It is uncanny how many familiar faces I saw as I roamed the show floor at Interop on Wednesday.
It is my second time at this event as McAfee’s CEO. While traditionally a networking fest, Interop has morphed and now includes software, security and more, so it makes sense for McAfee to be at Interop.
True to Interop’s roots, however, I put emphasis in my keynote on the fact that McAfee secures networks. In fact, network security is one of our core businesses. We recently launched McAfee Total Protection for Network, providing better security that is easier to manage and at a lower cost than traditional security appliance deployments.
Additionally, in the keynote and in the series of media interviews afterwards, I emphasized the need for interoperability. Traditionally security vendors have operated in silos, with products that didn’t work together. We’re pioneering change in this area with ePolicy Orchestrator and our Security Innovation Alliance, linking our products with third party products, addressing the interoperability challenge.
In an on-stage interview after the keynote Mr Rangaswami asked me about the S.P.A.M. Experiment. That’s our reality-show-like project where 50 volunteers across the world have been living their life with an inordinate amount of spam over the past 30 days and blogging about it.
Soon we’ll release an analysis of the spam they received, but we already know that spam and related threats have become more targeted and regionalized than ever.
If you would like to see my keynote presentation, it should will be posted to the Interop and Software 2008 Web sites shortly.
Finally, while I was at Interop, though unrelated to the event, we announced the appointment of a new CFO. Welcome to McAfee Rocky Pimentel!
Dave
|
Posted in CEO Perspectives
|
Our brain is an amazing marvel that provides us the wisdom necessary to navigate the river of life. Until recently though, research around how humans handle risks they encounter was spotty at best. Understanding, and being able to influence, how we react to risks is key to making better decisions in life.
A recent study released in the Journal of Neuroscience, found that the brain has two separate channels for predicting and evaluating errors from risks we take. This finding suggests people incorporate lessons learned from incorrectly measured risks in future decision making. Additionally, the brain appears to be using a complex quantitative risk assessment approach, which is far more sophisticated then earlier high/low classification systems that were originally proposed. Amazing that our brains can quantify risk, but measuring it in InfoSec world is still a work in progress.
Another study in Psychology Today, found that when we sleep our dreams provide a way for our brain to visually rehearse responses to threats in our world. For example, dreaming that you’re being chased by a ravenous bottlenose dolphin at a marine park is a way of practicing escape tactics. This effectively enables us to react to situations in our world without thinking.
This research suggests that taking risks is a complex process for people based on the experiences and stimuli they have been exposed to in their lives. Not all people are equal when it comes to making rational risk decisions. Some may be better than others based on their experiences. The reality of course is that we entrust people with the power to respond to information security risks that face our IT environments. Do we really know whether we have the most effective cerebral cortexes, neurons, synapses, etc. to protect our organizations? Until neuroscience has some answers, you can either invest in a Siemens Trio 3T full-body MRI scanner as part of your security program, or realize that people vary considerably when it comes to effective risk taking. Factoring this into your risk analysis process is critical.
|
Posted in security insights
|
In Las Vegas, green isn’t just the color of money. It’s also an emerging trend in corporate events and conferences in the city.
As part of our ongoing corporate Green Program, McAfee last week announced the results of our efforts to “green” (i.e., reduce the environmental impact of) one of our annual corporate gatherings. By taking a number of steps in travel, materials, catering and other areas, we were able to save energy, water, paper and other natural resources while also reducing our non-air travel carbon emissions by 16%. We also offset 100% of our remaining carbon emissions (1,865 metric tons, 90% of which was the result of air travel) through the purchase of offsets provided by Carbonfund.org in support of a reforestation project in Louisiana. For more specifics on the results, please see our announcement.
In working with all of our partners on this initiative, I wanted to share a few lessons learned for anyone else looking at greening their events:
1. Build Your Efforts in from the Start
By working with the corporate event planners and hotel teams early on, you can build strategies to green the event into the decision-making and procurement processes rather than try to green after most of the significant planning decisions have been made.
