Working with third-party vendors, including competitors, helps ensure organizations have the best cloud security in place.

That’s according to D.J. Long, McAfee‘s vice president of strategic business development. He leads McAfee’s Security Innovation Alliance (SIA) partner program, which includes security software vendors with products that can enhance, augment, strengthen and broaden the core functionality of McAfee’s portfolio.

At last week’s McAfee MPower 2019 Cybersecurity Summit, we spoke with Long about the growth in partnerships and integrations, and how that’s helping customers stay one step ahead of cybercriminals.

CF: One of the main messages at MPower has been the need for working together and less of that competitive aspect. Can you elaborate on that?

McAfee’s D.J. Long

DL: Our perspective is that no one security company can meet all the needs of any sophisticated corporate end-user account, so we’re well-served by aligning ourselves with companies that can augment or strengthen, or extend our core functionality by virtue of collaboration. And a unifying technology is oftentimes data exchange layer (DXL), so that’s facilitating the ability of our products to work collaboratively together in a very efficient way that increases the efficacy of our mutual products together. So it really does benefit our customers quite effectively.

CF: Can you talk about the evolving threat landscape and how all of this is helping the effort to stay one step ahead of cybercriminals?

DL: As the attack surface broadens and the sophistication of attacks increases, our customers are caught in that bind of having to deal with both of those factors along with declining budgets or fewer cybersecurity professionals that they can actually deploy to actually fend these attacks off. So our ability to provide anticipatory technologies like with MVision Insights, combined with our collaboration efforts with our business partners that enable us to really address that attack surface expansion, I think is enabling them to have safer security environments, and I think that’s a trend that many of our competitors are attempting to emulate. I think we’re a step ahead, and we’re a step ahead because we have the best open ecosystem in the cybersecurity industry. We’ve got a very well-balanced set of companies that work with us in all segments of the security industry so that we can meet the needs of a very broad range of customers on a very significant basis.

CF: Open ecosystem has been a big aspect of the conference. Is that rare in the industry?

DL: I think a lot of companies try to do it and not many of them do it successfully. Oftentimes what happens is companies become much more self-centered in terms of advocating their agenda as opposed to meeting the agendas of the customers. We’re adopting a truly open approach. In our case, we’ve put a lot of action behind our words here. We’re perfectly happy to work with our competitors if it’s in the interest of our end-user customers. For example, we work very closely with IBM Security. They have a security information and event management (SIEM) product called QRadar that competes with our Enterprise Security Manager (ESM) product, and we have a lot of common customers who have asked us to be …

… properly integrated with QRadar. Our philosophy is, as long as we can publish and subscribe into and out of that environment, it’s in our mutual best interest to do so. So what we found is by collaborating in that effort to have it be bilateral in nature, it does result in better security outcomes.

CF: How can this help alleviate the ongoing cybersecurity talent shortage?

DL: It definitely can, especially with respect to automation and orchestration. So anything that can be automated or orchestrated reduces the time it takes to address arguably an indicator of compromise (IoC). So if we can help our customers embrace those sorts of solutions in the context of McAfee products, we can help them to a certain extent address that issue, which is profound and getting worse.

CF: A year from now, what do you want to see in terms of integrations, partnerships?

DL: I think our perspective, what I would like to see a year from now, is broader, deeper adoption of our cloud solutions. So cloud solutions are becoming increasingly pervasive; most of our customers are adopting hybrid cloud environments. They aren’t necessarily going private or public exclusively, and I think the envisioned themes that we’ve reinforced and that we’ve been actually delivering consistently over the past two years will establish that foundation we can build upon. So a year from now, I’d like to see a broader and deeper adoption of our MVision solutions within the context of our partnerships, which again help us to exploit the benefits of a cloud-based environment on behalf of our customers. That would be the most significant benefit.

CF: What could be holding back adoption?

DL: One of the most interesting things about looking at the adoption of primarily public cloud-based solutions is the level of penetration into that addressable market. Despite the rapid growth rates we’re seeing, it’s actually remarkably small. There’s still immense market opportunity for McAfee and other companies to begin to address. I think one of the things that’s holding customers back periodically is they’re concerned that being in the cloud is less secure as opposed to being more secure, when in reality is really is more secure than being less secure. There are certain obstacles that need to be overcome to give customers that elevated sense that their security is actually enhanced by migrating in that direction. And vendors like us are taking steps to protect the data that is in the public cloud environment on behalf of our customers, and Amazon‘s protecting the infrastructure. So by collaborating with [Amazon], we can help to address those objections that certain customers may have as they migrate in that direction more effectively. There’s always going to be a certain element of companies that are reluctant to move ultrasensitive material in that direction perhaps for regulatory purposes, for example, but we think that combining those efforts …

… in the context of what we’re doing with MVision can help overcome those objections.

Massive Increase in Business Email Compromise

A new quarterly report by Mimecast shows business email compromise (BEC) attacks skyrocketed 269% since the previous quarter.

