McAfee today released Disrupting the Disruptor, Art or Science?, a new report comparing the role of humans to automation and machine learning in the investigation of and response to cyberthreats. McAfee found that organizations that prioritize the human threat hunter before investment in automated technology, are more successful in closing security cases and determining the root cause of threats.
Mapping to its vision for the future of cybersecurity response to be driven by a new concept called Human-Machine Teaming, the concerted combination of human efforts with smart technology, McAfee also announced updates to its solutions portfolio making it easier for organizations to bring machine learning capabilities to their security infrastructure and enable more efficient threat hunting.
- Seventy-one per cent of advanced Security Operations Centres (SOCs) use human-machine teaming to close cybersecurity investigations in one week or less
- Of the most advanced organizations, 37 per cent closed threat investigations in less than 24 hours
- Hunters at the minimal level only determine the cause of 20 per cent of attacks, compared to leading hunters’ verifying 90 per cent
- Sixty-eight per cent say better automation and threat hunting procedures are how they will reach leading capabilities
- Successful cybersecurity teams are three times as likely to automate threat investigation and devote 50 per cent more time to actual threat hunting
- More advanced organizations get far better leverage from their threat intelligence investments
- McAfee announced several updates to its solution portfolio, material to bringing advanced machine learning to organizations’ security infrastructure
- This includes updates to: McAfee Advanced Threat Defense (ATD), McAfee Enterprise Security Manager (ESM) and McAfee Endpoint Threat Defense and Response (ENS)
- Significantly, McAfee revealed an independent OpenDXL.com, a new, free and open source collaboration portal
- This follows the release of the following McAfee blogs on human-machine teaming: Why Human-Machine Teaming Will Lead to Better Security Outcomes and The Machines Are Coming. And That’s A Good Thing; and research from 451 Research
NEWS RELEASE (1 of 2): McAfee Expands Machine Learning, Automation Capabilities to Strengthen Human-Machine Teams
OpenDXL.com open source community launches and McAfee alliances grow to improve manageability of security operations
- New McAfee® Advanced Threat Defense machine learning now fortifies threat detection for sandboxing
- New patented automation for McAfee® Enterprise Security Manager SIEM technology delivers unmatched insight into threat exposure
- New McAfee® Cloud Threat Detection and McAfee Threat Intelligence Exchange integration enables in-depth analysis
- New OpenDXL.com, an independent community website, launches to facilitate the use of open source integrations
- McAfee Security Innovation Alliance welcomes 12 new members
BLACK HAT LAS VEGAS, Nev., July 26, 2017 – McAfee, one of the world’s leading cybersecurity companies, today announced several new innovations that expand machine learning and automation capabilities to strengthen human-machine teams. Plus, McAfee announces support of OpenDXL.com, a new, independent collaboration portal that offers forums, free apps and more, giving OpenDXL users easy access to ideas and resources available for application integrations. These new advances build upon the company’s commitment to innovation, collaboration and trust, bringing McAfee’s mantra ‘Together is Power’ to life.
“Today’s security teams are facing 244 new cyber threats every minute, amid a serious talent shortage. Siloed security, without automation, managed by overwhelmed teams is not a sustainable defense strategy,” said Raja Patel, Vice President and General Manager, Corporate Security Products, McAfee. “Expanded machine learning and integrated analytics are part of McAfee’s vision for a fundamental shift in the way humans and machines work together to secure our digital world. By aligning the strengths of humans and machines, organizations elevate their operational maturity to better defend against the cyber threats we face today—and tomorrow.”
Machine Learning and Automation
McAfee technology seeks to improve the way humans and machines work together to protect the digital enterprise, through implementation of an intelligent security platform, that takes advantage of powerful new technologies, such as machine learning and automation. McAfee Advanced Threat Defense (ATD) software now joins the growing portfolio of McAfee products that incorporate machine learning, including McAfee Endpoint Security with Real Protect and McAfee Global Threat Intelligence (GTI).
The newly released McAfee® ATD v4.0 software introduces an innovative deep learning technique to enhance detection and expands advanced analysis capabilities within email attachments, resulting in more comprehensive protection across the network as new threat intelligence and reputation updates are shared throughout the ecosystem. New capabilities include:
- Enhanced Machine Learning Detection: Machine learning now bolsters McAfee ATD detection capabilities, resulting in an expanded ability to identify malicious markers that may be hidden, or not fully executed.
- Expanded, Closed-Loop Detection-to-Protection for Email: McAfee ATD Email Connector now enables email security gateways to forward suspicious attachments to McAfee ATD for analysis, preventing malware from spreading on internal networks.
