Intel Security expands Data Exchange Layer to fill out white space between products

Intel Security is announcing multiple upgrades to and integrations with its DXL ecosystem, to improve defenses, particularly against tough and elusive targeted attacks.

Barbara Kay_Intel Security 300

Barbara Kay, Senior Director of Strategic Solutions, Intel Security

Today at RSA, Intel Security is making a flurry of announcements, with the grand theme involving new integrations and enhancements which improve the efficiency of the Intel Security Data Exchange Layer (DXL) ecosystem.

These announcements dovetail off a survey conducted by Enterprise Strategy Group which Intel Security released last week. It reported that while organizations averaged 78 security investigations per organization in the last year, 28 per cent of those involved targeted attacks, which are the most damaging of cyberattacks and the hardest to detect and mitigate.

“This survey found that targeted attacks are more prevalent than they used to be, even compared to six months ago,” said Barbara Kay, Senior Director of Strategic Solutions, Intel Security. “It also found that the impact of targeted attacks is broader than people think, and was about the same across the board, regardless of number of employees. It’s not just a big company problem.”

Kay said the RSA announcements are all about better integration to deal with this problem.

“Integration is important because we want to better fill out the white space between point products, which is a hidden area that an attacker can hide in,” she said. “We need to bring together data in those different tools to get better detection in analytics and better analytics overall. McAfee products are now more tightly integrated to reduce those white spaces.”

Intel Security announced its Data Exchange Layer (DXL) ecosystem at last year’s RSA, and this year they announced new partnerships and enhanced products to strengthen it. The DXL is an ultra-fast, bidirectional communications fabric that enables information and context sharing between any connected security technologies, with the objective being a new era in security where all components come together to work as a single cohesive system, regardless of vendor or underlying architecture.

“New integrations from our Security Innovation Alliance partners TITUS, ForeScout and CloudHASH Security continue the addition of more products onto the Data Exchange Layer,” Kay said. “McAfee Email Protection 7.6.4 has also been integrated with our SIEM platform, Enterprise Security Manager. A new integration with its email gateway funnels info into the SIEM that it can process, to better act of email activity like phishing and indicators of attack.”

Other McAfee products have also had their integration capabilities enhanced. McAfee Web Protection 7.5.2 can now share threat data for more comprehensive detection of web attacks. McAfee Data Loss Prevention (DLP) Endpoint 9.3.5 is now able to share local threat data, acting in real-time to prevent data loss. New integrations between McAfee Threat Intelligence Exchange and McAfee Enterprise Security Manager can also identify any managed endpoint that has previously accessed or executed files that have been identified as malicious. Structured Threat Information eXpression (STIX) — formatted details on malware contents — is interpreted by the SIEM alongside other data to better understand malware intent and guide responses

“Using this kind of static analysis can detect intruders in stealth that aren’t activating because they have detected a sandbox,” Kay said. “Now you can find out what’s going on inside that payload. You can see the command and control addresses it would install on its target. And if you can figure out what it is, you can shut it down. These enhancements to the SIEM platform lets people make more sense of what’s happening and take advantage of it.”

Also announced was McAfee Next Generation Firewall 5.9, which provides greater network visibility and data exfiltration prevention through Endpoint Intelligence Agent (EIA).

“Our Next-Generation Firewall now has new intelligence that connects it to our endpoints,” Kay said. “This stronger connection with the endpoint makes a more precise assessment of whether traffic is legitimate. This is something we can do because we are in both the network and endpoint space.”

Intel Security also launched the McAfee Public Cloud Server Security Suite, which is available for download from AWS Marketplace

“It provides greater control over workloads being placed in the public cloud, and is offered on an hourly pricing model,” Kay said.

Finally, Intel Security and Ericsson will collaborate to make jointly managed security solutions available to managed security telecom operators.

While the telco announcement will be of little interest to Intel Security’s VAR and MSP partners, the rest of the announcements should be a very big deal to them, Kay said.

“By providing more direct integration and more capability out of the box with these enhancements, the channel can help customers more expeditiously and at lower cost,” she said. “It strengthens its value as a differentiated offering for partners looking to deliver value to their customers.

“A lot of customers have limited resources. Expertise and talent are always in short supply. Channel partners with value-added service capacity can couple assessment services with these new building blocks.”

McAfee Enterprise Security Manager 9.5 is currently available. McAfee Web Protection 7.5.2 and McAfee DLP Endpoint 9.3.5 will be available in the second quarter of 2015. McAfee Next Generation Firewall 5.9 will be available later this year