October 20, 2008, 1:48 PM — McAfee is hunkering down to integrate the security technologies it has bought over the past several months into its varied line of security software and appliances. Two trends in the company's activities are developing parallel products for deployment as software on endpoints and as network-based appliances. This week, for instance, the company is announcing that NAC software can be installed on its IntruShield IPS appliance to give customers the option of enforcing NAC policies in the network, not just on the endpoint. The company is bringing management of these platforms under control of its ePolicy Orchestrator (ePO) in an effort to centralize control of network security. Network World Senior Editor Tim Greene spoke with McAfee CEO Dave DeWalt about these efforts as well as other issues facing the company.
McAfee made significant acquisitions in buying Secure Computing and Reconnex. What will you do with their technologies?
With these acquisitions we have a state of the art, never-been-broken firewall that we can begin to integrate with IPS, we can also integrate NAC, we have e-mail and Web filtering on an appliance, we have data-loss prevention at the gateway, we have encryption at the gateway we can do archiving at the gateway - we have a suite of offerings that enable us to do what we were doing at the endpoint, creating a suite with more functionality.
We're not fully integrated into ePO on every component of that yet having just acquired Reconnex and Secure Computing, but the goal is to integrate that into ePO.
How will ePO evolve?
As we launch our next major release of ePO [next year] it will have a lot more user and event management capabilities in the product. We have a major effort underway in engineering with virtual device capabilities.
We're starting to see virtual desktops and servers massively deployed and we started thinking about to manage both physical IDs as well as virtual IDs. It enters into a new stratosphere of management. We're looking to do things the market has never seen, particularly in how it comes back to NAC.
Unified secure access is an endpoint problem and a network problem. We feel we're pretty uniquely positioned to leverage and interlock our endpoint strategy with our network strategy. McAfee is the only security vendor that offers a product for the network as well as a comparable product on the endpoint and really integrates them.
Like we've done on the endpoint for host intrusion prevention and network intrusion prevention, where we can import signatures from our network product into our host product, match the policies, create a multi-layer defense.
Things like we're doing with data loss and prevention, we can classify data and block it at the port, block it at the host as well as block it through the protocol on the network.
Now you've got the NAC solution which is the same type of thing where you can control network access, quarantine users, unmanaged users both inline and out of band can both be monitored through the network as well as protected on the host. As we evolve that you'll see more and more of that capability coming out of McAfee.
Doesn't that increase complexity?
We think it's the opposite. When you have a console then the secret sauce is having one set of policies that can govern both the network and the host through ePO.
EPO is completely automated and scalable. Reporting is common. So we can reduce the complexity and produce common reporting and overall lower the cost of ownership for our customers.
The traditional mindset was: put in multiple vendors at every layer and let's try to have a multi-tiered, multilayered, multi-vendor strategy. The complexity overwhelmed them in that model and created more vulnerabilities by having a point product at every endpoint.
After a while it became impossible to manage compliance, understand vulnerability, create common reporting and lower cost.
What's McAfee's current business strategy?
My goal and strategy is to be the largest dedicated security company and the fastest growing and the most innovative. We've been trying to do that with our own R&D but also through acquisition.
No. 1, we've been trying to win the endpoint. Our most successful business area prior to the last quarter or so with the network business had been on the endpoint. We've been able to use our ePolicy Orchestrator franchise (ePO) and leverage that.
Last year's ePO 4 release is a landmark for the company. It gave us a serious platform for managing much more than antivirus. That was the largest single engineering program the company had ever produced. More than 60% of our base customers have converted to the product.
What's the big attraction?
It gave us the ability to have a common agent that can do a lot more than anti-virus. It's got spyware, [host intrusion prevention], NAC, [data loss prevention], encryption. What you'll see as our strategy is to offer a lot more functionality in a common agent managed by a single console.
Is there more hardware in the wings?
We have the NAC appliance but you can imagine we're not going to stop there. Secure Computing purchased a company called Securify which offers an application firewall with the ability to monitor and managed user access to applications. With that you can begin to build out the most comprehensive NAC solution in the market. I think we've already done that with the NAC appliance standalone coupled with our NAC client.
