Actu
McAfee announced MVISION XDR platform
November 2020 by Marc Jacob
McAfee announced industry-first extended detection and response (XDR) capabilities with the introduction of MVISION XDR platform, a cloud-based advanced threat management solution with complete coverage across the attack lifecycle, prioritization to protect what matters, easy orchestration and efficient response. MVISION XDR improves security operations centers (SOC) effectiveness with quick risk mitigation and delivers total cost of ownership (TCO) for threat response with the inclusion of MVISION Insight’s proactive threat analytics.
SOCs are still maturing and face three key challenges that impact time to resolve: _ 1) Reactive processes and workflows,
2) Alert fatigue and fragmented tools, and
3) Limited staff and expertise. According to recent ESG research, 66 percent of organizations says that detection & response effectiveness is limited due to multiple independent tools. Siloed tools inhibit faster and better security outcomes by requiring security operations to manually correlate data and orchestrate response across the disparate tools. Time to resolve or contain a threat continues to be in months allowing dwell time for the adversary to do more damage. SANS research (2019) notes that only 40 percent of the SOCs have incident response function. The shortage of cybersecurity staff and expertise continues to limit security effectiveness. MVISION XDR removes the complexity of fragmented tools and provides new levels of proactivity, prioritization and orchestration to improve the SOC effectiveness.
MVISION XDR capabilities address the entire attack lifecycle before and after an attack with:
• Organizations can be proactive and act on external threats that matter before the attack. Organizations can prioritize threats, predict if countermeasures will work and prescribe corrective actions.
• Visibility and control of threats across the entire enterprise (endpoint, network and cloud) from a unified view equips analyst of any experience level to speed threat triage with their choice of automatic or AI-guided investigations
• Unique data awareness allows for automatic prioritization of threats based on the risk and the impact to the organization. Incidents are assessed based on user, data classification, device, vulnerability and threat intelligence. A good example is if a threat is targeting sensitive data on a device it will take a higher priority for action.
• Open and cloud-delivered security platform simplifies integration with external threat intelligence, existing SOC tools like ticketing systems and lowers TCO
