deepagopi2011 - Fotolia
Cyber defence is becoming increasingly difficult, and there are three key indicators cyber security professionals need to look at and learn from, according to Chris Young, CEO of security firm McAfee.
These key indicators are the threatscape (what attackers are doing, the technology landscape), the reshaping of what is happening underneath it, and the regulatory climate and environment, Young told the opening session of the 2018 MPower cyber security summit in Las Vegas.
While the latest attack to dominate the headlines is cryptojacking, with the instances of new associated malware seeing a 500% increase in the past year, he said that looking back over the past 30 years the patterns are not new.
“What’s old is new again in cyber security. That is a trend that is as old as our industry itself,” said Young, citing WannaCry as a classic example of how attack methods endure, morph, change, evolve and combine new and different ways to spawn new generations of threats.
“The reason we see exponential growth in the complexity of the attack landscape is because there are force multipliers at work,” he said, adding that “there are ever more opportunities for attackers to insert new methods like living off the land attacks” that continue to make defenders’ jobs ever more challenging.
McAfee expects to see the increased use of scripting languages, abuse of legitimate application macros, file-less malware and cross operating system attacks.
As attackers continue to evolve, Young said defenders need to respond with greater precision in identifying attacks and with greater coverage and agility across the IT landscape.
In addition to the threatscape, he said defenders need to pay attention to the “shifting landscape of technology,” particularly the “major transformation” in the way applications are being developed, delivered and consumed, which is being driven by the cloud.
Software as a service (SaaS) is “completely changing the game”, said Young, and completely changing the way cyber defenders and cyber security suppliers need to think about their work.
“Enhanced connectivity is changing the nature of the interaction between the device and the application, they are becoming extensions of one another. Data increasingly resides between and among devices that are connected from everywhere and applications running in the cloud,” said Young.
Adding to the complexity, he said the role of the network is continuing to blur as users increasingly connect to applications and data in the cloud completely outside of organisational networks.
“On the other hand, with the IoT [internet of things], there are literally millions of new devices are connecting through those networks, and 5G is going to blow the doors wide open on this problem,” said Young.
“That convergence in our technology environments is as much a challenge as the convergence we are seeing in the threatscape, which means we will have to manage things differently, but we are not done yet because the regulators are now getting in the game,” he said.
Citing the EU’s General Data Protection Regulation (GDPR) as a prime example of significant regulatory change that is “upping the ante” around data protection and transparency in the use of data, Young said the GDPR is completely changing the regulatory landscape around the world.
The convergence in the threatscape, IT landscape, technology and the regulatory environment, is a pointer where cyber defence has got to next, he said.
“What it tells us is that it is time to speed up our ability to implement new methods of protection, to deliver the outcomes that cyber security professionals need to deliver on behalf of their organisations. It is time to unify threat defence and data protection in new ways in priority and in principle.
“They are not different domains. It is time to eliminate the silos that prevent us from being able to see, to manage and change our security controls in a changing operating environment. It is time to reap the benefits of every connected sensor we have available so we can get to those insights about our threat profile,” said Young.
Young argued that organisations that try to manage cyber security capabilities in siloed domains will fall behind.
“Attacks are increasing across devices and across platforms. They live in the cloud and manifest on devices and vice versa, so in time, your defences have to span different domains,” he said, adding that it is time for a new approach to cyber defence, starting with things that are “designed in and for the cloud to provide the agility and coverage that is needed.”
Noting his 2016 commitment to cloud and McAfee’s acquisition of Skyhigh Networks in January 2018, Young said McAfee now offers an “industry leading solution” that is designed to protect workloads, data and users across cloud-based software, platform and infrastructure environments as organisations move their infrastructure, data and users to the cloud.
“We now secure data in our cloud platform from, to and between clouds,” he said, which is done by applying behavioural analytics to identify threats and stop attacks that are born in cloud services. “We have converged the way we think about threat defence and data threat protection in our design just as they are converged in your cloud reality.”
Introducing MacAfee’s new Mvision portfolio, Young described it as a “new family of products” that are “cloud-led, cloud-native management-oriented” and built for the convergence that is happening in enterprise environments, encompassing a wide range of capabilities.
These already include ePO (ePolicy Orchestrator) as a cloud-based service, ENS (Endpoint Security), mobile security and cloud security. It will soon also include EDR (Endpoint Detection and Response).
“It’s the first of its kind family of cloud-based capabilities offering data protection and threat defence from the device all the way through to the cloud,” said Young, adding that it encapsulates what has been McAfee’s strategy for a number of years to “focus on where the action is”, which is in the cloud.
Mvision, said Young, is made up of five cloud-based capabilities representing McAfee’s commitment to the future. “[It is] our commitment to fearless innovation across all areas of our strategic roadmap, which delivers ultimately on a promise of true security [as a service],” he said.
“McAfee is the only company now that is empowering organisations to holistically manage security capabilities from device to cloud, and we are doing it all from within the cloud,” he said.
Looking to the future, Young said McAfee is setting its sights on providing unique insights into what is happening in any IT environment based on advanced analytics on data gathered from nearly a billion sensors deployed on consumer devices, within enterprises worldwide and across cloud environments.
“We are committed to an outcome-driven future where actionable insights can change the game for organisations against the attacker,” he said, by identifying what the attacker was after and whether they were successful or not, which device or third-party supplier was ‘patient zero’ and if the same attack has been seen elsewhere in the world.
While a lot of organisations can tell companies what is going on in their PCs and threats in the wild, “very few can bring it all together to give you the insight across the converging IT landscape the way that McAfee will,” said Young.
“We believe that for all the convergence that is happening, it is time to harness that to give you unique insights, and it is the next phase of our journey.”
Read more about McAfee
- McAfee’s chief Chris Young shares his views on Brexit, GDPR, encryption and his company’s new independence.
- McAfee forging ahead with its innovation efforts in advanced analytics, deep learning and artificial intelligence.
- McAfee intends to break the cycle of playing cat and mouse with cyber attackers by out innovating them, says technology head Steve Grobman.
- Adversarial machine learning tops McAfee’s 2018 security forecast.