McAfee plans enterprise security package for fast threat detection and response

By , Network World |  Security, McAfee

McAfee says it's developing a product it calls "Threat Intelligence Exchange," which it expects to introduce by mid-year as a core means to garner information about cyber-attacks and response for the enterprise.

Threat Intelligence Exchange is described as a "messaging framework" that would initially collect information about Windows-based endpoints in the enterprise and whether they had been compromised, identify patterns and allow for a rapid "immunization" of assets. According to Brandon Rogers, McAfee senior vice president of product solutions and marketing, it will include a client add-on agent for McAfee's anti-malware software that could be deployed via McAfee ePolicy Orchestrator management console. There will also be a server-based Threat Intelligence Exchange component that will work as a VMware-based virtual-machine that could reside in the organization's data center to centrally collect the wide variety of contextual information related to threats.

The messaging framework from McAfee will initially be oriented toward collecting and orchestrating response from only McAfee products, including intrusion-prevention systems, anti-virus and Web gateways, says Rogers. Much remains to be known about Threat Intelligence Exchange, but it is being tested by AT&T, and the senior IT security manager there, Chet Black, indicated he thinks it will dramatically reduce the time from when a cyberthreat is encountered to its containment.

+More on Network World: Start-up takes up threat detection and intelligence-sharing for the enterprise |What ever happened to the "FIDO Alliance" that was going to revolutionize online authentication? +

In terms of the security messaging framework, Jon Oltsik, senior principal analyst, Enterprise Strategy Group, said McAfee is "thinking in terms of information security middleware so different applications/services can exchange data, adhere to common policies, and automate policy enforcement." He adds it's similar to the way middleware might work in a message bus in enterprise applications or transaction processing.

At this early stage, it's unclear what Threat Intelligence Exchange might be compared to, but possibly Cisco's Platform Exchange Grid or the IF-MAP concept from the Trusted Computing Group, says Oltsik.

But will McAfee be proposing some sort of security messaging standard when it introduces Threat Intelligence Exchange around mid-year? That's not expected, though McAfee is leaving the door open for third-party product integration, possibly with  McAfee's closest vendor partners, such as those in the McAfee Security Alliance Partner program.

Oltsik indicated he's hopeful there will be openness to standards and third-party integration in the future in all this, saying too many vendors "try to play the proprietary game" which proves an obstacle to product integration.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Don't miss...


18 hot IT certifications for 2014

6 IT hiring tips to weed out the duds

The helpful, handy, FREE programs your new PC needs

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness