Intel Security has unveiled its new corporate strategy aimed at enabling businesses around the globe to more aggressively and effectively defend against data breaches and targeted attacks.
Through a more integrated and more open security system that unifies the key phases of the threat defense lifecycle, the new strategy focuses on the endpoint and the cloud as the most effective areas for advanced visibility and practical operational control. These control points are enabled by world-class threat detection and analytics.
The strategy also emphasises a simplified user experience powered by centralised management and a connected architecture across Intel and third-party products. Through this open and integrated system, Intel Security aims to empower organisations to resolve more threats, faster, with fewer resources.
Intel Security will continue to focus on its core strength of protecting organisations against known threats, and is expanding its investment in tools that help detect new threats faster and enable automated workflows to rapidly correct them. By unifying protection, detection and correction with real-time centralized management into an adaptive feedback loop, known as the threat defence lifecycle, security then evolves and learns in an iterative cycle that improves over time. This model helps organisations become more effective at blocking threats, identifying compromises, and implementing remediation as well as countermeasure improvements more quickly.
“The rising volume and complexity of attacks present a vicious cycle of challenges for organisations and makes speed and efficiency critical,” says Chris Young, senior vice-president and GM of Intel Security Group. “With a rapidly expanding attack surface, and a shortage of relevant talent and expertise, defenders need to win on visibility into events, simplified management, and capabilities that empower teams to close the loop on attacks in progress – faster, more effectively, and with fewer resources.”
In support of the new strategy, Intel Security is also announcing new solutions that will each serve as a foundation for future technologies and products. McAfee Endpoint Security 10.X delivers a new streamlined and agile endpoint services platform, enabling protection for devices with faster scanning and deployment. McAfee Active Response, a new endpoint threat detection and response solution, supplies on-demand and continuous visibility into an array of endpoint activities with powerful, automated tools to respond to and monitor threat events.
The solutions can be used and managed together using Intel Security’s broadly adopted centralized management platform for a high-speed, high-accuracy, closed-loop approach to the threat defense lifecycle. Intel Security also now supports the Structured Threat Integration Expression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) standards designed to enhance detection of threats through sharing of threat intelligence.
“With the proliferation of Bring Your Own Device in South Africa and even the Choose Your Own Device trend, people are accessing business networks and corporate data from their personal devices through the cloud. Though it improves employee productivity in many cases, it also opens these businesses up to increased security threats and vulnerabilities,” says Trevor Coetzee regional director, South Africa and sub-Saharan Africa at Intel Security. “Through our new corporate strategy we aim to address these vulnerabilities at an endpoint and cloud level, without compromising business and employee efficiency.”
Serving as the foundation for Intel Security’s dynamic endpoint strategy, McAfee Endpoint Security 10.X enables customers to uniquely tackle the threat defense lifecycle with reduced complexity and better performance. McAfee Endpoint Security 10.X introduces a new platform built to enable real-time communication between threat defenses for more effective protection against emerging threats. By sharing and leveraging security events, it can act against potentially dangerous applications, downloads, websites and files at the moment suspicious behaviors are observed, and before a system becomes patient zero. Its extensible architecture provides a framework for IT teams who are burdened with multiple solutions to enhance protection, detection and correction against today’s advanced threats.
Key features in McAfee Endpoint Security 10.X include:
• Intelligent Endpoint Protection: access to real-time intelligence and actionable threat forensics from defenses that communicate and learn from each other to combat advanced threats
• Strong and Effective Performance: faster scanning, threat updates, maximized CPU and protection performance that is proven to be effective in third-party tests
• Collaborative Protection Framework: simplifies and removes complexity of duplicate technologies, connects other solutions, including third parties, and enables more defenses to communicate with each other using Intel Security’s endpoint security framework.
McAfee Active Response is a new endpoint threat detection and response solution that gives security practitioners the tools they need to hunt, identify and correct issues rapidly, continuously, and in the manner that makes the most sense for their businesses. Managed by the central management platform, McAfee ePolicy Orchestrator (ePO), it is easy to use with other Intel Security and partner products as part of an efficient threat defence lifecycle.
With McAfee Active Response, analysts and administrators can access rich security event and state details from endpoints on demand and set up persistent collectors to monitor for risky changes in security posture. This continuous visibility improves threat detection and expands incident response capabilities with detailed live, interactive, and ongoing investigation and analysis. Insights become part of comprehensive reporting and prioritised alerts and actions via ePO. By adding on to an existing central management environment, users gain unified deployment, monitoring, scalability and extensibility, with no extra management agent and no need for incremental staff to administer.
The Security Connected platform from Intel Security was designed to orchestrate management, analytics and intelligence operations. Taking the concept of Security Connected a step further down the path of true integration, Intel Security’s new strategy relies heavily on the ongoing development and evolution of an open platform built on standards and published interfaces for multi-vendor security information sharing.
To improve detection of threats through sharing of threat intelligence, Intel Security now supports the STIX and TAXII standards. Explaining details of zero-day and targeted malware, McAfee Advanced Threat Defense now generates a thorough malware report in STIX format that can be consumed by other compliant analysis or reporting products, including the McAfee Enterprise Security Manager. Additionally, the McAfee Threat Intelligence Exchange and McAfee Enterprise Security Manager can both ingest third-party threat intelligence in STIX format to enrich analysis and permit correlation between internal and external threat data.
Changing the dynamics of threat detection and response, the McAfee Data Exchange Layer (DXL) is an ultra-fast, bidirectional communication fabric that enables information and context sharing between connected technologies. Through the Intel Security Innovation Alliance, security solutions from 16 vendors are now running on or working with DXL, creating an advanced security ecosystem for enterprises.