1) The complexity of corporate IT is growing daily, with an 81% increase in mobile data traffic in 2013 and only 50% of data needing protection currently protected. Advanced attacks have a high material impact, costing companies billions annually.
2) McAfee's Connected Security Platform allows threat intelligence to be shared in milliseconds between endpoints, gateways and other security products to immediately protect organizations as threats are revealed.
3) The platform includes the Threat Intelligence Exchange, Enterprise Security Manager, and Data Exchange Layer to provide real-time visibility, adaptive security, and integrated protection and response across an organization.
Ransomware has plagued organizations of all types and sizes for years. Yet, we have still only seen these tools, techniques, and procedures applied to traditional on-premise networks, and cloud-hosted assets themselves. And while we have just begun to see the tip of the iceberg as it relates to global-scale sweeping attacks that leverage enterprise management technologies, we have not yet experienced the cascading impact of such an attack on the very cloud infrastructure we have come to rely upon. This is surprising, given the simplicity, speed, and sheer efficacy of such an event. In this session, we will highlight the overlaps and disparities between traditional and cloud environments, using MITRE ATT&CK as a guide, to get ahead of the adversaries, and proactively protect our organizations, our customers, and ultimately society as a whole.
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
Chris and Sean from Veeam discuss Availability, Disaster Recovery, and updating records per PIPEDA legislation. Veeam also discusses their solution to ransomware.
Ransomware has plagued organizations of all types and sizes for years. Yet, we have still only seen these tools, techniques, and procedures applied to traditional on-premise networks, and cloud-hosted assets themselves. And while we have just begun to see the tip of the iceberg as it relates to global-scale sweeping attacks that leverage enterprise management technologies, we have not yet experienced the cascading impact of such an attack on the very cloud infrastructure we have come to rely upon. This is surprising, given the simplicity, speed, and sheer efficacy of such an event. In this session, we will highlight the overlaps and disparities between traditional and cloud environments, using MITRE ATT&CK as a guide, to get ahead of the adversaries, and proactively protect our organizations, our customers, and ultimately society as a whole.
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
Chris and Sean from Veeam discuss Availability, Disaster Recovery, and updating records per PIPEDA legislation. Veeam also discusses their solution to ransomware.
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
If ransomware hasn’t held your business data hostage yet, it’s only a matter of time. Since 2013, a particularly nasty variation of ransomware called CryptoLocker has infiltrated countless businesses, encrypted files and demanded a pound of flesh for their safe release. With no relief in sight and new variations emerging regularly, ransomware continues to be one of the most widespread and damaging threats to businesses today. Is your continuity platform positioned to eat ransomware for breakfast?
Join Unitrends for a live webinar to understand how a layered protection strategy (and the news rules of recovery) can keep your business running – no matter what. We’ll cover:
• The current state of ransomware today
• What you need to do when you get infected
• How a rock solid continuity strategy will get you up and running quickly without having to pay a ransom
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
The pandemic jolted the world of IT out of its collective slumber. Cybercriminals continue to profit off ransomware attacks in record numbers, as more workers are working remotely. This leaves no business on the cloud immune to the threat of ransomware.
As methods and technology continue to advance it is critical that companies have multiple lines of defense in 2021.
In N2WS session (n2ws.com) during the March 2021 Optimize your AWS FEST (awsfest2021.com), we show how flexible and automatic cloud backup and efficient disaster recovery can save your company from losing all of its data in the case of a ransomware attack. Learn how to minimize your RTO, effectively restore your entire systems or just a file, clone your VPC environment and much more in order to 'Ransomware-proof' your cloud for 2021.
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.
The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered.
Determine your attack risk and learn what to look for in a quality cyber attack defense.
Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.
FireEye, Inc. is the leader in network malware control, dedicated to eradicating malware from the world's networks. FireEye provides the world's only malware control system designed to secure networks from targeted malware. Our solutions bring advanced network security together with state-of-the-art virtualization technology to combat crimeware and protect customer data, intellectual property and company resources, solving critical business needs without taxing your IT administration. FireEye is based in Menlo Park, CA and backed by Sequoia Capital and Norwest Venture Partners. For more details, visit http://www.fireeye.com.
