Top 10 SecuriTy TopicS for execuTiveS

Discover how a security connected strategy can optimize your business

10Attack Categories

1. Opportunistic Attacks

2. Targeted Attacks

Trends

3. Virtualization and the Cloud

4. BYOD, Workplace Mobility, and the Consumerization of IT

5. Protecting Data and Your Data Center

6. The Internet of Things—When Technology Proliferates

7. Advanced Endpoint Protection—Hardware Assisted Security and Embedded Security

8. Big Security Data

Priorities

9. Security Alignment as a Business Enabler

10. Reduce Complexity and Chaos While Achieving Connectedness

As organizations evolve, there’s been a shift from process improvement designed to reduce costs to enterprise growth, improving operations, and attracting and retaining new customers. Supporting and enabling both business and security is now an integral component of a CIO’s overall IT strategy.

But with the threat landscape quickly changing, the delicate balance of enabling the business and keeping it secure requires that executives make informed decisions. Reactive and costly firefighting just won’t cut it. You need a proactive and optimized security posture. That’s why we’ve created this guide.

We’ve solicited feedback from various government and global commercial customers. The result is this brief synopsis of the top ten security topics. Where applicable, we’ve included various use cases, key concepts, and references to the McAfee® Security Connected Reference Architecture. For further reading, we’ve referenced our solution guides and technology blueprints.

As you’ll see, the Security Connected approach from McAfee is a framework for integrating multiple products, services, and partnerships to provide centralized, efficient, and effective risk mitigation. With more than two decades of experience, we continue to help organizations of all sizes, all segments, and across all geographies improve their security postures, optimize security for greater cost effectiveness, and align security strategically with business initiatives. The Security Connected approach from McAfee delivers security that provides ubiquitous protection for your IT infrastructure.

IntroductIonTop 10 Topics

1THreATS Opportunistic Attacks

Today’s cybercriminals have more than a decade of experience, long-term criminal relationships, and an extensive trust network. They develop more profitable and sophisticated attacks more rapidly and take advantage of advancements in cloud computing, mobility, and social media for nefarious purposes. They’re operationalizing, becoming more scalable among their criminal networks. They’ve become specialists in various complementary criminal activities—carders, malware developers, botnet herders, spammers, money launderers, and document forgers.

Many of the opportunistic bots attempt to steal credit card information or personally identifiable information. When there’s nothing of value on the target system, victims become unwitting members of the botnet herd, passing along malware and spam and participating in distributed denial-of-service (DDoS) attacks.

To maximize range, anonymity, efficiency, and effectiveness, many of these attackers use bots to exploit how search engines operate—something called black hat search engine optimization. That’s why so many popular searches result in malicious pages being served up to unsuspecting users. Celebrity searches are routinely targeted for malware exploits and browser vulnerabilities. Currently, the most dangerous are Emma Watson, Jessica Biel, Eva Mendes, and Selena Gomez. In these cases, it doesn’t matter if it is one individual or a multinational organization, if there are assets online, they will be targeted. It’s not personal—it’s just business.

McAfee analyzes more malware in a single day than we did the first 20 years in business combined. Today we analyze about 100,000 unique pieces of malware every 24 hours.

Use Cases Key Concepts

• Spear-phishing and spam • Most opportunistic attacks are profit driven

• Distributing malware • Bots have seemingly unlimited bandwidth and computing resources. For example the “Conficker” malware of 2010 infected more than 6.4 million systems across 230 countries with greater aggregate processing power and bandwidth than Amazon and Google combined.

• Disrupting service with DDoS • Attackers have had more than a decade to mature their business model, develop trust networks, and create specialization of skills

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Protect Information

• Protect the Data Center

THreATS Targeted Attacks 2

Targeted attacks have resulted in media censorship, organizations going bankrupt, billions in intellectual property being stolen, and military campaigns that blended kinetic and non-kinetic warfare techniques for tactical advantage.

Perpetrators of targeted attacks are on a mission. Their tactics are highly automated, low, and slow. They leverage everything from application-centric attacks such as SQL Injection and XSS to zero-day operating system, browser exploits, and social engineering. These targeted attacks encompass everything from sabotage to surveillance, but they are often associated with espionage and intelligence gathering.

Targeted attacks get a lot of press—namely due to a series of cyberattacks known as Night Dragon, Stuxnet, Shady Rat, Ten Days of Rain, and Operation High Roller. While not always sophisticated, these targeted attacks are certainly focused, stealthy, and designed for long-term manipulation of their targets. And in many cases, basic spear-phishing and SQL injection act as the attack vectors. In order to adequately defend against targeted attacks you need to look deeper than software and the operating system.