2. Look Throughout Your Event
There are a number of interesting ways to minimize your environmental impact throughout your event. Identify the major “buckets” (e.g., travel, guest rooms, meeting rooms, catering, production, materials, etc.), identify where the environmental impacts are and brainstorm ways to minimize the impact of each, remembering the mantra of “reduce, reuse, recycle.” Sometimes even small ideas can help make a difference, such as our decision at a dinner banquet to use the evening’s dessert as centerpieces in the place of cut flowers or other items.
3. Get Participants Engaged
Tell the story of your greening efforts to your participants and ask for their engagement in the program. Right from the first internal communication about our event, we included messages around our greening efforts. We also included tips for how participants can contribute in the main conference handout (printed double-sided on recycled content paper, of course). As a result of these efforts, we learned that 81% of participants were aware of our efforts to green the event, with a similar percentage reporting they took steps on their own to contribute.
4. Ask for Ideas and Feedback
Finally, some of the best ideas and feedback comes from your event participants. In the conference evaluation, we added a few questions to gauge response to our greening initiatives. From this, we have some great ideas for additional steps to take for our future events. We also learned that 87% of participants believe it is important for McAfee to continue making environmental commitments as a company.
Special thanks to our partners in this project: ICF International, MGM MIRAGE and Carbonfund.org.
|
Posted in Corporate Responsibility
|
Many of us here at McAfee are parents with children growing up online. Like you, we want to keep them protected, directing them to the safe neighborhoods of the Internet and helping them to avoid the dark alleys. We understand the challenges of talking to kids, tweens and teens about Internet Safety - everything from cyberbullying to avoiding risky online behavior that might compromise the family’s personal information.
To help you and your family stay safe while online, McAfee has just released a downloadable 10-step Internet Safety Plan eBook. The downloadable plan includes age-appropriate, easy-to-understand Internet safety guidelines for kids, tweens, teens, and “newbies. These tips will be useful to parents, educators, community groups and other influencers who want to teach consumers about Internet safety.
Research informs us, that teens and kids are known to engage in “risky” online behavior. For example, 80% of the young people who use the Internet in the U.S. play on-line games according to research by (eMarketer, September 2006). Savvy malware authors have taken notice and are creating password-stealing Trojans designed to rob young people of their identities. While 51 percent of teens have downloaded music, the search term “digital music” often leads to sites that can populate a computer with spyware, viruses and exploits without the user’s knowledge. In addition, 45 percent of young people said someone they’ve never met has asked them for personal information online.
The McAfee eBook explains how families can work together as a team to set boundaries and create a list of rules to follow. The eBook also includes a section on how to save chat session logs, block users and report intruders. It also provides recommendations for age-appropriate browsers and search engines, among other tips. Finally, an online pledge certificate is available for download to allow families to print, sign and display near the computer to reinforce the mutual obligations necessary for computer safety.
Remember, the more you know, the safer you will be. Check out McAfee’s Security Advice Center for easy-to-read computer and Internet security educational material at www.mcafee.com/advice.
|
Posted in Cyber Attacks, McAfee, Users, consumer
|
Spammers face the music
Monday, March 24th, 2008 at 11:31am by David DeWalt
In a week which saw mass hack attacks and the head of Serious Organised Crime Agency (Soca), Sharon Lemon, warn e-crime now plays a role in nearly every criminal investigation in the UK, I was pleased to see some good news in the global fight against cybercrime.
“Spam king” Robert Soloway, is facing up to 26 years in prison after pleading guilty to mail fraud and tax evasion charges. Soloway spammed tens of millions of e-mail messages to advertise his fraudulent business Newport Internet Marketing corporation (NIM) Web sites, while constantly moving the site which was hosted on at least 50 different domains. He was once considered the eighth-largest spammer in the world.
Elsewhere the Federal Trade Commission charged online advertising company ValueClick’s with using deceptive e-mails to lure consumers to Web sites with promises of free laptops, ipods and gift cards. ValueClick Inc will pay a record $2.9m to settle the case - the largest settlement under the CAN-SPAM act, the anti-spamming legislation.
The message is clear - while there is no silver bullet to stop cybercrime and the bad guys are getting smarter, there are federal law enforcement agents who will investigate these labor intensive cases and there are federal prosecutors who will pursue cyber criminals aggressively.
