SASE-enriched threat protection

Issue 3 2021 Cyber Security

McAfee has announced a significant expansion of its MVISION Extended Detection and Response (XDR) solution by correlating the extensive telemetry of McAfee’s endpoint security solution, Secure Access Service Edge (SASE) solution and threat intelligence solution powered by MVISION Insights. These integrations protect organisations against the most advanced threats while simplifying security operations with unified control and visibility from device to cloud.

This timing is pivotal, as security operation centres (SOCs) are dealing with increasingly sophisticated threat actors targeting remote employees and cloud services using more evasive techniques across expanding digital attack surfaces – making adversaries harder to spot with traditional security controls. A recent survey of IT security professionals by The Enterprise Strategy Group found that the cloud poses the biggest gap for most organisations’ threat detection and response capabilities. Unsurprisingly, according to Ernst & Young, about six in 10 companies have faced a material or significant incident in the past 12 months, however, only 26% of companies say their SOC identified their most significant breach.

McAfee MVISION XDR is the first proactive, data-aware and open XDR platform designed to help organisations stop these sophisticated, multi-vector attacks with unified threat detection and response that connects and fuses disparate endpoint, network and cloud data sources. XDR incidents are enriched with actionable threat insights from McAfee's SASE solution, which detects cloud threats that occur within web and SaaS environments. It improves situational awareness, drives better and faster decisions and elevates the SOC to a new level of efficiency and effectiveness.

“SOC processes involve siloed monitoring and detection tools that generate an overwhelming volume of security alerts that often require manual effort to sort through and force analysts to take a reactive posture,” said Shishir Singh, chief product officer of McAfee’s enterprise business. “AI Guided Investigations serves as the catalyst allowing analysts to more effortlessly orchestrate smart and efficient workflows. MVISION XDR delivers end-to-end threat visibility across all attack surfaces, greater context and situational awareness using automation to streamline operations so organisations can pre-empt an attack rather than scramble to contain a breach.”

MVISION XDR capabilities

Advanced threat detection: Automatically correlates attack telemetry from multiple data sources including endpoint detection and response (EDR), cloud access security broker (CASB), data loss prevention (DLP) and secure web gateway (SWG) and fuses with active threat campaigns to reveal the full picture of an adversary’s work across the entire attack lifecycle.

Automated threat management tasks: By combining the latest machine learning techniques with human analysis, MVISION XDR simplifies analyst workflows across complex threat campaigns with AI-guided investigations and MITRE ATT&CK; mapping to accelerate investigation and move more rapidly to resolution.

Proactive threat hunting and optimised response: The integration of MVISION Insights with MVISION Cloud Security Advisor delivers actionable intelligence to security teams through correlated security posture scoring across all vectors – from endpoints to the cloud – that helps them strengthen security hygiene and advance investigations and analysis with critical context on threat groups.

“Threat detection doesn’t happen in a vacuum. Without weaving together forensic data from endpoint and non-endpoint sources to paint the bigger picture kill chain, it’s incredibly difficult to see attackers traversing your environment and answer the investigative questions that matter to SOC teams,” said Chris Kissel, research director, IDC. “XDR is the next logical step from EDR. McAfee’s XDR has significant potential to achieve what security analytics tools have largely been unable to offer by natively integrating more types of telemetry with threat intel into a single user experience for detection and response.”

Find out more at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Dahua’s cybersecurity approach
CCTV Handbook 2021, Dahua Technology South Africa , Cyber Security
The world is getting smarter and everything is going to have an online ID and then connect into a vast network of IoT devices, like a laptop computer, a mobile phone, a connected thermostat and more.

Dahua Technology’s cybersecurity approach
Issue 3 2021, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring, Cyber Security
With a mindset that emphasises cybersecurity and all the resources it can allocate to establish, carry out and strengthen its cybersecurity approach, Dahua plans to stay positive, open, responsible and constantly improving its cybersecurity.

Active Adversary Playbook 2021
Issue 3 2021 , Cyber Security
Sophos has released its Active Adversary Playbook 2021, detailing cyber-attacker behaviours and the tools, techniques and procedures Sophos’ frontline threat hunters and incident responders saw in the wild.

Passwords are 60, time for them to go
Issue 3 2021 , Access Control & Identity Management, Cyber Security
It has been 60 years since passwords were first used at MIT and if the number of breaches in the news are anything to go by, we are no more adept at managing our passwords than we were in 1961.

Top 10 security misperceptions
Issue 3 2021 , Cyber Security, Security Services & Risk Management
The Sophos Rapid Response team has compiled a list of the most commonly held security misperceptions they’ve encountered in the last 12 months while neutralising and investigating cyberattacks in a wide range of organisations.

Surveillance business models are changing
CCTV Handbook 2021, Technews Publishing, Eagle Eye Networks, Bosch Building Technologies, Dahua Technology South Africa, Genetec , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, IT infrastructure
The CCTV Handbook round table highlighted the changes that are happening in the surveillance and security world in general, from cloud to costing models and of course, cybersecurity.

Building walls is not enough
Issue 3 2021, Vox , Cyber Security
Cybersecurity: businesses are still building walls to defend against nuclear attacks.

VMware releases 2021 Global Security Insights Report
Issue 3 2021 , Cyber Security
VMware releases 2021 Global Security Insights Report detailing the surge in cyberattacks targeting the ‘anywhere’ workforce, highlighting opportunity for security leaders to rethink and transform cybersecurity strategies.

Awareness training is key to e-mail security
Issue 3 2021 , Cyber Security
Awareness training should be actively deployed to complement organisations’ efforts to secure their e-mail systems, because hackers are increasingly targeting people as security technologies become more effective.

Mobile authentication is key to negating cybercrime in East Africa
Issue 3 2021 , Cyber Security
The rapid pace of digital transformation in East Africa has had a significant impact on not only how people live their lives, but also on how communication and commerce are conducted.