McAfee Archives — ľ��AV

Separating the Signal from the Noise

Dave Howard — Tue, 18 Jan 2022 13:00:41 +0000

Smarter Cybersecurity with MVISION EDR

By
Manager, Cyber Threat Intelligence

Among the most persistent challenges facing cybersecurity analysts is the sheer volume of alerts generated within a security operations center (SOC). False positives drain critical resources, distract key personnel, and drive fatigue across cybersecurity teams.

Tools like endpoint detection and response (EDR) can dramatically cut down background noise, enabling analysts to quickly make initial determinations and respond to potential cybersecurity threats. For our customers using McAfee cybersecurity solutions, ľ��AV leverages MVISION EDR to detect, investigate, and respond to suspicious activity targeting endpoint systems. MVISION EDR automatically aggregates critical data from the host and presents that information for security analysts to ingest. We use McAfee as a key component of our endpoint security solution for the U.S. Army—protecting up to 1.4 million endpoints as a part of the Army Endpoint Security Solution (AESS)—as well as on several critical projects for large enterprises across the federal civilian, defense, and commercial marketplaces.

Early endpoint solutions took a signature-based approach, which could only detect known threats. MVISION rolls up the heuristic, artificial intelligence (AI) and machine learning (ML) based approaches of more advanced EDR tools into one package, providing a better baseline of defense against cyber threats and post-exploitation activities. MVISION provides information such as MITRE ATT&CK mapping and threat actor profiles, which helps us understand how an organization was targeted, pinpoint other potential areas of attack, and better prepare for future threats.

MVISION has strong integration capabilities with third-party providers via the Security Innovation Alliance. EDR solutions require two key integrations: security orchestration, automation, and response (SOAR) tools and threat intelligence platforms. MVISION supports this seamlessly. Our cybersecurity analysts curate and constantly update the most timely, relevant, and actionable threat indicators within these platforms, strengthening our back-end data lake analytic capabilities while enhancing our ability to proactively secure an organization’s environment.

80,000,000

Threat indicators augmented
into our platform

But tools are only as useful as the experts who wield them. ľ��AV’ cybersecurity analysts work with our Advanced Research Center (ARC) to monitor the digital landscape, track potential malicious activity, and uncover the latest threat actor tactics, techniques, and procedures. By bolstering MVISION’s capabilities with ľ��AV’ extensive knowledge base and experience, we drive faster, stronger, and more comprehensive threat awareness. Particularly when it comes to the low and slow activity of more sophisticated adversaries, this synergistic approach is critical for detecting, analyzing, and quickly responding to cybersecurity events.

Interested in learning more about ľ��AV’ managed cybersecurity solutions? Reach out and talk to an expert today.

CONTACT OUR EXPERTS

The post Separating the Signal from the Noise appeared first on ľ��AV.

Extended Detection and Response (XDR) Solution Guide

ľ��AV PR — Wed, 27 Oct 2021 11:00:41 +0000

Don’t let limited time, resources, or expertise threaten your cybersecurity. With XDR, integrate multiple sources of data and take on the most pressing threats.

The post Extended Detection and Response (XDR) Solution Guide appeared first on ľ��AV.

Advanced Cybersecurity To Combat Modern Threats

ľ��AV PR — Tue, 28 Sep 2021 13:00:55 +0000

With the rise of new and unprecedented malware, it is more important than ever that government systems adapt the most advanced cybersecurity capabilities to prevent and defend against cyberattack.

The post Advanced Cybersecurity To Combat Modern Threats appeared first on ľ��AV.

McAfee Announces ľ��AV as First North American MDR Partner

ľ��AV PR — Tue, 19 Jan 2021 15:00:57 +0000

ľ��AV is McAfee’s first North American Partner for MDR Enabled by MVISION EDR

FAIRFAX, Va. – January 19, 2021 – McAfee today announced that it is partnering with ľ��AV, a recognized leader in cybersecurity, cloud managed services, agile development digital transformation, advanced engineering and Amazon Web Services solutions, to offer managed threat detection and response (MDR) capabilities through McAfee MVISION EDR. ľ��AV is the first North American MDR partner for McAfee MVISION EDR and will leverage MVISION EDR and supporting vendors to deliver a scalable, repeatable and customizable program that enables organizations to focus on only verified threats.

