Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/12/2010
05:19 PM
Rob Enderle
Rob Enderle
Commentary
50%
50%

A Peek At The Intel-McAfee Strategy

This week is McAfee's annual customer and partner event, and the first one since the announcement that Intel would acquire McAfee. The message at Focus is that the Intel-McAfee plan to secure all parts of the emerging highly distributed and massively diverse ecosystem -- from devices such as smartphones and tablets to large-scale virtualized servers -- in what is increasingly a SaaS and virtualized environment.

This week is McAfee's annual customer and partner event, and the first one since the announcement that Intel would acquire McAfee. The message at Focus is that the Intel-McAfee plan to secure all parts of the emerging highly distributed and massively diverse ecosystem -- from devices such as smartphones and tablets to large-scale virtualized servers -- in what is increasingly a SaaS and virtualized environment.Here are some of the high points from McAfee Focus 10:

Into Silicon What Intel brings to the table is the ability to design security into the silicon. That's important because there isn't enough performance overhead in handheld devices to run a heavy security stack without excessively impacting performance. And in a virtualized world, you have to operate above and below the virtualized layer and aggressively protect against the VM platform getting infected. Software will be part of this by hard-coding into the silicon. It is believed that a level of blended protection can be provided that goes well beyond what software alone can do both in terms of performance and invulnerability to attack.

This will not be simple or fast, but by being able to go where no other firm can go, it should provide McAfee with a long-term strategic advantage against other offerings once it is done and brought to market. I would expect initial benefits to be at least a year out, and given silicon design times, the full potential of this approach won't be realized until years later. Common Policies And Control Panels Like most large security firms, McAfee is showcasing an integrated approach to security management. The idea of rolled up reporting and common management consoles has been the dream of both the security firms and those attempting to manage an increasingly diverse ecosystem. McAfee showcased one of the first coordinated security defenses for iPhone and iPad product at one end, rogue access points in the middle, and massive virtualized server structures in the cloud. Some of this is done -- like the management and identification of rogue access points -- by partners. Some of these partners could represent potential acquisition targets for the future because we are clearly on a path across the technology industry for vertical integration.

Mobile To Embedded A new addition to this breadth of offerings from a major firm is coverage for cell phones. Through two acquisitions, McAfee had begun to integrate core security functions into mobile phones. With expertise on iPhone, Android, and Windows phones, McAfee is unique when it comes to large security firms covering mobile phones.

On the consumer side, the offering allows for Web-based tracking of phone activity, antivirus protection for the phone, remote wipe, and location capability.

Corporate products add encryption, centralized management, and application-based configuration. This allows a user to take his new phone to a website, identify himself, and then run a one-time application that fully configures his phone for IT services and security.

These mobile applications, which forced the company to learn diverse operating systems, has created an opportunity to create security technology for embedded systems like ATMs and coming connected automotive systems. This last is one of the primary reasons that Intel bought the company a few months ago.

Move Antivirus For Virtual Desktops One of the fastest-growing areas is virtualized desktops. The promise of this new environment is a terminal-like administration experience coupled with a PC-like user experience. The problem is you are still dealing with a PC platform at the end of the day, and that means virus scans and other forms of security are a requirement.

But a virtualized environment is one in which the resources are shared and where these resources are constantly optimized. Can you imagine what would happen if a large number of virus scans start at once? On the other hand, if a virus is identified, then the elimination of the virus could be far quickly if you can take into account the shared efficiencies of combined network storage.

Move Antivirus is the first solution I've yet to see that is designed to operate in the unique and new virtualized desktop environment.

So McAfee is at an interesting place. It is moving aggressively on new market opportunities in the mobile, embedded, and virtualized space, while recognizing the need early on to connect all of this together. You can see why Intel bought the firm: There is no other security firm already working on or deploying products in these new areas.

In the end, a business needs to be able to comprehensively look at all of its exposed areas, and while no firm can yet, or likely ever, do that, McAfee is working to assure it is the most complete of the major firms. That would appear to be beneficial to both the business of today and the one that is emerging in the mobile, virtualized world of tomorrow.

-- Rob Enderle is president and founder of Enderle Group. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
Kelly Sheridan, Staff Editor, Dark Reading,  11/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Dueling Free Throws A riff on the song Dueling Banjos
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.