Intel Security Enhances Unified Defense Architecture
Thursday, November 3, 2016
Richard Harris |
Intel Security has announced an enhanced unified defense architecture designed to empower organizations to more effectively protect a new digital economy of trust, time and money. No longer is our economy a physical one, but one of connected networks and systems where cybercriminals have put us on the defensive. This new second economy, has put us in a world where more than money is at stake and where private and public sectors are fighting against time and working to justify trust.
Built upon the industry’s largest open ecosystem leveraging a proven integration program, Intel Security’s unified defense architecture is enabled by four protection systems – Dynamic Endpoint, Pervasive Data Protection, Data Center and Cloud Defense, and Intelligent Security Operations – that are intelligently integrated to multiply effectiveness.
Isolated solutions can be effective against individual assaults, but there are too many examples where isolated solutions can’t keep up with the wide range of sophisticated, emerging threats. Tactical security firefighting needs to be replaced with integrated, dynamic security defenses designed to outsmart attackers. Intel Security’s Dynamic Endpoint solution uses advanced protection, shared intelligence and unified workflows on a single management console to unify endpoint protection, detection and correction to guard against today’s most pervasive threats. This solution, delivered in McAfee Endpoint Security 10.5 and McAfee Active Response 2.0 software, includes capabilities like:
- Patient Zero Protection – Dynamic Application Containment improves protection against patient zero and ransomware threats and isolates the rest of the network from infection by monitoring and intercepting post-malicious process actions based on file reputation.
- Advanced, Persistent Threat Protection with Containment and Machine Learning – Intel Security is the first and only vendor to offer machine learning based malware classification using both static pre-execution analysis and dynamic post-execution analysis from the cloud that is designed to help detect zero-day malware in near real time, tracing behavior when deemed suspicious and remediating without relying on traditional signatures.
- Enhanced Protection with Integrated Web and Endpoint Protection – Only Intel Security seamlessly integrates a connection between its endpoint client and web gateway technology to enable quick-to-deploy, pervasive protection both on and off the corporate network that is designed to prevent zero-day malware from reaching the endpoint.
- Real-Time Advanced Threats Protection – McAfee Active Response 2.0 software uses the cloud to accelerate investigations by dynamically tracing process behavior and allowing administrators to access threat context in real time during an investigation. Quickly hunt and respond using single click correction and then automate responses to address future attacks.
The rise of software as a service (SaaS) applications and a highly mobile workforce has created the need to securely enable cloud-driven business. Organizations are looking for a unified solution that extends security outside the traditional perimeter covering on and off-network users and cloud services. Intel Security’s approach to pervasive data protection is to unify SaaS security across web protection, cloud access security broker, data loss prevention and encryption to provide the industry’s broadest solution across endpoints, networks and cloud-based services all centrally managed. With a foundation in unified management, along with common rulesets, policies and encryption, Intel Security will help organizations maximize business efficiency and employee productivity. Organizations are empowered to make sensitive data readily available to the people who need it, while minimizing the risk of data leakage and misuse by unauthorized personnel. Components of the integrated solution include:
- Increased Productivity with Centralized Data Protection – McAfee DLP for Mobile Email 10.0 software introduces unified policies and incident management for both endpoint and network DLP. It also offers end-user empowerment tools such as end-user manual classification, and end-user initiated DLP scanning and self-remediation. Not only do these capabilities help strengthen the corporate security culture, it also alleviates administrative burden.
- Ubiquitous Web Security – McAfee Web Gateway Cloud Service is designed to enable security teams to gain the same benefits of advanced threat protection as on-premises web gateway appliances but without the cost of hardware or the resources used to maintain it. With 3x the data centers of our previous web SaaS solution, better performance and improved uptime our new cloud service has never been more ready for the enterprise.
- Cloud Application Governance – McAfee Cloud Data Protection, available as a beta, features cloud access security broker (CASB)) technology, to provide an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check, ensuring only trusted devices are able to access sensitive information.
Organizations are increasingly adopting cloud computing, which introduces unique security requirements that many legacy security solutions cannot address. Consequently, many struggle with weak and inconsistent cloud security controls, slow resolution of security issues and inefficient compute and staffing resource utilization. Intel Security cloud security products are designed to protect data centers with industry-leading security that detects advanced targeted attacks and manages security efficiently across physical, virtual and cloud infrastructures. Intel Security’s Data Center and Cloud Defense solution combines server security, network security and threat intelligence sharing to enable a single view of security across data center environments. This solution, delivered through McAfee Server Security Suite 4.5 and McAfee Virtual Network Security Platform (vNSP) 8.3, includes capabilities like:
- Cloud Security Visibility – Cloud workload discovery provides deep visibility across public and private clouds for virtual machines, associated workloads, networks and storage, enabling organizations to establish a strong and consistent security posture.
