One of the key elements of this new architecture is the opening of its McAfee data exchange layer (DXL), and the introduction of a software development kit (SDK) that anyone can use to "gain the ability to attach to a shared real-time communication fabric and exchange security intelligence as well as orchestrate actions for the shortest possible execution of the threat defense lifecycle," as Intel Security explains in its press release. Intel Corp. (Nasdaq: INTC) bought McAfee in 2010.
Most of the new security architecture is based on use of McAfee products, but not everyone is an Intel Security customer. Intel Security says it will open DXL to the industry. DXL provides a standardized application framework to integrate technologies from different vendors with each other and with in-house developed applications, Intel Security said. The OpenDXL Initiative will adopt an open source strategy; the new SDK is in beta.
Barbara Kay, senior director of strategic marketing for Intel Security, explains to Light Reading that opening DXL means that organizations will be able to connect their security solutions in standardized way. "If you're able to go through an abstraction layer, it means no more one-to-one integrations," she says. "It will be more frictionless." The approach is already getting buy-in. Check Point Software Technologies Ltd. (Nasdaq: CHKP) and Huawei Technologies Co. Ltd. recently joined the Intel Security Innovation Alliance, and are integrating security products through DXL. (See Intel Security Expands Alliance Ecosystem, Adds BT)
Intel Security's announcements were pinned to its annual conference, Focus16, but also happen to follow some notable escalation in the perpetual cat-and-mouse game of network security. A week ago Friday, there was a DDoS (distributed denial of service) attack that took down several prominent websites for hours and hours. Prior to all that, there were security experts who thought companies like Dyn (the central target of that attack) were well prepared to fend off such assaults. A month prior to that, there was a lesser-known but equally troubling DDoS attack aimed at Brian Krebs, a prominent journalist who covers network security; that assault set a record for DDoS size -- 665 Gbit/s. (See Attacks Have Major Internet Sites on the Ropes)
Meanwhile, more and more critical systems are being networked, and when those defenses are breached -- as they inevitably will be -- the potential damage gets more and more severe.
We are, Intel accurately says, "in a world where more than money is at stake and where private and public sectors are fighting against time and working to justify trust."
The security "architecture" is unified inasmuch as it attempts to stitch together a web of security coverage that encompasses endpoints, data center/cloud, data itself, and security operations, based on the full range of McAfee products.
It used to be that an organization could establish adequate security at the gateway. "Well, the perimeter doesn't exist anymore," Kay notes.
Intel is expanding endpoint security through the latest versions of McAfee Endpoint Security (rev 10.5) and McAfee Active Response (rev 2.0). These products bring together a set of capabilities that include
- Patient Zero Protection, which protects against patient zero and ransomware threats,
- Machine Learning for malware classification;
- Integrated Web and Endpoint Protection designed to check the spread of malware; and
- Real-Time Advanced Threats Protection which uses the cloud to accelerate investigations into attacks.
Intel Security's approach to pervasive data protection is to unify software-as-a-service (SaaS) security so that organizations can manage access to sensitive data. The approach relies on two existing products: McAfee DLP 10.0, which introduces unified policies and incident management for both endpoint and network DLP, and on McAfee Web Gateway Cloud Service.
The company also has in beta test its new McAfee Cloud Data Protection. It features Cloud Access Security Broker (CASB) technology, to provide an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check, ensuring only trusted devices are able to access sensitive information. Intel Security's Data Center and Cloud Defense solution combines server security, network security and threat intelligence sharing to enable a single view of security across data center environments.
The commercial application of machine learning is new in general, and new in the security area, and only going to accelerate. Kay tells Light Reading that machine learning will help security systems get more predictive about security breaches. When it comes to behavior on the network, "we're getting beyond known bad and known good -- we're getting to where there's a lot of gray. We have to learn to recognize attributes of suspicious behavior. That will allow us to pay more attention when something looks unusual.
"The more beyond normal it is, the closer you should look. The more beyond normal it is with more valuable assets, the faster you should look," Kay adds. That's what machine learning is particularly good at. Simultaneously, Atos, a digital services company based in Europe, announced a new managed security service provider (MSSP) partnership with Intel Security. Atos will provide the first ever managed offering built to deliver the McAfee Threat Defense Lifecycle as a cloud, on-premises, or hybrid service.
— Brian Santo, Senior Editor, Components, T&M, Light Reading