With the glitz and glamour of Las Vegas as a backdrop, McAfee rolled out its Advanced Threat Defense (ADT) strategy last week.
Yes, McAfee now offers a sandboxing appliance of its own but it would be foolish to judge this announcement based on its security device. McAfee’s ATD is actually an integrated architecture that goes beyond detection alone. McAfee’s ATD message is actually, “find, freeze, fix,” which is meant to describe:
- Threat detection: “Find” means find the advanced malware through a multi-layered filtering process that includes AV, heuristics, web filtering, emulation, and finally sandboxing. What’s different here is that existing McAfee security technologies can pass suspicious content to its appliance proactively, making malware detection a centralized service available to the entire network.
- Threat prevention. “Freeze” means that McAfee’s ATD can be configured to generate automated signatures and rule sets to McAfee IDS/IPS, gateways, and firewalls to block future similar attacks.
- Threat remediation. ATD coordinates with McAfee ePO to figure out which endpoints have been exposed to malware. This guides the security and IT operations team with a list of compromised hosts that need immediate attention.
So what’s the advantage here? Like other sandboxing appliances, McAfee addresses advanced threat detection and let’s face it, detection of advanced threats is a major requirement for all organizations. McAfee goes beyond detection alone, however, to address the other thing that’s killing the enterprise security team – it helps streamline IT security operations. Eliminating some of the guess work and manual processes associated with emergency response is a big win for CISOs.
McAfee isn’t the only firm looking at an architectural approach here. Trend Micro integrates its Deep Discovery advanced malware detection with its email, content, and web security. Sourcefire (Cisco) integrates its FireAMP client with FirePOWER network-based malware detection capabilities as well as cloud intelligence. Palo Alto Networks can leverage WildFire which can integrate with endpoint agents and internal network traffic. Finally, FireEye has partnerships with vendors like Bit9, Guidance Software, and Solera Networks (Blue Coat) to help improve the efficiency of post-detection processes.
McAfee certainly has a lot of competition in this market but the company may have a few aces up its sleeve. Integration with ePO may give McAfee the upper hand within its vast customer installed base who already use ePO for security operations or rely on its IDS/IPS for network security. Furthermore, there’s plenty of integration upside by linking ATD with endpoint security. Finally, there’s the burgeoning McAfee Intel play which may be able to eliminate threats at the CPU layer.
Ultimately, McAfee is clearly sending two message to the market: 1) The future of enterprise security technology depends upon tight integration and intelligent architecture, and 2) Threat detection efficacy is important, but so is addressing the untenable security operations mess. Vendors that execute on this strategy, educate the market, and guide customers through this transition will certainly come out as winners.