Intel Security is announcing 18 new or enhanced products at their Focus event, but the key thing here is that the products have now been reworked into four integrated systems which provide a much more interconnected level of security.
LAS VEGAS – Today at their Focus 16 Security Conference event here, Intel Security announced they had delivered on their pledge to drive new functional integration across their product line. They are stressing that they now have four integrated systems: Dynamic Endpoint; Pervasive Data Protection; Data Center and Cloud Defence; and Intelligent Security Operations.
“This year at Focus, we are delivering on a promise,” said Brian Dye, corporate vice president in the Intel Security Group and general manager of the group’s global security products. “Last year at Focus we announced our new strategy. We sold off two products, end-of-lifed others, and told customers to trust us, that what we were doing caused pain but would pay off in spades. We promised customers that we would create true functional integration – things that would drive security outcomes. This year, we make good on that promise.”
Dye said there are two major thematic takeaways from this.
“The first is that we are helping customers to not have to choose between a well-integrated solution that they can operate, and a technology-leading system,” he said. “These do both.”
The second theme is that these are comprehensive solutions, not point products.
“Many little companies argue that they have the single bullet of security,” Dye stated. “Aside from the fact that there is no single bullet of security, some of their products aren’t even products, but features. Machine learning, for example, is a feature. We aren’t in this game to be in the ‘new threat, new widget’ lifecycle. The industry has been doing that for the last ten years.”
The first of these big systems has been branded Dynamic Endpoint.
“It combines traditional security, next gen detection, and EDR [Endpoint Detection and Response] into one single solution, and it all runs on a common platform,” Dye said. “This also includes some new industry-leading capabilities. Dynamic Application Containment limits the ability of an executable to run.”
This protects against patient zero and ransomware threats, by monitoring and intercepting post-malicious process actions based on file reputation.
“It puts possible threats in containment mode while it detonates in a sandbox, Dye said.
The Dynamic Endpoint capability is available in McAfee Endpoint Security 10.5 and McAfee Active Response 2.0.
The second solution area is Pervasive Data Protection. It stems from the rise of SaaS. Intel Security sees the necessary response as unifying SaaS security across web protection, cloud access security broker, data loss prevention and encryption, in one centrally managed solution.
“This is really a hub where we bring in technologies for closed loop automation that will save you a dramatic amount of time,” Dye said.
“This has been four different products – Web security, DLP, CASB and encryption – with one packer going to four different infrastructure to be inspected,” Dye indicated. “With this, it’s going to be just one thing to be inspected.”
The Web security product is McAfee Web Gateway Cloud Service.
“We had a Web SaaS product before, but this has been overhauled so much that it is practically a new product,” Dye said. Among other things, it has three times the data centres of the previous web SaaS solution.
The DLP works through McAfee DLP for Mobile Email 10.0, which introduces unified policies and incident management for both endpoint and network DLP.
The cloud access security broker product– McAfee Cloud Data Protection – is available as a beta, and is entirely new. It provides an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check.
“With Pervasive Threat Detection, we are tying everything together so you aren’t just aware of the environment, but sharing intelligence,” Dye stated. “It gets around the ‘VMware problem’ – where they did everything different, and they did security different, and that drove everyone crazy.”
The third area — Data Center and Cloud Defense – involves server, network and threat intelligence sharing and is delivered through McAfee Server Security Suite 4.5 and McAfee Virtual Network Security Platform (vNSP) 8.3.
“A customer can now look at a broadly defined data centre view of defense with shared threat intelligence across both server and network tier, whereas before you would have to eyeball it or send it to a SIEM,” Dye said. “The integration is new and we have new releases of both vNSP and the Server Security suite.”
The fourth category is Intelligent Security Operations.
“The strategy here is to connect this with intelligent security operations,” Dye said. “Combining SIEM with sandboxing and threat intelligence enables closed loop automation across the rest. If a threat comes in at an endpoint, we can automatically the take results of that, and correlate it with SIEM and eradicate the single Patient Zero.”
The cloud sandboxing product – McAfee Cloud Threat Detection – is brand new. The SIEM product — , McAfee Enterprise Security Manager — has a completely rebuilt HTML-5-based UI and an improved infrastructure.
“The changes to the SIEM will allow more junior people to be effective with it,” Dye said.
“There’s a lot going on here,” Dye concluded. “The products are doing something you have asked us for for a long time. They are doing more together, than they do on their own. There’s also a lot of organic innovation. Nothing we are announcing today is inorganic. That’s something folks haven’t expected from us in the past. It is not a flash in the plan.”