SOAPA Video with McAfee (Part 1)

Oltsik_McAfee_SOAPAJason Rolleston, Vice President of product marketing for security operations products at McAfee, stopped by ESG recently to participate in our SOAPA video series. I must say that this was especially good timing as Jason and I had a similar chat at the RSA Security Conference just over a month ago.

In part 1 of our video, Jason and I chew the fat about:

  1. McAfee product integration. McAfee realizes that its customers benefit most when individual products work together seamlessly. In pursuit of this goal, McAfee is executing on an integration construct that centers on security operations. This means developing an integrated architecture for collecting, processing, and analyzing the data across many products. McAfee continues to make progress here.
  2. The value of endpoint security data. This was a continuation of our RSA discussion. Of course, McAfee has a long history with endpoint security, and Jason believes this serves the company well with SOAPA. Why? Endpoint security provides rich telemetry about things like behavior history, process execution, network connections, etc. In other words, endpoint security telemetry is sort of a ‘one-stop-shop’ for security operations data. McAfee takes full advantage of this primary security real estate while supplementing endpoint security telemetry with data sources like threat intelligence, malware analysis, and others that provide incremental value to security operations overall.
  3. McAfee endpoint policy orchestrator (ePO). McAfee states that ePO is a single console for all security management. With this role, ePO fits well with SOAPA for actions like adjusting policies, patching vulnerabilities, and remediating configuration problems. Jason points out that security operations improvement depends upon process maturity – not just technology. McAfee believes it can really help its customers by leveraging ePO as a bridge between threat detection, incident response, and security operations best practices.
  4. I’ve been around the technology industry long enough to know that software integration depends upon common middleware for sharing information and messages between applications. Jason explains how McAfee is leaning on Apache Kafka as its middleware bridge for data ingestion and distribution, while using its data exchange layer (DXL) as a message bus for threat intelligence. 

At the end of the video, Jason points out that our cyber-adversaries are more collaborative than we are today, making it extremely important for the industry to rally around common architectures like ESG’s SOAPA. I couldn’t agree more.

Stay tuned, part 2 of the ESG SOAPA video with McAfee will be coming soon. 

Topics: Cybersecurity SOAPA