New enhancements for McAfee Enterprise Security Manager (ESM) include integrated, patented countermeasure-aware risk analysis to help security operations teams identify threats and assess the impact of new vulnerabilities, as well as new support for critical SOC use cases.
- Accurate Insight into Exposure and Risk: McAfee® ESM now improves risk assessment by factoring in active, relevant countermeasures and priority guidance from McAfee GTI, providing a more accurate understanding of exposure and potential impact. The new Asset Threat Risk Content Pack 2.0 feature delivers security configuration, compliance posture and patch assessment in a single view.
- Rapid Use Case Deployment: The new McAfee Connect content portal simplifies access to freely available, simple to deploy use cases and solution integrations. Through the portal, McAfee customers can find tools to activate monitoring, detection and incident management tasks, including user behavior analysis and detection of malware exploits and reconnaissance.
- Effortlessly Monitor and Analyze Cloud Activity: Easy incorporation of Microsoft Office 365 actions and events enables monitoring and analysis of user activity within cloud services.
Fully Unified Data Loss Prevention
McAfee Data Loss Prevention (DLP) Endpoint, DLP Prevent, DLP Discover and DLP Monitor are now fully unified. New capabilities include:
- Improved Business Efficiency: Unified policy management across network and endpoint DLP built upon a common classification engine, dictionaries, regular expression engine and syntax.
- Faster Investigation and Remediation: Simplified incident and case management speeds investigation and remediation of risk or suspicious user behavior by line-of-business data stewards, and information security professionals alike.
- Consistent Event Analysis: Common file, email, web traffic and database analysis across endpoint and network DLP ensure consistent enforcement of corporate data usage policies.
Dynamic Endpoint Protection
McAfee’s dynamic endpoint protection collaborates across products, allowing new technology to easily integrate without a complete architecture rebuild, and leverages machine learning to improve detection capabilities. New capability includes:
- Integrated Cloud Threat Detection: New integration between McAfee Cloud Threat Detection (CTD) and McAfee Threat Intelligence Exchange (TIE) enables McAfee Endpoint Security (ENS) to forward suspicious samples to a cloud sandbox for in-depth analysis
Continued Commitment to Open Source and Industry Collaboration
McAfee believes that no one person, product or organization can fight cybercrime alone, which is why McAfee announced the OpenDXL initiative in 2016, launching an open industry standard for all developers to increase integration flexibility, simplicity and opportunity. McAfee has now expanded its commitment to open source through support of a new, independent open source community, OpenDXL.com. This vibrant, collaborative portal includes:
- Community Innovation Forum: A place for participants to connect, get ideas, exchange questions and solve new problems.
- Freely Available App Marketplace: Created for sharing, the app marketplace features new, creative use cases for OpenDXL, packaged and ready for implementation.
- “Bootstrapper” to Simplify Integration: Makes it even easier to create OpenDXL integrations with a “bootstrapper” toolkit, which helps developers and integrators create API service wrappers in a few easy steps.
The McAfee Security Innovation Alliance, the industry’s premiere technology partner program, providing a truly integrated and connected security ecosystem, welcomes twelve new members:
- AGAT Software
- Cisco Systems
- Extreme Networks
- Kemp Technologies
- Resolve Systems
For more information on McAfee you can visit the following:
- McAfee’s Black Hat Booth (#300)
- Blog: “News from Black Hat: Humans Collaborate and Team with Machines to Work Smarter”
- Blog: “McAfee Advanced Threat Defense Expands Threat Vector Coverage to Email Attachments”
- Blog: “OpenDXL.com goes live! Join the movement”
- “Optimizing Investigations using Human-Machine Teaming”
- Wednesday, July 26 – 11:30 – 12:30pm
- Mandalay Bay Hotel, Oceanside E
- By Ismael Valenzuela, McAfee Principal Engineer
- McAfee ATD: McAfee.com/ATD
- McAfee ESM: McAfee.com/ESM
- McAfee Connect Portal: McAfee Connect
- McAfee ENS: McAfee.com/ENS
- New open source collaboration portal: OpenDXL.com
- New report “Disrupting the Disruptors, Art or Science?” https://www.mcafee.com/soc-evolution
- Executive Perspectives on Human-Machine Teaming: securingtomorrow.mcafee.com/business/machines-coming-thats-good-thing/
McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. http://www.mcafee.com/
NEWS RELEASE (2 of 2): New McAfee Report Reveals Secrets of Successful Threat Hunters and SOCs
Effectiveness Comes with Complementary Investments in Human-machine Teaming
- Survey outlines state of security operations center and threat investigations
- Seventy-one per cent of advanced SOCs use human-machine teaming to close cybersecurity investigations in one week or less
- Successful cybersecurity teams are three times as likely to automate threat investigation. Thus, they devote 50 per cent more time to actual threat hunting.
