LAS VEGAS -- McAfee used its Focus 13 security conference to introduce an advanced persistent threat platform it contends will allow IT administrators to more efficiently deal with malware and other intrusions.
Advanced threats are so significant, and we have to keep up to speed.
VP and CISO, The Las Vegas Sands Corp.
The platform, McAfee Advanced Threat Defense (MATD), is an appliance that is paired with another piece of software, McAfee Real Time. Combined, the products are engineered to find, freeze and fix advanced malware, according to Pat Calhoun, McAfee's general manager of security.
MATD is built on ValidEdge anti-malware sandboxing technology that McAfee acquired earlier this year from LynuxWorks Inc. The software runs code inside a protected sandbox as it detects any malicious activity in an approach that eliminates risk to the customer's network. The Real Time app, meanwhile, identifies devices that might be affected, enabling IT administrators to quickly eliminate damaging or dangerous code or programs, McAfee said.
Deploying advanced malware protection at large casino operator
The Las Vegas Sands Corp. is rolling out MATD and its associated apps worldwide in a bid to control malicious attacks, said Phil Ferraro, vice president and chief information security officer at the resort, as well as casino operator. "Advanced threats are so significant, and we have to keep up to speed. Every time we come up with a new defense, there's new malware being used against us, and from a business perspective, you have to talk about the impact [these threats represent] on the business. How will a breach affect shareholder value or reputational values? For me, this will give me leading-edge integrated technology to protect and defend our networks -- not just learning, but being able to take action to defend the network."
The ability to consolidate threat protection on a single platform as well as identify malicious code were other key considerations, Ferraro said. "We want to make sure we are standardized and that we are able to monitor not just our Internet points of presence, but also those of our partners. We can have the greatest security, but if we aren't looking at our partners and vendors, then they can be used as pivot points to get into our organizations.
"If we're able to detect an attack or capture the malware and then do reverse-engineering, that will tell us the method of operation. Being able to collect that information is invaluable -- to know who is attacking us and how to go about remedying it."
Endpoint security, 'Internet of Things' strategies unveiled
McAfee also introduced an endpoint-aware security information event management (application, Enterprise Security Manager (ESM). The product, which also uses Real Time as an integrated application, queries, collects and analyzes data generated by endpoints. If an attack occurs, ESM gives security managers the ability to take immediate remedial action, McAfee said. MATD, Real Time and ESM will be commercially available later this year.
The introduction of the new products comes as McAfee takes steps to reengineer its firewall portfolio with technology it acquired through its 2013 purchase of Finnish next-generation firewall vendor Stonesoft. "So far, so good," said McAfee President Michael DeCesare. "When we did the evaluation [before purchasing the company], what it had against it was that it was centric to Europe. With our sales organization, we think our ability to market its technology [to North America] is strong, and we have made good progress."
McAfee is also eyeing the "Internet of Things" marketplace, tapping parent Intel Corp. to offer a chipset that's engineered with a prepackaged and certified set of McAfee security functions. The new low-power chip, dubbed Quark, is now undergoing beta testing, according to Greg Brown, vice president and chief technology officer of Cloud and Data Center Solutions.
"Intel will be going to market with a chip that has a built-in security component," Brown said. Quark is engineered to be used in small devices, but Brown said McAfee and Intel engineers are also working to place similar McAfee security capabilities in Intel's higher-horsepower chipsets, such as Atom and Xeon.
Dig deeper on Network Security Monitoring and Analysis