Groundbreaking Threat Intelligence Advancements From .
SOLUTION BRIEFGroundbreaking Threat IntelligenceAdvancements from McAfee LabsGain the advantage over adversariesEnterprise security professionals are well aware that attackers are rapidly gaining an advantage. Securityteams are constantly scrambling to stay ahead of the next complex, large-scale campaign often targeted atspecific organizations. Adversaries have fine-tuned their tools to such an extent that only 12 to 15 toolkitsare responsible for generating millions of unique malware samples. And 70% to 90% of malware samples areunique to a single organization.1 Sophisticated and continually evolving cyberattack techniques, like botnets,ransomware, and advanced persistent threats (APTs), evade security solutions and are increasingly difficultto detect, thwart, remediate, and prevent in the future. A sense of urgency dominates every decision andevery action.Organizations are coming to the realization that a collaborative, proactive threat defense is absolutelyessential for an effective defense. Security operations and threat/incident management start with a solidunderstanding of who the adversaries are, the tactics they use, indicators of compromise (IoCs), the surfacesat risk, and, potentially, the motivations behind the attack. And that’s where high-quality, actionable threatintelligence comes into play for protection, detection, analysis, and containment.1Groundbreaking Threat Intelligence Advancements from McAfee LabsThreat intelligence is gaining groundin today’s security organizations.A recent SANS Institute surveyreveals that 69% of respondents areusing threat intelligence to someextent, and 37.6% of those usingthreat intelligence are seeing a 50%improvement in their organization’sresponse to events in terms ofcontext, accuracy, and/or speed. 2
SOLUTION BRIEFThreat Intelligence ObstaclesBut getting visibility to today’s threat landscape can be acomplex proposition. It’s easy, for example, for securityteams to drown in the high volume of threat intelligencedata produced by sensors and other threat intelligencesources. The endless variety of threat intelligence dataand the relevance of this data require understandingand advanced analytics to extract value and high-qualityinsights to help solve cybersecurity problems.There’s also the issue of freshness. As attackers evolvetheir techniques and strategies, a certain amount of threatintelligence loses relevance quickly. By the same token,having a historical perspective can help researchersunderstand context and help them get a better handle ontrends. Data consumption and analysis need to occur atlight speed so that hackers lose their edge.Finally, turning threat intelligence into tacticaland operational wisdom requires more than justtransformation. It also calls for cross-correlation frommultiple sources. The bottom line is that not all threatintelligence is created equal, nor should it be used in thesame way.The question also arises as to whether organizationshave the wherewithal to have their own in-house threatintelligence teams. The main obstacles are the shortageof threat analysts and their high salaries, which arebeyond the budgetary reach of most enterprises.2Groundbreaking Threat Intelligence Advancements from McAfee LabsMcAfee Labs Today: Proactive, Predictive, andPrescriptive Threat IntelligenceA better approach is to engage with a leading-edgethreat intelligence provider. Based on solid threatvisibility, CISOs and security operations teams cannow make decisions with greater confidence—withoutthe expense of hiring an internal team. McAfee Labshas evolved into an innovative provider of proactive,predictive, and prescriptive global threat intelligencewith a proven reputation that spans more than twodecades. Combining in-depth threat knowledge with abroad set of advanced identification methodologies andautomation tools, McAfee Labs enriches products andenables them to protect, detect, and correct faster andmore accurately.McAfee Labs offers a unique approach to threatintelligence grounded in research, threat analytics, andknowledge. Its latest advancements include three keyfunctional components: A cloud infrastructure connected to millions of globalsensors.Automation and machine learning to collect andtransform data sourced from sensors, third-partysharing communities, historical repositories, andcustomers.A broad variety of analytics and human interpretationsfrom a variety of data sets. The analysis processencompasses both real-time interpretation andhistoric data mining based on two decades of researchand is facilitated by a large cloud compute surface.McAfee Labs 250 researchers across 13countriesPortfolio of approximately 300patents since 1990 and almost 100in the last six yearsA network of millions of sensorsspanning the Internet anddistributed globallyMore than 300 new threats talliedevery minute, or more than fiveevery secondsServices consumed by multipletypes of security tools: webprotection, firewall and intrusionprevention systems, endpointdefenses, sandbox technologies,and integrated third-partyproducts