MDR solutions can help organizations by alleviating the customer challenges associated with alert fatigue, false positives, inexperienced staff and lack of defined processes. These are real-world challenges recently highlighted in a with 36% of IT decision makers stating that the alerts surfaced by their EDR solution are false positives not worth investigating. Another 35% claim that their junior staff members lack the skill sets to triage and/or investigate alerts without support from senior staff.

“Protecting an organization against threats and attacks is a difficult endeavor that requires innovative technology coupled with technical know-how,” said Anand Ramanathan, vice president of product and marketing, McAfee. “Unfortunately, despite having the right technology and experience, organizations face the challenges of dealing with alert fatigue and numerous false positives. Together with ľ��AV we’re working to help organizations overcome these challenges to better defend themselves.”

“We have a rich history of to defend some of the most important endpoints in North America,” said Andy Woods, vice president of enterprise managed services at ľ��AV. “This MDR offering with McAfee MVISION EDR is another step in the direction of building on our relationship and providing our customers with the industry leading products and solutions that they need to enable their businesses and operations to run effectively.”

McAfee and ľ��AV have partnered for years to deliver managed endpoint security and monitoring for up to 1.4 million endpoints for the U.S. Army.

ľ��AV leverages the powerful capabilities of McAfee MVISION EDR augmenting with security orchestration, automation, security analytics, threat intelligence platform and refined SOC practices. This creates more accurate and comprehensive alerts and provides information such as MITRE ATT&CK mapping and threat actor profiles to better understand how the organization was targeted, identify other potential areas of impact, and provide insight into how to protect from future attacks.

According to a Gartner report, ¹, when looking for an MDR solution organizations should ask themselves questions like, “Do we need the provider to ensure service continuity, recovery and resiliency of its operations? If it has an issue and cannot provide 24/7 monitoring and response of threats as contracted, that creates a gap and risk for its customers.” As well as, “What geographies do we need the provider to operate in and where can its security operations centers (SOCs) be located?” among other questions organizations should be asking.

¹Source: Gartner Report – Ask These Critical Questions and Consider These Risks When Selecting an MDR Provider, October 31, 2019, Toby Bussa, Kelly Kavanagh, Craig Lawson, Pete Shoard

Benefits of the ľ��AV solution enabled by McAfee MVISION EDR include:

24x7x365 US based security monitoring and engineering
Dedicated and named analysts, engineers and project managers
Integrated security orchestration automation and response into customer environments
Simplified and expediated remediation through actionable intelligence and forward looking recommendations of what to expect next
A combination of industry leading threat intelligence platform, orchestration and security analytics helps provide additional correlation and enrichment of threat events, ensuring higher fidelity alerting, more context in investigations and better actionable intelligence
An enhanced customer experience that delivers a comprehensive program by taking ownership and not assigning tasks back to the customer
Regular delivery of metrics and reporting that matter to your team and executives enabling and clearly communicating program effectiveness and value

About McAfee
McAfee Corp. (Nasdaq: MCFE) is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates consumer and business solutions that make our world a safer place.

About ľ��AV
ľ��AV, a segment of ASGN, delivers advanced solutions in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, science, and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence, and commercial industries. ľ��AV maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ľ��AV has more than 3,000 employees throughout the United States. For more information, visit ľ��AVtech.com.

About ASGN
ASGN Incorporated (NYSE: ASGN) is one of the foremost providers of IT and professional services in the technology, digital, creative, healthcare technology, engineering, life sciences, and government sectors. ASGN and its are viewed as best in class across multiple industries and have built an outstanding reputation for excellence over the past 33 years. ASGN is based in Calabasas, California, with multiple offices throughout the United States, Canada, and Europe. To learn more, visit .

Contact
McAfee
Craig Sirois
media@mcafee.com

The post McAfee Announces ľ��AV as First North American MDR Partner appeared first on ľ��AV.

Defending Networks with Managed Detection and Response

ľ��AV PR — Thu, 30 Jul 2020 13:50:07 +0000

Malicious actors are constantly seeking new ways to infiltrate enterprise networks, adapting and evolving in their never-ending quest to exploit online systems and steal valuable information. Regardless of your company’s size and the maturity of its cybersecurity apparatus, every day brings fresh cyber threats as well as new tools to defend against them.

Managed Detection and Response (MDR) enables organizations of all sizes and maturity levels to proactively seek out and defend against cyberattacks. By combining cutting-edge tools and automation with the expertise of trained cybersecurity professionals, MDR brings the best of technology, artificial intelligence, and human insight to a comprehensive, proven cybersecurity solution.

