Automating the Threat Defense Lifecycle – What the Heck does THAT Mean?

This blog was written by Brian Dye.

When we introduced our strategy at FOCUS ’15, at its core a simple concept:  create integrated security systems to automate the threat defense lifecycle so you can address more threats, faster, with fewer resources.  With the recent announcement of our strategic partnership with TPG we want to further define our strategy and show how we are uniquely leading the market, making IT security as dynamic and responsive as today’s most dangerous threats.[1]

To start at the finish:  the results of these security systems will be measurable – a simple but incredibly important conclusion.  We define success not just through your satisfaction but through impact to key CISO-level metrics.  When compared to disconnected architectures, we expect these systems should be able to:

• Reduce overall time to protection from over four hours to one minute
• Increase incident response capacity by up to 30x
• Improve response time from over 24 hours to less than 7 minutes

We understand that if we can’t move your metrics, we having nothing to offer but a new widget – and you have enough of those already!

Fundamentally, we are creating these integrated and automated security systems because we believe:

1. Protect, detect, and correct are better together.  The virtuous cycle of integrated security builds the best protection technology possible, finds and contains advanced threats, and rapidly remediates them … while adapting protection technologies to block the next threats better.  Organizations with integrated security platforms are 30% better protected[2], and we want you to be part of that statistic.
2. Only automation can overcome staffing issues.  You are clearly faced by a mismatch between your staffing (talent and volume) and the growth in number and sophistication of threats.[3]  That gap is compounded by stove-piped tools that force analysts to manually connect the dots across them, which takes even more time and effort.   Deeply automated security systems are critical to help solve that problem:  eliminate routine tasks, enable faster new hire onboarding, and free your strongest talent to tackle your hardest problems.  We expect automation to reduce manual effort by up to 70%.
3. No vendor can do this alone.  The security industry is one of the most fragmented of any in IT and no one provider delivers the entire threat defense lifecycle.  You need a practical way to integrate new capabilities into an overall platform approach.  Only real partnerships, across industry leaders, can create true security systems that protect, detect, and correct.

Four Security Systems

With those beliefs fueling our strategy, we are building a platform-based architecture with four security systems:  endpoint, cloud, hybrid data centers, and threat management.  Each system combines multiple technologies in to a single, integrated security system that allows us to break the Gordian knot:  combining best-in-market technology with broad integration across common platforms.  We expect these will drive the superior outcomes that you deserve with a low operating complexity … to drive an operating cost structure you can afford.

Connecting these Security Systems

Each of these systems help you address more threats, faster, with fewer resources.  That said, because these systems are themselves built on platforms they will work together to solve even bigger security problems.  To pick just a few examples:

• Closed loop threat defense: The four systems work together to share threat information and automate protection, which improves security and lowers cost.  Using the example of a potential attack starting at the endpoint, our security systems automate the detection and response end to end (although a threat coming in through the cloud or data center would have the same flow):

• Mobile workforce security: Due to the rise of SaaS applications, mobile workers can complete much of their work using only email, SaaS applications, and local compute.  The combination of the converged endpoint and cloud-delivered data security systems is designed to create a “mobile clean zone” to secure those mobile workers’ devices, but also keep the organizations data secure while off of the corporate network … allowing them to more safely reconnect to the corporate network when needed.  This includes technology from McAfee, but also from our partners like VMware® AirWatch® and MobileIron.

• Security for Infrastructure as a Service: Securing the workloads and access of IaaS platforms like Amazon Web Services or Microsoft Azure highlights the interconnectivity of the public cloud, data, users, and security operations center to defend it successfully:

A Unique Point of View

A common hazard across the security industry is that vendors start describing their strategies with common words, and before long everyone sounds the same.  To help cut through the buzzword bingo, here are a few areas where we believe our approach is truly unique in the market:

• Integration: we are combining point tools and features, using common platforms, in to integrated security systems.  You can see this in the four security systems:  each combines the capability from 3 or more point products in to a single system.  We deliver this integration and the management level with ePO™ and the threat intelligence level through DXL as well.
• Automation: with integration as our foundation, we then build in closed loop automation.  This automation delivers more accurate detection, faster remediation, and closed loop protection.  These benefits increase directly with the breadth of products and technologies that we integrate (our own or with other security providers).
• Orchestration: with more of your organization freed up through automation, we then proceed to orchestrate.  While automation is at the tools level, orchestration is at the systems level to not just drive actions but coordinate teams and accelerate investigation.  The gains, across both security effectiveness and team efficiency, are the most dramatic here which is why this is the ultimate goal that both integration and automation are building towards.

Really?

Overall this may be surprising to some of you, and it is more true than ever that the proof is in the pudding.  You may wonder if we can do this, and I appreciate that skepticism.  I don’t ask for your trust – instead I invite you to join us at FOCUS16 in Las Vegas this fall.  There, we will share with you the first round of technology delivery against this strategy.  I think you will be – pleasantly! – surprised.

Best,

Brian

© McAfee Corporation

McAfee, McAfee logo, McAfee® ePolicy Orchestrator® (McAfee® ePO), McAfee® ePolicy Orchestrator Cloud (McAfee Cloud ePO ) and Security Innovation Alliance are trademarks of McAfee Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

[1] NOTICE:  The information contained in this document is for informational purposes only and should not be deemed an offer by McAfee or create an obligation on McAfee. McAfee reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations.  Performance achievement objectives stated throughout this document assume certain environment configurations and are only representative of what we want to achieve, not a statement of current performance.

[2] Penn Schoen Berland. Dates of study: 1/4/2016 – 04/25/2016.

[3] https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/GISWS/FrostSullivan-(ISC)%C2%B2-Global-Information-Security-Workforce-Study-2015.pdf, pages 10-14