Employees and customers discuss security and the future of the firm.
McAfee’s held its recent annual cybersecurity conference in a Las Vegas casino resort. But there are few places better to learn about risk and reward than the Nevada city. So here are your eight takeaways from the event:
1. McAfee is still only "part of Intel Security"
This may be the last outing for John McAfee’s namesake before it is absorbed under the new banner of Intel Security. The self-affirmed "eccentric millionaire" has long had a reputation for odd behaviour, and his trashing of his former company has led Intel to have a rethink on the strength of the brand.
As a result it will be relegated in a manner akin to Symantec’s Norton line, with the McAfee shield standing in for the old name where deemed appropriate. McAfee staff who spoke to CBR believed the teams at both companies would be brought under one banner at some point next year – half a decade after the initial purchase for $7.68bn.
2. It believes that integration is a big deal in cybersecurity
Intel Security’s newly appointed chief Christopher Young had much to say at McAfee’s conference, but particularly pointed out that an excess of applications and vendors was harming cybersecurity. "You’ve got to start to think [that] as an industry we’re starting to create our own problems because we’re so complex, we’re so fragmented," he said.
He pleaded realism in not expecting to be the sole security vendor used by their customers, which was likely a relief to attendees of the partner summit, but added that he still intended to make Intel Security the primary source.
3. Shared intelligence is key to the firm’s strategy
The leadership change at Intel Security and shifting branding of the company somewhat overshadowed the key announcement from a product point of view: namely the Threat Intelligence Exchange (TIE).
In what Vinay Anand, VP of product management at McAfee, described as a "game-changer", the company’s products will share information with each other in real-time. "It’s like a beacon," he said. "I suddenly hold a red light up and every McAfee solution in that network is able to see my red light and actually understand what it means."
4. Cybersecurity needs a good crisis to create international standards
When former US secretary of state Condoleezza Rice professed ignorance at some of her country’s cyber capabilities revealed by NSA whistleblower Edward Snowden it was hard not to raise an eyebrow, but her thoughts on the nuclear race during the Cold War as a model for future cybersecurity relations were more convincing.
"When nuclear weapons came on to the scene after World War Two we also didn’t have international standards to deal with the threat," she said, stressing the importance of close calls in influencing the emergence of such protocols. But she added that cybersecurity had not provided those crises yet, making it "especially hard for governments to deal with".
5. Worries about network and security compromise
Consumers who squeeze out every bit of power from their personal computers will know that cybersecurity software can be a drag on systems resources. The same holds true for companies, although the majority of them are reluctant to trade security for increased performance, according to a survey by McAfee.
According to Pat Calhoun, general manager of network security at McAfee, conflicting goals between teams are still a cause of tension. "The network guys are using one set of tools and the security guys are using a different tools and they’re not talking to each other," he said.
6. Point-of-sales security can reduce threats to almost zero
Point-of-sales (PoS) flaws have been behind some of the biggest cyber-attacks ever, perhaps most notably that against the US retailer Target around this time last year. Michael Fey, CTO at McAfee, argued that malware attacks on PoS systems were similar to much else that was happening in the industry, even if the specific tactics were mostly employed against retailers.
He claimed that with McAfee’s new PoS security "the likelihood of being breached approaches zero", as a result of boot protection on the terminal, better encryption and app control. In a sector as unpredictable as cybersecurity this is quite some claim, and it will be interesting to see if the finished product matches the hype.
7. Boards don’t expect all threats to be eliminated
Cybersecurity managers have long bemoaned the difficulty of explaining their problems to boards that lack tech literacy, a theme that Intel Security head Christopher Young touched on in his keynote to the partner summit. But when several McAfee customers were quizzed by CBR, they admitted the job is more nuanced these days.
"I think there’s a general understanding you can’t get rid of everything, and if you did you probably wouldn’t like the price tag for it," said Bob Varnadoe, CISO at NCR Corporation, which creates sales and cash terminals. "I think the expectation for us as security professionals is we know where that boundary lies and we’re able to communicate that to [the board] and get their feedback."
8. Cloud security risks will not slow adoption
The cloud has remained a controversial subject in the security world, with many proponents of the new tech claiming its security dangers have been overstated. However Vinay Anand, VP of product marketing at McAfee, said that it had forced enterprises to "rearchitect their data centre security solutions".
He predicted that cloud adoption would continue apace because of the advantages of cost and speed, but added one caveat: "Many businesses will probably have a small component that’s on premise, just because they have certain data that either for regulatory reasons or their own enterprise policy reasons they have to hold on to."