Signature-Based Endpoint Security on Its Way Out

"We are seeing about 150,000 new pieces of malware every day now," says Simon Hunt, vice president and CTO of Endpoint Solutions at security vendor McAfee. "The attack is just impossible&we're purely on the defensive. Before we know about any new virus, somebody has to be a sacrificial lamb and die and tell us about it. It's an awful way of doing things."

Signature-Based Anti-Virus Destined for Failure

"I can't say blacklisting is dead, but I want it to be," he says. "I know I cannot continue down that path. It's quicker just to do a signature check and you reward me for your PC not slowing down. I'm rewarded for keeping the PC performing as fast as possible."

But while a signature-based approach reduces the performance hit to the systems on which it runs, it also means somebody has to be the sacrificial sheep. Somebody has to get infected by a piece of malware so that it can be identified, analyzed and other folks protected against it. And in the meantime the malefactors can create new malware that signature-based defenses can't defend against.

The obvious conclusion is that signature-based defenses are not enough to defend against today's malware threats. But if you had gone to McAfee yesterday looking to a comprehensive security package, you would have found nine different suites of products to choose from, each of them a bundle of different security technologies.

"The challenge has been there are so many different threats that our customers suffer from now," Hunt says. "And typical big company behavior is that as soon as we discover a new threat, we develop a new solution."

And that, in turn, has led to a great deal of confusion for customers, Hunt says. A new approach was required. So McAfee rethought its endpoint protection strategy, slimming its offerings down to two comprehensive suites that both incorporate its newest security technologies.

McAfee Releases New Endpoint Security Suites

Dubbed McAfee Deep Defender, it resides between the memory and OS to perform real-time memory and CPU monitoring. The real-time, kernel-level behavioral monitoring exposes and removes unknown threats, including kernel-mode rootkits, to preempt zero-day malware.

Both suites include Deep Defender and a host of other technologies, from endpoint firewall to intrusion prevention, application blocking and mobile device management. Both are a single solution for PC, Mac, Linux, mobile and virtual security. Both also incorporate McAfee's ePolicy Orchestrator software for management, which has been enhanced with real-time capabilities.

Hunt notes that Complete Endpoint Protection-Enterprise includes dynamic whitelisting capabilities and McAfee Risk Advisor, which helps administrators see which assets are at highest risk. Complete Endpoint Protection - Business replaces those technologies with full disk encryption.

"People want the big, red easy button: Protect me," Hunt says. "How do we take what is inherently a complicated technology and make it simple? This suite is our first attempt at realizing that dream. We still aspire to improve at every stage."

"For us, an endpoint is everything," he adds. "All our competitors have separate mobile suites. I really don't get it. There's such a thin line between an iPad with a Bluetooth keyboard and a MacBook Air in my mind. Differentiating between different classes of endpoint doesn't make much sense. If you buy a node, we don't care whether it's a PC or a Mac. The use cases are the same, the risk is the same. I don't want people to start a separate purchasing decision when they decide to protect their iPads."

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at

Read more about security in CIO's Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags advanced persistent threatRootkit exploitendpoint securityTechnology TopicsmalwareantivirusAPTTechnology Topics | Securitymcafeeanti-virussecurityenterprise security

More about FacebookGoogleIT SecurityLinuxMcAfee AustraliaMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts