White Paper When it comes to fighting modern malware, there is no “silver bullet” that can guard against every threat every time. That’s why Intel Security takes a different approach. We combine multiple layers of advanced malware protection, detection, and correction technologies into a single endpoint defense fabric. To keep up with cyberthreat innovation, effective detection and analysis requires new state-of-the-art anti-malware technologies: Real Protect and Dynamic Application Containment, complemented by the McAfee® Advanced Threat Defense sandbox. Find out how these tools work together to systematically protect against the most dangerous malware threats. The Security Snowball...
White Paper
When it comes to fighting modern malware, there is no “silver bullet” that
can guard against every threat every time. That’s why Intel Security takes
a different approach. We combine multiple layers of advanced malware
protection, detection, and correction technologies into a single endpoint
defense fabric. To keep up with cyberthreat innovation, effective detection
and analysis requires new state-of-the-art anti-malware technologies: Real
Protect and Dynamic Application Containment, complemented by the McAfee®
Advanced Threat Defense sandbox. Find out how these tools work together
to systematically protect against the most dangerous malware threats.
The Security Snowball Effect
As malware grows more sophisticated and harder to combat, it’s tempting to believe that there is a
breakthrough technology that will solve the problem. But the reality is, modern adversaries are far
too clever for that. There are great solutions out there for combating a particular kind of malware
that infects your endpoints in a particular way. But the minute you rely on a single technology to
protect your business, adversaries find a way to fool it. All of a sudden, you need another solution.
And then another. Soon, you’re dealing with the security snowball effect: you’re juggling a dozen
different security tools, each with its own separate console, each requiring specialized processes
and expertise. Who stitches all of those tools together so that your security team isn’t buried in
complexity and delays? In most cases, you do—if they can be brought together at all. All of that
effort adds critical seconds (and hours, and days) at a time when you can least afford it—when you’re
responding to a potential threat. At the same time, it takes up valuable time and strains your scarcest
resource: your people.
Malware represents a special challenge: you need tools for opportunistic, evasive, zero-day, targeted,
and weaponized malware, as well as defenses against the inevitable “patient zero,” when malware
gets past defenses and works to compromise a system. If you omit or unplug any of these capabilities,
you can be sure that route will be the avenue your attacker uses. And, realistically, the malware
itself is just part of the attack chain. The content and actions associated with malware bring value
to security analysts in the security operations center, as well as guide improvements to all of the
enterprise’s preventative controls, including web gateways and network intrusion prevention systems.
For these reasons, businesses don’t need one amazing technology to fight the modern malware
threat. They need multiple technologies, not just co-located, but working together in an integrated,
automated way to ensure that even if a threat makes it past one layer of your defenses, it won’t make
it past all of them. Intel Security is the only anti-malware vendor that uses a truly integrated and
coordinated endpoint defense fabric—with connected components working with each other. With
this design, your defenses can combine the capabilities they need moment by moment to protect
better than any technology working in isolation.
The End of Uncoordinated Security
The new generation of Intel® Security anti-malware and endpoint security technologies coordinates
multiple layers of state-of-the-art defenses to combat the most sophisticated, well-hidden threats.
Unlike security strategies based on isolated products, these complementary defenses operate
as a system to identify malware. Then, they go beyond that to integrate detections with blocking,
containment, and investigation to make threat management simpler, faster, and more effective. They
make the most effective use of the latest dynamic, static, machine learning, reputation, and sandbox
technologies and enable enterprises to tailor actions to their own situation.
Busting the Myth of the Malware “Silver Bullet”
3
White Paper
¦¦
¦¦
¦¦
Pre- and post-execution machine learning analysis: Real Protect, available in the new
generation of McAfee Endpoint Security, peels away the latest obfuscation techniques
to unmask hidden threats, so zero-day malware has no place to hide. It ushers in a new
age in endpoint security by introducing machine learning techniques that perform both
pre-execution static analysis (What are the features of the file?) and post-execution
behavioral analysis (What does it actually do?)—all without signatures. It stops more
malware than any signature-based or static-only solution—blocking most malware at the
endpoint before it ever has a chance to execute.
Suspicious process containment: Dynamic Application Containment, another available
component of McAfee Endpoint Security, protects patient zero endpoints from
previously unknown “zero-day” malware infections by immediately blocking process
actions that malware often uses. Designed to halt malicious changes to endpoints and
available only from Intel Security, Dynamic Application Containment doesn’t hold up the
endpoint (and the user) for minutes at a time while an unknown file is analyzed. Dynamic
Application Containment lets the suspicious file load into memory without allowing it to
make changes to the endpoint (such as changing the registry or deleting files) or to infect
other systems while under suspicion. The endpoint and user can remain fully productive
while providing an opportunity for more in-depth analysis.
Threat sandboxing: The McAfee Advanced Threat Defense sandbox solution provides
powerful capabilities to detect the most advanced targeted malware and convert newly
discovered threat information into immediate action. It detonates suspicious files in a
safe environment and performs in-depth static code analysis on the entire code base to
gain the granular insight needed to conclusively convict or exonerate a threat. When a
new malware threat is uncovered, McAfee Advanced Threat Defense links with McAfee
Threat Intelligence Exchange to inform other security systems—from endpoints to the
network edge—about the new threat and inoculate the broader environment, thus
shortening the gap between threat detection, correction, and proactive protection.
Individually, each of these technologies provides important anti-malware capabilities. Together, they
are part of a multilayered defense environment that stops most threats before they infect patient
zero and then coordinates threat response in near real time, without manual intervention.
Organizations can coordinate Real Protect, Dynamic Application Containment, and McAfee
Advanced Threat Defense capabilities, turning different layers up and down for different
organizational needs, or even different areas of the business.
Flexibility for Different Organizational Needs
All three Intel Security solutions provide important malware defense capabilities, but different
organizations will use them in different ways. Here’s what that might look like in practic
White Paper Insiders are responsible for almost as many losses, breaches, and thefts of sensitive and confidential data as cybercriminals. According to a recent Intel® Security data exfiltration study, more than 40% of data loss is caused by...
Report Foreword I am pleased to provide a foreword to Intel Security’s survey and research paper, “Building Trust in a Cloudy Sky”. This report contains a rich set of findings of the progress towards cloud adoption by a diverse global audience...