McAfee: Collaborative Security at Its Best

Steve Grobman, SVP & CTO Oops, your files have been encrypted!” The pop-up that appeared on thousands of computers across the globe in the wee hours of a Friday last month flagrantly demanded a ransom of $300 in bitcoin. Much like a scene from a sci-fi movie, the ransomware strain WannaCry spurred from a sloppy cybercriminal scheme that made way to nearly 150 countries, locking down critical computer systems. As the global corporate sphere woke up to this malware catastrophe, McAfee—a name that is synonymous with cybersecurity today—was already at work, using its unparalleled defensive approach to analyze samples of ransomware and develop mitigation guidance and detection updates for its customers.

“Within a few hours, we updated our Global Threat Intelligence to provide comprehensive protection for multitudinous endpoints that were potentially at risk,” says Steve Grobman, Senior Vice President and CTO at McAfee. While this digital heist rendered sleepless nights to the CISOs, McAfee was locked and loaded to meet the cybersecurity setback head-on, with its zero-day protection built on behavioral, heuristic, application control, and sandbox analyses.

“An enterprise achieves the most value when the products are able to exchange information beyond their own information domain”

Established in 1987, McAfee’s journey to prominence is largely powered by its unrivaled in-depth analysis and calculus on addressing emerging threats. Needless to say, with industry-leading innovation, McAfee today defends two-thirds of the world’s 2,000 largest enterprises while keeping its positions as a Leader in Gartner’s Magic Quadrants year after year. The firm has a unique perception of enterprise security and defense, achieving a vision and action miles ahead of the competition in the enterprise security space.

The cybersecurity behemoth’s logic is solid: Enterprises cannot fight cybercrime alone; there is no one person, product, or organization that can provide total security, and the power lies in working together. In the words of the CTO, “Security is all about achieving an outcome, and the best way to reach that outcome will require multiple technologies seamlessly working together.” Besides its products, McAfee provides a threat data exchange infrastructure that allows defensive technologies to communicate with each other within a network environment, providing a superset of global as well as local threat intelligence to a customer. Evidently, McAfee is the only company that provides such collaboration capabilities in provisioning security from network edge to endpoint.

The Power of Threat Intelligence

McAfee’s leadership in the security sphere is spearheaded by its investments and resources in cyber threat research.

Security is all about achieving an outcome, and, the best way to reach that outcome will require multiple technologies seamlessly working together

“The harsh truth is that every effective defense will inherently create an incentive for the bad actors to find a way to work around it,” says Grobman. The threat landscape, as a result, gains sophistication miles ahead of the defenders. McAfee has the answer for this with McAfee Global Threat Intelligence, an always-on, cloud-based threat intelligence service that enables instant and accurate protection to minimize time and operational efforts between detection and containment. Well-informed about a broad spectrum of cybersecurity threats across the globe, McAfee Global Threat Intelligence provisions unique visibility into a diverse classification of worms, botnets, DNS attacks, and more, to fortify the security posture of enterprises across all vectors—web, file, network, and message. Also available as a standalone service, McAfee Global Threat Intelligence runs on a shared intelligence model comprising of more than a hundred million nodes located across the world for robust data correlation and visibility into known and emerging threats regardless of their source of propagation.

According to Grobman, any reasonably-sized organization is going to need a comprehensive set of defense technologies, and the challenge lies in effectively managing those for protection and defense in the rapidly-changing threat landscape; especially when the human element poses one of the greatest threats. McAfee's strategic approach to security enables this, by combining security portfolios as a cohesive whole to curb complexity, investing in advanced technologies to enhance protection, and integrating these technologies with existing IT assets to streamline processes.

“We are trying to move away from thinking security as a set of random products that organizations need to comprehend. Instead, we assist them with a well-organized taxonomy where different technologies work together to solve a key goal,” explains Grobman.

For instance, McAfee’s ePolicy Orchestrator (McAfee ePO)—a component of the McAfee Security Management solution—assists companies to manage their networks, endpoints, data, and compliance. Optimized specifically for enterprises, the McAfee ePO offers a scalable architecture to simplify risk and security management while driving down costs.

Going beyond enterprise parameters, McAfee has developed a complete endpoint threat protection package that enables automated investigation, containment, and actions against zero-day threats. McAfee Complete Endpoint Threat Protection comprises a fresh arsenal of technologies—Dynamic Application Containment and Real Protect—allowing customers to stay ahead of zero-day threats, ransomware, and grayware.
McAfee Complete Endpoint Threat Protection is powered by the firm’s automation framework that enables diverse products to communicate with each other through the Data Exchange Layer (DXL)—an open source communication fabric connecting McAfee products and the products in their partner ecosystem. DXL enables connecting security solutions from multiple vendors in an attempt to share intelligence and orchestrate security operations in real time. McAfee’s Active Response, for instance, assists analytics, forensics and operations teams with real-time intelligence captured and monitored from events, files, process objects, context, and system state changes—all automatically. This automation within security helps users repurpose their efforts from mundane tasks to operations that require human intellect. “An enterprise achieves the most value when the products can exchange information beyond their information domain,” reflects Grobman.

Laying the Groundwork

McAfee's efforts to enable a collaborative security envelope between disparate processes and systems today extends into manufacturing with its solution Embedded Control. This solution targets the deluge of fixed-function devices with an open architecture that brings along a hoard of vulnerabilities. From point-of-sales (POS) equipment to ATMs, kiosks, and devices that control medical equipment, the ‘smart’ paraphernalia is elevating the security concerns of developers and manufacturers. The ecosystem demands a solution which integrates device security, network communication, and data security. Powered by McAfee’s whitelisting technology, Embedded Control blocks unauthorized applications and change on fixed-function, point-of-service infrastructures. “It is like applying the concept of ‘least-privileged’ across the enterprise where these devices are only allowed to perform functions for which they were designed, but restricted from performing malicious functions in the remote event they are commandeered attackers,” elucidates Grobman.

In a nutshell, McAfee embraces the perspective of integrating all products in an enterprise to simplify collaboration, accelerate processes with automation, and finally orchestrate the cyber-environment with a unified approach—where detection, protection, and correction of threats take place simultaneously.

Toward a Secure Future

In a world where “security” has many connotations, it is an exciting time for McAfee as the company continues to complement its core signature-based threat defense offerings with newer technology, such as machine learning and data analytics. The recent spin off from Intel aims to further accelerate this transition, embracing McAfee's move to “build trust in a cloudy sky”—paving the way for cloud-efficiency in security to enable real-time defense in the truest sense of the word.

Now that McAfee has more room to maneuver as a business and offer solutions addressing the latest sophisticated and evasive threats, the firm’s forward-looking strategy centers on making security pragmatic for the defenders. “We are looking at a roadmap to empower people to do more with what they have and make technologies work together for defenders, bringing the concept of a connected and secure world to reality,” concludes the CTO.


Santa Clara, CA

Steve Grobman, SVP & CTO

Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place