ľ��AV offers MDR services with a vendor-neutral approach towards keeping your network, and every endpoint within it, safe. This comprehensive solution includes 24x7x365 eyes-on-glass monitoring, automated playbooks to help drive investigations, proactive threat-hunting, and rapid incident response.

By integrating with your organization’s help desk, ticketing system, and change control processes, our engineers become an extension of your team. We take the pressure off of your internal resources by assuming the day-to-day management, troubleshooting, and operations of the MDR cybersecurity apparatus.

Cybersecurity needs not be an uphill battle. By relying on MDR as a service, organizations empower themselves to go on the offensive, seeking out and combatting threat actors before they get the chance to penetrate online networks and jeopardize critical systems.

Interested in learning more about ľ��AV’ cybersecurity solutions? Reach out and talk to an expert.

The post Defending Networks with Managed Detection and Response appeared first on ľ��AV.

Smarter Cybersecurity: Modernizing Legacy Cybersecurity Systems

ľ��AV PR — Wed, 25 Sep 2019 18:49:07 +0000

A multinational staffing firm chose ľ��AV to replace their legacy endpoint cybersecurity program with a fully managed, as-a-service-based solution. In less than two weeks, ľ��AV migrated thousands of user endpoints to the new, cloud-based system.

The post Smarter Cybersecurity: Modernizing Legacy Cybersecurity Systems appeared first on ľ��AV.

Join us at McAfee MPOWER 2019

ľ��AV PR — Fri, 30 Aug 2019 15:27:03 +0000

ľ��AV is proud to announce sponsorship of the , hosted by McAfee. Join us October 1-3, 2019 at The ARIA Resort and Casino in Las Vegas, Nevada. Thousands of security experts from around the world will attend to strategize and network, while learning about the newest and most innovative ways to keep data, networks, and systems secure. ľ��AV cybersecurity experts will share their proven approach to scaling and customizing managed cybersecurity solutions that leverage McAfee’s powerful products. Our teams have deployed and continue to manage some of the largest McAfee implementations in the world.

Schedule a meeting with the ľ��AV cybersecurity team or stop by booth 601.

The ľ��AV cybersecurity team looks forward to discussing:

Modernizing your endpoint security deployment
Implementing cloud security across your cloud-based applications and infrastructure
Advancing your SIEM and SOC strategy
Integrating and automating your IT and security tools
How managed services can help take your security program to the next level

We look forward to speaking with you about cutting-edge strategies to ward off advanced cyber-attacks.

The post Join us at McAfee MPOWER 2019 appeared first on ľ��AV.

Playing in the Sandbox: ATP, Real Protect, and DAC

David Yang — Mon, 05 Aug 2019 20:13:37 +0000

Endpoint Engineering

Dynamic app containment (DAC) in endpoint security can be complicated without the right systems and tools. ľ��AV has found McAfee’s Adaptive Threat Prevention (ATP) offers unparalleled DAC capabilities, preventing myriad cybersecurity disasters. For it to be effective, though, users must be dedicated to monitoring, aligning and tuning ATP, along with Real Protect and DAC, all of which require time, effort and skill. Let’s take a look at some terms, tools, and tips.

What is ATP?

ATP is the tool that contains both Real Protect and DAC. It is a module that gets installed on the endpoint. ATP has the ability to block or allow files based on reputation on its own. Then, if the reputation is unknown, ATP uses Real Protect or DAC.

The security policy for both Real Protect and DAC are included in ATP.

Real Protect in endpoint security: on-premise and in the cloud

A two-part cybersecurity tool, the Real Protect scanner inspects suspicious files and activities on client systems to detect malicious patterns using machine-learning. The scanner can then use this information to detect zero-day malware.

This innovative tool is one of the only of its kind that uses machine learning for endpoint security, making it a go-to for ľ��AV cyber techs and analysts

Real Protect is client-based as well as cloud-based. Both include dynamic link library (DLL) scanning to keep trusted processes from loading untrusted portable executable (PE) and DLL files.

By seeking patterns, Real Protect can recognize known malware, scanning files and apps to see if they look the same as the malware. While Real Protect won’t recognize a particular file, it will recognize attributes of malware.

Client-based Real Protect

Client-based Real Protect uses machine learning on the client system to determine whether the file matches known malware. If the client system is connected to the internet, Real Protect sends telemetry information to the cloud, but it doesn’t use the cloud for analysis.

