SASE-enriched threat protection

Issue 3 2021 Information Security

McAfee has announced a significant expansion of its MVISION Extended Detection and Response (XDR) solution by correlating the extensive telemetry of McAfee’s endpoint security solution, Secure Access Service Edge (SASE) solution and threat intelligence solution powered by MVISION Insights. These integrations protect organisations against the most advanced threats while simplifying security operations with unified control and visibility from device to cloud.

This timing is pivotal, as security operation centres (SOCs) are dealing with increasingly sophisticated threat actors targeting remote employees and cloud services using more evasive techniques across expanding digital attack surfaces – making adversaries harder to spot with traditional security controls. A recent survey of IT security professionals by The Enterprise Strategy Group found that the cloud poses the biggest gap for most organisations’ threat detection and response capabilities. Unsurprisingly, according to Ernst & Young, about six in 10 companies have faced a material or significant incident in the past 12 months, however, only 26% of companies say their SOC identified their most significant breach.

McAfee MVISION XDR is the first proactive, data-aware and open XDR platform designed to help organisations stop these sophisticated, multi-vector attacks with unified threat detection and response that connects and fuses disparate endpoint, network and cloud data sources. XDR incidents are enriched with actionable threat insights from McAfee's SASE solution, which detects cloud threats that occur within web and SaaS environments. It improves situational awareness, drives better and faster decisions and elevates the SOC to a new level of efficiency and effectiveness.

“SOC processes involve siloed monitoring and detection tools that generate an overwhelming volume of security alerts that often require manual effort to sort through and force analysts to take a reactive posture,” said Shishir Singh, chief product officer of McAfee’s enterprise business. “AI Guided Investigations serves as the catalyst allowing analysts to more effortlessly orchestrate smart and efficient workflows. MVISION XDR delivers end-to-end threat visibility across all attack surfaces, greater context and situational awareness using automation to streamline operations so organisations can pre-empt an attack rather than scramble to contain a breach.”

MVISION XDR capabilities

Advanced threat detection: Automatically correlates attack telemetry from multiple data sources including endpoint detection and response (EDR), cloud access security broker (CASB), data loss prevention (DLP) and secure web gateway (SWG) and fuses with active threat campaigns to reveal the full picture of an adversary’s work across the entire attack lifecycle.

Automated threat management tasks: By combining the latest machine learning techniques with human analysis, MVISION XDR simplifies analyst workflows across complex threat campaigns with AI-guided investigations and MITRE ATT&CK; mapping to accelerate investigation and move more rapidly to resolution.

Proactive threat hunting and optimised response: The integration of MVISION Insights with MVISION Cloud Security Advisor delivers actionable intelligence to security teams through correlated security posture scoring across all vectors – from endpoints to the cloud – that helps them strengthen security hygiene and advance investigations and analysis with critical context on threat groups.

“Threat detection doesn’t happen in a vacuum. Without weaving together forensic data from endpoint and non-endpoint sources to paint the bigger picture kill chain, it’s incredibly difficult to see attackers traversing your environment and answer the investigative questions that matter to SOC teams,” said Chris Kissel, research director, IDC. “XDR is the next logical step from EDR. McAfee’s XDR has significant potential to achieve what security analytics tools have largely been unable to offer by natively integrating more types of telemetry with threat intel into a single user experience for detection and response.”

Find out more at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Create order from chaos
Information Security
The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyberthreats are growing in complexity and frequency, demanding sophisticated solutions that not only detect, but also prevent, malicious activities effectively.

Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

iOCO collaboration protection secures Office 365
Information Security Infrastructure
The cloud, in general, and Office 365, in particular, have played a significant role in enabling collaboration, but it has also created a security headache as organisations store valuable information on the platform.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.