The latest Email Security Risk Assessment (ESRA) shows the spike in emails containing dangerous file types, malware attachments and spam being delivered to users’ inboxes from incumbent email security systems.

BEC attacks are not the only method cybercriminals have been successfully leveraging to target organizations. The report found nearly 28.8 million spam emails, more than 28,800 malware attachments and more than 28,700 dangerous files types were all missed by incumbent providers and delivered to users’ inboxes, an overall false-negative rate of 11% of inspected emails. The results from the report demonstrate the need for the entire industry to continue to work toward a higher standard of email security.

Matthew Gardiner, Mimecast cybersecurity strategist, tells us BECs specifically tend to be very targeted and are a major challenge for email security providers to detect. Detection requires sophisticated analytics, high-performance processing and expert analysts to keep up with the evolving techniques of the cybercriminals. There is an opportunity and need for security providers to improve the ability to detect these types of attacks using all possible analytic techniques, information sharing and threat intelligence, he said.

Mimecast’s Matthew Gardiner

“Businesses should assess their email security system specifically for their ability to detect BECs, as they are a different class of email-borne attack from the traditional malware attachments or malicious URLs,” he said. “They also need to assess their security awareness training programs to ensure that these types of attacks are accounted for in the curriculum. Finally, they must review their business processes around sensitive areas, such as accounts payables, to make sure that they aren’t susceptible to a single point of failure (such as a single email to send off large amounts of money, for example).”

The continued acceleration of targeted email-borne threats and a shift of attacks from general, broad-based attacks to these more hypertargeted types continues to be notable, Gardiner said.

SolarWinds Unleashes Identity Monitor

SolarWinds has unveiled its new Identity Monitor, designed to help IT and security professionals strengthen their security and combat account fraud, loss of revenue, brand damage and spam by automating account takeover (ATO) prevention.

Employees often unwittingly make ATOs even easier for malicious attackers by reusing passwords across personal and work accounts. Identity Monitor notifies IT if credentials belonging to their organization’s domain have appeared in a data breach. Credential exposures are often …

… uncovered through attempted sale on the dark web.

Identity Monitor allows IT to take steps to mitigate the risk posed by compromised credentials, and the customer gets notified to reset their password proactively, thereby reducing the opportunity for an ATO attempt, according to SolarWinds. It also helps IT and security professionals encourage employees to set passwords in accordance with the National Institutes of Standards and Technology (NIST) guidelines for strong passwords.

Brandon Shopp, SolarWinds’ vice president of product strategy for security, tells us Identity Monitor should give partners additional opportunities to help their customers adopt stronger security in their businesses.

SolarWinds’ Brandon Shopp

“This is a very simple product to use and consume, as the complexity sits in actually gathering the data and adding it into our breach database,” he said. “Once end users define domains and email addresses in the product, Identity Monitor will immediately provide them with the information we already know about them. Identity Monitor executes this process over time, as well, as our breach database grows and more data is available to match to their organization; we’ll notify customers so they can then take appropriate action, such as forcing a password reset or enabling two factor authentication, if applicable.”

Identity Monitor will give partners a competitive advantage because all organizations – no matter the size – are targets for attacks and breaches, Shopp said. It allows organizations to make the transition from being reactive to more proactive, addressing potential security issues before they become a fire drill, he said.

“Imagine, as an MSSP, wanting to either win an organization’s business or continue to show value to an existing customer,” he said. “The ability to show those prospective customers what the dark web knows about their organization’s employees and demonstrate how the MSSP can not only help address those known issues, but also notify customers any time their employee data shows up in a new breach – sometimes even before that breach is public – will be a significant differentiating benefit to partners.”

Palo Alto Networks Debuts Latest SOAR Platform

Palo Alto Networks has beefed up its Demisto security orchestration, automation and response (SOAR) platform, which allows security teams to automate repetitive tasks and reduce the volume of alerts they receive — allowing them to prioritize based on severity and risk.

Palo Alto Networks’ Karl Soderlund

Demisto 5.0 allows security analysts to tailor the way they visualize incidents while making it easier for security teams to manage and automate incident response, according to Palo Alto.

Demisto 5.0 includes new features suggested by customers, partners and independent users. A reimagined user interface (UI) can be customized to fit different incident types and security personas. The UI also feeds into threat intelligence enhancements that enable users to visualize indicator intelligence from integrated sources and act on them in a scalable manner.

Karl Soderlund, Palo Alto Networks’ senior vice president of worldwide channel sales, tells us Demisto 5.0 makes it easier than ever for partners to scale and expand their cybersecurity services.

“Several factors contribute to the growing need for cybersecurity services: cloud adoption, the IT talent shortage, and compliance and regulations just to name a few,” he said. “This opens up huge opportunities for partners to deliver the services expertise our customers need for effective threat hunting and incident response. We are also seeing rapid expansion into managed services to monitor network, endpoint and cloud environments around the clock. Examples of these services include: managed prevention, risk assessment and incident response.”