McAfee Prepares for Independence from Intel with Product Announcements and New Branding
Following recent product annoucements from Sophos and Symantec, Intel Security is the latest of the 1st generation endpoint security firms to transition to next gen status with the announcement of machine learning malware detection. With Intel Security, however, a raft of additional product releases makes it clear that 'McAfee' is being set up for its transition back to an independent company under the McAfee name with new branding via new 'McAfee by Intel" logo.
Intel Security's Wednesday announcement includes no less than 10 new product releases that feature organically developed capabilities. Noticeably, these include a high number of current advanced buzz-word approaches to security: machine learning; integration, automation and orchestration; CASB; threat intelligence sharing; and APT and zero-day threat prevention.
The McAfee name has had a ping-pong history but demonstrates remarkable resilience. It started life in 1987 as McAfee Associates, named after its founder John McAfee. In 1992 it merged with other companies to become Network Associates. It 2004 it restructured and became known as McAfee again. In 2010 it was bought by Intel and became first McAfee Security and then, in 2014, Intel Security. On September 7, 2016, Christopher Young, SVP and general manager of Intel Security, announced: "we are creating a new corporate entity, to be named McAfee."
The new announcements are clearly timed with the new emerging McAfee. Intel hasn't put it so bluntly, but Young told SecurityWeek, "The enhanced integrated architecture announced today delivers on the strategy we outlined at last year's FOCUS to simplify the threat defense lifecycle and innovate. Delivering on our strategy will continue to guide us as we transition to a new independent McAfee. These new offerings are the foundation for our future and will continue to be built upon as we move forward."
The new products combine to provide Intel Security's unified defense architecture, enabled by four key integrated systems. These are Dynamic Endpoint; Pervasive Data Protection; Data Center and Cloud Defense; and Intelligent Security Operations.
The Dynamic Endpoint includes infection isolation by monitoring and intercepting post-malicious process actions; and machine learning analysis able to detect zero-day malware "in near real-time". Integration of the endpoint and the web gateway "prevents over 97% of zero-day malware before reaching the endpoint"; and 'real-time advanced threat protection' allows admins to access threat context in real-time during investigations.
Intel Security's Pervasive Data Protection extends security outside of the traditional perimeter to enable cloud-driven business. The approach taken is to unify SaaS, CASB, DLP and encryption to offer what McAfee calls "the industry's broadest solution across endpoints, networks and cloud-based services all centrally managed." The Cloud Application Governance application "features Cloud Access Security Broker (CASB) technology", and is currently available as a beta. How well this will measure against Gartner's four pillars of a CASB (visibility, threat protection, compliance and data security) remains to be seen.
The integrated Data Center and Cloud Defense system comprises Cloud Workload Discovery; threat intelligence sharing and unification; and integration and orchestration. The first provides deep visibility across public and private clouds. The second shares threat detection intelligence across the data center to allow corrective actions. The third enables "orchestration of security efficiently and more easily."
The Intelligent Security Operations system comprises abilities for malware detection; improved visibility and investigation; and incident response services. The intention, says Intel Security, is together with the other services to provide "a closed loop threat defense lifecycle framework that makes it easy to integrate, monitor and orchestrate security solutions."
The final part of Intel Security's announcement is the beta release of an SDK for the McAfee Data Exchange Layer (DXL). McAfee itself has a long association with open source software, and has now declared its intention to open source DXL with a new OpenDXL initiative. DXL is McAfee's connection fabric provid8ing a secure, real-time method of uniting data and actions across multiple applications from multiple vendors, as well as internally developed applications.
In a separate blog post, Barbara Kay, Intel Security's senior director of strategic marketing, explained, "The SDK enables a unified model for integrating software vendors' best ideas with in-house developed and legacy systems to turn an unwieldy, unsustainable set of tools and data sets into a system that functions in real time and is easier to build, test, and maintain consistently. It reduces the error, disruption, and change that create vulnerability up front and over the business' life."