With more and more enterprises moving to shift their IT assets off-premise in pursuit of business transformation, cyber security firm McAfee is strategically focusing on cloud security.
In its 2019 Cloud adoption and risk report, the company found 21% of all files in the cloud now contain sensitive data, while the number of files with sensitive data being shared through the cloud has increased by 53% year-on-year.
“We interviewed a bunch of CIOs and, for the first time, more than 50% said they thought cloud was more secure than on-premise,” Sekhar Sarukkai, vice-president of engineering and cloud security at McAfee, told Computer Weekly.
However, he added that while this change in mindset is positive for wider cloud adoption, adversaries have taken note of this developing business practice.
“The bad actors are saying, ‘wait a minute, all the interesting data is going to the cloud, let me attack the cloud’ – anytime there is this kind of tectonic shift, bad actors will find the window of opportunity to capitalise on the lack of mature tools and practices,” he said.
As a result, threat events in the cloud have also increased by nearly 28% year-on-year, with 80% of all organisations surveyed experiencing at least one compromised account threat every month and 92% having stolen cloud credentials on sale via the Dark Web.
This is because sensitive data can now be shared, leaked, or stolen from the cloud without it ever encountering a network choke point or getting inspected by a device, making the breach much harder to detect.
The problem is aggravated by the fact that data is being collected and generated at an exponential rate, while businesses are also using more devices and applications than ever.
This move to cloud has therefore created a new security paradigm for enterprises, which up until recently have been primarily concerned with protecting their legacy infrastructure.
“The attack surface that we have to manage is growing at a never ending rate,” McAfee CEO Chris Young told the opening session of the MPOWER Cybersecurity Summit in Las Vegas.
“Today, cloud-based architectures are under assault, and we have to get better about protecting our data, systems and applications in the cloud.”
Underpinning McAfee’s approach to securing these environments is the idea that the security solutions must be cloud-native. “If you’re going to deliver security for the cloud, you’ve got to deliver it from the cloud,” said Young.
Unified security controls
One of the main challenges cloud-adopting enterprises face is replicating consistent access management and data loss prevention (DLP) policies across multiple endpoints, networks and cloud environments.
To deal with this problem, McAfee will be introducing Unified Cloud Edge to enable what it claims will be a borderless IT environment.
The Cloud Edge uses cloud native architecture and will allow enterprises to set one policy across multiple environments with a single click, essentially amalgamating the operation of McAfee’s existing cloud, DLP and web gateway offerings.
According to Sarukkai, this unified management capability will help enterprises with end-to-end data protection by eliminating the siloed nature of the current process, whereby different products or policies are deployed to control the flow of data in different environments.
“Data protection, to do it successfully, needs to be applied in a consistent way across your endpoints, across your network, and into the cloud,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee. “If you try to do this with multiple policies and engines, it’s a recipe for disaster.”
By simplifying the implementation of data protection controls across the enterprise’s entire security environment, McAfee hopes its customers will be able to save time as well as gain greater visibility and control over their environments.
Proactive threat analytics
According to Steve Grobman, McAfee’s chief technical officer, visibility is just as important for understanding future threats as well as those that already exist.
“Being able to detect threats faster is a key, but it’s also being able to now anticipate those high impact threats, and not have them affect your organisation at all – a far better outcome than constantly having to be in reactive mode,” he told the MPower Summit audience during his keynote.
To promote a more proactive approach to cybersecurity the company has been developing MVision Insights, a data-driven analytics tool designed to help organisations gain visibility over their entire attack surface.
The data is derived from McAfee’s one billion sensors, giving the company what Grobman calls ‘diverse telemetry at scale’. “If you only have one type of sensor, such as endpoint, you’re going to have a limited perspective, in what you can see,” he said.
“Our sensors are comprised of mobile sensors, endpoint sensors, web sensors, network sensors with our IPS, so it’s really all of our CASB and cloud sensors. Putting all of that together is able to give a very rich view of the context of what’s happening in in the world.”
Grobman added the depth of data available through the variety of sensors at McAfee’s disposal can give customers insights on developing cyber threats at both a local and global level, allowing them to compare threats within their own environments to what is happening in their country, region, or wider business sector.
“It’s about putting the local context in a global perspective, and it just wouldn’t be practical to get a global version of the data in a form that it could be placed in an on-premise capability – the cloud is the only practical way to build it,” he said.
This analytics process is helped significantly by the artificial intelligence (AI) that McAfee has been developing over the past few years.
The main strength of AI is its ability to sift through large amounts of data that would take a human much longer and this is largely the same for McAfee, which has trained its algorithms to detect specific patterns within cyber attacks.
From this, the AI can identify whether an attack is part of a targeted campaign on a particular organisation or industry, as well as pick out the attacks “feature vectors”.
These vectors are essentially the physical, encoded characteristics of any attack, which the AI maps out like DNA to identify other attacks within the same “family”.
Read more about cyber security
- A group of cyber security suppliers have come together to form the Open Cybersecurity Alliance.
- Security researchers have demonstrated how simple flaws in building controllers could allow malicious actors to manipulate control systems with devastating effect, highlighting the importance of operational technology security.
- Organisations should use every cyber attack as an opportunity to learn, identify weaknesses and improve security posture, according to McAfee’s head of cyber investigations.
According to Grobman, this makes it much easier for cyber security teams to understand the nature of the threat they face and how to deal with it, as well as which threats to prioritise in the first place.
“Being able to focus on the most critical threats is what organisations really need to do better,” said Grobman.
“Being able to find those threats that have really high levels of impact, and have the humans looking at those, and then delegate to automation the nuisance and noise, I think that’s where you’ll see a big change in the industry.”
According to ESG Fellow Jon Oltsik, many firms want to be proactive but lack the talent and resources to execute this kind of strategy.
“McAfee can help bridge this gap by offering organisations a global outlook across the entire threat landscape with local context to respond appropriately,” he said. “In this way, McAfee can support a CISO-level strategy that combines risk and threat operations.”