SOLUTION BRIEFThe Cloud Infrastructure and Big DataAutomationWith threat coverage across historical and geographicalparameters and multiple threat vectors, the McAfeeLabs cloud infrastructure expands the size, dimension,and collection/ingestion speed of threat intelligence.Data is gathered from millions of endpoints, gateways,and mobile devices and a broad sweep of ITenvironments, geographies, and threat actors. McAfeeLabs is able to respond to millions of requests aroundthe world via nine data centers whose data is refreshedevery five minutes.Advanced McAfee Labs automation technologiesimprove the volume and speed of threat intelligencedelivery. These automated capabilities, enhancedby human assistance, collect and transform threatinsights, such as file types, indicators of compromise(IoCs), reputation lists, and exploits into knowledgewithin minutes, rather than hours. Suspicious filesare consumed and processed at a capacity of onemillion files per day. Innovations in automationhave resulted in a 20% improvement in URL cloudpublication intervals. The window of threat exposure isnarrowed, thanks to reputation refresh intervals everyfive minutes. Ultimately, automation helps transformproduct telemetry and threat intelligence data intocountermeasures and containment procedures acrossMcAfee and third-party solutions.This is further enhanced by 25 years’ worth ofaccumulated data to provide enterprises with knowledgefor deep analytics and trend mapping. This broad setof data types is stored in the McAfee Labs proprietaryclassification system and covers one petabyte ofdata—which is equivalent 13.3 years of HDTV content(approximately 58,292 movies).Shared third-party threat information via the CyberThreat Alliance further enriches this knowledge base.The Cyber Threat Alliance is a consortium of 174 differentthreat intelligence and threat feed providers thatcrowdsource and share threat intelligence. Cyber ThreatAlliance processes more than 500,000 file samplesand 350,000 URLs daily. The goal is to both strengthenvendors’ capabilities against adversaries and constantlyimprove their customers’ defenses across all sectors.Intelligence FlowProductTelemetryExternal TIResearchAutomation/MLMultipleData StoresResearcherFigure 1. The flow of threat intelligence across McAfee Labs.3Groundbreaking Threat Intelligence Advancements from McAfee Labs
SOLUTION BRIEFBased on telemetry from millions of endpoints plusexternal threat intelligence submissions, McAfeeLabs generates more than 10,000 new and updatedprotection drivers daily. Average processing time is12 minutes. Additionally, automated machine learningfeeds via data mining; proactive, in-depth threatsurface inspection; and expert analysis conducted byour researchers—all processed in a multisequenced,automated manner—provide users with swift protectionand detection and a 99.98% accuracy rating.As described in Figure 1 above, the combination ofcontinuous product telemetry, human analytics, machinelearning, and existing heuristics increases detectionaccuracy and containment quality. Our team of datascientists monitors data 24/7 for quality, with an internalbaseline standard of 0.01% false positives. For example,over the past several years, external tests placed McAfeeEndpoint Security among the top security solutionswith low false positive rates. In early 2016, Intel Security(now McAfee) received the AV TEST usability award forits McAfee Endpoint Security client solution. To test itsability to protect users, this client solution was requiredto visit websites, evaluate installations, and scan millionsof files without triggering any false positives.Analytics and Deep LearningTo get to results, threat insights are gleaned frommachine learning, as well as from automated, behavioralbased classification in the cloud to detect zero-day4Groundbreaking Threat Intelligence Advancements from McAfee Labsmalware on endpoints. Machine learning, which drivesthe proactive threat intelligence model, is derived fromthe combined capabilities of a number of key elements:applications, analytics and collaborative data science,data handling, and the cloud infrastructure.Applications:Specific solutions forvisualization and humaninterpretationAnalytics and collaborativedata science: Discovery andrefinementData: Big Data platform fordistributed and scalablestorage and processingMachinelearning andalgorithmsPerformance,management,and security toprotect enterpriseplatformsInfrastructure forautomation: Compute,virtualization, networking,and cloud presenceFigure 2. McAfee Labs cloud infrastructure.Human analysts work hand in hand in a closed loopwith machine learning tools to adjust the learning andanalytic models. For example, exclusive McAfee Labsautomation technology gathers intelligence from livemalware samples though its extensive network ofmillions of global sensors. The automation technologyexecutes multiple analytics against these samples todetermine whether the files are malicious or not. Theoutput is often a file hash ( id) with a classification thatcan be used by human investigators.