Addressing evolving, targeted attacks requires moving beyond software-only solutions into hardware-assisted security. Today’s solutions need to combine the lower-level capabilities found within silicon with specialized software applications in order to provide detection, prevention, and remediation of stealthy attacks.

Use Cases Key Concepts

• Stealing commercial secrets • Targeted attacks are most often driven by economics or politics

• Stealing government secrets • Behind the attacks are motivated and often well-funded attackers, generally associated with nation-states and or their supporters, their competitors, organized crime, activists, and possibly even terrorists

• Sabotaging critical infrastructure assets

• They seek to maintain stealth and access over long periods of time

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Protect Information

• Protect the Data Center

3 TrendS Virtualization and the Cloud

Virtualization and virtualized machines (VMs) are commonplace. Many companies are even looking at virtualization services delivered via the cloud. The benefits are clear—lower hardware costs, better system administration, reduced power consumption, and greater adherence to green standards. These benefits often overshadow the concerns of security professionals. Fact is, the same considerations that are applied to physical systems need to be applied to virtualized ones while taking into account the operating environment adjustments.

The same can be said of the cloud. While enterprises of all sizes look to cloud computing as a way to increase business agility and drive cost efficiencies, high-profile security vulnerabilities and service failures do occur. Look no further than Google’s App Engine crash and Gmail outages, network device failures shutting thousands out of Salesforce.com’s Software-as-a-Service (SaaS) applications, and similar issues with Apple, Yahoo!, and Amazon.

Virtualized and cloud environments have the same, and in some cases, additional security issues when compared with traditional solutions. Security remains a priority irrespective of deployment architecture.

Use Cases Key Concepts

• Protecting online and offline VMs • VMs are dynamic, easily brought up and down, and frequently moved, making security standardization difficult

• Embracing software as a service • Identify where your data lives, what systems it traverses as part of the service delivery, and where it is stored and archived

• Extending the conventional data center

• Understand how you will monitor network, system, and data assets

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Secure Cloud-Based Communications

• Protect the Data Center

TrendS BYOD, Workplace Mobility, and the Consumerization of IT 4

“Consumer IT will affect every enterprise. Attempts to deny this are doomed to failure, just as previous attempts to deny Wi-Fi, ‘smart’ mobile phones, the Internet, and even the PC itself failed.”

— David Mitchell Smith, Vice President and

Gartner Fellow

As technology continues to advance and becomes more affordable, employees are finding that their personal technology solutions are powerful enough and versatile enough for business use. In many cases, these devices are actually more powerful and less expensive. As a result, the division between IT and consumer electronics devices that employees feel they need to conduct business has become blurred. This has resulted in explosive growth in the use of personal technology—laptops, tablets, and smartphones—for business. But how do you protect assets and intellectual property when employees are connecting personal devices?

Use Cases Key Concepts

• Allowing employee flexibility while minimizing business risks

• Smartphones are application-ready, connected to the cloud, integrated with social networks, owned by the user, and accessing your organization’s network and data.

• Managing mobile device access • Users cite great efficiencies with consumer electronics and the ability to work more readily

• Protecting sensitive data on mobile devices

• Protecting sensitive data now extends to devices that are not owned by the organization

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Secure Mobile Devices

• Enable Consumerization of the Workforce

5 TrendS Protecting Data and Your Data Center

Data is everywhere and takes multiple forms. It’s at rest in your backup. It’s in motion as it travels around your network. And it’s in process in the form of information collected in online purchases or transactions.

When data appears in databases, it’s considered structured. When it resides in file servers, it’s considered unstructured. Data centers—as the name implies—are where most critical data resides and facilitates most data interaction. And as data centers adapt to changes in technology such as virtualization and cloud computing, they require controls for network, endpoint, and data. Only an inclusive approach can truly provide your data and data centers the protection they require.

Regardless of where it is, or what it’s called, data needs to be protected via the following disciplines: discovery, preventative controls, incident detection, incident response, audit, and reporting.

“It’s clear to me that virtualization, mobilization, and cloud computing are transforming the enterprise data center and that information security needs to evolve to support this.”

