Christopher Young, senior-vice president Intel Security
Christopher Young, senior-vice president Intel Security. photo by Howard Solomon

Published: October 29th, 2015

LAS VEGAS – Intel Security announced a series of new and updated products to support its corporate strategy concentrating on the endpoint and the cloud as its control points to address the expanding attack surfaces in today’s connected world.

At its annual user conference, Focus 15, the newly released McAfee Endpoint Security 10.X provides a new platform that enables real-time communication between defense products via the STIX and TAXII standards, as well as through McAfee Data Exchange Layer (DXL). This will allow layers of defense to share information about threats to make overall protection more effective throughout the threat defense lifecycle.

McAfee Active Response builds on and complements Endpoint Security. Managed through McAfee’s ePolicy Orchestrator (ePO), it provides analysts and administrators with the tools to hunt down indicators of compromise.

While anti-malware used to be all about protecting against threats, today companies have to take a three-pronged approach, explained Chris Young, senior vice president and general manager of Intel Security Group. The new mantra: protect, detect, correct.

The components of the new solutions intelligently communicate to isolate and remove threats so, for example, if a user opens an unknown file, the software can analyse it, determine if it’s malicious, and if so, deal with it as well as searching the environment to see if others have received the now known bad file and ensuring they don’t become infected. It also determines if the malware has been communicating with external sites such as command and control servers and hunts down and re-mediates any endpoints communicating with those addresses. All of this happens automatically, without human intervention. The goal is to free security professionals from routine work that a machine can do. Michael Leland, former CTO at NitroSecurity and now SIEM evangelist at Intel Security, said that the new tools allow security professionals to go from being responders to hunters.

However, said Young, the new strategy meant abandoning some non-core areas such as email security, leaving their care to partners. Since the new platform is extensible, third party products can plug in to ePO and communicate with its components. In addition, solutions using DXL can be built without any Intel Security products involved, if vendors so choose. Through the Intel Security Innovation Alliance, solutions from twelve partners now use DXL, including products from Titus, Forescout, CloudHash, Avecto, and TrapX.

“DXL lets people do what they do well,” said Paul Reid, technology strategist at Titus. “(Using DXL), Titus shares context with its partners in real time. It acts as a force multiplier.”