SOLUTION BRIEFData points provided by the automation tools helpthreat researchers find similar samples so that they cancreate generic signatures or drivers. Analysts then writethese drivers and add them to beta endpoint signatureupdates consumed by the automation technology,which tests the success of the signature and determineswhether there are false positives. When a new genericdriver is developed, all the malware samples that wereused to create the signature are reprocessed in orderto ensure detection effectiveness. In addition, samplessubmitted by humans can be pushed through dynamicanalysis, reducing the time spent by researchers onmalware analysis.Cloud Intelligence Components, Data, and MethodsBig Data Automation Analytics andDeep Learning 125 terabytes of threat reputation dataservicing 188 million sensors and producing 44billion file, web, certificate, and IP reputationsqueries dailyContinuous threat feeds via the Cyber ThreatAllianceContinuous monitoring of sensors, providing420 billion lines of telemetry data per month1.5 million files analyzed per day, with averageprocessing time of less than 12 minutes,continually producing new reputation dataSupervised learning detects quickly emergingthreat campaigns by correlating existing knownmalware against new geographical and URLvariantsDiscovers 245 new threats vectors per minuteUse CasesUse case 1: Predictive attack campaign detectionvia McAfee Global Threat Intelligence (McAfee GTI)usage statisticsUsage: McAfee Labs frequently publishes insights onnew and popular emerging threat campaigns in theMcAfee Labs Threats Reports and on its dashboards.Additionally, McAfee Labs updates individual productsecurity control protections based on data mining andlearnings derived from McAfee GTI usage statistics.Benefits: Readers of the McAfee Labs Threats Reportsand threat center statistics get fast and easy visibilityinto strategic threat intelligence and global emergingthreats. In addition, security controls receive automated,preventive updates on new threats before they startproliferating.5Groundbreaking Threat Intelligence Advancements from McAfee LabsUse case 2: Zero-day malware protection withReal ProtectUsage: Real Protect analyzes file behavior and translatesthe results into static and dynamic classifiers. Bycomparing the classifiers against known good and badbehavior, the Real Protect client proactively stops highrisk executables.Benefits: Real Protect stops threats before they causeharm—and, even more significantly, this occurs atlightning speed and with minimal human involvement.
SOLUTION BRIEFFunctional Components and Data ElementsBig Data Automation Analytics andDeep Learning Usage of millions of static and dynamic fileclassifiers from Real Protect clients.Continuously updates endpoint with knowngood and bad static classifiers.Automated forwarding of dynamic classifiersinto the cloud to detect unknown behavior.Compares dynamic classifiers via unsupervisedEuclidian distance learning to detect and blocknew malware variants.Benefits: The cloud service enables organizations toeasily take advantage of significant compute horsepowerto operate an array of the latest analysis techniquesthat enhance detection and optimize existing securityinvestments. McAfee Cloud Threat Detection can beintegrated with existing enterprise infrastructures formore effective countermeasures, management, andorchestration.Functional Components and Data ElementsUnsupervised LearningClassifier 2Clustering-based classificationBig Data Automation Malware 2Malware 1 NormalActivityAnalytics andDeep LearningUse case 3: Rapid containment with McAfee CloudThreat DetectionUsage: McAfee Cloud Threat Detection offersorganizations a convenient new cloud-based servicethat plugs into our existing solutions (McAfee NetworkSecurity Platform, McAfee Web Gateway, and McAfee ePO Cloud) to help contain zero-day advancedmalware and expose evasive threats.6Groundbreaking Threat Intelligence Advancements from McAfee LabsAutomated and integrated with existing McAfeeinfrastructuresPerpetually updated with intelligence from abroad ecosystem Validates classifiers for prevalence. Correlates against gray data and field metadataMcAfee LabsTelemetry andReal-Time ProcessingClassifier 1Figure 3. Unsupervised machine learning in Real Protect.Massive footprint allowing usage of a broadand rich set of file classifiers that encompassbehavior, genealogy, network usage, andMcAfee Web GatewayIntegratedMcAfeeSolutionsFiltersand URLsThreatClassificationPlatformBig DataAnalyticsSpecializedSandboxes Prevalence Correlation Field metadata Gray data Machine learning Windows Browsers Linux Android Behavioral Genealogy Network McAfee GatewayClassificationAnti-MalwareModules Industry correlationFigure 4. McAfee Cloud Threat Detection cloud-based service.Euclidian Distance LearningAlso called “similarity learning,”Euclidian distance learning is aform of machine learning, withthe ability to learn from similar,already known examples. Itmeasures how similar or relatedtwo objects are and is oftenused for applications in ranking,recommendation systems,profiling (identity tracking), andvoice verification.
