The Schwartz Report

Blog archive

McAfee Emphasizes Threat Intelligence with Spinoff from Intel Now Complete

McAfee is once again a freestanding provider of security software, following last week's completion of its divestiture from Intel, which was announced last fall. Private equity firm TPG acquired a majority 51 percent stake in the McAfee spinoff for $3.1 billion, though Intel has a strong vested interest in McAfee retaining 49 percent ownership. Now free from Intel's control, the new McAfee is no longer beholden to the interest of the chip provider, giving it a freer hand to compete with the likes of IBM, Symantec, Sophos and Trend Micro, among others.

Chris Young, who ran Intel Security, is now McAfee's CEO. While TPG has suggested further acquisitions are likely and said in its strategy statement that it intends to "build and create one of the largest, independent, pure-play cybersecurity companies in the industry." As many have noted, Intel's $7.7 billion acquisition of McAfee back in 2011 didn't live up to its promise. Now McAfee hopes to gain ground in a much different IT security landscape.

Nevertheless, McAfee has a formidable and wide range of cybersecurity offerings including its flagship endpoint security software, intrusion detection and prevention tools, its Enterprise Security Manager SIEM offering and e-mail security, Web security and vulnerability scanning tools. While it exited the next generation firewall (NGFW) business, ePolicy Orchestrator had become an "anchor" platform for Intel Security, and now McAfee, according to ESG Senior Principal Analyst Jon Olstik, in a Network World blog post. Olstik, who has followed McAfee for decades since it was known as Network Associates, said McAfee's challenge is to regain its leadership in endpoint security, become less product focused, emphasize the C-suite and focus on cloud security, an area the company hasn't adequately addressed.

One area McAfee has invested in heavily is threat intelligence with ePolicy Orchestrator tied to its Threat Intelligence Exchange (TIE), whose wide gamut of partners supports its Data Exchange Layer (DXL), which the company recently made available as open source in the hopes to extend adoption.

In the first McAfee Labs Threat Report following the spinoff, the company identified five critical challenges to handling threat intelligence: volume, validation, quality, speed and correlation. The 49-page report is available for download, though here's an edited synopsis of the five threats McAfee Labs believes the industry must address:

  • Volume: The Internet of Things has led to the deployment of millions of security sensors creating high volumes of data fed into threat intelligence tools, which include streaming analytics and machine-learning software that process and analyze the data. While these tools have improved the level of internal threat detection, it has created a yet unsolved massive signal-to-noise problem. Vendors are tackling this in various ways, such as building access monitors that scan sensitive data, sophisticated sandboxes and traps that can resolve contextual clues about a potential attack or suspicious event.
  • Validation: Given the ability for threat actors to issue false threat reports designed to mislead or overwhelm threat intelligence systems, it's essential to validate the sources of shared threat intelligence.
  • Quality: Vendors need to rearchitect security sensors to capture and communicate richer trace data to help decision support systems identify key structural elements of a persistent attack. Filters, tags and deduplication are critical. McAfee is among six founding members of the new Cyber Threat Alliance (CTA), launched in February during the RSA Conference, that is looking to address the quality issue. Joined by Check Point, Cisco, Fortinet, Palo Alto Networks and Symantec, the CTA will automatically score the quality of threat intelligence data, but can only gather information if they are supplied quality input.
  • Speed: The latency between a threat detection and the reception of critical intelligence remains an issue. Open and standardized communication protocols, optimized for sharing threat intelligence are essential for successful threat intelligence operations. Advanced persistent threats and sophisticated, targeted campaigns often target multiple organizations in specific vertical industries, meaning communications among an intermediary or exchange must occur within hours of the first indication of an attack.
  • Correlation: As threat intelligence is received, correlating the information -- while looking for patterns and key data points relevant to the organization -- is critical. Vendors must find improved ways to share threat intelligence among different products and improve methods to automatically identify relationships between the intelligence collected and ultimately to employ machine assistance to simplify triage.

While the report points to an industry call to action, it gives a synopsis of McAfee's priorities regarding threat intelligence, an emphasis kicked off back in 2014 with the launch of its DXL threat exchange. Olstik noted the DXL platform is effectively security middleware. The TIE includes products from dozens of exchange members who offer network management, application and database security, incident response, forensics, endpoint and mobile device management platforms, authentication, encryption, data loss prevention and cloud security.

Posted by Jeffrey Schwartz on 04/14/2017 at 11:42 AM


Featured

  • AI, IoT and Machine Learning To Challenge Traditional Networking

    The next phase of networking will depend on IT learning to wrangle modern technologies in ways that simplify operations and help humans make decisions, according to a new report by Cisco.

  • Coming in 2020: .NET 5, The Next Phase of Microsoft's .NET Framework

    .NET 5 (no "Core" and no "Framework") will mark the transition from the aging, proprietary, Windows-only .NET Framework to a modern, open source, cross-platform .NET.

  • What Computing Will Look Like in 2030: Top 5 Tech Predictions for the Next Decade

    For better or worse, the next 10 years will bring more intelligent devices to more areas of our daily lives. From the proliferation of AI to what that means for user privacy, here are Brien's tech predictions for 2020 and beyond.

  • Azure Arc: A Deeper Look at Microsoft's Multicloud Play

    Arguably one of Microsoft's biggest announcements this year was the introduction of Azure Arc at Ignite. But is this really a game-changer or is Microsoft just falling for the multicloud buzz?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.