McAfee Stonesoft Strategy Includes Incident Response


McAfee took a step closer to fully integrating its Stonesoft next-generation firewall acquisition. The company created a fully interconnected platform designed to not only detect advanced threats but also automate the process of quarantining and removing malware from infected systems.

McAfee (now called Intel Security) showcased its integration strategy to analysts and press at RSA Conference 2014. The company demonstrated how Stonesoft's malware detection engine and file behavioral analysis sandbox connects to its endpoint security software and other components via a new data exchange layer created by its engineering team. The goal is to quickly spread threat intelligence information to a variety of products in the portfolio for better protection, said Michael Fey, the company's worldwide chief technology officer.

"Our goal was to change the way we look at the problem," Fey said. "McAfee and Intel are not just creating a better firewall, we're combining it with endpoint security and a variety of other components to bring it into high-end detection."

[Related: McAfee Emboldens Channel With 'Hot' Growth Opportunities, New Incentives]

Fey said the rest of the security industry is talking about creating ways to better detect custom malware, but few vendors are addressing automated incident response once a threat is detected. The message resonates with solution providers in the channel who say they are selling advanced threat detection platforms from Palo Alto Networks, FireEye and other vendors, but often their clients don't consider incident response until after a system is fully deployed and turned on.  

McAfee is joining a long line of vendors that are trying to bridge network security and endpoint security to better detect and increase visibility into potential threats, said Cliff Sweazey, who has been a McAfee partner since the company acquired email and web security vendor MX Logic in 2009. For example, FireEye is in the process of integrating its $1 billion Mandiant endpoint security acquisition.

Vendors are building out their platforms, adding capabilities and new products that some businesses won't necessarily find very useful. Sweazey, who is also a Fortinet partner, said the one drawback to many of the vendor strategies is increased complexity, which leads to configuration and manageability issues, and ultimately opens up weaknesses that can be targeted by an attacker.

"Every vendor wants to penetrate the client as deep and as wide as possible," Sweazey told CRN. "Often we see these strategies aimed at sweeping across the product portfolio to help the customer gain visibility across the network, but how well and how easy it is to get it all working seamlessly together is yet to be seen."

NEXT: Race For Advanced Threat Detection