prevention for Microsoft Edge. We features of build microsoft edge as one of the concepts we’re exploring www.mcafee.com/activate product key to offer greater transparency and control over your online data . Microsoft Edge Insiders can www.mcafee/activate now try out tracking mcafee.com/activate product key prevention by enabling the experimental flag on Microsoft Edge preview builds starting with version 77.0.203.0 (today’s Canary channel release).  (Note: Today’s Canary release www.mcafee.com/activate download is not currently www.mcafee.com/activate available for macOS due to a build issues. Tracking prevention will be available in the next update to the Canary channel on macOS.) Tracking prevention is designed to protect you from being tracked by websites that you aren’t accessing directly. Whenever a website is visited, trackers from other sites may save information in the browser ww...
Read more

Use IAM custom roles to manage access to your BigQuery data warehouse

Image
When migrating a data warehouse to BigQuery, one of the most critical tasks is mapping existing user www.mcafee.com/activate product key permissions to equivalent Google cloud management and access quality   permissions and roles www.mcafee/activate. This is especially mcafee.com/activate product key true for migrating from large enterprise data warehouses like Teradata to Big query. The existing Teradata databases commonly contain www.mcafee.com/activate multiple user-defined roles that combine access permissions and capture common data access www.mcafee.com/activate download patterns. Mapping those Teradata roles to predefined or custom BigQuery IAM roles requires a deeper understanding of your organization's common data access patterns. Based on our experiences helping customers migrate to BigQuery, we’ve identified some common mcafee.com/activate product key data access patterns that our customers define as roles in their Teradata environments. In...
Read more