SOLUTION BRIEFSummary: The Benefits of Cloud Intelligence Broad set of threat visibility: McAfee Labs CloudIntelligence delivers a broad set of threat insights,including emerging threat trends (McAfee ThreatsReport), tactical file analysis via McAfee Cloud ThreatDetection, and operational, behavioral-basedprotection data via McAfee Real Protect. McAfee LabsCloud Intelligence provides a broad set of actionabledata to combat adversaries on multiple fronts. Affordable and accessible intelligence: McAfeeCloud Threat intelligence is deployed across multipleregions and data centers—all within easy reach via aredundant cloud model that even syncs up with thecontrols when temporarily unconnected. This cloudservice allows organizations to easily take advantageof significant compute horsepower without the capitalexpenditure or the effort and cost of provisioning andmaintaining an on-premises appliance.Integrated timely response: By connectingMcAfee products into cloud intelligence platforms,organizations can get a jump on adversaries viaproactive threat intelligence based on known patterns.McAfee Labs can even predict new forms of campaignoutbreaks via Bayesian networks, as well as proactivelydeliver a new set of detection and protection updatesto customer-deployed products.Learn MoreTo learn more about cloudintelligence output andsupported products, visit thelinks below. Threat Center Advanced Threat Analysis McAfee Endpoint Security McAfee Global Threat Intelligence1. -understandingransomware-strategies-defeat.pdf2 1 Mission College BoulevardSanta Clara, CA 95054888 847 8766www.mcafee.com7Groundbreaking Threat Intelligence Advancements from McAfee LabsMcAfee and the McAfee logo and McAfee ePO are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and othercountries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC. 2831 0317MARCH 2017
Shared third-party threat information via the Cyber Threat Alliance further enriches this knowledge base. The Cyber Threat Alliance is a consortium of 174 different threat intelligence and threat feed providers that crowdsource and share threat intelligence. Cyber Threat Alliance processes more than 500,000 file samples and 350,000 URLs daily.
these changes is to build an effective threat intelligence program. Threat intelligence has already become a key component of security operations established by companies of varying sizes across all industries and geographies. Provided in human‑readable and machine‑readable formats, threat intelligence can support security
a cyber threat intelligence capability. 2.0 Research Paper: Cyber Threat Intelligence 6 A detailed analysis summarising of key industry and academic research detailing the requirements for a collaborative and federated cyber threat intelligence capability. High Priority Targets 9 Data, Information & Intelligence 11 Big Data Analytics 12
Intelligence. Threat Intell. & Malware Analysts, SOC and Physical security staff. Tactical, Operational Daily Summary Daily overview of all alerts. Head of Intelligence or Security Operations. Tactical, Operational Bi-weekly Threat Calls rd Threat landscape review including 3 party briefings and threat level discussion. Risk and Information
What Threat Intelligence Is (and Isn't) Threat intelligence is one of the most talked-about areas of information security today. Recent research conducted by SC Media revealed that 46 percent of security professionals expect threat intelligence to be a very important part of their future strategy. At the same time, vendors, service
Kaspersky Threat Intelligence Plus d'informations sur kaspersky.fr #bringonthefuture Évaluation des sources de Threat Intelligence. Une nouvelle approche est nécessaire Les entreprises subissant toujours plus d'attaques ciblées et sophistiquées, il est clair qu'une défense efficace nécessite de
Kaspersky Threat Intelligence Threat Intelligence from Kaspersky gives you access to the intelligence you need to mitigate cyberthreats, provided by our world-leading team of researchers and analysts. Kaspersky's knowledge, experience and deep intelligence on every aspect of cybersecurity has made it the trusted partner of the
Kaspersky Threat Intelligence Threat Intelligence from Kaspersky gives you access to the intelligence you need to mitigate cyberthreats, provided by our world-leading team of researchers and analysts. Kaspersky's knowledge, experience and deep intelligence on every aspect of cybersecurity has made it the trusted partner of the
4 Palash Hindi Pathya Pustak 8 Rohan 5 Amrit Sanchey (H)(Premchand Stories) Saraswati 6 Gulmohar Hindi Vyakaran 8 Full Circle 7 Maths 8 NCERT 8 Maths (RS Aggarwal) 8 Bharti Bhawan 9 Science 8 NCERT 10 Activity Plus In Prac Science 7 Full Marks 11 History 8 NCERT 12 Geography 8 NCERT 13 Civics 8 NCERT 14 Maps (I Pol/10, W Pol/10)(20) 15 Oxford School Atlas (B/F) OUP 16 Cyber Beans 8 Kips 17 .
