McAfee LLC gained its independence from Intel Corp. earlier this month, but it wants more attention from infosec pros than just announcing a new logo. The security solutions provider also wants to make sure CISOs know it will continue to be among industry leaders.
One step was announcing this week it will increase investments and resources in cyber threat research on everything from advanced malware and cyber espionage to protection of industrial control systems.
Another was offering Brian Dye, McAfee’s executive vice-president of corporate products, to talk to reporters about the company’s endpoint strategy.
In an interview Thursday he said the company’s will continue building on its new Endpoint Security version 10.x architecture, first announced in late 2015, merging several product agents into one. That was expanded last year with an enterprise version 10.5 including application containment, and client- and cloud-based machine learning.
As for the near future, “customers should generally expect that we will do more consolidation of different end point agents onto that platform over time. There’s a couple of things in the portfolio we don’t have on that single agent platform, so we’ll continue driving that. One of the things for example not on there – and I’m not making a roadmap commitment – is host DLP [data loss prevention].
“Second, there’s going to be an ‘N-plus 1 new widget.’ [meaning new capabilities added to the endpoint agent]” in the second half of this year. “I can’t tell you what it is. But there’s going to be a new set of security widgetry that covers new types of attack vectors that the industry doesn’t have visibility into yet … That’s what customers should expect every year — there’s going to be a new security protection thing every year because attackers keep changing their tactics. That’s the benefit of the platform – it’s easier to push out an update to the platform than to push out a whole new product.”
Endpoints are vital to defending any organization. As Forrester Research noted in a recent report, “depending on the method of attack, the endpoint security stack will either be your first, last, or only line of defense; it’s important to get it right.”
Getting it right, though, isn’t easy with CISOs increasingly having to chose from a number of new technologies including endpoint visibility and control, application integrity protection, application execution isolation, user behavior monitoring and others being offered by startups such as Bromium, Cylance, Carbon Black and SentinelOne. Meanwhile long-time solution providers such as Symantec, IBM, Trend Micro and others are adding these to their capabilities.
To more than one industry analyst McAfee stagnated in the six years it was under the Intel umbrella. Peter Firstbrook, a London, Ont., based endpoint analyst at Gartner, said in an interview McAfee spent those years “wandering in the wilderness.” Meanwhile competitors forged further ahead adding capabilities such as endpoint detection and remediation (EDR), machine learning and behaviour analytics. And only two per cent of McAfee Endpoint customers have updated to the latest version, he said.
Not so, replied Dye. He believes that Firstbrook is relying on old update data before version 10.5 was released late last year. That version is the fastest adopted release in company history, he said. Even in January, weeks after its release, over 50 per cent of the install base was either testing or upgrading. Many customers with greater than 100,000 nodes are already on version 10.5, he said. And while upgrading requires some other McAfee products to be updated first, Dye said 80 per cent of customers are on the right version of the company’s ePolicy Orchestrator (ePO) management suite already.
If customers are “moderately current” on McAfee products they can upgrade to the latest version of Endpoint Security, he said.
As for capabilities, Dye referred to a recent report from NSS Labs which said McAfee Endpoint Security achieved a security effectiveness rating of 98.98 on its threat test suite.
He also shrugged off worries that startups with new solutions may erode McAfee’s customers. Too many infosec managers – and providers, are trying to create what he called a “new widget” to solve threats. “Security is a team sport,” he argued, which means technologies like machine learning, containment, reputation and heuristics have to work together. In addition, because endpoints can’t stop all threats alone, customers want solutions that can pool intelligence to make the best response decision. Platforms are better than point solutions, Dye said, and they can add new capabilities – or ‘widgets’ as he sometimes called them.
“The world is not static. There will be a new threat and a new widget 12 months from now. And because we’ve invested in a new platform we’re ready for that … Others don’t have a platform but a widget. So we feel good.”
“The biggest competitor I worry about, and frankly it’s the biggest change we’re trying to drive in the industry, is ability for us to lead our customers in how to think about security as an automated system, not just as a point product. Because as important as the endpoint is, it is one part of fully automated ecosystem, and we’ve got to get the whole market, not just our customers, to look at the world as the CISO does.
“The CISO has to run a full system. They look threats from every angle — how they respond across their infrastructure – and we as an industry have to provide that end-to-end approach, the automation that allows that.”