Being Too Social Could Get You in Trouble

Most people would agree that being social is good — it's fun, it brings us together to solve problems and make decisions, and it keeps us connected. But, most businesses are very cautious and have been relatively slow to accept it as positive and productive. Organizations today believe that social media and unrestricted Web access are just openings for social engineering tactics, identity theft, and other damaging security challenges. If you struggle with finding the right balance in Web 2.0 usage and access in your organization, then read on. This newsletter combines information from Gartner Research on the top ten features of effective malware detection, outlines McAfee Web Security solutions and how our technology integrates these top features, and provides helpful insight from several McAfee leaders about malware, the risks, and the security opportunities. With greater perspective, comes greater protection.


  • Ubiquitous Internet access for endpoints is the primary channel for attacks on organizations; consequently, malware filtering is the most important capability of secure Web gateway (SWG) solutions.
  • There are numerous techniques for detecting malware in Web traffic; however, they all have limitations and trade-offs.
  • SWGs are incapable of protecting endpoints unless they are in-path of the endpoint traffic.

  • IT organizations should review Web gateway solutions every two to three years to ensure that they are still up to the task of defending endpoints from modern malware.
  • Buyers of new solutions should pay careful attention to the bidirectional malware inspection capabilities of prospective solutions.

  • Bidirectional malware detection in SWGs is critical as malware continues to exploit Web distribution and control methods, and as endpoint protection struggles to keep up with the volume of threats. Organizations must carefully evaluate the malware detection capabilities of existing and prospective solutions to ensure that they are capable of stopping modern targeted attacks.

  • Use this guide to understand the limitations of solutions, and to compare solutions using standard terminology. Also use it to understand the limitations of each type of malware detection, and to compare prospective vendors' capabilities. Look for solutions that use multiple techniques, particularly those that use dynamic and static code analysis. Test vendor claims with live traffic whenever possible. Also, be sure to test outbound traffic for signs of infection or malware propagation from inside the network.

  • Look for forensic information about potential targeted inbound threats (that is, new and low-volume) and internal infections. Look for deployment options that protect all endpoints, regardless of network location — for example, mobile endpoints off LAN and small office/home office (SOHO)/branch offices that do not merit infrastructure deployments. In most cases, this will require a cloud-based solution.


  • Web Protection Must be Built on a Foundation of Layered Technology
  • Gartner's techniques on malware protection; where McAfee Web Technology fits in.

    To help organizations better understand available protections and evaluate Secure Web Gateways, Gartner outlines 10 different techniques for malware detection in the research, 'Secure Web Gateway Malware Detection Techniques.' Use of multiple technologies, such as those outlined by Gartner, enables McAfee solutions to provide greater defenses while optimizing security on a single platform with different, yet complementary, technologies.
  • CyberManipulation: Advanced Attacks through Social Engineering
  • "Social engineering works. It seems to tap into psychological factors that are part of the human nature."1.

    We've all heard the story. A friend of a friend wires money to a family member stranded in a foreign country, desperate for cash to get back home. An article about a celebrity claimed to be deceased floods Facebook newsfeeds for hours until the very alive person breaks the silence. The common thread? A criminal is trying to gain access to someone's sensitive information.
  • Old Technology Habits in a New Business Environment
  • The line between personal and business technology is blurred more every day, and this means new challenges for every business. It is easy to see the trend in action — many employees use their personally owned smartphones, sites like Facebook, Dropbox, or even web-based mail clients such as Gmail now in a business environment. These services are great, and I'm certainly a user of some myself, but they don't always fall into compliance when it comes to handling corporate data.
  • McAfee Threats Report: Third Quarter 2012
  • Buckle up ––more volatility ahead When it comes to the threat landscape, change is the only constant. In Q3 of 2012, spam decreased overall but increased in certain geographies. At the same time, data breaches reached an all-time high, and mobile threats doubled since last quarter. The best way to deal with the uncertainty is to stay informed. Download the McAfee Threats Report: Third Quarter 2012 to so that you can implement the most relevant and effective defense strategies.
  • Don't Cut Off That Hand: The (Potential) Future of Identity & Authentication
  • Hand Biometrics? Facial Recognition? Triple Factor? What's on the Horizon?

    A recent news item on palm scanning for identification and authentication, by way of Intel's development work, has received broad coverage. The UK-based Telegraph and the San Francisco Chronicle ran the article in their respective technology sections, and many other news outlets world-wide covered this trend piece as well.