McAfee is set to be reborn following recent announcements from Intel that it will spin off a majority ownership of its Intel Security Group (ISG) business unit to private investment firm TPG, creating an independent company - one that is far more edgier and with a fresh set of ideas, according to Technology Business Research.
According to analyst Jane Wright from TBR, when ISG revealed at its annual Focus security conference a large set of new products and partnerships that, like its updated logo, showed a new, “much edgier company compared to the old McAfee in its pre-Intel days”.
“The new McAfee is moving more quickly to go to market with a fresh set of solution suites for select areas, such as multifaceted endpoint security,” Wright says in a company blog post.
Wright says with these suites, McAfee will maintain its competitive position against key rival Symantec, which is undergoing transformation with its acquisition of Blue Coat Systems and its broad security portfolio.
“Additionally, McAfee will be better-equipped to compete against other established competitors, such as IBM, Trend Micro, Carbon Black, Sophos and Digital Guardian, and to block inroads by emerging vendors, such as Cylance, Crowdstrike and SentinelOne,” she says.
“Another important announcement at Focus 2016 was ISG’s plans to open its Data Exchange Layer (DXL) to all vendors and other organisations, whether or not they are members of Intel’s Security Innovation Alliance (SIA), to enable wider sharing of threat intelligence in the white hat community,” says Wright.
White hats are vendors and customers that defend assets and privacy against cybercriminals and hackers, or black hats.
Wrights says TBR expects ISG to leverage its venerable brand recognition and vast customer base to motivate other companies to join its “intelligence‐sharing community, which will help re‐establish McAfee as one of the most influential leaders in the security vendor ecosystem”.
McAfee’s new approach is well‐timed to align with changing customer sentiments
“Just a few years ago, many customers’ security installations consisted of hundreds of point products from dozens of vendors,” says Wright.
“These cumbersome deployments evolved because large, mature vendors such as McAfee, under Intel’s ownership, Symantec and IBM delivered product after product to fill gaps in their security portfolios, while well‐ funded startups released products that did only one thing but did it very well,” she explains.
Over the past two years, however, customer sentiment has changed, according to Wright.
“Disappointed by the disjointed coverage of so many products and overwhelmed by the numerous management interfaces involved, customers now seek more comprehensive suites of security functions that are integrated across the suite, or at least present the same look and feel to users and a common management plane to IT and security staff,” she explains.
“Ultimately, TBR believes customers will satisfy the majority of their security requirements with a handful of vendors, favouring those that offer a single platform with flexibility to attach and scale many highly effective, although not necessarily best‐of‐breed, technologies,” Wright says.
“McAfee is moving in the right direction by focusing all its development and sales resources around four solution sets, which it has named: dynamic endpoint, intelligent security operations, data center and cloud defense, and pervasive data protection.”
In Wright’s official blog post, she writes:
The dynamic endpoint set includes ISG’s well‐known legacy product, Complete Endpoint Protection, as well as Dynamic Application Control, a new version of McAfee Active Response, and a new offering called Real Protect that uses machine learning to more quickly detect and predict threats entering via users’ endpoints. The products are integrated via Intel’s ePolicy Orchestrator (ePO) and executed on a single agent on the endpoint. This newly assembled set of endpoint security technologies will compete with Trend Micro’s Smart Protection Suites, recently enhanced with Trend Micro’s machine learning capabilities, while presenting a more unified, and therefore likely more effective, approach than other vendors that are partnering with emerging endpoint security vendors to augment their traditional endpoint threat prevention and protection products. For example, IBM partners with Carbon Black to augment its BigFix endpoint product and Dell Technologies partners with Cylance to augment the Dell Data Protection suite.
Intelligent security operations
This solution set consists of a new version of Enterprise Security Manager, ISG’s security information and event management (SIEM) product; Advanced Threat Defense, its malware sandboxing tool; Threat Intelligence Exchange, its reputation service; and Active Response, its endpoint detection and response tool. ISG had a myriad of announcements in this area, too, including a new cloud‐based, machine learning‐driven malware analysis service called McAfee Cloud Threat Detection.
Data center and cloud defense
ISG is integrating its server security and Virtual Network Security (VNS) products to make up this solution set, which is designed to be deployed on premises or in the cloud. This set will be offered primarily to VMware NSX and Open Stack customers. TBR expects McAfee to enable more automation in this area, helping customers proactively block new attacks, such as ransomware attacks that have a very short time window for detection and response compared to other attack types, such as advanced persistent threats (APTs), that were more common in the past. Automation will become an increasingly important characteristic in customers’ security solution evaluations, as security attacks outpace human ability to respond quickly enough to forestall damages.
Pervasive data protection
In this solution suite, McAfee plans to integrate and bundle its Data Loss Prevention (DLP) version 10.0, its latest encryption and key management solution, its Web Gateway as a Service offering, and a new cloud access security broker (CASB) named McAfee Cloud Data Protection (still in beta at this time), all of which will be managed from ePO Cloud.
ISG’s goal is to provide a single pane of glass for all of a customer’s data protection policy needs for endpoint, network and cloud environments. ISG (probably operating under the McAfee name at that time) will compete directly with Symantec, which has a strong DLP portfolio and newly acquired web gateway and cloud brokerage capabilities from its acquisition of Blue Coat Systems.
McAfee opens DXL to encourage wider threat intelligence sharing and application integration across the white hat community
DXL began in 2014 as ISG’s real‐time application framework that enables members of Intel’s SIA to efficiently integrate applications and share threat data, with the goal of protecting members’ customer bases more quickly from a wide range of cyberattacks, while enabling automation and orchestration of workflows across applications. At Focus 2016 ISG announced it will open DXL with an open‐source client and software development kit on GitHub for use by enterprises and nonmembers, making the combined intelligence more widely available because, as ISG proclaimed at the conference, “Together is power.” Additionally, opening DXL will encourage other vendors to build solutions that leverage the intelligence bounty, and many of these were presented at the conference including Exabeam, Niara and Securonix.
Wright says ISG is not the first vendor to attempt to promote intelligence sharing and security application integration based on a common framework.
“For example, Cisco has pxGrid, IBM has X‐Force Exchange, and Webroot has Shared Services and Outsourcing Network (SSON),” she says.
“Although there will certainly be a degree of cross‐pollination, with vendors belonging to multiple sharing and integration communities,
TBR believes no more than two will succeed in attracting the most members and providing the most extensive and useful intelligence,” says Wright.
“It is simply too complex for vendors to commit the resources to participate and for customers to manage deliverables from so many vendor‐ organised intelligence offerings in addition to the intelligence they already receive from industry‐specific Information Sharing and Analysis Centers and other sources,” she explains.
“Whether or not McAfee’s DXL becomes one of these community leaders, TBR believes the initiative will add valuable experience and alliances as McAfee rejoins the security market as a leading pure play vendor.”