Beveiligingsdag SLBdiesten: 26 juni 2015
Presentatie McAfee: Leer hoe op een (kosten)efficiënte manier gebruik kunt maken van nieuwe, geïntegreerde McAfee-technologieën voor de bescherming tegen geavanceerde malware. Door Wim van Campen, Regional Vice President North & East Europe, Intel Security.
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
If ransomware hasn’t held your business data hostage yet, it’s only a matter of time. Since 2013, a particularly nasty variation of ransomware called CryptoLocker has infiltrated countless businesses, encrypted files and demanded a pound of flesh for their safe release. With no relief in sight and new variations emerging regularly, ransomware continues to be one of the most widespread and damaging threats to businesses today. Is your continuity platform positioned to eat ransomware for breakfast?
Join Unitrends for a live webinar to understand how a layered protection strategy (and the news rules of recovery) can keep your business running – no matter what. We’ll cover:
• The current state of ransomware today
• What you need to do when you get infected
• How a rock solid continuity strategy will get you up and running quickly without having to pay a ransom
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
The pandemic jolted the world of IT out of its collective slumber. Cybercriminals continue to profit off ransomware attacks in record numbers, as more workers are working remotely. This leaves no business on the cloud immune to the threat of ransomware.
As methods and technology continue to advance it is critical that companies have multiple lines of defense in 2021.
In N2WS session (n2ws.com) during the March 2021 Optimize your AWS FEST (awsfest2021.com), we show how flexible and automatic cloud backup and efficient disaster recovery can save your company from losing all of its data in the case of a ransomware attack. Learn how to minimize your RTO, effectively restore your entire systems or just a file, clone your VPC environment and much more in order to 'Ransomware-proof' your cloud for 2021.
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.
The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered.
Determine your attack risk and learn what to look for in a quality cyber attack defense.
Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.
FireEye, Inc. is the leader in network malware control, dedicated to eradicating malware from the world's networks. FireEye provides the world's only malware control system designed to secure networks from targeted malware. Our solutions bring advanced network security together with state-of-the-art virtualization technology to combat crimeware and protect customer data, intellectual property and company resources, solving critical business needs without taxing your IT administration. FireEye is based in Menlo Park, CA and backed by Sequoia Capital and Norwest Venture Partners. For more details, visit http://www.fireeye.com.
Beveiligingsdag SLBdiesten: 26 juni 2015
Presentatie McAfee: Leer hoe op een (kosten)efficiënte manier gebruik kunt maken van nieuwe, geïntegreerde McAfee-technologieën voor de bescherming tegen geavanceerde malware. Door Wim van Campen, Regional Vice President North & East Europe, Intel Security.
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
As the volume and sophistication of attacks has increased, it has become even more critical for organizations to be able to rapidly and accurately identify malicious attack vectors and payloads at time of delivery. This session will explore Microsoft’s unique approach to dealing with this problem and also how we approach tracing and deconstructing a successful attack in order to prevent its’ next iteration.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- McAfee Portfolio Overview
- Endpoint Security Challenges
- McAfee Endpoint Protection Platform
- McAfee Active Response Overview
- McAfee Active Response Features
- McAfee Active Response Architecture
- McAfee Active Response Workflow
- McAfee Active Response Licenses & Packaging
Please note all the information is based prior to Aug 2019.
Splunk's Minister of Defense and security guru, Monzy Merza, shows how to use the Splunk App for Enterprise Security to detect, respond to and mitigate advanced malware through various phases of the threat's lifecycle chain.
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Esteban Próspero
1. .
Seguridad Conectada
La Nueva Generación de Protección para Empresas
Esteban Javier Próspero | Director, Ingeniería
@e_prospero
2. La Complejidad de IT Corporativa crece día a día
.
1. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2013-2018. Feb. 2014
2. IDC, The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in Far East. Dec. 2012
81%
crecimiento de
tráfico de datos
móviles en 2013 (1.5
exabytes/mes)1
50%
de los datos que
necesitan
protección están
protegidos hoy2
40%
de los datos estarán
en el cloud en el
20202
3. .
