McAfee aims to strengthen human-machine defense teams

“Today’s security teams are facing 244 new cyber threats every minute, amid a serious talent shortage. Siloed security, without automation, managed by overwhelmed teams is not a sustainable defense strategy,” said Raja Patel, Vice President and General Manager, Corporate Security Products, McAfee.

The newly released McAfee Advanced Threat Defense v4.0 software introduces an innovative deep learning technique to enhance detection and expands advanced analysis capabilities within email attachments, resulting in more comprehensive protection across the network as new threat intelligence and reputation updates are shared throughout the ecosystem.

New enhancements for McAfee Enterprise Security Manager (ESM) include integrated, patented countermeasure-aware risk analysis to help security operations teams identify threats and assess the impact of new vulnerabilities, as well as new support for critical SOC use cases:

• Accurate Insight into exposure and risk: McAfee ESM now improves risk assessment by factoring in active, relevant countermeasures and priority guidance from McAfee GTI, providing a more accurate understanding of exposure and potential impact. The new Asset Threat Risk Content Pack 2.0 feature delivers security configuration, compliance posture and patch assessment in a single view.
• Rapid use case deployment: The new McAfee Connect content portal simplifies access to freely available, simple to deploy use cases and solution integrations. Through the portal, McAfee customers can find tools to activate monitoring, detection and incident management tasks, including user behavior analysis and detection of malware exploits and reconnaissance.
• Effortlessly monitor and analyze cloud activity: Easy incorporation of Microsoft Office 365 actions and events enables monitoring and analysis of user activity within cloud services.

McAfee Data Loss Prevention (DLP) Endpoint, DLP Prevent, DLP Discover and DLP Monitor are now fully unified. New capabilities include:

• Unified policy management across network and endpoint DLP built upon a common classification engine, dictionaries, regular expression engine and syntax.
• Simplified incident and case management speeds investigation and remediation of risk or suspicious user behavior by line-of-business data stewards, and information security professionals alike.
• Common file, email, web traffic and database analysis across endpoint and network DLP to ensure consistent enforcement of corporate data usage policies.

McAfee’s dynamic endpoint protection collaborates across products, allowing new technology to easily integrate without a complete architecture rebuild, and leverages machine learning to improve detection capabilities. New capability includes a new integration between McAfee Cloud Threat Detection (CTD) and McAfee Threat Intelligence Exchange (TIE) enables McAfee Endpoint Security (ENS) to forward suspicious samples to a cloud sandbox for in-depth analysis.

Finally, the company has expanded its commitment to open source through support of a new, independent open source community, OpenDXL.com. This collaborative portal includes a community innovation forum, a freely available app marketplace, and a “bootstrapper” toolkit to help developers and integrators create API service wrappers.