McAfee’s new expansion combines AI learning techniques with human analysis
McAfee has released a substantial expansion to its XDR platform aimed at proactively stopping targeted attacks.
The device to cloud cybersecurity company announced the expansion of its MVISION extended detection and response (XDR) solution by correlating with its endpoint security solution, Secure Access Service Edge, and its threat intelligence solution powered by MVISION Insights.
These integrations protect organisations against threats while making security operations from device to cloud easier. They combine machine learning techniques with human analysis across complex threat campaigns using AI-guided investigations.
McAfee says the timing is pivotal, as security operation centres (SOC) are dealing with increasingly sophisticated threat actors targeting remote employees and cloud services, using more evasive techniques across expanding digital attack surfaces. It says this makes threats harder to spot with traditional security controls.
The Enterprise Strategy Group found in a recent survey of IT security professionals, that the cloud poses the biggest gap for most organisations' threat detection and response capabilities. According to Ernst - Young, about 6 in 10 companies have faced a material or significant incident in the past twelve months, although only 26% of companies say their SOC identified their most significant breach.
“SOC processes involve siloed monitoring and detection tools that generate an overwhelming volume of security alerts which often require manual effort to sort through, and force analysts to take a reactive posture,” says McAfee Enterprise chief product officer, Shishir Singh.
“AI Guided Investigations serve as the catalyst allowing analysts to more effortlessly orchestrate smart and efficient workflows. MVISION XDR delivers end-to-end threat visibility across all attack surfaces, greater context, and situational awareness using automation to streamline operations, so organisations can pre-empt an attack rather than scramble to contain a breach.
McAfee's MVISION XDR capabilities include:
- Advanced threat detection: This automatically correlates attack telemetry from multiple data sources including endpoint detection and response, cloud access security broker, data loss prevention, a secure web gateway, and joins with active threat campaigns to reveal the full picture of an attackers work across the entire attack lifecycle.
- Automated threat management tasks: By combining the latest machine learning techniques with human analysis, MVISION XDR simplifies analyst workflows across threat campaigns with AI-guided investigations and MITRE ATT-CK mapping to accelerate investigation.
- Proactive threat hunting and optimised response: The integration of MVISION Insights with MVISION Cloud Security Advisor delivers actionable intelligence to security teams through correlated security posture scoring across all vectors.
“MVISION XDR is designed with the SOC experience in mind,” says IDC research director, Chris Kissel.
“Threat detection doesn't happen in a vacuum. Without weaving together forensic data from endpoint and non-endpoint sources to paint the bigger picture kill chain, it's incredibly difficult to see attackers traversing your environment and answer the investigative questions that matter to SOC teams.
He says XDR is the next logical step from EDR, and that McAfee's XDR has the potential to achieve what security analytic tools have largely been unable to offer by natively integrating more types of telemetry with threat intel into a single user experience for detection and response.