No Single Technology Will Stop Advanced Targeted Threats
Today, targeted attacks using advanced malware are designed to defeat IT security systems through a variety of approaches that either confuse the firewall and other defenses, or avoid them all together.
In fact, it has evolved from a technological battle between IT experts and hackers, to a worldwide information war involving activists, governments, organized crime, and global enterprises. And while the participants are varied, the advanced threat landscape has exposed a few constants:
- Advanced malware is sneaky. It can locate its target, infiltrate the system or application, pivot and execute, and then exfiltrate what it needs or wants — all with extreme precision, remaining unseen indefinitely. Read more
Executive Vice President
Chief Technology Officer McAfee. Part of Intel Security
- Best Practices for Mitigating Advanced Persistent Threats
- Lawrence Pingree | Neil MacDonald | Peter Firstbrook
- 12 September 2013
- This document provides information security practitioners with strategic and tactical best practices to mitigate advanced targeted malware by leveraging both existing and emerging security technologies.
- A comprehensive strategy across network, edge, endpoint and data security can poise organizations to hunt new attacks and compromised systems in order to minimize the risk of APTs.
- Because people tend to be easier to target than systems, adversaries are using social engineering and social networks to target sensitive roles or individuals within an organization that either have knowledge, use of or access to the data targeted.
- Incident response must be improved to include capabilities such as in-house or third-party forensics and malware analysis and handle additional visibility gained by the latest technologies you deploy in your security control ecosystem.
- Security program managers need to develop a strategy for dealing with advance threats leveraging both tactical best-practice technology configurations and emerging technologies and incident response processes in order to properly address the most common advanced targeted attack scenarios to increase both detection and prevention capabilities.
- Implement and improve SIEM capabilities to include integrations with DLP, NBA and user access patterns (IAM) to improve contextual awareness within the enterprise. The monitoring and analysis of the output of security controls are as important as the operation of the security controls themselves.
- Beat Advanced Malware the McAfee Way. We'll Show You How.
- If you do nothing else, watch this brief video and discover exactly how McAfee Advanced Threat Defense works. You'll see how threats are initially reviewed by inline security products then sent to a scalable, centrally deployed system including several anti-malware engines as well as advanced sandboxing with both dynamic and static code analysis. And once a threat is discovered, you'll see exactly how McAfee blocks future penetration attempts, discovers affected endpoints and initiate remediation. Check out the video
- Enhance Your Threat Defense. We've Got the Perfect Plan.
- The corner office is asking for an advanced malware detection and response strategy that is as sophisticated and adaptive as the attackers your organization faces. You've read that sandboxing by itself isn't a panacea. You don't have a stable of forensic investigators. Network traffic loads keep rising. You already have a headache. What's your next step? It's right in front of you. Read the McAfee technology blueprint
- Slash the Amount of Time You Spend Handling Advanced Threats.
- More than 20% of security pros spend 20+ hours a week dealing with advanced threats. That's too much. So as an integral part of McAfee Advanced Threat Defense, we've leveraged the McAfee Threat Intelligence Exchange and the McAfee Security Connected Platform to help integrate workflows and data. In the end, you'll overcome siloed operations and shift the security model to agile, intelligent threat prevention. This paper describes three practical use cases that you can implement today to speed things up. Read the white paper