Intel Security to open source McAfee data exchange layer for threat info sharing

The more threat data infosec pros share the better they are at defending against attacks. To that end Intel Security announced this week at its annual Focus security conference that it will soon open source the McAfee Data Exchange Layer (DXL) to the industry.

The DXL architecture allows DXL clients (services) to communicate with each over the message bus in near real time, the company says. Apps simply publish and subscribe to message topics, or make calls to DXL services in a request/response invocation similar to RESTful APIs. The fabric delivers the messages and calls immediately.

Through the open source strategy and the beta release of a new software development kit for DXL, threat researchers and other vendors will gain the ability to attach to a shared real-time communication fabric and exchange security intelligence from McAfee products with their platforms as well as orchestrate actions for the shortest possible execution of the threat defense lifecycle.

“DXL provides a standardized application framework to integrate technologies from different vendors with each other and with in-house developed applications,” Intel said. “The OpenDXL initiative will expand access and capabilities of the DXL SDK and the management and community infrastructure that will support it, enabling developers within ISVs, enterprises, colleges and even competitors to gain the many real-time integration and operational benefits of the Data Exchange Layer.”

It was one of several announcements made at the Las Vegas conference. Intel Security — soon to be spun off as McAfee  and owned by the private equity firm TPG Captial — to better  integrate, automate and orchestrate the threat defense lifecycle.

The include

–McAfee Endpoint Security 10.5 endpoint protection suites, which add Dynamic Application Containment. Intel said this improves protection against patient zero and ransomware threats and isolates the rest of the network from infection by monitoring and intercepting post-malicious process actions based on file reputation;

–McAfee Active Response 2.0 software uses the cloud to accelerate investigations by dynamically tracing process behaviour and allowing administrators to access threat context in real time during an investigation, Intel said;

— McAfee DLP for Mobile Email 10.0 software. It introduces unified policies and incident management for both endpoint and network data loss prevention. It also offers end-user empowerment tools such as end-user manual classification, and end-user initiated DLP scanning and self-remediation. Not only do these capabilities help strengthen the corporate security culture, it also alleviates administrative burden, says Intel;

McAfee Web Gateway Cloud Service is designed to enable security teams to gain the same benefits of advanced threat protection as on-premises web gateway appliances but without the cost of hardware or the resources used to maintain it. It now offers better performance and improved uptime;

–McAfee Cloud Threat Detection

 McAfee Cloud Data Protection, available as a beta, features cloud access security broker (CASB)) technology to provide an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check, ensuring only trusted devices are able to access sensitive information.

Intel Security also announced a number of partners have integrated their products with its offerings. These include  integration between McAfee DXL, McAfee Threat Intelligence Exchange (TIE) and Check Point firewall products, which the companies said enables intelligence sharing and workflow optimization. Real-time communication between these products allows customers to scale and automate their security environment, thereby saving time and resources, they said.

McAfee ePolicy Orchestrator (ePO) and McAfee Enterprise Security Manager (ESM) now integrate with Hewlett-Packard Enterprises’ Aruba ClearPass network policy manager.

Intel also said through its Security Innovation Alliance, customers will now have the added capability of  user behavior analytics from partners CyberArk,Exabeam, Fortscale, Gurucul, Interset, Niara, and Securonix.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now