The client-based scanning sensitivity levels, which are rooted in mathematical formulas, assign “tolerance” to suspicious activity to assess whether the file matches malware. The higher the sensitivity level, the more malware matches will be found. Allowing more detections can result in more false positives.

Cloud-based Real Protect

Cloud-based Real Protect collects and sends file attributes and behavioral information to the machine-learning system in the cloud for malware analysis. This version of Real Protect also uses machine learning to analyze files to see if any malware-like criteria. Files that come up with a match are blocked.

To run efficiently and stay current, both cloud-based and client-based Real Protect need to be updated, just like any other system or tool. In order to accomplish this, the client software connects to a local or remote McAfee server or directly to a site on the internet. Endpoint security then checks for:

Updates to the content files that detect threats

Content files that contain definitions for threats, such as viruses and spyware

Upgrades to software components, such as patches and hotfixes

Dynamic App Containment: the sandbox and beyond

DAC is endpoint protection in a private sandbox. DAC allows unknown files to run in a container (the “sandbox”), limiting what they can do. When a file is sandboxed, it is separated from other programs so if security issues come up, they will not spread to other areas of the network. Based on a file’s reputation, DAC can sandbox a file and run the file against a set of rules. If the file or process triggers enough “block” containment rules to exhibit suspicious behavior, the file is automatically blocked for not following the rules.

Tips for running ATP with Real Protect and DAC

While ATP is a powerful cybersecurity tool, it is not used in a vacuum. ľ��AV takes an integrated approach, combining analytics, threat intelligence, and cybersecurity experts. Therefore, when you decide to use ATP along with Real Protect and DAC, consider integration with other tools from McAfee like Advanced Threat Defense (ATD), Data Exchange Layer (DXL), and Threat Intelligence Exchange (TIE).

You will want to make sure you are running TIE and Global Threat Intelligence (GTI) to collect reputations before enabling DAC. These makes the task of tuning less labor intensive because it aids in automated reputation analysis.

Then, get ready for a lot of tuning, because DAC requires it constantly to sift out false positives.

To help you tune, you will need to build reports around events and based on those reports, adjust tolerance as necessary. Then, address the threats to see if they are actual threats or false positives.

It’s also important to know your environment. If Real Protect is operating in a high-change environment with a lot of developers, set sensitivity to scanning as appropriate, since developers write programs that sometimes have attributes of malware but aren’t, resulting in a false positive.

Give yourself time. Real Protect and DAC’s policies aren’t overly complicated, but it’s time consuming to prepare them to run in a specific environment.

Finally, when you are ready to implement ATD along with Real Protect and DAC, make sure you use the observe node first to avoid blocking too many false positives. You want to ensure the protection is solid but has the least amount of impact possible.

Questions about how ľ��AV manages endpoint security for clients? Read about one of our approaches here, and reach out to an ľ��AV cyber expert for more information.

The post Playing in the Sandbox: ATP, Real Protect, and DAC appeared first on ľ��AV.

There Is a Better Approach to Enterprise Endpoint Security

Mark Maglin — Mon, 13 May 2019 15:48:34 +0000

By Mark Maglin
Vice President, Cybersecurity

Introducing the Advanced Cyber Threat Defense (ACTD) platform delivering next-gen comprehensive endpoint security today

Enterprise organizations are challenged to plan, build, and maintain a cybersecurity strategy and solution to defend against today’s threats. They need their cyber strategy to account for the ever-changing landscape and allow for the growth and innovation necessary to address the unknowns of tomorrow’s cyber threats without limiting user and mission needs. Organizations need this solution today, and they need it to be cost-efficient, flexible, and agile. I often find myself speaking to organizations facing the same challenges, trying to work through the problem with different vendors, investing money in hardware and software products that solve a singular problem; they don’t necessarily communicate with each other, and in fact may be obsolete before the new technology is deployed and optimized.

