McAfee sent an array of their executive team over to Sydney for the Asia leg of MPOWER 2018 and put them to very good use – splitting the opening keynote session between four strong speakers with four presentations, the subject of which, somewhat like the new MVISION product suite, was integrated and converged.
First up was Chief Marketing Officer, Allison Cerra, who not only set the scene but also outlined the high-level strategy for a company that remains at the forefront of combatting emerging threats.
Allison used the analogy of maps and visualisations to parallel how a company like McAfee is navigating the threat landscape. In fact, when displaying to the often used threatscape chart, she referred to it as a map of the issues that we have all faced over time.
Allison Cerra discussing the threatscape
In Allison’s words, “This chart is a map of the adversary and it shows that threats endure.” According to Allison, recent notorious threat vectors such as WannaCry prove that “what’s old is new” – converging the new (ransomware) with the old (worm) to create a potent threat that deceived us enough to make global headlines.
Allison asserted that these two concepts, convergence and the threatscape, along with a third of regulatory compliance, are driving forces ensuring McAfee continues to innovate.
Clearly, the threatscape cannot be ignored. The chart that Allison displayed showed a 450% increase in cryptojacking since it began at the turn of 2018; a sign of how a new threat can emerge and require attention in very short order. If people only recall one takeaway from Allison’s presentation, we would point them to convergence. Her message was simple but poignant – cybercriminals use multithreaded attacks that traverse every part of your infrastructure from device to cloud. If you try to manage the security of that in silos, you are very likely to be in trouble.
It will come as no surprise that McAfee’s MVISION is a converged cloud-native solution. “Work is no longer a place where people go. It’s a thing that people do.” Allison’s point being that it takes a converged approach to security to protect the modern-day approach to work.
Allison handed the presentation over to Raja Patel, the company’s VP and GM for Corporate Security Products, who gave us more granular details around the new MVISION solution suite. For more information on the suite itself, you can click here.
|The MVISION Suite|
Raja’s strategic message was that not only has the threat landscape changed but the infrastructure that we are using has also changed. The net result, according to Raja, is that a large amount of threat activity has become invisible to legacy and dated security architectures.
|Raja Patel gets strategic|
To Raja’s way of thinking, security is now a critical business enabler. Companies are striving to undergo transformation, and this is being underpinned by a cloud-first approach to IT. Office 365, Dropbox, and a host of SaaS applications such as Salesforce are necessities that drive better employee productivity. However, these applications are outside the corporate network, so it takes a new approach and new security architecture to be able to keep your data secure on these platforms. This is where security becomes an enabler; it allows the business to adopt these transformative technologies.
To this end, Raja spoke about the orchestration element of MVISION (EPO). Firstly, this is delivered as SaaS, meaning configuration and updates are no longer headaches for the security team. It also underpins the converged approach, allowing policies to be managed and orchestrated across traditional and cloud infrastructures. Only by doing this will enable companies to fight a threat which can span multiple vectors.
Raja also showed how MVISION is about harnessing newer technologies like AI and machine learning and using them to assist (not replace) security professionals. For McAfee, these technologies are designed to simplify the job of defending against ever more complex attacks and do so at pace. In line with this, Raja previewed the new MVISION EDR (Endpoint Detect and Response) which will be available in early 2019. He demonstrated how a combination of AI with threat intelligence hugely speeds up the process of identifying a threat, deciding if it is real and remediating if required.
To dive a little deeper into the MVISION suite, Raja handed the keynote session over to Rajiv Gupta, SVP of McAfee’s Cloud Business Unit and formerly CEO of SkyHigh Networks which was acquired by McAfee earlier this year. Rajiv looked more closely at MVISION Cloud. Reiterating the point that applications we use today like Slack or ServiceNow are simply invisible to traditional solutions, he outlined McAfee’s CASB credibility.
|Rajiv Gupta getting into Cloud, SaaS and CASB|
Rajiv’s mission (as we interpreted it) is to create environments where staff can use all the cloud-native apps they want but do so safely. Rajiv posed the question, even if your cloud provider takes some responsibility for security, does that absolve you? A somewhat rhetorical question, but filling in the gaps, Rajiv pointed out that if an employee loses their device which has automated access to their SaaS applications, is that the SaaS providers’ fault? Just one of the many examples where you have to take responsibility for your data and systems even if they are being run by a cloud provider.
Rajiv pointed out that it’s not just SaaS that is the issue. For companies moving legacy application onto PaaS or IaaS, the risks remain. Developers that understand your applications may not fully understand best practices for keeping the underlying cloud platform safe and secure.
In addition, you may have lesser known SaaS apps that are not in mainstream use that also need security. Rajiv referred to these as “the long tail of SaaS”. With MVISION Cloud, he assured that you can hook into any SaaS API and protect it without having to write a single line of code.
|The CASB landscape according to Rajiv Gupta|
With cloud-based apps, security is not just about preventing threats from breaking in, but also about not letting the wrong data out. With so many ways to share data from so many devices, it can be difficult to stop the wrong data being sent to the wrong people. MVISION Cloud uses a Microsoft API to do that. Even better, it allows self-remediation, allowing users to remove confidential information from documents before they are sent, rather than dump the issue back to the security team.
Last up in the keynote session was McAfee’s Global CTO, Steve Grobman, who picked up on the theme of convergence. He gave an excellent graphical demonstration of how combining threat intelligence with machine learning and AI results in fewer false positives (as well as fewer false negatives) than using either one of the approaches in isolation.
|Steve Grobman talked about the convergence of threat intelligence with AI|
Steve also used machine learning (ML) to demonstrate how McAfee never stands still. The first implementation of ML (Real Protect) made its way into the company’s products in 2016. The company quickly realised that the need for ML extended beyond static data, and launched the second iteration Real Protect Dynamic, to understand threat behaviour characteristics in real time. More recently, the threat of fileless attacks has led to a newer iteration with Real Protect Fileless, integrated with Windows OS which actually “calls out” to McAfee before any script runs, enabling McAfee to detect and assess prior to any in-memory malicious activity occurring.
Steve gave people a glimpse into what McAfee is looking at for the future. His concern is protecting against “what you can’t see”. In order to achieve that, he suggested that you need to use telemetry techniques applied against data collected at scale. McAfee collects data from over 1 billion sensors, gathering data on over 100 million security events every five minutes. According to Steve, the raw data on its own does nothing, but McAfee analyses that data to produce insight, which in turn is used to develop solutions that keep ahead of the threat.
On a global level that’s impressive, but on a more "personal" level, Steve was able to show that crunching such massive amounts of data can help individual customers. As an example, by combining this globally gathered information with data collected from your own environment, McAfee can identify if your company is “patient number one”. According to Steve, this really matters because if your company is the starting point for a new strain of attack, very likely your company is specifically being targeted. As Steve puts it, “What if YOU are the target?”
|Steve’s most hard-hitting question, “What if YOU are the target?”|
McAfee can do the analysis to tell you exactly that. Also, if they identify you as patient number one, they can also assess whether your unique attack has similar behavioural patterns to previously identified attacks. In essence, the mass of information at McAfee’s disposal can be used to help solve issues very specific to you and your company.
Going forward, Steve assured us that McAfee will continue to develop new solutions and defences assisted by the huge confluence of data that they continue to collect.