4. 4
SOLUTIONS
SERVICES
OPEN
ARCHITECTURE
BRIEF
McAfee – the device-to-cloud
cybersecurity company – is one of the
largest pureplay cybersecurity companies
in the world, with 30+ years of market
leadership and 1,550+ patents worldwide.
CASB Connect
OpenDXL
MCAFEE: OVERVIEW
5. 5
Portfolio Strategy
An Integrated And Open Security System
Threat Defense Lifecycle
Together, Is Far More Powerful Than Sum Of The Parts
SECURITY
OPERATIONS
DEVICE CLOUD
MANAGEMENT
THREAT INTELLIGENCE
ANALYTICS
AUTOMATION / ORCHESTRATION
INFRASTRUCTURE
MCAFEE: STRATEGY
10. “Through 2025, 99% of cloud security failures will be the customer’s fault.”
Kasey Panetta. “Is the Cloud Secure?” Gartner, Smarter With Gartner. 10 October 2019. https://www.gartner.com/smarterwithgartner/is-
the-cloud-secure/
“CASB is a required security platform for organizations using cloud services...”
Craig Lawson, Neil MacDonald, Brian Lowans. “Market Guide for Cloud Access Security Brokers.” Gartner, 22 October 2015.
11. 11
MVISION CLOUD: THREAT LANDSCAPE
McAfee Discovers
Knock Knock
Hacker Exploiting
Compromised Admin
Account to hack into
Office 365 McAfee Discovers Ghost Writer – S3
Buckets Configured for Write Access
open up Customers to Major
Vulnerabilities
14. 14
Unmanaged
Devices
SaaS
IaaS/PaaS
MVISION Cloud
No User Friction Complete Visibility
and Policies Across Multiple
Cloud Services
Real Time
Complete Coverage
Data at rest
Data uploaded/downloaded
Data created in cloud
Shared Cloud-to-cloud
MVISION CLOUD: INTRODUCTION
SHADOW IT
SIEM
15. 15
ThirdPartyIntegration(DXL)
Platform Extensibility
Visibility Data Security Compliance Threat Protection
Common Security Services
IaaS and PaaS—Custom AppsSaaS
CASB Connect—APIs
Long-tail SaaS
CASB Proxy—Workload Security
Lift-and-shift Custom Apps
MVISION CLOUD: THE PLATFORM
16. 16
SANCTIONED SERVICES – REVERSE PROXY
Data Loss Prevention
Prevent sensitive data from being stored in the cloud
Collaboration Control
Prevent sensitive data from being shared from the cloud
Cloud Email Control
Prevent sensitive data from being sent by cloud email
User Activity monitoring
Capture and categorize an audit trail of activity for forensic investigations (admin, employee, 3rd party)
User Anomaly / Threat detection (UBA)
Detect compromised accounts, insider/privileged user threats
Audit of IaaS/PaaS configuration
Identify IaaS resources with security settings that are non-compliant to CIS Level 1, 2 policies.
MVISION CLOUD: USE CASES
Cloud Usage Discovery
Collect logs from perimeter devices and perform risk assessment
Enforce Governance Policies
Synchronize threat information with perimeter devices and enforce filtering/coaching
SHADOW IT
SANCTIONED SERVICES – APIs
Cloud Access Control
Block sync/download of corporate data to personal devices
Data Encryption
Encrypt structured and unstructured data in the cloud
Custom App in IaaS / PaaS
Apply DLP, User Activity Monitoring, UBA to corporate applications deployed in IaaS/PaaS
INTEGRATIONS
SWG/NGFW
Ingest logs to discover cloud usage
IAM
Import users from directory services
EMM/MDM
Pull list of whitelisted devices
SIEM
Push events to SIEM
DLP / IRM
Leverage existing DLP and rights
management clients
Key Manager
Leverage enterprise encryption keys
18. 18
NOTE: As of January 2018, MVISION Cloud (Skyhigh Networks) is the now part of McAfee.
• Overall Leadership
• Innovation Leadership
• Market Leadership
MVISION CLOUD: QUINTUPLE LEADERSHIP + COMMENDATION
19. 19
MVISION CLOUD: LICENSING AND PACKAGING
IAAS
- Per AWS Account
- Per Azure Subscription
- Per GCP Project
- DLP per TB
SHADOW IT
- Per User
Custom Apps
SAAS
- Per User / Service
Containers
- Per Active Container
21. 21
Frictionless—No new agents, and no app breakage
Leadership—Created the Market, First CASB with IaaS and
Custom Apps, UEBA
Completeness—Only Solution to Offer Complete Security
Coverage of SaaS and PaaS/IaaS
Cloud Scale—Processes 2 billion events / day / customer, real-
time cloud data controls
Open Eco-System—CASB Connect, DXL, Large Eco-system,
Network Effect
MVISION CLOUD: DIFFERENTIATORS
McAfee is one of the largest pure-play cybersecurity companies in the world.