I was also fascinated to read how cyberspace has become a focus in the government’s efforts to foil terrorist organizations. They are deploying Cold War techniques online to disrupt communication networks of militant organizations.
Cyberspying and online secret agents was a key global trend we’d seen emerge in our latest Virtual Criminology report. In the report, we revealed how there was now a growing threat to national security and that web espionage was becoming increasingly advanced from curiosity probes to well organized operations.
The conclusion? There is a darker side of cyberspace and fighting it is 24/7 global battle, and that it is far from over.
|
Posted in CEO Perspectives, Cyber Attacks, Security Industry
|
Highly trained cyberterrorist groups have already demonstrated the destructive outcome of planned attacks on public infrastructure, most notably in Estonia last year.
The cyber threat to national security is a growing concern and something we highlighted in our annual Virtual Criminology report. Coordinated attacks on national infrastructure take place every day. This calls for an equally persistent, resourceful response from both government and private industry.
This year’s Cyber Storm II in which we are playing an active role in promises to be the nation’s most comprehensive cybersecurity exercise involving 18 Federal agencies, 9 states, 40 private-sector companies, and 4 international partners.
Exercises such as Cyber Storm keep government and private sector experts focused on the issue of national-scale cyberattacks, and engaged in developing new solutions and security initiatives that will elevate our preparedness when faced with the real thing.
The big difference in this year’s exercise is a significant increase in attack complexity. This is something McAfee‘s researchers have seen - cyber threats becoming more sophisticated and more localized. In order to coordinate a response to this new threat, government agencies and industry need to work closer together and build stronger relationships than ever before.
I’ve just finished the wrap up meeting in Washington and on my way home. The findings of this week’s Cyberstorm II should make interesting reading when they are released later this year by the Department of Homeland Security.
|
Posted in Cyber Attacks, Hacking, Security Industry
|
Without question, cyberthreats have evolved significantly. The unfortunate reality is that no one is immune - individuals, businesses, even governments. That’s why CNN’s expose about a group of highly organized Chinese hackers didn’t shock me.
We’ve seen a considerable amount of emerging threats from organized groups of individuals like those profiled in the CNN piece. In our latest Virtual Criminology report, specialists from top institutions like NATO and the FBI concurred with us that there is now a growing cyberthreat to national security.
Web espionage and cyberattacks on government networks have become far more sophisticated in their nature, specifically designed to slip under the radar of security systems. These attacks and cyberspying have become increasingly advanced, moving from curiosity probes to well-funded and well organized operations out for financial, political and technical gain.
The troubling feedback from analysts we spoke to for our annual Virtual Criminology report was that many governments are still unaware of the threats facing them and are not doing enough to protect the high-value information. Last year’s attack on Estonia can only have served as a timely wakeup call.
While we are still a way off from efficient global cooperation on cyberenforcement, many governments are taking the cyberthreat very seriously. Point in case: several nations are collaborating with the US government this week in a series of cybersecurity exercises under the code name “Cyber Storm II”.
|
Posted in CEO Perspectives, Corporate Responsibility, Cyber Attacks, Hacking
|
Leave it to the Air Force Institute of Technology to develop technology that detects patterns in email/web usage that could offer leading indicators of insider security threats.
The technology is called Probabilistic Latent Semantic Indexing (try saying that a couple times fast). It sifts through email and web traffic logs to identify trends in human behaviors that could ultimately lead to malfeasance. For example, an employee who becomes distant with colleagues over email and increases communications with outsiders could be a sign of dissidence. If you’re keeping tabs on this topic, this is an extension of the research MIT is doing around “Reality Mining”.
Researchers will argue they are not concerned with the content of data, but rather data about data (i.e. deltas in creation time, volume, etc.) to draw conclusions. However, this seems a bit flawed with this security guy.
I’m all for finding new ways to find the bad guys especially if good data exists to prove a wrong doing. But, making security predictions based on historical trends of human behavior seems a bit like guess work at best. In my opinion, there is too much inherent variability in human behavior for even the savviest computer and slick algorithms to predict what comes next. If people were truly rational, security would be a heck of a lot easier.
