Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

// // //

McAfee's Independence Day

Six years after a purchase by Intel, McAfee is once again a private company with a new focus and an old name.

On April 4, a new/old name in cybersecurity returned as McAfee's separation from Intel became final. The six-year marriage of the two companies failed to produce the kind of synergy that such acquisitions generally promise, with Intel announcing last September that the split was imminent. Now, McAfee representatives say the company is looking forward to a future more focused than the one possible as part of Intel.

The opening fanfare
On August 19, 2010, Intel announced that it would acquire McAfee for approximately $7.68 billion. In the press release announcing the deal, Intel CEO Paul Otellini explained the justification for the purchase. "In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences," said Otellini.

In the same release, Renée James, Intel senior vice president and general manager of the group that would include McAfee, pointed to the specific benefits hardware-based Intel saw in the deal. "Hardware-enhanced security will lead to breakthroughs in effectively countering the increasingly sophisticated threats of today and tomorrow," said James.

According to news stories at the time, analysts and investors were skeptical about the value of the deal. The New York Times noted that "investors appeared flummoxed by the purchase, Intel's biggest ever, sending the company’s shares down about 3.5 percent" in after-hours trading.

While there were certainly hardware and software products that came from what became known as Intel Security, the promised synergy between the two never fully materialized.

The new McAfee
Now, McAfee has returned as a private company in a partnership of Intel and private equity firm TPG. The financial transactions are complicated, but in the end TPG and Intel took ownership of a company valued at approximately $2.2 billion plus another $2 billion of debt. In a written statement in September, Brian Krzanich, CEO of Intel, said, "Security remains important in everything we do at Intel and going forward we will continue to integrate industry-leading security and privacy capabilities in our products from the cloud to billions of smart, connected computing devices."

So what will McAfee be able to do that Intel Security could not? In a telephone interview with Brian Dye, EVP of corporate products at McAfee, I asked how the McAfee of April 30 would be different than the McAfee of January 1.

"We're an independent company with a clear vision and a new investment," Dye began. "The biggest thing that improves for us at the end of April compared to the beginning of the year, is that we've got the unified force, not just of the parts of the organization that aren't changing -- engineering, support, sales, marketing, services -- but we get the whole-hearted and fully aligned support of the back-end systems of the company. Finance, IT, HR, and legal, fully aligned around what we need to succeed and be agile and responsive as a pure-play cyber security company."

He continued, "Frankly, we're one of the largest pure-play cyber security companies in the world. That's really the biggest difference. Our thesis on the market -- the restructure of the portfolio -- that started a year, year-and-a-half ago. But the full alignment of the organization in pursuit of that mission, that's really what changes by the end of April."

New focus
When asked about the practical ways in which the renewed focus would have an impact on McAfee and its customers, Dye listed four areas where McAfee will concentrate its efforts: endpoint, data center, cloud edge and security operations center.

Dye began with endpoints because, he said, McAfee has established leadership in the space. "We've got a tremendously broad installed base of over 60 million nodes, and we've really put a lot of renewed focus, especially over the last year and a half, in technology leadership at the endpoint," he said. "We're adding the machine learning, and the recent NSS test results demonstrate the results of our labor there."

The data center has become increasingly important "as folks move from physical, to virtual, to either software-defined networking and software-defined data centers, or to public infrastructure as a service," Dye said. It's vital, he explained, to go beyond simple process automation to what he called "organizationally aware automation."

"I'll give you an example: In the days of VMware, all the sysadmins loved VMware because they could spin up a new server instance in 20 minutes. The security team hated it, because the sysadmin team could spin up a new server in 20 minutes and never tell the security team when they did it," he said. "We've solved that by being able to detect when new AMIs, new instances, spin up and then notify the security team. So it's not just security automation, it's organizationally aware automation."

The cloud edge is where Dye feels many people are surprised by a McAfee presence. "Just as there's a lot of platform consolidation happening at the endpoint with multiple technologies coming in under a common agent, we see that same thing happening at the cloud edge," he said, "where the web gateways have become web SaaS services, web SaaS services are driving partnerships with the CASB [cloud access security broker] vendors, the CASB vendors are moving from shadow IT discovery to content control."

McAfee's response was a recognition of what was already in the portfolio. "We just had to put it together as one single service. And we think this is going to be a market where one service is going to be the right answer."

Finally, Dye said that the security operations center, or SOC, is key for McAfee, "...because we find that that's really the hub for a lot of security automation, especially if you're following the NIST Cyber Framework, which we shorthand into Protect, Detect, and Correct." He explained that the SOC is the logical place for companies to centralize automation, and McAfee wants to be at the heart of automating analysis, investigation and remediation.

Integrating and automating security across the enterprise will be McAfee's focus, Dye said, because it's the only way to move cybersecurity forward. "What we need to do is to create integrated security systems for our customers that let them free up their most limited resource, which is people, and then once they free up that bandwidth, they can use that to drive security success, not just security administration."

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-10-02
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
PUBLISHED: 2022-10-02
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.