Risk
5/12/2011
03:12 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

McAfee, Intel Launch Cloud Security Platform

The security service uses data loss prevention policies to stop leakage of sensitive data via mobile devices, end users, social networks, and private cloud applications.

Intel and McAfee announced the Cloud Security Platform this week at Interop 2011 in Las Vegas, a UBM TechWeb event. The CSP service is aimed at addressing AAA (authentication, authorization, and accounting), data and device governance, and stopping leakage of sensitive data via mobile devices, end users, social networks, and private cloud applications.

The suite is manageable through McAfee's ePolicy Orchestrator and relies on the Global Threat Intelligence (GTI) service, which aggregates threat and site reputation information from all McAfee's customers. It includes email security, data loss prevention (DLP), and Web security modules. Intel contributes APIs for integration as well as identity management, including provisioning/SSO, authentication, and application access monitoring. This draws upon technology from Nordic Edge, which Intel acquired in January. Nordic specializes in identity and access management, with a focus on mobile device authentication for cloud.

The CSP monitors communications channels between enterprise users, apps, and public cloud services. IT can define policies centrally and apply them universally across the three modules. For DLP, data can be monitored even when encrypted by a SSL proxy. Mobile devices are monitored via the VPN back to the corporate network. The Web security module provides content inspection to detect malware coming in and sensitive data going out, including through social media sites. Email security includes attachment scanning and integration with GTI. Enterprises can extend identity-based access control to public cloud and SaaS provider sites; the system also supports federated identity management standards like SAML, OAUTH, and OpenID.

Marc Olesen, McAfee senior VP and GM for content and cloud security, said CSP is the only offering of its kind currently available, The platform is available now on a subscription basis in three versions: on-premises, SaaS, or hybrid. Oleson stressed the ability to easily deploy to mobile users and branch offices while maintaining centralized management, rules creation, and reporting. For 100 users per year it is $81.89 per user and for 500 users per year it is $65.95 per user.

As with any DLP technology, the CSP's success depends on IT classifying sensitive content and properly tuning the rules engine. In addition, agents must be installed on all PC clients, easy enough on enterprise-owned systems, less so to cover users storing corporate data on personal devices. Agents are planned for BlackBerry, iOS, and Android. It remains to be seen if such systems--with inevitable false positives and potential over-restrictions--can be tolerated by users who have adopted cloud and mobile technologies for purposes of agility.

While the individual features of McAfee's suite are available from a variety of point products, integrating a complete set of client security, content, and Web application policy control and federated authentication into a single bundle promises to simplify enterprise deployments and minimize cracks in security enforcement.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3966
Published: 2015-08-30
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.

CVE-2015-4555
Published: 2015-08-30
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vect...

CVE-2015-5698
Published: 2015-08-30
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2015-4497
Published: 2015-08-29
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token...

CVE-2015-4498
Published: 2015-08-29
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point i...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.