Ataques Avanzados: alto impacto material
3
VENTAS
caída 46%1
COSTOS
más US $61M1
1. http://online.wsj.com/news/articles/SB10001424052702304255604579406694182132568
2. McAfee, “Net Losses: Estimating the Global Cost of Cybercrime,” June 2014
3. Ponemon Institute 2013 Cost of Cyber Crime study
IMPACTO MARCA
INCALCULABLE
GANANCIAS
caída 34%1
Costo anual del crimen cibernético:
US $400.000 millones2
MULTAS POSIBLES
US $400M a $1.1B1
Costo promedio de ataques 2013:
US $11.6 millones3
Cantidad de ataques exitosos:
122 por semana por empresa3
Ejemplo de la cadena de retail TARGET*
4. Plataforma de Seguridad Conectada de McAfee
Security
Management
Threat Intelligence
Context and
Orchestration
Network Security Endpoint Security
.
Analytics
Deep Security
. 4
McAfee Confidential
5. .
Threat Intelligence Exchange
Adapt and Immunize—From Encounter to Containment in Milliseconds
Endpoint Endpoint
McAfee
ePO
Adaptive security improves anti-malware protection
• Better analysis of the gray
• Crowd-source reputations from your own environment
• Manage risk tolerance across departments / system types
Actionable intelligence
• Early awareness of first occurrence flags attacks as they begin
• Know who may be / was compromised when certificate or file
reputation changes
5
YES NO
McAfee
Global Threat
Intelligence
3rd Party
Feeds
Data Exchange Layer
McAfee
TIE Server
McAfee
ATD
McAfee
ESM
ePO : Policy Orchestrator
ESM : Enterprise Security Manager
ATD : Advanced Threat Detection
TIE : Threat Information Exchange
6. .
Threat Intelligence Exchange
Adapt and Immunize—From Encounter to Containment in Milliseconds
Endpoint Endpoint
McAfee
ePO
McAfee
ATD
6
McAfee
Global Threat
Intelligence
3rd Party
Feeds
Data Exchange Layer
McAfee
TIE Server
McAfee
ESM
NGFW NSP Web Gateway Email Gateway
ePO : Policy Orchestrator
ESM : Enterprise Security Manager
ATD : Advanced Threat Detection
TIE : Threat Information Exchange
7. Protección Instantánea en toda la Empresa
Data Exchange Layer
.
McAfee
ESM
Endpoint Endpoint
McAfee
ePO
McAfee
ATD
NGFW NSP Web Gateway Email Gateway
7
McAfee
Global Threat
Intelligence
3rd Party
Feeds
Gateways block access based on endpoint convictions
Security
components
operate as one
to immediately
share relevant
data between
endpoint, gateway,
and other security
products
Proactively and
efficiently protect your
organization as soon as
a threat is revealed
McAfee
TIE Server
ePO : Policy Orchestrator
ESM : Enterprise Security Manager
ATD : Advanced Threat Detection
TIE : Threat Information Exchange
8. .
ESM
DXL
TIE
SIEM: Enterprise Security Manager
Performance
Inteligencia
Situational awareness
Data Exchange Layer
Real-time
Comunicación bidireccional
Seguridad adaptativa
Threat Information Exchange
Visibilidad y control real time
Protección y respuesta integral
Seguridad adaptativa
Made in Cordoba desde hoy
9. .
Muchas Gracias
Esteban Javier Próspero @e_prospero
empleos.asdc@intel.com
Editor's Notes
The Security Connected platform from McAfee provides a unified framework for hundreds of products, services, and partners to learn from each other, share context-specific data in real time, and act as a team to keep information and networks safe.
The Security Connected platform includes integrated solutions that address (starting from bottom):
Analytics: McAfee ESM provides high-speed data mining and risk assessment based on hundreds of data sources and can directly integrate with McAfee countermeasures and threat intelligence to guide data-driven risk management.
Context & Orchestration: DXL is first extensible high-speed communication layer that allows intelligence sharing, product deployment, and distribution of policies and protections.