- Threat Intelligence Sharing and Unification – Unification of perimeter and virtual machine protection thwarts advanced targeted attacks while ensuring efficient resource utilization within highly virtualized server environments to allow organizations to detect more threats, faster and with fewer resources. Once a threat has been detected, this knowledge is shared across the data center and corrective actions can be taken.
- Integration and Orchestration – Tight integration across McAfee Management for Optimized Virtual Environments Anti-Virus (MOVE AV), McAfee Virtual Network Security Platform (vNSP), McAfee Advanced Threat Defense, and McAfee Threat Intelligence Exchange along with virtualization platforms like VMWare NSX and OpenStack enable orchestration of security efficiently and more easily.
Organizations looking for rapid response and remediation need a closed loop threat defense lifecycle framework that makes it easy to integrate, monitor and orchestrate security solutions. New Intel Security capabilities integrate with the above solutions and Security Innovation Alliance partners to enhance and unify visibility, investigation workflows and reporting.
- Flexible Advanced Malware Detection – Expanded options include a new cloud-based machine learning-driven malware analysis service, McAfee Cloud Threat Detection, as well as a virtual McAfee Advanced Threat Defense appliance that makes the most of an improved user experience, more Windows OS coverage, and a significant throughput rate increase.
- Improved Visibility and Investigation – McAfee Enterprise Security Manager introduces a new HTML 5-based interface with an intuitive, analyst-centric user experience and simpler, faster search results to expedite threat management and incident response.
- Expanded Strategy and Incident Response Services – New consulting, deployment, assessment and incident response services enable long-term maturation of an organization’s approach to risk and threat management and improve ROI. Retainer and on-demand based managed security and emergency response augment in-house expertise.
The industry has long needed a way to make different technologies work better together, and we paved the way with the most highly adopted technology across major players with the McAfee Data Exchange Layer (DXL). To accelerate that, today Intel Security announced its intent to open the McAfee Data Exchange Layer to the industry as a concrete means of disrupting the cyberattackers’ advantage. Through an open source strategy and the beta release of a new software development kit (SDK) for DXL, “white hats” (both organizations and technology providers) will gain the ability to attach to a shared real-time communication fabric and exchange security intelligence as well as orchestrate actions for the shortest possible execution of the threat defense lifecycle. DXL provides a standardized application framework to integrate technologies from different vendors with each other and with in-house developed applications. The OpenDXL initiative will expand access and capabilities of the DXL SDK and the management and community infrastructure that will support it, enabling developers within ISVs, enterprises, colleges and even competitors to gain the many real-time integration and operational benefits of the Data Exchange Layer.
Dynamic Endpoint
Isolated solutions can be effective against individual assaults, but there are too many examples where isolated solutions can’t keep up with the wide range of sophisticated, emerging threats. Tactical security firefighting needs to be replaced with integrated, dynamic security defenses designed to outsmart attackers. Intel Security’s Dynamic Endpoint solution uses advanced protection, shared intelligence and unified workflows on a single management console to unify endpoint protection, detection and correction to guard against today’s most pervasive threats. This solution, delivered in McAfee Endpoint Security 10.5 and McAfee Active Response 2.0 software, includes capabilities like:
- Patient Zero Protection – Dynamic Application Containment improves protection against patient zero and ransomware threats and isolates the rest of the network from infection by monitoring and intercepting post-malicious process actions based on file reputation.
- Advanced, Persistent Threat Protection with Containment and Machine Learning – Intel Security is the first and only vendor to offer machine learning based malware classification using both static pre-execution analysis and dynamic post-execution analysis from the cloud that is designed to help detect zero-day malware in near real time, tracing behavior when deemed suspicious and remediating without relying on traditional signatures.
- Enhanced Protection with Integrated Web and Endpoint Protection – Only Intel Security seamlessly integrates a connection between its endpoint client and web gateway technology to enable quick-to-deploy, pervasive protection both on and off the corporate network that is designed to prevent zero-day malware from reaching the endpoint.
- Real-Time Advanced Threats Protection – McAfee Active Response 2.0 software uses the cloud to accelerate investigations by dynamically tracing process behavior and allowing administrators to access threat context in real time during an investigation. Quickly hunt and respond using single click correction and then automate responses to address future attacks.