I am here to tell you there is a better strategy, one that meets enterprise requirements and is globally operating today, protecting some of our nation’s most sensitive organizations. ľ��AV, with McAfee and select OEM Partners, has developed and implemented the Advanced Cyber Threat Defense (ACTD) platform to provide endpoint security, visibility, remediation, orchestration, and management capabilities as a managed service. As the solution is outcome, not technology driven, our customers benefit from an agile approach to endpoint security and continuous innovation of capabilities and services. Additionally, leveraging our decades of experience with government agencies, we’ve ensured the ACTD platform delivers all of the endpoint security and management capabilities desired by the US Department of Defense, Federal Government, and large commercial enterprises:

Visibility (enterprise view to individual assets in real-time)
Signatureless detection powered by artificial intelligence and machine learning (ML)
Fully-integrated threat intelligence platform (TIP) fostering automation
Real-time and cross-platform sharing of indicators of compromise (IOC)
Advanced malware sandboxing and analysis
Endpoint detection and response (EDR)
Application containment and whitelisting
Data loss prevention (DLP) for mitigating insider threats
DoD scorecard and hygiene reports that are automated and drillable

Advantages of the ACTD platform include:

Real-time visibility of assets
Zero-day detection using artificial intelligence, machine learning, and sandboxing
Endpoint detection and response for instantaneous remediation of one or all hosts
Threat intelligence platform allowing inter-service and inter-agency indicator sharing
Open, extensible architecture mitigating vendor-lock
Outcome-based key performance indicators and contractual service level agreements

Benefits of ACTD delivered as a managed service:

Contractor-owned/operated hardware and software
24/7/365 Tier 2 and 3 support
Analyst/DCO training
All operations and maintenance
Continuous innovation

Delivering complete endpoint security, TODAY

In partnership with U.S. Army Cyber Command (ARCYBER), ľ��AV delivers, operates, and maintains all facets of the Army Endpoint Security Solution (AESS). The AESS solution is built on the ACTD platform and is operated 24/7/365 as a turn-key managed service inclusive of risk management framework (RMF), service desk, engineering, analysis, infrastructure, and project management. As the single service provider for AESS, we are able to deliver outcomes to a set of clearly defined contractual service level agreements (SLAs) and key performance indicators (KPIs).

To date, AESS is the only deployed cybersecurity solution to offer all endpoint security and management capabilities desired by Joint Forces HQ DoDIN/DISA. Delivered as a managed service on the ACTD platform, AESS is a turnkey solution that includes all hardware, software, maintenance, and operations.

Operating worldwide today on NIPRnet and SIPRnet, the Army Endpoint Security Solution (AESS) provides Regional Cybersecurity Centers with the most advanced tools and discovery capabilities for comprehensive cybersecurity protection, detection, and remediation.

The ACTD platform has also been adopted by:

Defense Logistics Agency (DLA)
Joint Special Ops Command (JSOC)
U.S. Air Forces Central Command (AFCENT)
Missile Defense Agency (MDA)
U.S. Central Command (CENTCOM)

Continued innovation and excellence

ľ��AV also continues to innovate cybersecurity solutions through the ľ��AV Cyber Center of Excellence, fostering collaboration, innovation, research, and development. The center allows us to consistently improve the speed and accuracy of all our cybersecurity systems, further broadening our capabilities to our clients.

For more detailed information, reach out to an ľ��AV cybersecurity expert.

The post There Is a Better Approach to Enterprise Endpoint Security appeared first on ľ��AV.

Join us at McAfee MPOWER 2018

ľ��AV PR — Mon, 17 Sep 2018 20:23:58 +0000

ľ��AV is a proud sponsor of the 2018 MPOWER Cybersecurity Summit, hosted by McAfee. Join us October 16-18 at The MGM Grand in Las Vegas, Nevada. ľ��AV’ cybersecurity leadership and technical experts will be sharing their approach and strategy to scaling and customizing managed cybersecurity solutions that leverage McAfee’s powerful products. Our teams have deployed and continue to manage some of the largest McAfee implementations in the world.

Schedule a meeting with the ľ��AV cybersecurity team or stop by at booth 311.
The ľ��AV cybersecurity team is looking forward to discussing the following solutions and products with existing McAfee customers and those who want to learn more about:

Modernizing your endpoint security deployment
Implementing cloud security across your cloud-based applications and infrastructure
Advancing your SIEM and SOC strategy
Integrating and automating your IT and security tools
How managed services can help take your security program to the next level

While at the booth, enter for a chance to win a four-hour ePO health check from our tenured experts who will make sure you’re getting the most out of your McAfee deployment.

Visit ľ��AV at Booth 311 and answer a few simple questions about your cybersecurity needs and challenges. Your name will be automatically entered at the end of the survey.

The post Join us at McAfee MPOWER 2018 appeared first on ľ��AV.