How McAfee Is Thwarting An ‘Energized Adversary’ Made Worse By COVID-19

“It is clear adversaries are consulting an old playbook that says, ‘Never waste a crisis.’ Expanding cyberthreats, the changing marketplace, and changing technology environments are key in helping to inform our strategic choices and investments,” says McAfee President and CEO Peter Leav.


The IT industry’s push towards digital transformation is being driven by an accelerated migration to the cloud and an evolving threatscape with opportunistic adversaries, and McAfee is responding with new ways to predict and analyze ever-changing security threats.

That’s the theme from McAfee President and CEO Peter Leav (pictured) and other McAfee executives who Thursday discussed the current security environment and the San Jose, Calif.-based company response during McAfee’s MPower Digital 2020 conference.

2019 has seen challenges as businesses were forced by the pandemic to migrate to a “connect from home by any screen” workforce even as cybercriminals continued to grow stronger and take advantage of COVID-19 as a lure, Leav said.

Sponsored post

[Related: The 2020 Security 100]

“There is no doubt that we have an energized adversary,” Leav said. ”And we’ve seen an increase of more than 40 percent in publicly-disclosed incidents in the first half of 2020.” Using the pandemic as a launchpad, adversaries are drawing on their traditional tools, but with a pandemic twist, Leav said.

External attacks on cloud services grew 600-plus percent from January to April, with education seeing the second-highest spike after the learn from home model was put in place overnight in March, he said.

COVID-19-themed ransomware has also entered the threatscape, with pandemic-themed threats that include RDP exploits, scam URLs promoting fake Johns Hopkins University infection maps, fake marketplaces for PPE, and malicious spam packaged as pandemic safety resources and COVID-19 testing, all to lure remote workers into social engineering traps, he said.

There was also a dramatic spike in PowerShell malware in the first quarter of 2020, up almost 700 percent year-over-year, and growth in new IoT malware of over 50 percent.

“It is clear adversaries are consulting an old playbook that says, ‘Never waste a crisis,’” he said. “Expanding cyberthreats, the changing marketplace, and changing technology environments are key in helping to inform our strategic choices and investments.”

McAfee is in a very strong position with a strong financial foundation, a record of innovation, and the right team to help innovate and lead, Leav said.

“Our strength powers deep investment in both organic and inorganic innovation to help you protect what matters most to your organization,” he said.

One McAfee innovation now aimed at these new threats is MVision Insights, which Leav said helps customers prevent, predict, prescribe, and pre-empt threats.

“Because of the massive amount of data that McAfee can access from telemetry from more than 1 billion endpoints, this helps identify targeted threat campaigns to your industry and to your enterprise,” he said.

One of MVision Insights’ more timely use cases is the McAfee COVID-19 Threat Dashboard which is updated daily by the company’s Advanced Programs Group, Leav said. The Dashboard features counters for total malware detections, unique hashes, and the top verticals under attack. MVision Insights can also monitor campaigns targeting a specific country, industry, or sector of the military, he said.

“It’s something only McAfee can offer,” he said. “Customers have shared that having a databank of intelligence and knowing what action to take based on that intelligence is invaluable. With those insights, analysts can take corrective action as we move towards McAfee XDR security, all within one platform.”

McAfee Thursday also introduced the new MVision UCE, or Unified Cloud Edge, portfolio. Leav said MVision UCE aims to address the need for visibility, data protection, access control, threat protection, vulnerability management, and configuration management, all with orchestration and automation with market-leading CASB (cloud access security broker), DLP (data loss prevention), and next-generation secure web gateway solutions.

“Our unified cloud edge solution, commonly called Secure Access Service Edge, also provides organizations in this new environment the ability to shift workloads and data into the cloud, all while maintaining security policies across CASB, DLP, and web gateway,” he said.

“Like your organization, McAfee is successfully navigating these changing times,” he said. “And we remain committed to helping you stand up environments which enable, and protect business continuity.”

Lynne Doherty, McAfee executive vice president of global sales and marketing, told the McAfee MVision attendees that, while 2020 has been filled with lots of uncertainty, there are some things that have remained a constant.

These include the need to accelerate transformation, the critical need to stop threats quickly, and the need to drive efficiency and work smarter with security solutions, Doherty said.

“And, if these challenges weren’t already difficult and complex to manage, in the past few months, they have become even more critical to our organizations,” she said.

Adding to the above is the new challenge of managing remote workplace environments put in place because of the pandemic, forcing businesses to adopt and solve new problems even scramble to keep managed and unmanaged devices safe while worrying about cloud data exfiltration, the use of SaaS outside of corporate networks, and the strain and cost of added VPN connections, Doherty said.

McAfee’s answer to providing the needed flexibility starts with its MVision UCE technology for cloud data protection and secure direct-to-web browsing, Doherty said.

McAfee is also improving the insights businesses have into their environments with its MVision Insights technology, which takes advantage of threat telemetry from 1 billion sensors and global threat intelligence with 50 billion threat queries per day, she said.

“McAfee MVision Insights brings you the knowledge you need to proactively stop threats,” she said.

Cybersecurity is going through a series of seismic shifts, driven by digital transformation and migration to the cloud, said Steve Grobman is senior vice president and chief technology officer at McAfee.

“The threatscape continues to evolve, impacting the foundation of our IT infrastructure,” Grobman said. “We must evolve our response to these threats with a more adaptive cyber architecture.”

McAfee is unique in being the only vendor focused solely on security at scale, Grobman said.

“McAfee products perceive the threatscape through different vantage points including endpoint, network, cloud, and edge, giving us a holistic perspective,” he said.

McAfee does so in two ways, Grobman said. The first is with threat intelligence, where the company is dedicated to tracking, monitoring, and dissecting the threats that can harm businesses. The second is cyber defense technology, where the focus is on staying one step ahead of the attacker,” he said.

“Our goal is to help you and your organization avoid a really bad day, every single day,” he said.

Cybersecurity is in many ways like trying to prevent impacts from earthquakes, Grobman said.

While there are thousands of seismic sensors all over the world, a specific earthquake is impossible to predict, although the data from those sensors can be used to make other predictions, such as how likely earthquakes of a certain magnitude are to occur in a specific geographic location,” he said.

“We can use this data from an earthquake that has occurred to predict subsequent events that result from it,” he said. “For example, detecting an earthquake in the middle of the ocean can allow us to predict the impact of the resulting tsunami.”

Having the right data, a good understanding of what signals actually exist in the data, and the right technology to extract those signals from the data, is what McAfee Insights does when it comes to cybersecurity, Grobman said.

“Just like seismic sensors can provide the data needed to predict an impending tsunami, Insights provides the early warning capability to see a threat rapidly racing towards your organization,” he said. “Insights alerts you to the high-impact campaigns that you need to be aware of and provides prescriptive guidance on how to defend your organization.”

Insights does this by analyzing threat telemetry from a billion sensors, both globally and within an organization, along with the threat research developed by McAfee’s world-leading Advanced Threat Research team, Grobman said. It also uses metadata about a company’s security posture to deliver custom recommendations on what products and configuration are needed to defend against specific, high-impact, in the wild threats, he said.

The threatscape is becoming more lethal, more complex, and more sophisticated, Grobman said.

As we all know, there’s no silver bullet technology,” he said. “It inherently requires a comprehensive set of highly sophisticated, next-gen solutions. Furthermore, they must be operated efficiently, to allow our cyber defenders to focus on the threats that matter.”