“Cybercriminals are forcing cybersecurity companies to redraft the rules of engagement for defending the civilized world; to effectively counteract them, we have to abandon old security playbooks to become more unpredictable and collaborative and make cyber defence a priority,” said Chris Young, senior vice president and general manager of Intel Security Group. “Our strategic charter is simple, yet disruptive: integrate, automate and orchestrate the threat defence lifecycle to drive better security outcomes – ultimately reducing more risk, faster and with fewer resources.”
Built upon the industry’s largest open ecosystem leveraging a proven integration programme, Intel Security’s unified defence architecture is enabled by four protection systems – Dynamic Endpoint, Pervasive Data Protection, Data Centre and Cloud Defence, and Intelligent Security Operations – that are intelligently integrated to multiply effectiveness.
Dynamic Endpoint – Isolated solutions can be effective against individual assaults, but there are too many examples where isolated solutions can’t keep up with the wide range of sophisticated, emerging threats. Tactical security firefighting needs to be replaced with integrated, dynamic security defences designed to outsmart attackers. Intel Security’s Dynamic Endpoint solution uses advanced protection, shared intelligence and unified workflows on a single management console to unify endpoint protection, detection and correction to guard against today’s most pervasive threats. This solution, delivered in McAfee® Endpoint Security 10.5 and McAfee® Active Response 2.0 software, includes capabilities like:
· Patient zero protection – Dynamic Application Containment improves protection against patient zero and ransomware threats and isolates the rest of the network from infection by monitoring and intercepting post-malicious process actions based on file reputation.
· Advanced, persistent threat protection with containment and machine learning – Intel Security is the first and only vendor to offer machine learning based malware classification using both static pre-execution analysis and dynamic post-execution analysis from the cloud that is designed to help detect zero-day malware in near real time, tracing behaviour when deemed suspicious and remediating without relying on traditional signatures.
· Enhanced protection with integrated web and endpoint protection – Only Intel Security seamlessly integrates a connection between its endpoint client and web gateway technology to enable quick-to-deploy, pervasive protection both on and off the corporate network that is designed to prevent zero-day malware from reaching the endpoint.
· Real-time advanced threats protection – McAfee Active Response 2.0 software uses the cloud to accelerate investigations by dynamically tracing process behaviour and allowing administrators to access threat context in real time during an investigation. Quickly hunt and respond using single click correction and then automate responses to address future attacks.
Pervasive Data Protection – The rise of software as a service (SaaS) applications and a highly mobile workforce has created the need to securely enable cloud-driven business. Organisations are looking for a unified solution that extends security outside the traditional perimeter covering on and off-network users and cloud services. Intel Security’s approach to pervasive data protection is to unify SaaS security across web protection, cloud access security broker, data loss prevention and encryption to provide the industry’s broadest solution across endpoints, networks and cloud-based services all centrally managed. With a foundation in unified management, along with common rulesets, policies and encryption, Intel Security will help organisations maximise business efficiency and employee productivity. Organisations are empowered to make sensitive data readily available to the people who need it, while minimising the risk of data leakage and misuse by unauthorised personnel. Components of the integrated solution include:
· Increased productivity with centralised data protection – McAfee® DLP for Mobile Email 10.0 software introduces unified policies and incident management for both endpoint and network DLP. It also offers end-user empowerment tools such as end-user manual classification, and end-user initiated DLP scanning and self-remediation. Not only do these capabilities help strengthen the corporate security culture, it also alleviates administrative burden.
· Ubiquitous web security – McAfee Web Gateway Cloud Service is designed to enable security teams to gain the same benefits of advanced threat protection as on-premises web gateway appliances but without the cost of hardware or the resources used to maintain it. With 3x the data centres of our previous web SaaS solution, better performance and improved uptime our new cloud service has never been more ready for the enterprise.
· Cloud application governance – McAfee Cloud Data Protection, available as a beta, features cloud access security broker (CASB) technology, to provide an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check, ensuring only trusted devices are able to access sensitive information.
Data Centre and Cloud Defence – Organisations are increasingly adopting cloud computing, which introduces unique security requirements that many legacy security solutions cannot address. Consequently, many struggle with weak and inconsistent cloud security controls, slow resolution of security issues and inefficient compute and staffing resource utilisation. Intel Security cloud security products are designed to protect data centres with industry-leading security that detects advanced targeted attacks and manages security efficiently across physical, virtual and cloud infrastructures. Intel Security’s Data Centre and Cloud Defence solution combines server security, network security and threat intelligence sharing to enable a single view of security across data centre environments. This solution, delivered through McAfee® Server Security Suite 4.5 and McAfee Virtual Network Security Platform (vNSP) 8.3, includes capabilities like:
· Cloud security visibility – Cloud workload discovery provides deep visibility across public and private clouds for virtual machines, associated workloads, networks and storage, enabling organisations to establish a strong and consistent security posture.
· Threat intelligence sharing and unification – Unification of perimeter and virtual machine protection thwarts advanced targeted attacks while ensuring efficient resource utilisation within highly virtualised server environments to allow organisations to detect more threats, faster and with fewer resources. Once a threat has been detected, this knowledge is shared across the data centre and corrective actions can be taken.
· Integration and orchestration – Tight integration across McAfee Management for Optimised Virtual Environments Anti-Virus (MOVE AV), McAfee Virtual Network Security Platform (vNSP), McAfee® Advanced Threat Defense, and McAfee Threat Intelligence Exchange along with virtualisation platforms like VMWare NSX and OpenStack enable orchestration of security efficiently and more easily.
Intelligent Security Operations – Organisations looking for rapid response and remediation need a closed loop threat defence lifecycle framework that makes it easy to integrate, monitor and orchestrate security solutions. New Intel Security capabilities integrate with the above solutions and Security Innovation Alliance partners to enhance and unify visibility, investigation workflows and reporting.
· Flexible advanced malware detection – Expanded options include a new cloud-based machine learning-driven malware analysis service, McAfee Cloud Threat Detection, as well as a virtual McAfee Advanced Threat Defense appliance that makes the most of an improved user experience, more Windows OS coverage, and a significant throughput rate increase.
· Improved visibility and investigation – McAfee Enterprise Security Manager introduces a new HTML 5-based interface with an intuitive, analyst-centric user experience and simpler, faster search results to expedite threat management and incident response.
· Expanded strategy and incident response services – New consulting, deployment, assessment and incident response services enable long-term maturation of an organisation’s approach to risk and threat management and improve ROI. Retainer and on-demand based managed security and emergency response augment in-house expertise.
OpenDXL Initiative
The industry has long needed a way to make different technologies work better together, and we paved the way with the most highly adopted technology across major players with the McAfee Data Exchange Layer (DXL). To accelerate that, today Intel Security announced its intent to open the McAfee Data Exchange Layer to the industry as a concrete means of disrupting the cyberattackers’ advantage. Through an open source strategy and the beta release of a new software development kit (SDK) for DXL, “white hats” (both organisations and technology providers) will gain the ability to attach to a shared real-time communication fabric and exchange security intelligence as well as orchestrate actions for the shortest possible execution of the threat defence lifecycle. DXL provides a standardised application framework to integrate technologies from different vendors with each other and with in-house developed applications. The OpenDXL initiative will expand access and capabilities of the DXL SDK and the management and community infrastructure that will support it, enabling developers within ISVs, enterprises, colleges and even competitors to gain the many real-time integration and operational benefits of the Data Exchange Layer.