News from Black Hat: Humans Collaborate and Team with Machines to Work Smarter

Work smarter, not harder. I’ve always liked that mantra (I told my mom I wasn’t procrastinating: I was planning!), and this approach is especially needed in security operations. Today at Black Hat, McAfee announced a wealth of ways we are helping analysts and administrators get more value out of their investments, both in technology and in operating approaches.

“Human-machine teaming” is the core concept. It represents a responsible place in the continuum between fully automated and fully manual processes. In truth, there are no totally automated or totally manual processes. The most fully automated example is a countermeasure permitted to make decisions without a human in the loop. We allow this action after people have defined the scope and impact of the system’s decisions, and we have confidence that machines can implement these steps reliably and consistently. I think of this as empowered automation.

The best “fully manual” examples might be threat hunters and security architects, who use tools to facilitate free-form processes and enrich decisions informed by experience. These experts use machines surgically and thoughtfully, driving the right applications of automation while respecting the unique contribution and value of the individuals.

In the threat hunter report released today, “Disrupting Disruptors” we found that the most advanced organizations use a balance of manual and automated processes, and are twice as likely to automate investigation processes as less mature organizations. This is human-machine teaming in action.

McAfee product innovations are helping organizations move up the maturity curve with more machine learning, automated analytics, and better information access and visualizations for the humans who need to make decisions. Through OpenDXL.com and new industry partnerships, we’ve also improved the options for humans to work together, ensuring the most creative and effective uses of machines in the cybersecurity fight.

Highlights:

Enhanced Machine Learning Malware Detection: The newly released McAfee Advanced Threat Defense (ATD) 0 introduces an innovative deep learning technique to enhance malware analysis, resulting in an expanded ability to identify malicious markers that may be hidden, or not fully executed.
Expanded, Closed-Loop Detection-to-Protection for Email: McAfee ATD Email Connector now enables email security gateways to forward suspicious attachments to McAfee ATD for analysis, preventing malware from spreading on internal networks.
Integrated Cloud Threat Detection: New integration between McAfee Cloud Threat Detection (CTD) and McAfee Threat Intelligence Exchange (TIE) enables McAfee Endpoint Security (ENS) to easily forward suspicious samples to a cloud sandbox for in-depth analysis.
Accurate Insight into Exposure and Risk, including Office 365: McAfee Enterprise Security Manager 10.1, our updated SIEM solution, now improves risk assessment by factoring in active, relevant countermeasures and priority guidance, providing a more accurate understanding of exposure and potential impact. The new Asset Threat Risk Content Pack 2.0 feature delivers security configuration, compliance posture and patch assessment in a single view. Easy incorporation of Microsoft Office 365 actions and events enables monitoring and analysis of user activity within cloud services.
Rapid SOC Use Case Deployment: The new McAfee Connect content portal simplifies access to freely available, simple to deploy use cases and solution integrations for use with McAfee Enterprise Security Manager. Through the portal, McAfee customers can find tools to activate monitoring, detection and incident management tasks, including user behavior analysis and detection of malware exploits and reconnaissance.
Simplified, faster, estate-wide Data Loss Prevention: McAfee Data Loss Prevention (DLP) Endpoint, DLP Prevent, DLP Discover and DLP Monitor are now fully unified. Unified policy management builds upon a common classification engine, dictionaries, regex engine and syntax. Streamlined incident and case management speeds investigation and remediation of risk or suspicious user behavior and common file, email, web traffic and database analysis across endpoint and network DLP ensures consistent enforcement of corporate data usage policies.
New, independent open source community, OpenDXL.com: A forum, app marketplace, and new utilities and developer resources encourage enterprises, developers, and integrators to take advantage of the speed and simplicity of OpenDXL integrations and the Data Exchange Layer (DXL) communication fabric.
14 New Security Innovation Alliance partners: McAfee is proud to welcome more of today’s and tomorrow’s industry leaders to our partnership program, including representatives of the network, monitoring, analytics, and orchestration markets.