DeepSafe would have prevented Stuxnet: McAfee

Published: October 20th, 2011

LAS VEGAS – Todd Gebhart, the co-president of McAfee, (NYSE: MFE) along with Mike DeCesare, told CDN that DeepSafe would have prevented Stuxnet.

The Stuxnet super-worm rocked Internet-based industrial controls of Iran’s enriched uranium supply last year.

Sean McGurk, acting director of the National Cybersecurity and Communications Integration Center in the U.S. department of Homeland Security, called Stuxnet a game-changer for business and governments.

Gebhart believes McAfee’s DeepSafe technology, co-developed with Intel, to be a game changer as well. DeepSafe works as a protection layer beyond the operating system.

At the Focus 11 Partner Summit, McAfee introduced two additional DeepSafe products called Deep Defender and DeepCommand.

Deep Defender is a hardware and software solution designed to stop and remediate advanced stealth behaviours in real time as they try to hide malware.

Deep Defender includes:

Real-time memory and CPU monitoring that recognizes evasive techniques used by malware;

Zero-day detection that doesn’t require prior knowledge of the rootkit to detect its existence;Protection against known and unknown threats;

Central management with McAfee ePolicy Orchestrator platform that provides dashboards and reports.

“Deep Defender looks at the interactions and when you look at those you’ll get to see the attacks and be able to block them. For the first time, organizations have the ability to wake up and do something proactively when attacked,” Gebhart said.

Doron Kaminski, COO of Insite Computer Group, a McAfee solution provider based in Toronto, wanted to know what the repercussion are from DeepSafe technology on machine performance.

“If this is a layer beyond the OS then what are the repercussions on hardware performance? That would be my concern. When you look at all the software out there with AV or protection software they are memory and cpu intensive. Customers and resellers look at that and they don’t want to have machines that slow down,” Kaminski said.

McAfee ePO Deep Command provides remote security management access to PCs that may be powered off or disabled.

Deep Command also offers:

Allowing security administrators to reduce operation costs while enhancing their security posture;

Broadens security management by taking advantage of hardware-based capabilities built into laptop and desktop PCs featuring Intel’s Core i5 vPro and Core i7 vPro chips;

Remotely remediate compromised systems, enable “green” security initiatives, wake and patch systems, as well as apply proactive security;

Utilizes the Intel AMT Alarm Clock feature; and

Gives security administrators full control to power on PCs and execute security tasks.

Kaminski told CDN that because Deep Command is part of an Intel initiative there maybe no plans for AMD processors, which have a significant presence in the marketplace. “Will DeepCommand work with other processors considering that it looks like an Intel-only play? How will it address other platforms,” he said.

DeepSafe will be brought to market via McAfee’s direct sales team at first. DeCesare said the channel partners will be brought in throughout the year and will have full access by 2013.

“Anytime we have a new technology we try to have a strong start with our own sales team and engineering team. DeepSafe is a big technology and the channel’s not up to speed on it yet and they need to get ramped up. This is just a common business practice for us until the channel gets ramped up,” DeCesare said.

The other interesting aspect of DeepSafe is the Intel will give access to McAfee competitors to this technology. Obviously McAfee has a jump start, but Gebhart added that “if (competitors) are twice as smart as we are then it will take them a year and a half to get to where we are with DeepSafe.”

The reason behind this move is that economies of the world are dependent on many security vendors. At last tally there are 44 vendors who develop security solutions for the channel community to resell.

Gebhart said that even with competitor access to this technology McAfee still has to act fast to maintain leadership. “We want (competitors) to be in this line. This is an open technology. The only question is do they have the economic firepower like we do with Intel.”

More Articles