Through 30 years, we’ve grown and evolved with the market, both through organic and inorganic means.
And, during that time, we’ve listened to customers to understand where their environments are headed and how to drive successful security outcomes.
Today, we’re pleased to reintroduce McAfee – the device-to-cloud cybersecurity company – to you:
A company focused on protecting data and stopping threats…
…within the architectural control points of modernized cybersecurity environments – the device and cloud, with Security Operations providing continuous analytics, management, automation and orchestration…
…and via an open, proactive, intelligence-driven approach.
Since McAfee spun out in 2017 to create a pureplay cybersecurity company, they have sort of created a new brand. McAfee brands itself as a device-to-cloud cybersecurity company. With 30+ years of experience, it provides security SOLUTIONS to control device, network and cloud points. It strongly believes that no one person, product or organization can secure the digital world – not even McAfee.
That’s why their approach has ben deliberately different, by providing an OPEN ARCHITECTURE McAfee partners with other vendors (partners and competitors alike) to deliver customer’s a cohesive solution to a problem – the adversaries that plot against the collective digital freedom + orchestrate security components so that they to work together and present a unified, coordinated defense.
Apart from having the right solution, it is equally important to have sound security decisions around design, deployment, maintenance, risk management and education SERVICES. For this reason, McAfee provides and integrated approach to professional and solution services, training and technical support with personalized management.
Cybersecurity has now become more of a team sport, because the job is too much and too important to fly solo. No single vendor can solve all your cybersecurity challenges. You need to have all your security technologies—regardless of vendor—working together. McAfee’s tagline, “TOGETHER IS POWER” is just not a marketing call but it is an embodiment of McAfee’s own technologies working together, multivendor solutions to play well together and most importantly people (all of us) working as one team.
McAfee believes that the whole system, together, is far more powerful than sum of the parts. McAfee provides highly adaptive environments that detect a threat once and immediately protect all nodes—giving customers a proactive security posture.
The Threat Defense Lifecycle is McAfee’s key design principle
Siloed defensive technologies fail to share threat intelligence automatically. In contrast, proactive environments detect a threat once and immediately protect all other nodes from it. McAfee uses the threat defense lifecycle (protect/detect/correct/adapt) as a design principle in our portfolio roadmaps:
Protect - The goal of this Protect stage is two-part: to stop the most pervasive attack vectors while disrupting never before-seen techniques and payloads, and to derive insights that can strengthen countermeasures and inform investigators of unfolding activities.
Detect – Detect covers advanced monitoring to identify anomalous, outlier behavior to perceive low-threshold attacks that would otherwise go unnoticed. As you uncover evidence, your system should share findings to enrich decision-making throughout your security infrastructure.
Correct – Correction facilitates triage and prioritization for fluid investigation and rapid remediation. As you learn, your solution should apply insights immediately throughout a collaborative infrastructure.
McAfee’s Portfolio Strategy is one that brings an integrated, open system from device to the cloud. Our strategy is about putting controls on devices and in the cloud, and then bringing it all together at the SOC, which has different layers to it: core management, threat intelligence, analytics. Then, we believe automation and orchestration is how you bring it all together over the long term.
We will continue to cloudify products to put their control in the cloud. For example, our networking is cloud-focused in the future. We have to think of the network and the cloud becoming the same thing. That doesn't mean the network is going away, but one unique focus of ours is orienting more of our capabilities to help customers protect themselves there. We have more work, more investments to make.
Our ability to continue to make investments in areas that will help us better compete, with this strategy, is what the future will be about for us. Customers and the market are saying this is the right place to be headed, so it’s a good time to take step back and ask…how do we go faster? Execution is key in making McAfee the device-to-cloud cybersecurity company of choice in the industry.
McAfee works along with other cybersecurity vendors as part of the McAfee Security Innovation Alliance (SIA). The McAfee Security Innovation Alliance (SIA) provides customers with integrated security solutions that allow them to resolve more threats faster with fewer resources. Through the SIA program, we help accelerate the development of interoperable security products, simplify the integration of these products with complex customer environments, and provide a truly integrated, connected security ecosystem to maximize the value of existing customer security investments.
McAfee’s approach is different.
We have a clear vision of where cybersecurity is headed and how we can add value to customers by:
preventing data loss and leakage and stopping threats
doing so from device to cloud
with an open, proactive intelligence-driven approach.
We bring our customers massive scale that accompanies a 30-year history and significant footprint that serves the largest governments and companies and consumers alike.
So what is the problem that MVISION Cloud is trying to solve (we need to look how enterprise architecture has evolved over the years:
If you think about IT’s #1 job is to make sure they make available and protect the most important thing to a company….it is all about DATA!!!
Traditionally, where did data live? Behind the firewall in the data center. In the past the way security professionals used to secure data was to built a logical wall around the architecture. For example, placing a Firewall in front of the servers and put an agent and control the endpoint and manage the network between the two. In that way we had visibility and control over our data. Everyone was happy!
But this architecture is going under fundamental changes driven by two major trends…<Click>
FIRST - It is the adoption of cloud. Nearly every company in the world is somewhere on their journey to the cloud. Whether their employees are bringing their personal cloud services to work (Shadow IT) OR the IT and business has embraced cloud services such as Office 365, Salesforce, ServiceNow OR they are differentiating themselves by using IaaS (AWS, Azure, Google) and building custom applications (PaaS).
SECOND - the emergence of unmanaged devices. Companies are relying more and more on employees being able to accomplish their job from anywhere anytime. This means that potentially they have been giving them the ability to access what they need from their personal devices.
This causes companies to move from being able to have complete control (managed endpoint to Managed data center) to a world were the data resides in the cloud and the employee can access it from anywhere.
So with this two trends the technology landscape is changing tremendously. And the architecture is evolving around these two pillars. Which is basically people get their job done on their mobile devices, often unmanaged and personal and using cloud services either personal, business or custom.
In this new world driven by cloud and device we have new challenges.
FIRST - Data is created directly into the cloud. Then it gets collaborated on and is moving from cloud to cloud to managed devices bypassing all the security products that you bought over the last 20 years.
Some of the latest studies show that companies that say they were moving 100% cloud first have somewhat slowed their strategy a bit as they have faced some challenges moving to the cloud.
The cloud enables creation and editing of data to be done “in” the cloud which bypasses all existing controls.
Also, once data is in the cloud, it then moves from cloud service to cloud service via collaboration and from cloud services to un-managed devices
No firewall, no network security can control what is happening there.
Forbes. https://www.forbes.com/sites/louiscolumbus/2017/04/23/2017-state-of-cloud-adoption-and-security/#6539cbf71848
BYOD https://www.insight.com/en_US/learn/content/2017/01182017-byod-statistics-provide-snapshot-of-future.html
The problem is, so much investment over the last 15 years has been in securing the network, but the network is incapable of securing our data in the cloud. Why?
Click – data created natively in the cloud is invisible to network security. If I open up and Excel online doc to collaborate on project in real time with my team – all that data is created natively in the cloud application and is never seen by the network
Click – second, no cloud is an island. Box is integrated with O365, which is integrated with Slack, and so on. Over 50% of cloud traffic is cloud to cloud traffic, which is invisible to network security products.
Click – finally, a great deal of traffic to cloud services occurs outside of the corporate network. Any upload form a mobile device to cloud, or any access from a 3rd party, like a vendor, partner, or customer, is invisible to network security
SECOND - Although those Cloud Service Providers (CSP) would be responsible for various security measure they are associated with physical, host, network etc depending on the type of cloud service. But as you move up the stack ultimately the responsibility of Data lies with you. Also application, identity and client protection in IaaS.
So the cloud solution provide will not provide security for a case where:
someone is trying to steal your credentials and use those to download sensitive data.
The CSP will not detect if that data is being shared from a sanctioned application to a personal server, application or third party
The second challenge to the cloud first strategy is based on the “Shared Responsibility Model”. This means that when you sign a contract with your cloud service provider each of you has certain responsibilities as it relates to security.
What is one thing that 100% of cloud service providers are not responsible for? Your companies data, your users security (in other words their compromised accounts) and what your employees do in the cloud (Are they putting sensitive data there? Are they sharing it with the wrong people, are they stealing it?). So bottom line, your IT organization still owns a huge responsibility even though you are moving to the cloud.
Examples
Rogue Employee
Stolen Employee Credential
Email Synced to BYOD device
And this is why Gartner predicts that in the next couple of years 99% of the incidents in the cloud will be the customer’s fault.
The cloud services providers are protecting their infrastructures and following best practices best they know how and they do a darn good job. But the problem is, as stated before that it is a shared responsibility model and what Gartner predicts that through 2020 99% of cloud security failures (data loss, exposures, breeches) will be due to the customer not managing their end of the responsibility.
The other thing that is relevant is that cloud technology is so new that existing developers, IT, and security folks have not worked with the cloud before. Being that they never worked with it before they do not know what does into securing the application.
We at McAfee have seen our share of threats and security incidents in the cloud. Skyhigh team discovered Knock Knock – SaaS
Here is an example of a threat that McAfee/Skyhigh discovered in Office 365 where admin accounts were attacked at a very slow pace to stay below the radar.
On an IaaS front, misconfigured and open S3 bucket allowing hackers to download data is very usual. But Skyhigh found instances when those S3 buckets were left open for write. That means hackers can upload malicious applications into the very instances of the customer.
The largest source of cloud based exposures is misconfigured data storage buckets (S3 in AWS and Blob in Azure) being misconfigured for read and even write access to the entire world.
Here is an example of a vulnerability we discovered in IaaS where misconfiguration of AWS by customers caused S3 buckets to be open for write-access opening up companies to all sort of malware and threats.
Just one example of the many that are hitting the news every day, such as Verizon, Dow Jones, WWE, The US Pentagon and the list goes on.
https://www.skyhighnetworks.com/cloud-security-blog/skyhigh-discovers-ingenious-new-attack-scheme-on-office-365/
https://www.skyhighnetworks.com/cloud-security-blog/skyhigh-discovers-ghostwriter-a-pervasive-aws-s3-man-in-the-middle-exposure/
So this is a big problem, because customers want to adopt the cloud to be more productive and scalable and cut cost but they are not confident because they are going from a world where they have complete visibility and control (on premise and managed devices) to this brave new world driven by cloud unmanaged devices where we loose visibility and control.
This is where McAfee MVISION CLOUD comes in. With MVISION Cloud , I’ll start with our mission, which is to enable organizations to accelerate their business by giving them total control over their data in the cloud. For too long IT Security has been seen as an inhibitor to productivity and innovation, but with McAfee, IT security is able to enforce the controls required to securely move to the cloud. And with total control over their data, they are able to unleash the power of the cloud – the performance, the scalability, the agility, the cost savings, the cloud delivers, which significantly accelerates their businesses.
With MVISION Cloud , I’ll start with our mission, which is to enable organizations to accelerate their business by giving them total control over their data in the cloud. For too long IT Security has been seen as an inhibitor to productivity and innovation, but with McAfee, IT security is able to enforce the controls required to securely move to the cloud. And with total control over their data, they are able to unleash the power of the cloud – the performance, the scalability, the agility, the cost savings, the cloud delivers, which significantly accelerates their businesses.
This is how it works, it is a cloud service so it sits side by side with other cloud services out there and allows you to have a single point to set all your security policies. This way it is up to our platform to implement those policies across all you SaaS, PaaS and IaaS services.
And we do this by mostly back-end APIs and reverse proxy. this is very important because the default assumption is that you take a proxy like we use to do it on-prem, you put it on cloud and sits in the middle of the traffic and provide security. But that doesn’t really work, why because it does not scale to the numbers and transactions in the cloud + additionally a client needs to be installed / agents on the device. And that is not possible in many use cases that involve unmanaged devices.
So our approach is very non intrusive through APIs. Give us your admin credentials and we start giving you visibility, once you get visibility you can start protecting.We implement them in real time with complete coverage.
So we cover where data is uploaded to the cloud, downloaded, and protect data directly in the cloud which network security cannot do.
And finally we do this without user friction. Because end users would try to work around it and retaliate to the security.
The McAfee Cloud Security Suite provides 4 main buckets. Ability to provide:
VISBILITY
DATA SECURITY
COMPLIANCE
THREAT PROTECTION
We do all this across SaaS, IaaS and PaaS. More over our platform is extensible, so that we can provide these capabilities to additional services and applications.
Through CASB Connect we extend our abilities for Long-tail SaaS applications. And through CASB proxy and workload security we can provide security for the new application you are building in IaaS and PaaS or forklifting from on-prem to the cloud.
At McAfee we believe the security is a team sports. There is no single company that can solve all the problems of the customer. We embrace open standards such as DXL to exchange threat information with third party tool allowing you to provide a more comprehensive solution AND leverage the existing investment in security tools.
Bottom line we provide Visibility, Data Security, Compliance and Threat Protection across (and here is the big differentiation) both SaaS and IaaS/PaaS!
The platform supports not just the most popular services but is extensive through CASB Connect to basically any cloud services (long tail – rest of the cloud services out there).
For IaaS and PaaS we can bring all the protection that we can provide for canned services like AWS and Azure we can bring that functionality into your home grown and custom apps as well.
Not only do we have extensibility inside the McAfee ecosystem but outside to your 3rd party security tools you already have in place through DXL (data exchange layer).
