In the Crossfire: Critical Infrastructure in the Age of Cyber War

Six hundred IT and security executives from critical infrastructure enterprises across seven sectors in 14
countries all over the world anonymously answered an extensive series of detailed questions about their practices, attitudes and policies on security-the impact of regulation, their relationship with government, specific security measures employed on their
networks, and the kinds of attacks they face.

Report: Mapping the Malweb – Which countries are safer to surf; which ones are avoidable

Here is a typical scenario. You hear about a free file-sharing program that will allow you to download copyrighted music for free, or a file that contains cheat codes for your favorite game. You search for the file, select a website that offers it, and begin downloading. What is the chance that the site you select will host some form of malware?

If the file comes from a site that ends in .KR (South Korea)-the chance that the site is risky is 2.8%. If you choose a site that ends in .RO (Romania)-the chance is 21.0%, an increase of 748.0%. One out of five Romanian-registered websites with downloadable files contains some form of potentially unwanted software.

This third annual report from McAfee contains some dramatic reversals with formerly risky domains significantly improving and others becoming "no surfing" zones. But the overall travel advisory for web travelers remains "use the web widely, but use it wisely."

Solution Brief: User Behavior Analysis – Find out who’s doing what and from where on your network

If your company is like most, there are real business needs and compliance requirements compelling you to continuously monitor and verify:

- Who is accessing critical business systems?
- What are these users doing?
- Where on the network are they doing it?

This lack of visibility and its corresponding lack of decision support send IT and security teams scrambling whenever threats impact the business. Such lack of visibility also frequently leads to audit findings regarding:

- Gaps in continuously proving the verification of third-party access
- Gaps in continuous monitoring of boundary conditions such as segregation of duties and international privacy laws
- Gaps in monitoring privileged user access

Learn how McAfee Network User Behavior Monitoring (Network UBA) (Securify) provides automated, identity-based monitoring to keep you in compliance and in control.

Virtual Criminology Report 2009

War is not a term to be tossed around lightly. That is why the growing debate

Over cyber war has caught our attention.

The annual McAfee Virtual Criminology Report has traditionally focused on the methods, targets and behavior of cyber criminals but also developing increasingly Sophisticated cyber attack techniques. We decided to revisit the possibility of war in cyberspace in this year's report.
Experts disagree about the use of the term "cyber war," and our goal at McAfee is not to create hype or stoke unwarranted fear. But our research has shown that while there may be debate over the definition of cyber war, there is little disagreement that there are increasing numbers of cyber attacks. If cyberspace becomes the next battleground, what are the implications for the global economy and vital?

McAfee commissioned Good Harbor Consulting to research and write this report. The report was prepared by Paul B. Kurtz, a recognized cyber security expert who served in senior positions on the White House's National Security and Homeland Security Councils.

McAfee Threats Report: Third Quarter 2009

This continues to be a fascinating year for online threats, malware of all types, and cybercrime in particular. In this quarter's McAfee Threats Report we will discuss new findings, look at continuing trends, and unearth a few surprises.

The following are the higlights of this Whitepaper:

- Spam
- Web Threats
- Cybercrime
- Malware

Comprehensive Approach to Solving PCI

Compliance is hard: Industry regulations and control frameworks drive corporate policies, which are in turn putting the squeeze on resources to address procedures, technology, and people issues which impact these policies. PCI DSS in particular specifies 12 categories, covering requirements from process to policy to procedure to technology.

Non compliance is harder. These penalties eat into your bottom line in more ways than one. PCI DSS can not only impose a fine for non-compliance, but card issuers can increase transaction fees to merchants based on a failed audit.Consider that average transaction fees range from 2 to 9 percent, with high-risk merchants being charged on the higher end of this spectrum.This is not good for business.

This whitepaper covers essential guidelines for compliance with Payment Card Industry Data Security Standard (PCI DSS)

Report: Tolly Group Review: Total Protection for Virtualization

McAfee, Inc. commissioned The Tolly Group to evaluate the effectiveness of McAfee Total Protection (ToPS) for Virtualization, Tolly engineers built virtual server environments using both VMware ESX server version 3.5 and Microsoft Hyper-V. In these environments they deployed virtual instance of Microsoft Windows Server 2003 and Windows Server 2008. Engineers then exercised an extensive set of functions to illustrate that McAfee could provide extensive management and protection of virtual server environments in both online and offline states.

This report highlights the following:

• ToPS delivers operational efficiencies with a single management platform for both physical and virtual environments.
• Increases the server reliability by automatically and transparently scanning , cleaning malware and updating security
• ToPS Delivers cost-effective licensing model "per physical server"

Safely Unlock the Potential of Virtualization

Enterprises are rapidly adopting virtualization technologies. However, the design elements that make virtualization attractive can introduce risks and increase exposure to threats. If virtualization is implemented without following best practices for security, the resultant security incidents increase costs and reduce business agility. As threats increase in number and complexity, security management costs also escalate, as more and more IT resources are spent fighting them.

This paper describes what can happen when organizations fail to secure their virtual environments and how companies have implemented best practices to prevent catastrophic security failures.

Next-Generation Secure Web Gateway-Trends And Requirements

Next-Generation Secure Web Gateway-Trends And Requirements

Security is Too Important to Leave to Your Network Provider

Security is Too Important to Leave to Your Network Provider