Threat Intelligence: Only McAfee creates an aggregate picture based on local, custom intelligence; a global, cross-vector threat intelligence network; and third party data services to drive countermeasure actions and efficient incident response.
And, finally, at the foundation of Security Connected is McAfee Security Management, which provides a critical connective framework and an open platform. It unites product and technology components as well as processes and policies to enable an efficient and secure IT infrastructure that businesses can build on as they identify and pursue global business opportunities.
McAfee Security Management create simplified management solutions that work together to give you complete visibility into your enterprise—including both a real-time and a historical view (what did that user do on that device across those days?).
That requires deep integration across endpoints, the network, and the management software. In other words, McAfee Security Management gives you the visibility you need to analyze risk across all elements of your security environment, and then to make informed decisions and respond in less time.
The products we’re about to talk about—including ePO, Deep Command, SIEM, and TIE—provide a connective framework that unites products, processes, and policies to enable a more efficient and more secure IT infrastructure that is ready for today’s threats, and those of tomorrow.
In this use case, we have several security solutions working together with TIE (of the many that are possible):
ePO (described earlier)
SIEM (described earlier)
DXL (real-time, bi-directional communications fabric)
Advanced Threat Defense (ATD): Analyzes malware behavior
In this example, <build 1> if an endpoint attempts to executes an executable file that has passed through VSE (may be suspicious, but neither DAT, GTI, nor VSE heuristics have enough data to convict it), TIE will send the file information to the TIE Server to learn more about it. The query is performed over the data exchange layer and includes file, process and environmental attributes recorded by the endpoint.
<Build 2> In this case, TIE has seen the suspicious-but-not-convicted file elsewhere in the enterprise but checks with GTI to see if the reputation has changed. From this point, the TIE server will check the McAfee Global Threat Intelligence in the cloud for a reputation. It will then send back the results of this look up back to the endpoint.
<Build 3> At this point, endpoint will take action according to the local TIE rules and risk tolerance-based policy admin has applied: 1. allow the file to execute. 2. Block it from executing but leave it in place. 3. Prevent execution and quarantine/clean because it is a known bad file. 4. Separately, TIE can sent the file to McAfee Advanced Threat Defense (ATD) for analysis (assuming you have ATD installed).
If we assume that the reputation change assigns a malicious reputation to the file, the TIE dashboards in ePO will display the systems who have inquired about the file in the past – indicating that they are compromised (they executed it too) or may be compromised (asked about but did not execute the file). Admin can quickly view where and when systems have experienced the file and take prioritized remediation steps. This information is available also to SIEM, which can provide further analytics and deep inspection triggered by the initial TIE reputation change event.
The next set of slides illustrate how Threat Intelligence Exchange works.
In this example, <build 1> if an endpoint attempts to executes an executable file that VSE has never seen before and is not part of our DAT file, it will send the file information to the TIE server to determine if it is a known file. In this case, it has determined if it is an unknown file and does not have a reputation for this file. The query is to be performed over the data exchange layer and is to include file, process and environmental attributes recorded by the endpoint with regards to this file
<Build 2> From this point, the TIE server will check the McAfee Global Threat Intelligence in the cloud for a reputation. It will then send back the results of this look up back to the endpoint.
<Build 3> At this point, there are has some options, 1. allow the file to execute, 2. prevent it from executing and quarantine it, 3. Prevent execution because it is a known bad file, 4. Or if it doesn’t know the reputation, it can sent it to McAfee Advanced Threat Defense (ATD) for analysis.
<Build4> to next slide
<Build 1>
Once classification is determined, ATD is to publish the information using the DXL
Endpoints, Gateways and other security components are to consume classification changes published by specific sources
Once a conviction is received endpoints immunize themselves –
Prevent on endpoints which had not observed this file as of yet
Detect and remediate on endpoints which had been previously infected
Once a conviction is received by gateways they are to block access based on endpoint convictions
Remark: The components added to this slide (McAfee ESM on the DXL, McAfee NGFW, McAfee NSP, McAfee MWG, McAfee MEG) are slated for a late 2H14 delivery