McAfee Labs provides important information about threats in a variety of ways, from our McAfee Global Threat Intelligence service that feeds into many of our products, to published Threat Reports, our online Threat Center, and many active bloggers. Although it is useful for security professionals to know about the latest threats, one question that I often hear from customers is “How does McAfee technology protect me from this threat?”
Along with today’s publication of the McAfee Labs Threats Report: November 2014, we are also publishing two solution briefs that answer this question for key threats highlighted in the report. These documents identify which McAfee products will help protect you from these threats and how that protection works.
One solution brief explains how to defend against the recent BERserk vulnerability. BERserk is not your typical unlocked backdoor or another way to steal passwords. Instead, this flaw makes it possible to forge RSA signatures. An attacker can then act as a man in the middle, capturing sensitive data or hijacking the session, while the user sees a supposedly secure and authenticated session. Servers and websites are the primary targets of BERserk attacks, so it is up to you to protect your company’s assets. McAfee Vulnerability Manager and McAfee Asset Manager work together to scan your network and build an inventory of network-connected systems. When new threats are discovered, they enable you to quickly and confidently identify which systems are running vulnerable versions. Armed with this information, your security department can patch or isolate the vulnerable machines, reducing your time to containment. Another product, McAfee Application Control, provides a similar function for your applications. McAfee Application Control maintains a dynamic whitelist as applications are patched or updated. For the BERserk vulnerability, it can block execution of applications that call the vulnerable RSA code.
BERserk is one of the most recent examples of a vulnerability or malware that takes advantage of people’s trust in systems and the Internet. Other examples include malicious advertising, which deliver malware through popular ad-driven websites. Or malware that uses valid certificates from a Certificate Authority (CA) that are similar to the name of a legitimate company. Or counterfeit applications that pretend to be an update to familiar and widely distributed apps, such as Adobe Flash Player.
Protecting against trust abuse is the subject of the second solution brief. Multiple McAfee technologies have a role in defending the trust that has been carefully nurtured between you and your customers. For example, at the remote end, McAfee VirusScan can detect and defeat copycat malware without disrupting your workday. McAfee Global Threat Intelligence delivers real-time information on certificate, site, and file reputation to proactively defend against digital con men. McAfee Email Gateway and McAfee Web Gateway watch for malicious URLs, deleting them from phishing emails and web traffic.
McAfee will continue to develop and publish solution briefs with each new McAfee Labs Threats Report and you will be able to find them here. We hope you find these solution briefs useful.
The post How Do I Defend Against Threats in the Latest McAfee Labs Report? appeared first on McAfee.