Pervasive Data Protection
The rise of software as a service (SaaS) applications and a highly mobile workforce has created the need to securely enable cloud-driven business. Organizations are looking for a unified solution that extends security outside the traditional perimeter covering on and off-network users and cloud services. Intel Security’s approach to pervasive data protection is to unify SaaS security across web protection, cloud access security broker, data loss prevention and encryption to provide the industry’s broadest solution across endpoints, networks and cloud-based services all centrally managed. With a foundation in unified management, along with common rulesets, policies and encryption, Intel Security will help organizations maximize business efficiency and employee productivity. Organizations are empowered to make sensitive data readily available to the people who need it, while minimizing the risk of data leakage and misuse by unauthorized personnel. Components of the integrated solution include:
- Increased Productivity with Centralized Data Protection – McAfee DLP for Mobile Email 10.0 software introduces unified policies and incident management for both endpoint and network DLP. It also offers end-user empowerment tools such as end-user manual classification, and end-user initiated DLP scanning and self-remediation. Not only do these capabilities help strengthen the corporate security culture, it also alleviates administrative burden.
- Ubiquitous Web Security – McAfee Web Gateway Cloud Service is designed to enable security teams to gain the same benefits of advanced threat protection as on-premises web gateway appliances but without the cost of hardware or the resources used to maintain it. With 3x the data centers of our previous web SaaS solution, better performance and improved uptime our new cloud service has never been more ready for the enterprise.
- Cloud Application Governance – McAfee Cloud Data Protection, available as a beta, features cloud access security broker (CASB)) technology, to provide an integrated view of risky endpoint and cloud events, including the ability to perform a real-time endpoint health check, ensuring only trusted devices are able to access sensitive information.
Data Center and Cloud Defense
Organizations are increasingly adopting cloud computing, which introduces unique security requirements that many legacy security solutions cannot address. Consequently, many struggle with weak and inconsistent cloud security controls, slow resolution of security issues and inefficient compute and staffing resource utilization. Intel Security cloud security products are designed to protect data centers with industry-leading security that detects advanced targeted attacks and manages security efficiently across physical, virtual and cloud infrastructures. Intel Security’s Data Center and Cloud Defense solution combines server security, network security and threat intelligence sharing to enable a single view of security across data center environments. This solution, delivered through McAfee Server Security Suite 4.5 and McAfee Virtual Network Security Platform (vNSP) 8.3, includes capabilities like:
- Cloud Security Visibility – Cloud workload discovery provides deep visibility across public and private clouds for virtual machines, associated workloads, networks and storage, enabling organizations to establish a strong and consistent security posture.
- Threat Intelligence Sharing and Unification – Unification of perimeter and virtual machine protection thwarts advanced targeted attacks while ensuring efficient resource utilization within highly virtualized server environments to allow organizations to detect more threats, faster and with fewer resources. Once a threat has been detected, this knowledge is shared across the data center and corrective actions can be taken.
- Integration and Orchestration – Tight integration across McAfee Management for Optimized Virtual Environments Anti-Virus (MOVE AV), McAfee Virtual Network Security Platform (vNSP), McAfee Advanced Threat Defense, and McAfee Threat Intelligence Exchange along with virtualization platforms like VMWare NSX and OpenStack enable orchestration of security efficiently and more easily.
Intelligent Security Operations
Organizations looking for rapid response and remediation need a closed loop threat defense lifecycle framework that makes it easy to integrate, monitor and orchestrate security solutions. New Intel Security capabilities integrate with the above solutions and Security Innovation Alliance partners to enhance and unify visibility, investigation workflows and reporting.
- Flexible Advanced Malware Detection – Expanded options include a new cloud-based machine learning-driven malware analysis service, McAfee Cloud Threat Detection, as well as a virtual McAfee Advanced Threat Defense appliance that makes the most of an improved user experience, more Windows OS coverage, and a significant throughput rate increase.
- Improved Visibility and Investigation – McAfee Enterprise Security Manager introduces a new HTML 5-based interface with an intuitive, analyst-centric user experience and simpler, faster search results to expedite threat management and incident response.
- Expanded Strategy and Incident Response Services – New consulting, deployment, assessment and incident response services enable long-term maturation of an organization’s approach to risk and threat management and improve ROI. Retainer and on-demand based managed security and emergency response augment in-house expertise.
OpenDXL Initiative
The industry has long needed a way to make different technologies work better together, and we paved the way with the most highly adopted technology across major players with the McAfee Data Exchange Layer (DXL). To accelerate that, today Intel Security announced its intent to open the McAfee Data Exchange Layer to the industry as a concrete means of disrupting the cyberattackers’ advantage. Through an open source strategy and the beta release of a new software development kit (SDK) for DXL, “white hats” (both organizations and technology providers) will gain the ability to attach to a shared real-time communication fabric and exchange security intelligence as well as orchestrate actions for the shortest possible execution of the threat defense lifecycle. DXL provides a standardized application framework to integrate technologies from different vendors with each other and with in-house developed applications. The OpenDXL initiative will expand access and capabilities of the DXL SDK and the management and community infrastructure that will support it, enabling developers within ISVs, enterprises, colleges and even competitors to gain the many real-time integration and operational benefits of the Data Exchange Layer.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here