RSA 2011: McAfee Targets Embedded Device Security With Wind River Pairing
Andrew R. Hickey
McAfee is looking to break the shackles that kept it chained to PC security by teaming up with Wind River to put its security into embedded and mobile devices.
The partnership, announced Wednesday at RSA Conference 2011, is a joint technology and go-to-market play from Santa Clara, Calif.-based McAfee and Alameda, Calif.-based Wind River, which develops operating systems, middleware and software design tools for embedded computing systems. Wind River's main products include VxWorks, a proprietary real-time operating system, and Linux software for embedded applications. It also provides a range of product design services and development and testing tools.
Under the terms of the partnership, McAfee and Wind River will develop, market and support security solutions specifically to manage and protect non-PC embedded devices.
Both Wind River and McAfee have been acquired by Intel. Wind River was acquired by Intel in 2009 for roughly $1 billion. And while it's still pending closure, Intel's $7.68 billion acquisition of McAfee last year is expected to be completed within the next few months. Intel's McAfee buy has already overcome several hurdles, most recently receiving clearance from the U.S. Federal Trade Commission in December and winning approval from the European Commission in January.
McAfee President and CEO Dave DeWalt said the Wind River partnership will be the first of many tie-ins McAfee expects with Intel and Intel-owned companies. With Wind River, McAfee will be able to tackle the management and security challenges companies face as embedded devices that traditionally had no connectivity become connected to enterprise and public networks.
"We have a chance to embed security into an operating system layer," DeWalt said, adding that as embedded devices become increasingly more connected they could be vulnerable to attack and require additional protection. The massive increase in connectivity is driving growth in security vulnerabilities and a security breach of an embedded device, such as nuclear reactor controls, utility grid or other systems could have serious implications. Embedded devices have also become a prime target for organized crime and nation states, as proven with last year's Stuxnet attack.
Under the partnership, McAfee will integrate its security tools into Wind River's operating systems in embedded devices like ATMs, set top boxes, Google Android smartphones, satellite systems and more; devices that are increasingly becoming connected to the same networks and systems as PCs.
"These devices are connected and the need to securitize these devices becomes more acute," said Ken Klein, Wind River president.
Next: The McAfee-Wind River Embedded Device Security Roadmap
The first integrated products are expected in the second half of 2011. First, McAfee's EPO (E-Policy Orchestrator) device management solution will be embedded into Wind River's systems enabling management of these connected and embedded devices from McAfee's Common Management Architecture. DeWalt said embedded devices will be managed through a single console that communicates with an agent inside Wind River's OS and the same system used to manage PCs will also be able to offer management and visibility, control, reporting and compliance of embedded devices.
Later, McAfee and Wind River will enable white listing and other features like NAC, DLP and more.
"The world beyond the PC is really like the iceberg; there is a lot under the surface that you don't see," Klein said.
Klein said nearly every device has an IP address or is on a proprietary network and by 2020 the number of connected devices is expected to reach 50 billion, a good portion of which will be traditional embedded and mobile device sin areas like industrial control, energy management, automotive, infrastructure, home health care and more.
Klein said Wind River will first start integrating McAfee security into its Linux OS and from there add it to its hypervisor system. Wind River will include McAfee security offerings in its future products to enable its OEMs to build more secure devices.
For McAfee and Wind River channel partners, the pairing will open up new opportunities. For example, Wind River channel partners can now up-sell and add security, while McAfee partners can target the embedded device market, an area that's been tough to break into.
"In a way, we just opened up a channel," DeWalt said, adding that partners can reach into new markets as the embedded device market booms.
Klein said Wind River and McAfee already have some channel overlap, and the push from the Wind River market and the pull from the McAfee market will create new opportunities.
"Our channel is the channel to the embedded marketplace," he said, adding that Wind River currently powers roughly 1 billion devices. "This becomes an up sell for the Wind River channel."
McAfee teaming up with Wind River also comes as McAfee spreads its wings further beyond PC-based security.
Also at RSA Conference 2011, McAfee unveiled a host of OEM partnerships with non-PC device manufacturers and their offerings, including NCR ATMs, NEC Infrontia point-of-sale, Sharp multifunction printers and point-of-sale, Schweitzer Engineering Laboratories energy substation servers, Meridian kiosks, Clearwave medical kiosks, PFU graphic order terminals and Sysmex Corporation medical devices.
Through the OEM relationships with those device manufacturers, McAfee Embedded Security software will be leveraged for OEMs to build, deploy and control IP connected devices and protect them from zero-day attacks and a host of other security threats.