Recently, I wrote about the meaning of integration as it relates to protection against malware, why an integrated solution is important, and what is needed to deliver an integrated solution. Today, I’m going to highlight the importance of end-to-end protection in fighting the malware war.
Over the past three months, McAfee has made three important announcements:
- The completion of a tender offer for the acquisition of Stonesoft, a leading innovator in next-generation network firewall products (1).
- New endpoint security suites, which adds McAfee Deep Defender hardware-enhanced security protection, McAfee RealTime for ePO, and McAfee Risk Advisor to the enterprise-class suites (2).
- An extremely fast (Up to 70 Gbps burst, 40 Gbps sustained) Intel-based family of appliances to run our market-leading McAfee Network Security Platform intrusion prevention system (3).
These announcements vividly illustrate McAfee’s commitment to investing in all aspects of protection against malware. More specifically, they underscore our view that end-to-end security is imperative when working to build a comprehensive solution to defend against malware.
Why are these announcements significant in the context of comprehensive malware protection?
Stonesoft’s next-generation firewall complements our existing proxy-based McAfee Firewall Enterprise by offering sophisticated antimalware technology that protects enterprises from a class of attacks that bypass typical network security, simultaneously execute at multiple protocol layers, and change dynamically during the attack.
Our new endpoint security suites enhance detection of malware targeted at master boot records. A product of the collaboration between McAfee and our parent company Intel, McAfee Deep Defender is now included in the enterprise-class suites. The new suites also shorten time to remediation by triaging the assets at highest risk of malware infection and dramatically speeding up the remediation process.
McAfee’s new NS-Series IPS appliances are another product of McAfee’s collaboration with Intel. Nominally, the new appliances deliver much higher throughput than competitive appliances. But higher throughput makes it more practical to turn on next-generation IPS services like application visibility and behavioral analysis. As a result, more malware can be detected.
Why is end-to-end defense against malware important?
Malware can enter the target environment from anywhere and it generally infects operating systems or applications. According to the Verizon 2013 Data Breach Investigations Report, the most common entry points include:
- Direct install by an attacker who has gained access to a system over a network
- Email attachment or link
- Web drive-by
- Remote SQL injection
- Download by malware
In addition to the standard attack targets of operating system and applications, the McAfee Labs Q4 Quarterly Threat Report, saw that cybercriminals are now aggressively moving “lower” in the endpoint to attack the BIOS and storage stacks.
And in the 2013 Threat Predictions report, McAfee Labs predicted that mobile endpoints will be a top growth area for attackers this year.
Given the broad range of attack vectors and the proliferation of attack targets, end-to-end protection is a basic defensive strategy. Gartner, in their recently published research note “Strategies for Dealing With Advanced Targeted Attacks,” recommends that most organizations deploy a bulwark of antimalware technologies including firewalls, intrusion prevention, web gateways, endpoint protection, vulnerability and change management, SIEM, application control, and mobile security. And organizations that are frequent attack targets should also deploy forensics, threat intelligence, DLP, and sandboxing.
McAfee and end-to-end protection against malware
McAfee is the only vendor that offers protection against malware at all points in the IT infrastructure, from the endpoint hardware to the network to the data center. Here are the main security vendors and where they fall short when thinking about end-to-end protection against malware:
- Symantec, Microsoft – No network security, no hardware-enhanced endpoint security, very little protection against advanced threats, no endpoint to network to data center “single pane of glass” security management
- Kasperksy – No network security, no hardware-enhanced endpoint security, no endpoint to network to data center “single pane of glass” security management
- Sourcefire, Cisco – No endpoint security, no endpoint to network to data center “single pane of glass” security management
- FireEye, Palo Alto Networks – No endpoint security, no endpoint to network to data center “single pane of glass” security management , no (FireEye) or weak (Palo Alto Networks) real-time global threat feed
The 451 Group, in a recent note commented”
“What’s interesting to note is that McAfee, which started off as an endpoint security vendor, has been working diligently to increase its network security capabilities so that it can provide visibility across both the endpoint and the network – this has certainly been motivated by the growing evidence of directed attacks as well as the need for comprehensive defenses, including the network. This ability to traverse both endpoints and networks is something that more companies will be looking to obtain, either through partnerships, developing in-house capabilities or M&A.”
The unfortunate truth is that we are in a perpetual arms race with attackers and for most of them, malware is their weapon of choice. If we want to adequately protect ourselves, we must stay ahead of the attackers by deploying defensive shields wherever their malware weapons are being used.