Among the most persistent challenges facing cybersecurity analysts is the sheer volume of alerts generated within a security operations center (SOC). False positives drain critical resources, distract key personnel, and drive fatigue across cybersecurity teams. Tools like endpoint detection and response (EDR) can dramatically cut down background noise, enabling even junior analysts to quickly make initial determinations and respond to potential cybersecurity threats.
For our customers using McAfee cybersecurity solutions, ECS relies on MVISION EDR to detect, investigate, and respond to suspicious activity targeting endpoint systems. MVISION EDR automatically aggregates critical data from the host and presents that information for security analysts to ingest. ECS uses McAfee as a key component of our endpoint security solution for the U.S. Army—protecting up to 1.4 million endpoints as a part of the Army Endpoint Security System (AESS)—as well as on a number of critical projects for large enterprises across the federal government, defense, and the commercial marketplace.
Early endpoint solutions took a signature-based approach, which could only detect threats that were already known and out in the world. MVISION rolls up the heuristic- and AI/ML-based approaches of more advanced EDR tools into one package, providing a better baseline of defense against cyber threats and post-exploitation activities. MVISION provides information such as MITRE ATT&CK mapping and threat-actor profiles, which helps us understand how an organization was targeted, pinpoint other potential areas of attack, and better prepare for future threats.
MVISION has strong integration capabilities with third-party providers via the McAfee Security Innovation Alliance, including with critical EDR components such as security orchestration automation and response (SOAR) tools and threat intelligence platforms. MVISION supports these integrations seamlessly. ECS’ cybersecurity analysts curate and constantly update the most timely, relevant, and actionable threat indicators within these platforms, further strengthening our back-end data lake analytic capabilities while enhancing our ability to proactively secure an organization’s entire environment.
Threat indicators augmented
into our platform
But tools are only as useful as the experts who wield them. ECS’ cybersecurity analysts work hand-in-hand with our ARC Intelligence Team to monitor the digital landscape, track potential malicious activity, and uncover the latest tactics, techniques, and procedures of threat actors. By bolstering MVISION’s capabilities with ECS’ extensive knowledge base and experience, we drive faster, stronger, and more comprehensive threat awareness. Particularly when it comes to the low and slow activity of more sophisticated adversaries, this synergistic approach is critical for detecting, analyzing, and quickly responding to cybersecurity events.