—Neil MacDonald, VP & Gartner Fellow

Use Cases Key Concepts

• Enhance server productivity in the Data Center

• Whitelisting, blacklisting, and virtualization based security solutions for servers—complete protection while maintaining high server performance

• Manage data center risk holistically • Manage network, server, storage, and database security in a unified environment with McAfee ePolicy Orchestrator® (McAfee ePO™) and get detailed, situational awareness using ESM

• Protect your critical data • Firewall and IPS protect the perimeter of the data center, server, storage, and database security solutions protect the guts of the data center

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Protect Information

• Protect the Data Center

TrendS The Internet of Things— When Technology Proliferates6

“The predictable pathways of information are changing: the physical world itself is becoming a type of information system”

—Michael Chui, Markus Loffler, and Roger Roberts,

The Internet of Things, Business Technology Office,

March 2010

The term the “Internet of Things” refers to the interconnected quality of everyday devices that include a technology component. For instance, things like medical equipment and automobile systems not only serve specific functions, they’re also capable of connecting to like devices via the Internet. This was not necessarily the case just a few short years ago.

While the collection and sharing of data is clearly valuable, it’s something that nonetheless needs to be secured. You don’t necessarily think of a heart rate monitor as something that requires security against a cyberattack, but the reality is that these interconnected devices are potential threat vectors that need to be secured.

Use Cases Key Concepts

• Protecting connected devices • Everything that is connected is a potential target for exploitation

• Securing how devices interact and communicate

• As with other networked devices, network security controls will be required to facilitate confidentiality, integrity, and availability

• Safeguarding the sensitive data these devices may hold

• More connected devices mean more potentially sensitive data that could be gleaned and misused if data security isn’t addressed

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Secure Fixed-Function Devices

• Secure Mobile Devices

7 TrendS Advanced Endpoint Protection —Hardware Assisted Security and Embedded Security

There are more than 3,500 new stealthy rootkits detected everyday. This stealthy malware bypasses traditional application-level security tools and requires technology that goes beyond the operating system to detect, block, and remediate advanced attacks at the silicon level, before the OS loads.

That technology exists today and is already protecting computers from malware and other threats by taking advantage of features built into the processor. It’s called hardware-assisted security and it lives between the memory and the OS to perform real-time memory and CPU monitoring. By operating beyond the operating system, hardware-assisted security offers real-time, kernel-level behavioral monitoring. As a result, you expose and remove unknown threats—everything from kernel-mode rootkits to preempt zero-day malware—sooner rather than later. Well before low-level stealth attacks have a chance to cause any damage or steal data.

Existing environments—industrial and manufacturing systems, for example—pose their own security issues. Particularly as fixed function devices leverage the Internet to communicate with each other. A host of embedded system and device security solutions are required to protect critical processes as well as maintain compliance.

These types of solutions span a wide range of technologies, including application whitelisting, antivirus and anti-malware protection, device management, and encryption. This combination of software technologies protects data at rest and in motion with encryption while making it easy to monitor, manage, and maintain large, globally dispersed deployments of embedded devices.

“As the threat landscape evolves, the need for advanced hardware- enhanced security is critical in protecting against today’s new stealth attacks—a new security technology that goes beyond the operating system to get a new perspective to stop today’s advanced threats in real time.”

—Vimal Solanki, Senior Vice President of

Corporate Strategy at Intel

Use Cases Key Concepts

• Stopping stealth attacks in real time • Preventing stealth techniques and attacks are critical to protecting data and securing PCs

• Utilize hardware features to get outside the OS

• The use of hardware features enables a new perspective on security, beyond the OS

• Meet compliance requirements • Application whitelisting and change control help device manufacturers and their customers ensure devices are compliance-ready

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Protect Information

• Secure Fixed-Function Devices

TrendS Big Security Data8

“What is big data? Just imagine if your whole life you’ve been looking though one eye, and all of a sudden a scientist created a way for you to look out of both eyes. You not only see more, but your whole perspective changes. What if you could open a third eye, or thousands of eyes?”

—Rick Smolan, Photojournalist

Big Data is not only a challenge for customer-facing organizations—but for security teams as well. Over the past decade, the demand for stronger security has driven the collection and analysis of increasingly larger amounts of event and security contextual data. Security Information and Event Management (SIEM) has long been the core tool that security teams have depended on to manage and process this information. However, as security data volume has grown, relational and time-indexed databases that support SIEM are struggling under the event and analytics load. As a result, organizations are limiting data collection, disabling analytic functions and subsequently drastically reducing the value of their SIEM and the strength of their attack detection capabilities. Due to these data management limitations, expensive SIEM deployments have been relegated to basic compliance reporting tool at many organizations.

