Home Business IT Security McAfee pushes 'Security Connected' vision

McAfee senior vice president and global CTO Michael Fay used the day two keynote session at the Focus 12 conference to promote the company's Security Connected platform.

Co-president Todd Gebhart was scheduled to give the presentation but a recent bout of pneumonia meant he could not attend the event.

The underlying idea is of an open environment covering all aspects of IT security and combining local and global intelligence. For example, there will be some malicious traffic or content that McAfee can block for all its customers, while individual organisations may choose to block certain traffic that McAfee can't because of the risk of false positives.

Context and orchestration are also important. The existing point-to-point integration between security products doesn't scale, so McAfee is working towards a shared layer that everything connects to (a common approach in enterprise integration).

The significance is that information from different subsystems needs to be interpreted as a whole in order to determine its significance: a series of events may individually seem innocuous, but when viewed together may reveal a high-risk situation.

For example, the fact that someone is active while they are on holiday is not of itself suspicious in these always-on times, but if the activity or the data being accessed doesn't fit the individual's usual habits, suspicions may be raised. And even if the user is known to upload data to (say) box.net, the transfer of data encrypted in a way that is not supported by officially installed applications strongly suggests something untoward is going on.

Historical security management is no longer sufficient, Mr Fey suggested. What is needed is realtime reporting and realtime compliance.

To that end, McAfee's ePO 5.0 is able to return realtime information for natural language enquiries such as 'get stopped service contains "windows update" from all machines' to identify PCs that aren't running Windows Update.

Mr Fey showed how this could be used in a situation where a vendor releases a security patch. ePO 5.0 can find the computers open to exploits (that is, they are running affected versions but not software such as an intrusion prevention system that provides mitigation). It can then be used to patch the software or apply some other form of protection.

Disclosure: The writer travelled to Las Vegas as the guest of McAfee.

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

Connect