By Ellen Messmer
What can we expect going forward from the Intel buy of McAfee? What do we get from this that represents the strengths of both combined?
A lot of customers ask me that! Intel’s a very technically oriented company — most of what Intel sells are things Intel built. With McAfee, Intel has been very hands-off, and McAfee is being run very autonomously. But Intel has made a massive infusion of R&D resources, money to bring additional engineers on board. The focus is hardware-assisted security. That’s a lot of where we see the market going.
BACKGROUND: Intel, McAfee developing cloud security strategy
So what does hardware-assisted security mean here?
A lot of the advanced persistent threats [APTs] test the ability to detect them. When you sit above the operating system, the visibility is limited. But in Intel’s chipset, you can detect malware and APTs in a different way. The first product we’ll be coming out with is rootkit detection, at the end of the calendar year. This will come in multiple phases, leveraging first-generation i3, i5 and i7 chipsets with vPro-enabled. The functionality of those chipsets is out there today. By leveraging McAfee endpoint protection, our endpoint engine can see a level of rootkit you didn’t before.
So is this by itself going to remove it?
It’s a higher level of functionality to detect the rootkit, but this [alone] doesn’t remove it. You can see a pattern of activity on the Windows machine. APTs by definition are in there for a long time. Rootkits are just one form of how APTs get on the machines. What we have going on with engineering is many other projects. The vPro chipset has functionality built into it we can use, such as “power control” to wake up a sleeping machine, patch it with current security, and put it back to sleep. McAfee Deep Command and Deep Defender are for this.
So what are Intel/McAfee projects going forward? What are the topics of focus right now?
The “secure browser” is very hot in the market right now — there’s a high desire to fence that browser so if someone breaks into your [Internet Explorer browser], they can’t go further. Intel can build things into their chipset to enable that, and part needs to be built.
Is this like “whitelisting”?
It’s not whitelisting. Intel’s chipset needs to offer up the concept of a secure browser, the ability to open a browser and make sure it’s in a contained environment.
Is what Intel and McAfee are designing going to be something open for other vendors to take advantage of as well in the chipsets of the future?
It has to be open. We deal with companies that don’t have Intel chipsets. But we’re optimizing with Intel.
We recently heard McAfee and Intel discussing a cloud-security strategy that would involve using McAfee’s ePolicy Orchestrator management and Intel’s Trusted Execution Technology to assist in securely moving virtualized server workloads. But they made it clear it’s the first chapter with more to come. What’s the Intel/McAfee cloud-security strategy about?
I think two, three or five years out, companies that buy endpoint protection will demand versions that integrate with the chipset in the machine. Cloud does the same thing. For instance, we use Oracle’s on-demand CRM and the servers don’t sit on our own premises. We need to offer security as on-premises or a cloud-based environment. Look, LinkedIn just had a major security breach. If you’re going to trust cloud-based applications, you will need to see your data is secure. McAfee is going out to all the “Tier 1: application vendors, such as SAP. We want to make it more attractive to do business in the cloud. We want them to design security in from the ground up. Our whole pitch from Intel and McAfee is you should design it from the ground up. We have Sentrigo database security, for instance. Have we sold it to SAP and Oracle? Not yet. But we have hundreds of companies that use our security embedded, such as automotive manufacturers. Oracle’s general attitude is to build it in-house. But they do use a lot of products from us. Have we been successful in that yet? No. Nobody has made that decision yet. But we see interesting parallels with ERP providers and security. There’s massive consolidation.