Skip to main content
McAfee Enterprise MVISION Cloud

MVISION Cloud Labs

MVISION Cloud CSL and MVISION Cloud Labs

MVISION Cloud Cloud Security Labs (CSL) is a program that delivers new product ideas based on in-house research to accelerate cloud adoption, detect new threats, and find ways to identify and remediate them. These product ideas generated by this research then appears in the MVISION Cloud as features of MVISION Cloud Labs, available via the User Menu > Skyhigh Labs

To enable access to MVISION Cloud Labs on your tenant, contact your MVISION Cloud Account Executive or Sales Representative. You can control access to MVISION Cloud Labs for specific users using RBAC. 

MVISION Cloud CSL focuses on the following areas of research. 

Cloud Threat Intelligence

MVISION Cloud CSL researches activity across its extensive global user base to discover patterns of usage that compromise the security of corporate information. As an example, MVISION Cloud CSL pioneered an innovative approach to behavioral botnet detection by creating an algorithm that uses multi-dimensional probabilistic weighting to percolate domains that display characteristics of a Command and Control server. By using classical signal processing techniques, MVISION Cloud can characterize abnormally programmatic behaviors, providing customers with detailed forensics to pinpoint and remediate exact systems that have been compromised.

Cloud Service Intelligence

MVISION Cloud CSL researches cloud services to provide customers with a comprehensive view of the state of cloud services available in the global market and insight into the risks of each of these cloud services. In addition to continuously identifying and evaluating cloud services in real-time, MVISION Cloud CSL extends the depth of intelligence via integration with Darknet and other sources of cyber-risk intelligence while extending the breadth of risk visibility into the B2B partner ecosystem. In addition, MVISION Cloud CSL also audits over 20,000 cloud services when a major vulnerability, such as Heartbleed, VENOM, FREAK, POODLE, or BASH, is exposed, determines the security implications using advanced data mining and natural language processing, proactively informs customers of cloud service risks, and provides recommendations for remediation.

Cryptography Research and Development

MVISION Cloud CSL works with five leading cryptography academics from Cornell Tech, University of London, Georgia Tech, and the University of California, San Diego, who form the MVISION Cloud Cryptography Advisory Board, to collaborate on cutting-edge research and deploy cryptographic innovations for the cloud security market. Along with the Cryptography Advisory Board, MVISION Cloud CSL has developed and brought to market several important advancements in cloud cryptography such as searchable symmetric encryption, order-preserving encryption, and format-preserving encryption.

MVISION Cloud CSL Public Research

To view the complete list of published reports from MVISION Cloud CSL, go to  

MVISION Cloud Labs

Research from MVISION Cloud CSL has generated the following product ideas in MVISION Cloud Labs. 

Geo Analysis

Data exfiltration to domains and IPs that are not part of MVISION Cloud Registry are displayed in this interactive geographical map. Each destination domain or IP is associated with a country where the data was uploaded, and is represented as a bubble on the chart, where the size of the bubble indicates the amount of data uploaded. On click, it also lists the Top 10 domains/IPs with risk scores (obtained from Zscaler). 

Vendor Analysis

Cyber risk profile the vendors and partners the customer interacts with and risk score them on a scale of 1-10 based on attributes. These less tech-savvy vendors could possibly become a conduit for attack for the enterprise (like Target, Neiman Marcus, or JPMC attacks). The MVISION Cloud offering automatically discovers these partners and vendors, evaluates them against multiple risk attributes, and risk scores them for further insights.

Cyber Risk Query

Identify the employees whose PII, CC, Bank details, and password is leaked and possibly being traded on Darknet. As most users reuse the passwords across multiple domains, this could lead to exposure of company confidential information. MVISION Cloud's Darknet analysis identifies the users whose data is leaked, and IPs that could be participating in a malicious activity such as botnet or spam propagation.

Indirect Traffic

Uses indirect access to capture HTTP/HTTPS access to services through the services used within that tenant.


Audit is used to summarize and visually represent the signatures that have been captured for Salesforce and Concur for each user.

Cloud Access Threats and Exposures (CATE)

Cloud Access Threats and Exposures are used to classify user's access into different categories: Insider Threat, Data Leak, Compromised Accounts, and Noncompliance.

  • Was this article helpful?