To detect advanced targeted attacks, realize risk-based security intelligence and eliminate security analyst wild goose chases, it is essential to associate external threat, user, asset, data and other business value context to enrich the enterprise security monitoring process. Gaining these benefits requires a new look at the data management architectures behind SIEM and the overall focus of security monitoring. With a strong security data management architecture and organizational focus, organizations can shrink their time- to-respond, lower their overall risk profile and gain optimal value from SIEM investments.

Use Cases Key Concepts

• Collecting big security data • Because of volume and complexity, managing big security data can at first seem untenable

• Analyzing big security data • The use of automated tools that augment human intuition is necessary for deriving value

• Operationalizing big security data • A successful strategy around big security data results in reduced risk and improved efficiencies

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Manage Risk and Security

• Protect Information

9 prioriTieS SecurIty Alignment as a Business Enabler

A decade ago, thinking about security as a mechanism to impact business operations positively, act as a competitive differentiator, and enable new business initiatives was an academic debate at best. But as threats continue to mature, consumers and organizations are demanding elevated levels of security.

Consumers won’t give up the conveniences that the Internet, mobile devices, and social media offer. But they will consider security when deciding to do business with one organization over another.

How does security enable business?• It positively impacts business operations—you can take

your business online without sacrificing data integrity or confidentiality

• It acts as a competitive differentiator—both employees and customers can use mobile applications and Web 2.0 to interact with your business

• It opens you up to new business initiatives—you keep all your sensitive data, such as customer information, new product releases, merger and acquisition activity, and marketing campaigns from leaking out through careless or malicious acts

Understanding business priorities and aligning security as an integral component is critical to enabling the business.

“Opportunities are seldom labeled.”

—John A. SheddAmerican author and professor

For further reading, go to www.mcafee.com/securityconnected and download the following:

• Secure Mobile Devices

• Securely Enabling Social Media

• Securing Cloud-Based Communications

• Enable Consumerization of the Workforce

prioriTieS Reduce Complexity and Chaos While Achieving Connectedness

10“To be simple is to be great.”

—Ralph Waldo Emerson American essayist and poet

It used to be that you only had to protect stationary computing systems in designated physical locations. Today, you need security that protects a virtual network of people, data, applications, networks, and services. Since these can be anywhere at any given moment, your security needs to equally ubiquitous.

To reach ubiquity, perhaps the greatest enemy is complexity. Bolt-on point solutions might address a particular risk, but they also introduce complexity—and that can make the cure worse than the condition. A more thoughtful approach is required, one that optimizes the security investment resulting in improved risk profile and improved security at a reduced cost.

With security experts pushing organizations to address network security, system security, data security, and compliance as part of a unified strategy, what can organizations do to reduce complexity to the point where this is operationally feasible and not just an academic argument?

The answer is what McAfee calls the Security Connected framework. By centralizing traditionally disparate sources across multiple vendors, leveraging each source to enhance the other, and having commonality across all security countermeasures, complexity is minimized, operational efficiencies are maximized, and risk is reduced. To put it another way, consider an air traffic control system where extremely complicated and disparate information is aggregated and made actionable through a single pane of glass.

For more information, we suggest you read Security Battleground: an Executive Field Manual

• Go to www.mcafee.com/securitybattleground to learn more and to order your copy

Addressing threats, trends, and business priorities requires a connected security strategy that protects the ubiquity of your IT infrastructure. It not only bridges any technology gaps, it addresses today’s evolving business priorities and can positively impact your success in a competitive environment.

You can probably relate to most of the topics we’ve covered here, but there are other very important subjects that have not been addressed. If you would like to discuss these and other related security topics or get more details about the McAfee Security Connected Reference Architecture, please visit www.mcafee.com/securityconnected.

The Security Connected framework from McAfee enables integration of multiple products, services, and partnerships for centralized, efficient, and effective risk mitigation. Built on more than two decades of proven security practices, the Security Connected approach helps organizations of all sizes and segments—across all geographies—improve security postures, optimize security for greater cost effectiveness, and align security strategically with business initiatives. The Security Connected Reference Architecture provides a concrete path from ideas to implementation. Use it to adapt the Security Connected concepts to your unique risks, infrastructure, and business objectives. And know that it’s yet another example of how McAfee is relentlessly focused on finding new ways to keep our customers safe.

Summary

McAfee, the McAfee logo, ePolicy Orchestrator, and ePO are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2012 McAfee, Inc. 46800br_top-10-security_1012_wh

2821 Mission College BoulevardSanta Clara, CA 95054 888 847 8766 www.mcafee.com