McAfee turns to sandboxing, “signature-less” threat detection
At RSA Conference 2013 in San Francisco, McAfee announced that it has acquired the ValidEdge sandboxing technology that provides advanced threat detection by running suspected malware in a “sandbox” and learning what impact a suspected malware sample will have on an endpoint.
Unlike other sandboxing solutions, this new technology, when integrated with McAfee’s other network and endpoint anti-malware products, will automatically block future attacks by convicted malware samples. It will also provide signature information so that already infected endpoints can be remediated automatically by McAfee ePolicy Orchestrator.
A single point product cannot deliver comprehensive malware protection. The only way to effectively combat the onslaught of malware threats now numbering close to 100,000 per day is through an integrated, end-to-end, holistically-managed approach to security. To support that comprehensive approach, McAfee has made over 30 significant anti malware product enhancements including the following:
- McAfee Network Security Platform – Adds new “signature-less” threat detection and prevention technologies, strong botnet prevention, deep file analysis, and a powerful anti-malware engine capable of detecting advanced malware across a full range of protocols and file types. It also adds intelligent alert prioritization to automatically prioritize network events and improve integration with McAfee ePO and McAfee Enterprise Security Manager, making use of real-time information so operators have the full context of an attack, at the precise time of the attack.
- McAfee Web Protection — Now expands emulation capabilities to identify advanced malware that dynamically changes in the browser in an attempt to avoid detection. It also adds a new outbound detection technique that reveals bot infections attempting to receive additional malicious code. Expanded reporting capabilities include actionable reporting to help reduce attack vulnerability by simplifying the blacklisting process across McAfee ePO-connected products.
- McAfee Email Protection – Can be deployed on-premise, in the cloud, and now as an integrated combination of both with a single pane of glass architecture, reducing cost and increasing efficiency while blocking malware away from the network. Also adds graymail filtering to improve employee productivity.
- McAfee Enterprise Security Manager – Active integration with ePolicy Orchestrator, Network Security Platform and McAfee Vulnerability Manager automates quarantine, scan, and policy command execution – turning actionable intelligence into intelligent action.
- McAfee Real Time for ePO – Announced earlier this month, this new product enables security decisions based on “what is” versus “what was” by querying and identifying every compromised endpoint in an organization in seconds in order to remediate those endpoints. It increases situational awareness and reduces exposure, risk, and cost of security.
- McAfee Deep Defender – Provides protection against master boot record (MBR) rootkits. Any driver attempting to write or read a MBR is now monitored through Deep Defender, which operates beyond the OS and is enabled by hardware-enhanced security with Intel. It prevents MBR rootkits from modifying the MBR in real-time.
“McAfee has been investing in technology to help our customers protect against malware for 20 years,” said Pat Calhoun, senior vice president and general manager of network security at McAfee. “We are now extending our lead in malware protection by continuing to invest in new products and product enhancements. Point products can’t provide adequate protection against these advanced attacks, which is why McAfee is delivering an integrated, multi layered, managed solution that provides comprehensive malware protection across endpoints and networks.”
McAfee plans to deliver the first product that integrates the new sandboxing technology in the second half of 2013.