If You ONLY Deploy AntiVirus, It Will Cost You More and Make You Less Secure

Everyone’s looking to shave their IT budgets, manage fewer vendors and streamline. The plethora of low cost and sometimes free AV products is an enticing option to lower the cost to secure any business. Some free antivirus programs do an acceptable job of detecting, blocking and removing certain kinds of malware, but don’t provide protection from ALL the rapidly growing threats that attack multiple system vulnerabilities.  

Recently, the data security company Imperva published a much derided test showing what most IT security experts already knew: an AV-only protection scheme is necessary but insufficient.

While traditional antivirus technology continues to hold value for consumers and enterprises, it is only one layer in what needs to be a multi-layered defense.  As such, McAfee pioneered behavioral and other “day-zero” protection technologies to protect against rapidly morphing threats that can evade traditional blacklisting.

Host Based Intrusion Prevention Systems (HIPS) and Application Control are just two examples of security technologies that McAfee has delivered to protect millions of endpoints.  For example, McAfee Application Control protects against 100% of the threats in Imperva’s tests.  McAfee has optimized the ability to respond to evolving threats and our Global Threat Intelligence (GTI) is an example.  It provides the most comprehensive view of the evolving threat landscape, correlated with threat intelligence from and across all threat vectors – file, web, message, and network –driving the transition from blacklisting to grey and white listing. While blacklisting is still a vital ingredient for protecting devices, there is only a small percent of the threats out there that are new and still plenty of old threats that infect devices.  Because of this, blacklisting will never go away.  However, what is changing is that the blacklist is living in the cloud instead of on each device.

Some great new primary research, from Aberdeen’s Derek Brink shows that AV-only group actually spends 1.5-times more, and effectively accepts 68% of its security-related risk.

Not investing in additional endpoint security solutions is actually a false economy – in reality, they are ignoring (and therefore effectively accepting) 68% of the risk and the associated costs.   Endpoint security initiatives should adopt a more comprehensive approach to protecting the organization’s platforms, networks, applications and data.  (Source: Aberdeen Group, March 2012.)

Beyond historic blacklisting, McAfee recommends that users also deploy host or network web protection, HIPS, AND good application control functionality to defeat the current generation of cybercriminals. That is why McAfee is relentless in solving the challenges of increasing threats and we do that by working to fulfill the value proposition of our Security Connected strategy– an integrated platform for security which identifies common host-network customer use cases and implements them to reduce the total cost of ownership for a complete security solution.

Turkish government agency spoofed Google certificate “accidentally”

Microsoft has released a security advisory concerning a fraudulent digital certificate for all Google domains apparently created by the Turkish government. The certificate, which was created by a subsidiary Certificate Authority issued to the transportation directorate of the city government of Ankara, could have been used to intercept SSL traffic as part of a "man in the middle" attack to spoof Google's encryption certificate and decrypt secure Web sessions to Google Plus and GMail.

According to a statement from the Turkish certificate authority Turktrust, the organization mistakenly issued two organizations subsidiary CA certificates in 2011—created during testing of Turktrust's certificate production system—instead of the standard SSL certificates they were supposed to receive. Subsidiary CA certificates give the holder the ability to issue SSL certificates with the original CA's authority.

According to Turktrust, one of the two subsidiary CAs was revoked before it was used. But the second, issued to EGO.GOV.TR, was installed on a Microsoft Internet Information Services (IIS) server used for webmail by the agency until December 6—when the certificate and key was transferred to a CheckPoint firewall. The firewall, which has deep packet inspection and SSL interception features, automatically created man-in-the-middle certificates when the CA certificate was added to it, Turktrust said.

Read 2 remaining paragraphs | Comments

Microsoft Releases January 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. These vulnerabilities could allow remote code execution, elevation of privilege, security features bypass, or cause denial-of-service conditions.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.