- While analytic tools like sandboxing and SIEM are must-haves, and Endpoint Detection and Response and User Behavior Analytics are rising, effectiveness comes with complementary investments in human-machine teaming that integrates these capabilities with knowledge and processes
- More sophisticated security organizations get far better leverage from their threat intelligence investments by emphasizing local, private and paid intelligence sources
Black Hat, Las Vegas, July 26, 2017 – McAfee, one of the world’s leading cybersecurity companies, today announced the release of Disrupting the Disruptors, Art or Science?, a new report investigating the role of cyberthreat hunting and the evolution of the security operations center (SOC). Looking at security teams through four levels of development—minimal, procedural, innovative and leading, the report finds that advanced SOCs devote 50 per cent more time than their counterparts on actual threat hunting.
The Threat Hunter
Threat hunting is becoming a critical role in defeating bad actors. A threat hunter is a professional member of the security team tasked with examining cyberthreats using clues, hypotheses and experience from years of researching cybercriminals, and is incredibly valuable to the investigation process. Per the survey, companies are investing in and gaining different levels of results from both tools and structured processes as they integrate “threat hunting” activities into the core security operations center.
As the focus on professional threat hunters and automated technology increases, a more effective operations model for identifying, mitigating and preventing cyberthreats has emerged: human-machine teaming. In fact, leading threat hunting organizations are using this method in the threat investigation process at more than double the rate of organizations at the minimal level (75 per cent compared to 31 per cent).
“Organizations must design a plan knowing they will be attacked by cybercriminals,” said Raja Patel, vice president and general manager, Corporate Security Products, McAfee. “Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful. “It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber threats at bay.”
- On average, seventy-one per cent of the most advanced SOCs closed incident investigations in less than a week and 37 per cent closed threat investigations in less than 24 hours
- Novice hunters only determine the cause of 20 per cent of attacks, compared to leading hunters’ verifying 90 per cent
- More advanced SOCs gain as much as 45 per cent more value than minimal SOCs from their use of sandboxing, improving workflows, saving costs and time, and collecting information not available from other solutions
- Sixty-eight per cent say better automation and threat hunting procedures are how they will reach leading capabilities
- More mature SOCs are two times more likely to automate parts of the attack investigation process
- Threat hunters in mature SOCs spend 70 per cent more time on the customization of tools and techniques
- Threat hunters in more mature SOCs spend 50 per cent more time on actual threat hunting
- Sandbox is the number one tool for first and second line SOC analysts, where higher level roles relied first on advanced malware analytics and open source. Other standard tools include SIEM, Endpoint Detection and Response, and User Behavior Analytics, and all of these were targets for automation.
- More mature SOCs use a sandbox in 50 per cent more investigations than entry level SOCs, going beyond conviction to investigate and validate threats in files that enter the network
The Threat Hunter Playbook: Human-Machine Teaming
Aside from manual study in the threat investigation process, the threat hunter is key in deploying automation in security infrastructure. The successful threat hunter selects, curates and often builds the security tools needed to thwart threats, and then turns the knowledge gained through manual investigation into automated scripts and rules by customizing the technology. This combination of threat hunting with automated tasks is human-machine teaming, a critical strategy for disrupting cybercriminals of today and tomorrow.
To find More Information on Threat Hunting, including the report and executive summary, visit www.mcafee.com/soc-evolution.
For more information on Human-Machine Teaming, visit the McAfee blog:
- Why Human-Machine Teaming Will Lead to Better Security Outcomes, Steve Grobman, chief technology officer, McAfee
- The Machines Are Coming. And That’s A Good Thing, Raja Patel, vice president and general manager, Corporate Security Products, McAfee
In the Spring of 2017, McAfee worked with a third party to survey over 700 IT and Security professionals selected from a third-party database to represent a diverse set of countries, industries, and organization sizes. Participants worked for organizations with more than 1000 employees. Respondents surveyed came from Australia, Canada, Germany, Singapore, the United Kingdom and the United States whose job duties include threat hunting.
McAfee® is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. www.mcafee.com
– 30 –
McAfee and the McAfee logo are trademarks of McAfee LLC in the United States and other countries.
*Other names and brands may be claimed as the property of others