Intel Security business unit McAfee is integrating its next-generation firewall with its endpoint protection, threat intelligence, sandboxing and SIEM products to create an end-to-end security platform.
Initially, the company will integrate McAfee Next-Generation Firewall -- which it acquired through its acquisition of Stonesoft last year -- with its other security products through SOAP- and REST-based APIs. In 2015, McAfee will integrate the firewall more tightly via its Threat Intelligence Exchange framework, a publish-and-subscribe service that allows the company's security products to use shared intelligence more actively.
Many IT organizations are demanding more integration among their various security technologies in order to streamline detection and responses to security incidents. "We find that whether it's a next-generation firewall, endpoint protection, intrusion prevention or anything else, one hand doesn't know what the other is doing," said Jennifer Geisler, senior director of network security marketing at McAfee. "This [integration] is a solution to all of these disparate systems that can't talk to each other."
"You can start to automate remediation [with integrated security technologies]," said Jon Oltsik, senior principal analyst with Enterprise Strategy Group. "If you start to see some unusual network connections emanating from a website, you can immediately generate a firewall rule. If you get some threat intelligence on a specific website or URL or combination of IP addresses or characteristics of content, you can start to automate the creation of firewall rules associated with them."
The McAfee Next Generation Firewall will share information with the company's ePolicy Orchestrator endpoint management, cloud-based Global Threat Intelligence, the Advanced Threat Defense sandbox service and the SIEM product Enterprise Security Manager.
While integration of security technology is a priority, not all enterprises are eager to rely on a single vendor for such a platform. They have incumbent technologies from multiple vendors and they want those technologies to integrate.
"It's great to have everything interconnected and talking, but the problem is you need to find a vendor who can take best-of-breed products and get them all to talk in a holistic fashion," said Forrest Schroth, director of network engineering systems for Cross Country Healthcare, a healthcare staffing and workforce management company based in Boca Raton, Fla. "The problem with McAfee is that they're not best-of-breed."
The McAfee firewall, formerly Stonesoft, actually has a strong reputation, said John Grady, program manager for security research at IDC. Stonesoft's chief challenge was expanding its sales and marketing beyond its European base, he said. On the other hand, not all enterprises favor the "best-of-breed approach," he said. A lot of security technologies are commoditized and network complexity has become a bigger problem. "Even bigger companies may try to consolidate [with a single vendor] just to simplify."
Regardless of the merits of individual products, third-party integration needs to be the next step for all security vendors that are trying to create a broad platform from multiple technologies. Some security vendors, however, will struggle to find willing partners, given the amount of product overlap among them.
"Every firewall should be integrated with most SIEMs, and they all should be partnered with third-party endpoint protection platform vendors [EPP] -- and not try to make their own EPP like some are doing now," said Greg Young, research vice president at Gartner. "In this case McAfee has done it with their own EPP first. I expect they will be challenged in doing so with competing EPPs, however."
Palo Alto Networks integrates its sandboxing service with Cyvera endpoint protection acquisition
Cisco introduces pxGrid publish and subscribe framework for integrating third-party security tech
FireEye expands from advanced threat detection into endpoint security with Mandiant buy