McAfee Offers Global Response to Nationalized Malware

McAfee's new Threat Intelligence Exchange sounds rather innocent, but it actually represents the company's response to the growing belief that security threats have become so pervasive and powerful that the entire security defense model has to change. When you have government funding to buy malware, and a massive market for militarized malware growing at a national level, the only way to respond effectively is through global cooperation.

No firm, nor any one government, is powerful enough alone to address this threat. No perimeter defense - which is what we've largely relied on in the past - is effective, either, and any successful response simply has to assume the perimeter is porous.

Your Perimeter, Like a Medieval Castle Wall, Will Be Breached

Imagine it's the Dark Ages and we need to defend our castle. We could build a huge wall, but we'd find that any concentrated attack would eventually breach the wall, and we'd be dead. Castle design was thus altered to include levels of defense - basically assuming that invaders would breach the primary wall but have an increasingly painful attack.

As weapons advanced, this no longer worked. States formed nations, which built armies. Today's cities and town centers are no longer walled. Police forces, national guards, armies and various security agencies provide defense, finding and eliminating threats en masse. As we stopped building massive walls, focus shifted from the perimeter, at least with regard to prevention, to finding and eliminating threats more quickly.

[ Analysis: McAfee Security Report Suggests 2014 Will Be a Rough Year ]

This goes to the heart of McAfee's approach. The Threat Intelligence Exchange is designed to layer over traditional security. It assumes there will be a breach - but it's designed to identify and respond to breaches, all while notifying administrators so damage can largely be eliminated. It recognizes that no wall is strong enough to defend against the class of attacks we now see, much like the knights of old discovered that gunpowder and dynamite made walled cities largely pointless. The defense had to change to match the powerful attacks that were overwhelming traditional models.

To Fend Off Malware, Think Globally, Act Globally

Part of the problem, of course, is that attackers are increasingly funded at a national level; software seems to migrate (or initially come from) firms operating legally, kind of like weapons brokers, out of Eastern Europe. This means that, to make a comprehensive internal response function as fast as it needs to be, you have to create a reach that is at least national, if not global.

[ Related: 6 Failures That Led to Target Hack ]

This also hits the core of McAfee's offering, as it networks global resources - private and public, as well as McAfee's own global treat tracking service - to spread the news of emerging malware so it can be more rapidly identified and mitigated when used a second time. If the product has been seen or identified by any one of the companies using the solution, or through McAfee's own resources, the response template is distributed. The other sites are hardened against the product in real time, reducing the response time to an attack and making events such as the Target breach far harder to accomplish, particularly a second time.

If the Bad Guys Get In, You Must Sound the Alarm

When facing a massive attack, perimeter defenses or other limited methods aren't adequate. But the world is under that kind of threat today. McAfee has created a "Defense in Depth" product, which assumes that you will be breached but can automatically respond to the breach, thus limiting or eliminating the exposure. This is a very different approach, but it's one that's unfortunately necessary in today's hostile world.

[ More: McAfee Moves to Redefine SIEM, Enterprise Security ]

This is hardly the end. I expect future offerings will increasingly use AI models to address even more intelligent malware. McAfee's Threat intelligence Exchange doesn't end the arm's race; it just gives IT an advantage until the next malware breakthrough. But it does make it likely that attackers will hit someone who hasn't deployed this offering - because that will be a vastly easier target.

Rob Enderle is president and principal analyst of the Enderle Group. Previously, he was the Senior Research Fellow for Forrester Research and the Giga Information Group. Prior to that he worked for IBM and held positions in Internal Audit, Competitive Analysis, Marketing, Finance and Security. Currently, Enderle writes on emerging technology, security and Linux for a variety of publications and appears on national news TV shows that include CNBC, FOX, Bloomberg and NPR.

Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Read more about cybercrime in CIO's Cybercrime Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags mcafeesecurityThreat Intelligence ExchangelegalSecurity | CybercrimeTarget breachintelmalwarecybercrimeperimeter security

More about BloombergCNBCFacebookForrester ResearchGiga Information GroupGoogleIBM AustraliaInformation GroupLinuxMcAfee AustraliaMcAfee SecurityThreat Intelligence

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rob Enderle

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts