McAfee also strengthened their existing Secure Access Service Edge capability within MVISION, adding new Remote Browser Isolation technology and new Data Loss Prevention functionality.
Today, at McAfee’s virtualized McAfee MPOWER Digital 2020 event, the company is making three major announcements around their MVISION comprehensive security platform. Two of them are new platform additions. They have announced their first extended detection and response [XDR] capabilities with the MVISION XDR platform, a cloud-based advanced threat management offering that collects data across multiple security layers and deploys it to provide fuller protection. Also new is the MVISION Cloud Native Application Protection Platform [CNAPP] which provides comprehensive data protection, threat prevention, governance and compliance for cloud-native application lifecycles. The third announcement is a set of enhancements to their existing VISION Unified Cloud Edge offering, which provides security within the Secure Access Service Edge [SASE] framework.
Ash Kulkarni, Executive VP and Chief Product Officer, Enterprise Business Group, McAfee, said that the MVISION platform is the result of three strategic pillars that guides McAfee’s innovation efforts. The first is Device to Cloud Cybersecurity.
“We feel very strongly that what the market needs is a comprehensive device-to-cloud cybersecurity platform,” he said. “That means having complete visibility and control over all the threat vectors that matter – endpoint, cloud, and most importantly, the Web, or the network. That gives us the ability to see threats from every possible direction.”
The second pillar is a cloud-first architecture that makes it possible for customers to manage all their security needs from one place in the cloud, while the third is future proofing the SOC through better use of data analytics, AI and ML.
Kulkarni said that SOC analysts are massively challenged today by a lack of cohesiveness in the tools available to them to do their job, which makes it difficult for them to prioritize threats coming from different vectors, and this to prioritize what matters.
“McAfee is taking a very holistic approach to addressing this problem with MVISION XDR,” he stated. “This is all about future proofing a customer’s operations by enabling them to have unified visibility and control over all the vectors, making it possible through an open platform to help them orchestrate efficient SOC workflows by being data-aware, making it possible to drive better and faster decisions. And lastly, the proactive approach of MVISION Insights, a product we have had in market now for some time, enables them to get ahead of the adversary.”
MVISION XDR contains endpoint security, Secure Web Gateway, CASB, DLP and network security capabilities.
“The combination of all of this allows us to get signals from all these threat vectors which gives us unprecedented visibility, better than what is possible with point product vendor platforms,” Kulkarni stressed.
He added that the other critical element of McAfee’s XDR is the ability to be proactive.
“The way most products, especially EDR, have worked, is by trying to detect the first sign of a problem, and once that infection has been detected, trying to remediate that issue. Unfortunately, this is like watching a train wreck in slow motion. You see the problem manifest itself and you act on it as quickly as possible, but damage gets done nevertheless. McAfee is taking a very different approach with MVISION XDR. This involves leveraging the massive data analytics platform in MVISION Insights, which allows us to look at the global threatscape, map it to a customer’s very specific environment, and help the customer address the greatest risks facing them, even before those risks manifest themselves.”
This makes MVISION XDR proactive in stopping an attack even before it starts, Kulkarni emphasized. He also noted that its ability to connect the dots between all vectors provides a key contextual awareness.
Kulkarni also noted that MVISION XDR’s Open Platform approach is a modernization of their legacy DXL and Open DXL approach.
“In the modern cloud native world, APIs takes the place of these integrations, and make it possible for our partners to seamlessly integrate through our XDR platform,” he said. “It’s simple plug and play.”
The second new platform being announced is MVISION Cloud Native Application Protection Platform [CNAPP], an architecture to secure the cloud native application ecosystem. MVISION CNAPP provides data protection, threat prevention, governance, and compliance throughout the cloud-native application lifecycle, including container and OS-based workloads.
“Today, with many more Dev teams and DevOps, and multiple releases, it’s a much more dynamic environment,” said Rajiv Gupta, SVP Cloud Security Business Group, at McAfee. “That can be problematic if it’s not managed well. What do we need to cross this chasm and move to the application native environment?”
CNAPP does this, Gupta said, with a simplified architecture that fully secures the cloud native application ecosystem, and gets developer teams and security teams integrated in the same process.
“CNAPP ends the gap between Dev teams and security teams,” Gupta stated. “Security teams need to be able to prioritize signals sent by Dev teams. The core capabilities of CNAPP involve the ability to integrate into the DevOps tool chain – DevSecOps. What is called Shift Left in the industry makes security be implicit in the process.”
The third announcement is the addition of new features and functionality to an existing offering, MVISION Unified Cloud Edge [UCE]
“It has now become apparent in Work From Home environments that a new paradigm is needed with people working remotely,” Kulkarni said. “They are at unprecedented risk to their systems and their data.”
UCE contains multiple components, including an integrated CASB solution for cloud security posture management, a Secure Web Gateway, the extension of the MITRE Attack framework to support cloud native threats, and proactive risk management.
“It also provides multi-vector data management, the ability to define your rules once and make sure they are applied consistently across all your vectors on the endpoint, in the network or Web, and in the cloud,” Kulkarni said. That uniformity in enforcement is critical and a big part of our UCE story.”
Two new MVISION UCE capabilities are being announced now. One is the addition of Remote Browser Isolation [RBI] technology acquired in March with Light Point security into the UCE real-time threat protection stack.
“RBI is almost always the last line of defense when your user is trying to access a site that cannot be easily identified as good or bad,” Kulkarni said. “Traditionally the approach has been to use configuration information upfront in a very static way to determine what kind of sites go through a RBI session. In an RBI session., the entire session executes on a browser in the cloud ,and only the rendered pixels are sent to the clients browser – so they get the normal experience. But no contents come to the browser, so the user is entirely protected. But this is expensive, so it needed to be done judiciously, and this last line of defense needs to be invoked only when appropriate.”
The approach that was taken by Light Point was different.
“In our approach with UCE, as a user tries to access a site we send that request through multiple layers of checks and defenses to see if that site is known bad using our global threat intelligence and our IP reputation information,” Kulkarni said. “Next it goes to our global anti malware engine which does a real time emulation to determine if that threat is good or bad. Only then, if the site cannot be conclusively determined as good or bad does that URL automatically go through the remote browser isolation engine. This means users get optimum experience at all times and still stay protected from ransomware and phishing attacks.”
The other new capability in this release is the addition of new Data Loss Prevention functionality.
“The biggest challenge with DLP has been the difficulty in defining policies and managing incidents as they occur on different vectors,” Kulkarni indicated. “When something happens on the endpoints, that traditionally shows up on a different console than if that alert gets triggered in the cloud. That makes it extremely challenging for an analyst to triage all these incidents correctly. We are changing all of this with a unified data management console and that simplified console makes it possible for an analyst to see all their incidents and events in one place, and investigate them with one click.”
MVISION UCE’s unified DLP incident management capabilities will be available in November, while users will have the opportunity to opt into beta access of its integrated Remote Browser Isolation in the coming months.
MVISION XDR’s EDR capability is available today. Other MVISION XDR experiences will be available to early access customers in Q1 2021, with general availability to follow.
MVISION CNAPP beta is available now, with general availability planned for March 2021.