McAfee Skyhigh Labs

Delivering bleeding edge research to combat new threats and accelerate cloud adoption

Cloud Threat Intelligence

McAfee Skyhigh Labs researches activity across its extensive global user base to discover patterns of usage that compromise the security of corporate information. As an example, McAfee Skyhigh Labs pioneered an innovative approach to behavioral botnet detection by creating an algorithm that uses multi-dimensional probabilistic weighting to percolate domains that display characteristics of a Command & Control server. By using classical signal processing techniques McAfee can characterize abnormally programmatic behaviors, providing customers with detailed forensics to pinpoint and remediate exact systems that have been compromised.


Additionally, McAfee Skyhigh Labs developed capabilities to visualize outbound data flows to non-cloud service IPs and domains and analyzes the traffic by characteristics such as IP reputation and geography, enabling companies to identify outbound data flows and prevent data exfiltration. Further, McAfee Skyhigh Labs leverages a user base of over 30 million users to create robust behavioral models to fingerprint each cloud service.

Using these behavioral models in conjunction with additional threat intelligence feeds, McAfee detects abnormal activity with a high-degree of accuracy and proactively alerts customers to activities requiring attention. This enables McAfee to identify emerging malicious cloud activity – for example, those within encrypted traffic patterns, to determine indications of the data theft using massively scaled data science and machine learning.

Cloud Service Intelligence

McAfee Skyhigh Labs researches cloud services to provide customers with a comprehensive view of the state of cloud services available in the global market and insight into the risks of each of these cloud services. In addition to continuously identifying and evaluating cloud services in real-time, McAfee Skyhigh Labs extends the depth of intelligence via integration with Darknet and other sources of cyber-risk intelligence while extending the breadth of risk visibility into the B2B partner ecosystem. In addition, McAfee Skyhigh Labs also audits over 20,000 cloud services when a major vulnerability, such as Cloudbleed, Heartbleed, VENOM, FREAK, POODLE, or BASH, is exposed, determines the security implications using advanced data mining and natural language processing, proactively informs customers of cloud service risks, and provides recommendations for remediation.

Cryptography Research and Development

McAfee Skyhigh Labs works with five leading cryptography academics from Cornell Tech, University of London, Georgia Tech, and University of California, San Diego, who form the Cryptography Advisory Board, to collaborate on cutting edge research and deploy cryptographic innovations for the cloud security market. In conjunction with the Cryptography Advisory Board, McAfee Skyhigh Labs has developed and brought to market several important advancements in cloud cryptography such as searchable symmetric encryption, order-preserving encryption, and format-preserving encryption.

McAfee Skyhigh Labs Public Research

December 7, 2017
How Enterprises Remediate AWS S3 Buckets Exposed to GhostWriter >

November 14, 2017
How to Eliminate your AWS GhostWriter Exposure by Understanding S3 Bucket Permissions >

November 1, 2017
Skyhigh Discovers GhostWriter: MITM Exposure In Cloud Storage Services >

October 5, 2017
Skyhigh Discovers Ingenious New Attack Scheme on O365 System Accounts >

July 20, 2017
Skyhigh Discovers Super Sneaky Brute Force Attack on High-Value O365 Accounts >

March 3, 2017
Cloudbleed Technical Analysis >

February 27, 2017
Cloudbleed: This Time, We Were Ready >

January 12, 2017
The Science of Detecting Insider Threats in the Cloud >

December 22, 2016
How to Detect a Data Exfiltration Threat in a Custom App >

November 28, 2016
Cloud Adoption & Risk Report Q4 2016 >

November 13, 2016
How to Detect Ransomware Attacking your Cloud Data Repositories >

August 23, 2016
CryptXXX Ransomware Delivered via Cloud File Sharing Applications >

July 10, 2016
How Skyhigh Halts Salesforce Compromised Account Threats in their Tracks >

June 6, 2016
Office 365 Adoption & Risk Report Q2 2016 >

May 24, 2016
Skyhigh Detects PWS-Zbot Malware Targeting Financial Account Data >

March 7, 2016
620 Cloud Services Still Vulnerable to DROWN One Week After Disclosure >

February 15, 2016
Skyhigh Exposes a New Dridex Variant Acting in Cloud File Sharing Solution >

January 20, 2016
Cloud Adoption & Risk in Europe Report Q1 2016 >

July 20, 2015
Cloud Adoption & Risk in Financial Services Report Q2 2015 >

July 16, 2015
Only 9.4% of Cloud Providers Are Encrypting Data at Rest >

June 25, 2015
Cloud Adoption & Risk in Healthcare Report Q2 2015 >

June 3, 2015
Cloud Adoption & Risk in Government Report Q1 2015 >

May 27, 2015
Cryptographic Parlor Tricks for Passwords: An Introduction to Honey Encryption >

May 20, 2015
LogJam Exposed: 575 Cloud Services Potentially Vulnerable to Man-in-the Middle Attacks >

May 15, 2015
CloudTrust Members and Skyhigh Immune to VENOM Vulnerability >

March 16, 2015
New Research from Renowned Cryptographer Kenny Paterson Foreshadows the Inevitable Demise of RC4 >

March 11, 2015
FREAK Update >

March 5, 2015
24 hours after FREAK, 766 Cloud Providers Still Vulnerable >

October 24, 2014
POODLE Update – Latest Data Alarms Experts >

October 23, 2014
In Plain Sight: How Hackers Exfiltrate Corporate Data Using Video >

October 15, 2014
POODLE – How bad is its bite? (Here’s the data) >

September 26, 2014
Was the Cloud ShellShocked? >

September 15, 2014
Dyre Straits: Millions of Cloud Users Vulnerable to New Trojan >

May 9, 2014
1 Month After Heartbleed: Assessing the Damage and Lessons Learned >

April 16, 2014
90% of Impacted Cloud Providers Still Haven’t Updated Certificates 1 Week After Heartbleed >

April 15, 2014
6 Days After Heartbleed, 86 Cloud Providers Still Vulnerable >

April 9, 2014
24 Hours After Heartbleed, 368 Cloud Providers Still Vulnerable >

March 18, 2014
100,000 Tweets in One Day >

September 20, 2013
Watering Hole Attacks: Protecting Yourself from the Latest Craze in Cyber Attacks >