Intel Security: ‘We’re Sticking It to the Cybercriminals’

Cloud First

INTEL SECURITY FOCUS 16 — “The move to cloud is on,” said Candace Worley, SVP and GM for McAfee Enterprise Endpoint Security, welcoming partners to Day 2 keynotes. “And we’ve committed to a cloud-first road map.”

Worley was on stage to introduce some 3,500 security-specialist attendees to the new McAfee data center and cloud defense and pervasive data-protection product sets.

A recap of Day 1 of Intel Security’s Focus 16 conference is here.

Worley pointed out that, for businesses, cloud still represents a security risk. She cited a survey in which 53 percent of respondents identified a cloud-based application like those often used in shadow IT as the origin of malware.

“Sometimes ‘bad’ is just an employee trying to get their job done,” said Worley, citing a case of uploading sensitive data to a Box account rather than carrying a PC home every night. “This is a pretty common scenario.”{ad}

The new security solutions for cloud-driven businesses cover private, hybrid and public cloud security, including DLP and encryption, manageable via McAfee EPO; specifics on these systems are below.

McAfee CTO Steve Grobman put forth a mathematical formula that may help customers understand their risks.The bigger news of the day and conference came from Steve Grobman, the company’s CTO, who called on the crowd to capitalize on unprecedented discussion of cybersecurity in the popular media.

“Who would have thought that the U.S. presidential election may have its outcome partially affected by attackers?” said Grobman. But he says to expect that level of chaos to continue, because attackers are using AI and big data against businesses and individuals. “They’re not just stealing data, they’re using it as a weapon,” he said.

While Grobman talked about the pace of the cyberwar between attackers and defenders – demonstrating how malware writers purposely fire off false positives to raise the “noise floor” and decrease detection rates, outlining a method to exploit HTTP Public Key Pinning, used to prevent man-in-the-middle attacks – he came back to the idea that staying ahead demands using analytics at scale, embracing orchestration and operationalizing security.

“We’re putting as much investment into orchestration and management as into products themselves,” he said. That resonated with partners we spoke with, many of whom are struggling with …


… a skills shortage.

Customers can’t hire the cybersecurity pros they need. That leaves them vulnerable. For partners, a mix of the right suppliers, smart hiring, in-house training and advanced techs can fill the gap. Our free report helps you develop a business plan, pick the right certifications and more. Download now!

Grobman also officially moved Open Data Exchange Layer (DXL) into open mode on Github under the Apache 2.0 license; deep analysis is available on our sister publication, Light Reading. For the channel, McAfee execs stress their hope that partners use DXL to develop intellectual property and unique services. While they couldn’t yet offer specific examples, it’s easy to see how an MSSP could use the open APIs to connect a McAfee endpoint product into a management portal or specialized third-party security solution. In the demo, it took just 250 lines of code to integrate six products.

SIA partners including Aruba, Check Point and Rapid7 have already announced integrations.

“We’re sticking it direct[ly] to the cybercriminals,” said Grobman, citing the successful No More Ransom decryption effort, which it works on with Kaspersky, AWS and Barracuda as well as law enforcement agencies. “We want to put the bad guys out of business.”

Product Focus

A key theme of Focus 16 was delivery of protection in a software-as-a-service, subscription model to protect data and devices on and off the network, including in the cloud. More details on all these offerings are here.{ad}

The Pervasive Data Protection bucket of products includes web protection; a cloud access security broker; data loss prevention; and encryption across endpoints networks and cloud-based services, all with central management.

  • McAfee DLP for Mobile Email 10.0 introduces unified policies and incident management for both endpoint and network DLP. It also offers self-service tools such manual classification and end-user-initiated DLP scanning and self-remediation.
  • McAfee Web Gateway Cloud Service is designed to deliver the threat protection of on-premises web gateway appliances but without the cost and overhead of hardware.
  • McAfee Cloud Data Protection, available now as a beta, features cloud access security broker technology to provide …


  • … an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check, ensuring only trusted devices are able to access sensitive information.

Data Center and Cloud Defense

McAfee execs on both keynote days called out inconsistent security controls across on-premises and cloud infrastructure. Chris Young, senior vice president and general manager of Intel Security Group, said the company’s new cloud security products are designed to avoid the “VMware problem” of silos and manage security efficiently across physical, virtual and cloud infrastructures.{ad}

  • Data Center and Cloud Defense combines server and network security and threat-intelligence sharing to enable a single view of security across data-center environments. This solution is delivered through McAfee Server Security Suite 4.5 and McAfee Virtual Network Security Platform 8.3.
  • Cloud Security Visibility provides discovery across public and private clouds for workloads including virtual machines, networks and storage.
  • Threat Intelligence Sharing and Unification groups perimeter and VM systems to enable IT or partners to detect and alert on threats more quickly. Integration and orchestration includes McAfee Management for Optimized Virtual Environments Anti-Virus (MOVE AV), McAfee Virtual Network Security Platform (vNSP), McAfee Advanced Threat Defense, and McAfee Threat Intelligence Exchange.

Intelligent Security Operations

Finally, McAfee rolled out capabilities that integrate with these solutions and those from Security Innovation Alliance partners such as HPE Aruba, BeyondTrust and Check Point.

  • Flexible Advanced Malware Detection now includes a new cloud-based machine learning-driven malware analysis service, McAfee Cloud Threat Detection, as well as a virtual McAfee Advanced Threat Defense appliance that delivers an improved user experience, more Windows OS coverage and more throughput.
  • McAfee Enterprise Security Manager introduces a new HTML 5-based user interface and simpler, faster search results to expedite threat management and incident response.

The company also introduced new consulting, deployment, assessment and incident response services.

Follow editor in chief Lorna Garey on Twitter.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 52205