So out of the box we support the most popular cloud services such as ……
Through the extensibility of the platform (CASB Connect) we allow our customers, partners and system integrators to extend all over controls to third party applications
So here are some examples of what it available today…..we expect this program to explode as demand increases.
And it’s not just Gartner that’s recognizing Skyhigh as the Leading CASB – in fact Skyhigh is the only CASB that was names a leader by all four major analysts in this space – Gartner, Forrester, IDC and The Radicati Group. Each analysts has their own process for evaluating solutions and each talks to a different set of end users and clients, so it’s quite telling that the one thing they all agreed upon was that McAfee is the leader in this market
Gartner Peer Insights recognizes the vendors who are the most highly rated by their customers through the Customers’ Choice distinction. This peer-rated distinction can be a useful complement to expert opinion, as it focuses on direct peer experiences of implementing and operating a solution.
McAfee Commended by Frost & Sullivan for Helping Companies Securely Adopt Cloud Solutions with McAfee Skyhigh Security Cloud
https://ww2.frost.com/news/press-releases/mcafee-commended-frost-sullivan-helping-companies-securely-adopt-cloud-solutions-mcafee-skyhigh-security-cloud/
About KuppingerCole Analysts
Europe’s leading Analysts on the topics of Information Security in the era of Digital Transformation
KuppingerCole Analysts, founded in 2004, is an international and independent Analyst organization headquartered in Europe. The company specializes in offering neutral advice, expertise, thought leadership and practical relevance in Information Security, Identity & Access Management (IAM), Governance (IAG), Risk Management & Compliance (GRC) as well as all areas concerning the Digital Transformation. KuppingerCole supports companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges. Maintaining a balance between immediate implementation and long-term viability is at the heart of KuppingerCole’s philosophy.
McAfee Unified Cloud Edge is a vision for cloud-native security that enables consistent data and threat protection controls from device to cloud. It consists of three core technologies that are converging into a single solution:
Cloud Access Security Broker (McAfee® MVISION Cloud): Direct API and reverse proxy-based visibility and control for cloud services
Secure Web Gateway (McAfee® Web Protection): Proxy-based visibility and control over web traffic and unsanctioned cloud services
Data Loss Prevention (McAfee® DLP Endpoint and McAfee® DLP Network): Agent- and network-based visibility and control over sensitive data
These technologies work together to protect data from device to cloud and prevent cloud-native breach attempts that are invisible to the corporate network. This creates a secure environment for the adoption of cloud services and enablement of access to the cloud from any device for ultimate workforce productivity. Companies can accelerate their business through faster adoption of transformative cloud services by protecting their data and assets with a Unified Cloud Edge.
OK, so that covers the top 12 customer use cases for Skyhigh Security Cloud. Now I wanted to walk through the top 5 reasons customer select Skyhigh.
Click – the first is our proprietary deployment options. We’re the only CASB with Lightning Link to enforce real-time controls with the complete coverage of an API model, and we’re the only CASB that has the Email gateway which enables customers to enforce consistent DLP for Exchange Online as well as their other O365 services like OneDrive and SharePoint Online.
Click – the second is our frictionless approach – for end users there are no new agents to install on their devices and there is not app breakage so they can enjoy the user experience in the cloud that they are accustomed to. For IT Security teams, they have one unified platform, built from the ground up for cloud security, so they don’t have to try to integrate various disparate and costly products, many of which were intended for network security, to try and enforce security controls for the cloud
Click – Because we were designed natively in the cloud for the cloud, we have the scale to support even the largest customers and process 2 billion cloud events per day for customers like GE and HP, and we’re the only CASB with the scale required to maintain a full year’s worth of customer data.
Click – The next is Network effect. Because Skyhigh has over 600 customers and protects over 30 million end users, we are able to identify stealthy attacks that may not be perceptible in an isolated customer environment. For example, we recently published the discovery of KnockKnock, which was an orchestrated attack O365 system admin accounts that used several advanced techniques to fly under the radar of traditional detection techniques, but because Skyhigh analyzes so many O365 accounts, we were able to discover the pattern of attack across multiple customers and infirm them all before their data was compromised. Similarly we discovered Ghostwriter, a serious AWS exposure whereby third parties could leverage AWS misconfigurations of S3 buckets to mount Man In The Middle Attacks
Click – And finally, Skyhigh has always lead the market in innovation – we were the first pure play CASB, and the first to bring IaaS support, custom apps supports, user and entity behavioral analytics and automation to the CASB market.
So with that let me pause to see if you have any questions about the use cases or the product that I can answer.