The move is part of McAfee’s drive to go beyond machine learning to take advantage of the speed and accuracy of advanced analytics, deep learning and artificial intelligence (AI), and increase the efficiency of security operations.
The aim is to enable security teams to discover and assess data and root out threats more easily.
“Security teams are increasingly overwhelmed by the complexity they face in their environments, which hinders their ability to defend against the growing number of threats,” said Chris Young, CEO of McAfee.
“McAfee is acting on our ‘Together is power’ principle with collaborative security that combines the unique advantages of people, machines and partners, enabling teams to be situationally aware of security events and take swift action to thwart assaults – from the endpoint to the cloud.”
A recent McAfee survey shows the most effective security operations centres (SOCs) are analytics driven, with proactive threat hunting and automated investigative workflows creating an ongoing progression towards increasingly advanced security management.
Such effectiveness relies on the implementation of advanced analytics technologies, machine learning, deep learning and AI, to curate and visualise threat data so security analysts can make sense of it in a short amount of time.
According to company, its new McAfee Investigator uses machine learning and AI to increase accuracy and confidence of investigations by automating data collection and enabling security analysts of varied experience to fully assess threats in less time.
“Investigator reconstructs attacks that are happening across your environment; it builds on the other tools and platforms you’ve go in your environment using data science methodologies, bringing together local and global threat intelligence to help triage threats by teaming humans with machines," Young told the opening session of the conference.
“Unlike static analytics, Investigator allows you to reconstruct events and attacks in real time using the power of insight and intelligence. The goal here is really simple: we are trying to yield a more effective and accurate case closure, trying to help you close cases quicker, and to help you get to root ID and root cause with much higher confidence," he said.
New McAfee Investigator benefits include:
Accurate threat prioritisation: McAfee Investigator allows analysts to focus on the most significant threats by using advanced analytics to automatically collect, piece together and visually present suspected attack intelligence.
Fast and thorough malware investigations: Machine learning and artificial intelligence in McAfee Investigator continually learn evolving tactics, techniques and procedures to help analysts determine the right questions and explorations to yield efficient and accurate case closure.
Increased SOC efficiency: McAfee Investigator coaches analysts into implementing advanced thought processes and increases productivity with easy case content sharing.
To help organisations stay ahead of even the most advanced cyber attacks, McAfee has evolved its endpoint solutions to include even more complex analytics, arming security teams with the data needed to thwart an attack.
New McAfee endpoint capabilities include:
Decision making with deep learning: McAfee Endpoint Security uses many layers of mathematical “neurons” to assist with decision making and ascertain potential threats.
Pre and post execution machine learning: McAfee endpoint machine learning reviews files both before and after they execute, gaining knowledge with new data and increasing protection against never-before-seen threats.
Machine learning with reach: Industry analysts note that many advanced analytics solutions require significant data to build and train models. Globally, McAfee protects more than 22 million nodes with machine learning, with 300 million sensors serving as a source to inform algorithms, providing a vast data set for analytics technologies to learn from.
According to McAfee, its new McAfee Cloud Workload Security addresses the new visibility, management and security challenges of hybrid cloud environments, allowing organisations to eliminate blind spots with automation, secure critical workloads without slowing performance and simplify management with the McAfee ePolicy Orchestrator console.