Windows admins, has Microsoft completely screwed up its security reports?

Enlarge / No more security bulletins for your neighborhood bulletin board. (credit: Randy Heinitz)

The last three Patch Tuesdays haven't been the straightforward affairs we're used to. February's was a big deal because it was delayed and then canceled outright, with Microsoft never explaining to us why it didn't happen.

Of course, that decision might have had something to do with the unexpected contents of March's Patch Tuesday. That release fixed a bunch of previously undisclosed flaws that were then publicized by Shadow Brokers when the mysterious group published a cache of NSA exploits.

In a change announced last November, Microsoft originally intended to introduce a new system of describing its patches and their respective security fixes this February. That didn't happen in February, and it also didn't happen in March. The bumper crop of fixes referenced above instead used the company's long-standing security bulletin format. But last week's April release did, at last, make the change.

Read 10 remaining paragraphs | Comments

The Power of an Integrated UEBA/SIEM Solution

If you’ve read our previous blog, “Leveraging UEBA Capabilities in Your Existing SIEM,” you understand how McAfee Enterprise Security Manager can perform many essential UEBA functions leveraging its built-in advanced analytics and behavior modeling.

Doing It Better Together

For several specific use cases, you may find that you need a third-party UEBA product. Fortunately, through the McAfee ecosystem approach to security, you can integrate UEBA solutions from other vendors for expanded visibility of McAfee Enterprise Security Manager’s user monitoring and analytics. Such tight integrations with McAfee Enterprise Security Manager optimize security operations by:

  • Adding user and entity threat data to McAfee Enterprise Security Manager’s threat and contextual parameters to trigger rapid response actions, such as policy changes, alerts, and escalations.
  • Leveraging response activities for deeper forensic investigations.
  • Enabling enhanced reporting, visibility, and management. Data collected by the UEBA solution can be sent to the McAfee Enterprise Security Manager reporting engine, which can then create visualizations of that information and synthesize it within its existing operational reports, dashboards, and workflows.

The McAfee and UEBA Vendor Partnerships

McAfee Security Innovation Alliance partnerships include numerous UEBA vendors that offer an advanced UEBA solution with a flexible analytics engine covering insider threats, targeted attacks, and unknown threats. These smart and powerful platforms utilize machine learning and advanced analytics models that are well suited for large, complex enterprise environments.

McAfee Enterprise Security Manager and UEBA vendor integrations increase visibility to:

  • Insider threats across endpoints, servers, networks, and log data: It connects high-risk actions to users and provides clear context.
  • Privileged accounts: Time, authentication, access, application usage, and data movement are monitored and compared to baseline behavior parameters.
  • Targeted attacks: It quickly surfaces attack paths as they unfold, including malware that propagates laterally.
  • Healthcare compliance: Policy violations and risky user behaviors are identified by monitoring users, files, applications, and all types of medical and computing devices.

UEBA solution integrations with both the McAfee Enterprise Security Manager SIEM solution and the McAfee Data Exchange Layer threat intelligence sharing fabric can identify indicators of attack and feed those back into the SIEM to facilitate threat hunting. False positives are minimized, and analysts can focus on high-priority actionable items. In effect, these integrations create a closed-loop system, with continuous interaction between the products. Integration with McAfee Data Exchange Layer enables and accelerates communication of threat intelligence across multiple security solutions. This can dramatically speed detection and remediation across the entire enterprise security ecosystem, supporting the entire threat lifecycle.

Learn more about how McAfee Enterprise Security Manager can be leveraged to perform UEBA functions in our white paper, Entity Behavior Analytics for McAfee Enterprise Security Manager. Also, explore the UEBA vendors who are part of the McAfee Security Innovation Alliance.

The post The Power of an Integrated UEBA/SIEM Solution appeared first on McAfee Blogs.

Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance

Enlarge / Is it "fresh malware"? Or is it something else repackaged? (credit: from an image by Sarah Shuda)

Last November, a systems engineer at a large company was evaluating security software products when he discovered something suspicious.

One of the vendors had provided a set of malware samples to test—48 files in an archive stored in the vendor's Box cloud storage account. The vendor providing those samples was Cylance, the information security company behind Protect, a "next generation" endpoint protection system built on machine learning. In testing, Protect identified all 48 of the samples as malicious, while competing products flagged most but not all of them. Curious, the engineer took a closer look at the files in question—and found that seven weren't malware at all.

That led the engineer to believe Cylance was using the test to close the sale by providing files that other products wouldn't detect—that is, bogus malware only Protect would catch.

Read 61 remaining paragraphs | Comments

Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance

Enlarge / Is it "fresh malware"? Or is it something else repackaged? (credit: from an image by Sarah Shuda)

Last November, a systems engineer at a large company was evaluating security software products when he discovered something suspicious.

One of the vendors had provided a set of malware samples to test—48 files in an archive stored in the vendor's Box cloud storage account. The vendor providing those samples was Cylance, the information security company behind Protect, a "next generation" endpoint protection system built on machine learning. In testing, Protect identified all 48 of the samples as malicious, while competing products flagged most but not all of them. Curious, the engineer took a closer look at the files in question—and found that seven weren't malware at all.

That led the engineer to believe Cylance was using the test to close the sale by providing files that other products wouldn't detect—that is, bogus malware only Protect would catch.

Read 61 remaining paragraphs | Comments