The more threat data infosec pros share the better they are at defending against attacks. To that end Intel Security announced this week at its annual Focus security conference that it will soon open source the McAfee Data Exchange Layer (DXL) to the industry.
The DXL architecture allows DXL clients (services) to communicate with each over the message bus in near real time, the company says. Apps simply publish and subscribe to message topics, or make calls to DXL services in a request/response invocation similar to RESTful APIs. The fabric delivers the messages and calls immediately.
Through the open source strategy and the beta release of a new software development kit for DXL, threat researchers and other vendors will gain the ability to attach to a shared real-time communication fabric and exchange security intelligence from McAfee products with their platforms as well as orchestrate actions for the shortest possible execution of the threat defense lifecycle.
“DXL provides a standardized application framework to integrate technologies from different vendors with each other and with in-house developed applications,” Intel said. “The OpenDXL initiative will expand access and capabilities of the DXL SDK and the management and community infrastructure that will support it, enabling developers within ISVs, enterprises, colleges and even competitors to gain the many real-time integration and operational benefits of the Data Exchange Layer.”
It was one of several announcements made at the Las Vegas conference. Intel Security — soon to be spun off as McAfee and owned by the private equity firm TPG Captial — to better integrate, automate and orchestrate the threat defense lifecycle.
The include
–McAfee Endpoint Security 10.5 endpoint protection suites, which add Dynamic Application Containment. Intel said this improves protection against patient zero and ransomware threats and isolates the rest of the network from infection by monitoring and intercepting post-malicious process actions based on file reputation;
–McAfee Active Response 2.0 software uses the cloud to accelerate investigations by dynamically tracing process behaviour and allowing administrators to access threat context in real time during an investigation, Intel said;
— McAfee DLP for Mobile Email 10.0 software. It introduces unified policies and incident management for both endpoint and network data loss prevention. It also offers end-user empowerment tools such as end-user manual classification, and end-user initiated DLP scanning and self-remediation. Not only do these capabilities help strengthen the corporate security culture, it also alleviates administrative burden, says Intel;
—McAfee Web Gateway Cloud Service is designed to enable security teams to gain the same benefits of advanced threat protection as on-premises web gateway appliances but without the cost of hardware or the resources used to maintain it. It now offers better performance and improved uptime;
–McAfee Cloud Threat Detection
— McAfee Cloud Data Protection, available as a beta, features cloud access security broker (CASB)) technology to provide an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check, ensuring only trusted devices are able to access sensitive information.
Intel Security also announced a number of partners have integrated their products with its offerings. These include integration between McAfee DXL, McAfee Threat Intelligence Exchange (TIE) and Check Point firewall products, which the companies said enables intelligence sharing and workflow optimization. Real-time communication between these products allows customers to scale and automate their security environment, thereby saving time and resources, they said.
McAfee ePolicy Orchestrator (ePO) and McAfee Enterprise Security Manager (ESM) now integrate with Hewlett-Packard Enterprises’ Aruba ClearPass network policy manager.
Intel also said through its Security Innovation Alliance, customers will now have the added capability of user behavior analytics from partners CyberArk,Exabeam, Fortscale, Gurucul, Interset, Niara, and Securonix.