When it comes to preventing insider threats, I believe a basic understanding of human psychology is far more effective than directing machine learning at the problem. People with access to do bad things, combined with a motivating factor and the right opportunity pose a threat to organizations. No arguments there.
While it is difficult to control motives, we certainly can address the access and opportunity sides of the problem. Limiting access, managing data and monitoring usage are critical components to any successful security program, but sadly these are often areas of most neglect. We can’t solve humans, but we can institute pragmatic process and technology to limit them.
Gotta run now and send some emails off… I don’t want some fancy mainframes out there inferring that my lack of email (because I’m writing this blog) is a sign that I’m about to commit a crime.
|
Posted in Cyber Attacks, Email, McAfee
|
Hotels in Cannes don’t just sell out for the Film Festival; all rooms are also booked for a big IT show this week: VMware’s first VMworld Europe.
Today I showed an audience of about 4,500 people at VMworld Europe how VMware and McAfee together will be able to protect virtual environments in ways beyond what is available to protect physical environments today.
Our customers are using more and more virtualization. We’ve devoted a lot of time and energy to provide the best protection possible, for both physical and virtualized environments.
Virtualization represents a disruptive change in how the world uses its computing devices. It has also expanded the possibilities for more comprehensive security for the virtualization platforms and the guest operating systems they host.
With the popularity of virtualization and the rush to reap its benefits, security must not become an afterthought. That is why I am excited about today’s big news: VMware VMsafe. With VMsafe, VMware is building adaptable security interfaces as a fundamental part of its products, allowing partners such as McAfee to offer innovative security solutions.
McAfee is the first security company to publicly demonstrate VMsafe. At VMworld we showed how, with VMsafe, we can block a malicious driver being executed in a virtual machine. We also showed that we can scan and clean offline VMs so they are up-to-date when they’re spun up.
We deliver real and meaningful security for virtualized environments today. Our security risk management solutions are fully compatible with VMware virtualization and help organizations create a safe computing environment, spanning virtualized servers, networks and desktops.
In the future, VMsafe could be used in a range of our products, further enhancing the protection. Just as VMware has provided a fundamental change to how computing resources are used, it will allow security technologies to protect virtual environments in ways beyond those possible for a single monolithic OS. VMsafe is the key to that promise.
Aside from our support for VMsafe, we also announced an OEM (original equipment manufacturer) agreement with VMware to use VMware ESX Server in future products. In addition, we announced beta availability of our new Email and Web Security Virtual Appliance, built from the ground up for the VMware platform, and unveiled a new virtual infrastructure security assessment service.
You can read more about how McAfee secures virtual environments in our news releases and on our virtualization Web site: http://www.mcafee.com/virtualization
Virtually yours,
Christopher
|
Posted in Email, McAfee, Risk Management, Virtualization
|
In a recent speech before the Direct Marketing Association, Eileen Harrington, the Deputy Director of the Federal Trade Commission’s Bureau of Consumer Protection said that the most problematic spam now is tied to criminal conduct.
This statement really resonated with me and confirms what we’ve been seeing for a while now. Spam is now much more than a nuisance that clogs up corporate networks; it is a key weapon used by cyber crooks to target unsuspecting consumers and this makes it a major threat to individuals and businesses alike.
When it comes to managing spam, the mantra has traditionally been just don’t click on it! But the problem now is that cyber crooks are getting smarter. The bad guys are employing sophisticated and more localized social engineering techniques that many people simply don’t realize that the emails they are receiving are spam.
We’re seeing the “quality” of the content both in terms of language and presentation increasing and making it more difficult for unsuspecting users to tell whether it’s legitimate or not. This is a trend our researchers identified in the latest global Sage report.
The bad guys may have gotten smarter, but so have the good guys, and we can beat them. Consumers need to be careful, and businesses need to take a holistic approach to their technology solution.
And while there is no silver bullet to stop cyber crime, I applaud the Federal Trade Commission for highlighting the issue of spam and the steps it is taking in the global fight against cyber crime.
|
Posted in CEO Perspectives, Cyber Attacks, McAfee
|
Previous Posts
