McAfee Inc. CEO Dave DeWalt’s says enterprises are about to enter a new era in which security actually becomes the enabler for new IT infrastructure models.
Speaking at a partner summit in Toronto on Tuesday, the McAfee chief executive said the tsunami of new smart phones and tablets hitting the market has led to a fundamental shift in direction at his company. At McAfee, mobility is now the organization’s number one focus as the firm wants to give flexibility to IT shops looking to support the slew of new mobile options headed to market.
To further illustrate his point, DeWalt gave event attendees a peak into the fleet of mobile devices and PCs that McAfee’s 6,000 employees use. He said the company now has 18,000 network-connected devices in its environment — which works out to an average of three per user — with only 6,000 of those devices being Windows-based.
“Consumerization will be the biggest force in IT,” he said. “I never thought I’d see the day when I see more non-Microsoft devices than Microsoft devices.”
“Greater than 75 per cent of enterprises will be in the same mode we’re at in the very near term,” DeWalt added.
But as organizations follow suit, he said, so too will cyber criminals and mobile malware.
McAfee said it tracks about 40,000,000 bad files through its filtering product, with thousands of malicious files being added to that number each day.
“We’re trying to write a signature for 55,000 pieces of malicious content a day,” he said. “If you think that’s sustainable — it’s not.”
Much of this malware growth, DeWalt said will impact mobile devices, including smart phones, laptops, and tablet PCs.
McAfee isn’t alone in this assessment either, as last month Moscow-based Kaspersky Lab said it identified more than 1,550 mobile malware signatures in the month of September alone.
While many people have been predicting mobile malware for a while, “this might actually, finally, be the year,” said Kaspersky malware analyst Tim Armstrong. “It’s only a matter of time before we see some really huge malware infections.”
For McAfee, the only way to solve this burgeoning problem is through a combination of “blacklisting” and “whitelisting.”
On the blacklisting side, DeWalt said McAfee is building a network that lets every endpoint device connect back to a cloud-based database to report back security checks and reputation checks about the users, Web sites, apps and files it contacts.
“Reputation services are really the future,” DeWalt said.
The current drawback of this approach though is that every major security vendor has its own cloud and global database, he said.
In addition to working together with the security community to create a standard global database, DeWalt said, he would like to see the creation of a “World Health Organization for cyber crimes,” which could help get the word out quickly on nasty malware before it spreads.
But the blacklisting method isn’t the only way to go, he said.
Another approach, DeWalt said, shifts endpoint device security away from the pursuit of malicious content, and instead, a whitelisting approach. This means that a mobile device will only allow files or apps that have been deemed “good” or “safe.”
DeWalt said the whitelisting approach could work especially well on non-Windows-based devices.
“Because Windows is so complex, a whitelisting list would almost be as big as the blacklisted list,” he added.
– With files from Grant Gross, IDG News Service